Skip to main content

More right-solid
SHOW DETAILS
eye
Title
Date Archived
Creator
DEFCON 23
movies
eye 4
favorite 0
comment 0
Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the...
Topics: Youtube, video, Science & Technology, Vulnerability Assessment (Competitive Space), DEF CON...
DEFCON 23
movies
eye 4
favorite 0
comment 0
Additional Materials available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Peter Desfigies, Joshua Brierton & Naveed Ul Islam/DEFCON-23-Desfigies-Brierton-Islam-Guests-N-Goblins-Referenc.txt Wi-Fi is a pervasive part of everyone’s everyday life. Whether it be home networks, open hotspots at cafés, corporate networks or corporate guest networks they can be found virtually everywhere. Fortunately, for the security minded, some steps are taken to secure these weak...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 15
favorite 0
comment 0
This speech will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers and attackers to carry out advanced post exploitation attacks. This presentation gives an overview of how to use these tools in a real attack sequence and gives a view into the .NET hacker space. Topher...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, security...
DEFCON 23
movies
eye 18
favorite 0
comment 0
One of the most challenging steps of a penetration test is popping something and not having full administrative level rights over the system. Companies are cutting back on administrative level rights for endpoints or how about those times where you popped an external web application and were running as Apache or Network Service? Privilege escalation or pillaging systems can be difficult and require extensive time if successful at all. One of the most challenging aspects around pentesting was...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Pivot, Pivoter, penetration...
DEFCON 23
movies
eye 33
favorite 0
comment 0
Global Honeypot Trends Elliot Brink Many of my computer systems are constantly compromised, attacked, hacked, 24/7. How do I know this? I've been allowing it. This presentation will cover over one year of research running several vulnerable systems (or honeypots) in multiple countries including the USA, mainland China, Russia and others. We'll be taking a look at: a brief introduction to honeypots, common attacker trends (both sophisticated and script kiddie), brief malware analysis and the...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Numerous botnets employ domain generation algorithms (DGA) to dynamically generate a large number of random domain names from which a small subset is selected for their command and control. A vast majority of DGA algorithms create random sequences of characters. In this work we present a novel language-based technique for detecting strings that are generate by chaining random characters. To evaluate randomness of a given string (domain name in this context) we lookup substrings of the string in...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, DC 23, computer...
DEFCON 23
movies
eye 6
favorite 0
comment 0
Access control systems are everywhere. They are used to protect everything from residential communities to commercial offices. People depend on these to work properly, but what if I had complete control over your access control solution just by using my phone? Or perhaps I input a secret keypad combination that unlocks your front door? You may not be as secure as you think. The world relies on access control systems to ensure that secured areas are only accessible to authorized users. Usually,...
Topics: Youtube, video, Science & Technology, physical security, Access Control, DEF CON (Conference...
DEFCON 23
movies
eye 25
favorite 0
comment 0
You are predictable. Your passwords are predictable, and so are your PINs. This fact is being used by the hackers, as well as the agencies watching you. But what about your Android lock patterns? Can who you are reveal what patterns you create? This presentation will present the result from an analysis of 3400 user-selected patterns. The interesting part is that we collected additional information about the respondents, not just the patterns themselves. Will being left-handed and having...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 4
favorite 0
comment 0
Insteon is a leading home automation solution for controlling lights, locks, alarms, and much more. More than forty percent of homes with automation installed use Insteon. For the last fifteen years, Insteon has published detailed documentation of their protocols—documentation that is purposely misleading, filled with errors, and at times deliberately obfuscated. As my research over the last year has revealed, this sad state of affairs is the direct result of Insteon papering over the fact...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 6
favorite 0
comment 0
As the leading federal agency responsible for protecting your privacy rights online, technology is at the core of the Federal Trade Commission's work. You may be familiar with the agency's enforcement actions against some of the world's biggest tech companies for privacy/data security violations - but you may not know how your research skills can inform its investigations and policy. Come hear about some of the Commission's recent tech-related actions, research and reports, plus how its work...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies
eye 31
favorite 0
comment 0
My neighbor’s kid is constantly flying his quad copter outside my windows. I see the copter has a camera and I know the little sexed crazed monster has been snooping around the neighborhood. With all of the hype around geo-fencing and drones, this got me to wondering: Would it be possible to force a commercial quad copter to land by sending a low-level pulse directly to it along the frequencies used by GPS? Of course, radio signal jamming is illegal in the U.S and, frankly, it would disrupt...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 11
favorite 0
comment 0
DEF CON has changed for the better since the days at the Alexis Park. It has evolved from a few speaking tracks to an event that still offers the speakers, but also Villages, where you can get hands-on experience and Demo Labs where you can see tools in action. Of course, there is still the entertainment and Contest Area, as well as, Capture The Flag. There is so much more to DEF CON than there was in the past and it is our goal to help you get the best experience possible. In addition to...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Materials Available here: /redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Chris-Sistrunk-NSM-101-for-ICS.pdf&event=video_description&redir_token=K8vPOhWePGLx5rcK9yEU9cPWnaZ8MTUwNzMxNjgwNUAxNTA3MjMwNDA1&v=H6AWRziR028 NSM 101 for ICS Chris Sistrunk Sr. ICS Security Consultant, FireEye Is your ICS breached? Are you sure? How do you know? The current state of security in Industrial Control Systems is a widely publicized...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Materials Available Here: ; /redirect?redir_token=WERQ52A1H7A4vP3-aqPh_3Mk1hx8MTUwNzMxNTE1MEAxNTA3MjI4NzUw&v=6wiBl3lohu4&q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Amit-Ashbel-Maty-Siman-Game-of-Hacks-Play-Hack-and-Track-UPDATED.pdf&event=video_description Game of Hacks: Play, Hack & Track Amit Ashbel Product Evangelist Checkmarx Maty Siman CTO and Founder Checkmarx Fooling around with some ideas we found ourselves...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 29
favorite 0
comment 0
This project consists of the hardware and software necessary to hijack wired network communications. The hardware allows an attacker to splice into live network cabling without ever breaking the physical connection. This allows the traffic on the line to be passively tapped and examined. Once the attacker has gained enough knowledge about the data being sent, the device switches to an active tap topology, where data in both directions can be modified on the fly. Through our custom...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, Dc-23, hack, hacker, hacking,...
DEFCON 23
movies
eye 6
favorite 0
comment 0
Wireless traffic analysis has been commonplace for quite a while now, frequently used in penetration testing and various areas of research. But what happens when channel hopping just doesn't cut it anymore -- can we monitor all 802.11 channels? In this presentation we describe the analysis, different approaches and the development of a system to monitor and inject frames using routers running OpenWRT as wireless workers. At the end of this presentation we will release the tool we used to solve...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC-23,...
DEFCON 23
movies
eye 22
favorite 0
comment 0
There are a lot of presentations and suggestions that indicate HSMs, TrustZone, AMT, TrEE, SecureBoot, Attestation, TPMs, IOMMU, DRTM, etc. are silver bullets. What does it all mean, should we be afraid, excited, hopeful? Hardware-based security features are not the end of the world, nor its savior, but they can be fun and useful. Although these technologies are vulnerability research targets, their trust concepts can be used to build secure software and devices. This primer covers practical...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
by DEFCONConference
movies
eye 37
favorite 0
comment 0
Hacking is hard. It takes passion, dedication, and an unwavering attention to detail. Hacking requires a breadth of knowledge spread across many domains. We need to have experience with different platforms, operating systems, software packages, tools, programming languages, and technology trends. Being overly deficient in any one of these areas can add hours to our hack, or even worse, bring us total failure. And while all of these things are important for a well-rounded hacker, one of the key...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC 23,...
DEFCON 23
movies
eye 31
favorite 0
comment 0
Security has gone from a curiosity to a phenomenon in the last decade. Fortunately for us, despite the rise of memory-safe, interpreted, lame languages, the security of binaries is as relevant as ever. On top of that, (computer security) Capture the Flag competitions have skyrocketed in popularity, with new and exciting binaries on offer for hacking every weekend. This all sounds great, and it is. Unfortunately, the more time goes by, the older we get, and the more our skills fade. Whereas we...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Memory corruption vulnerabilities have plagued computer systems since we started programming software. Techniques for transforming memory corruption primitives into arbitrary code execution exploits have evolved significantly over the past two decades, from "smashing the stack for fun and profit" to the current apex of "just in time code reuse" while playing a cat and mouse game with similarly evolving defensive mitigations: from PaX/NX-bit to fine-grained ASLR and beyond....
Topics: Youtube, video, Science & Technology, DEF CON 23, DEF CON, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 30
favorite 0
comment 0
Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show...
Topics: Youtube, video, Science & Technology, Vehicle (Product Category), hacking, DEF CON (Conference...
DEFCON 23
movies
eye 90
favorite 0
comment 0
Gary Numan said it best. Cars. They’re everywhere. You can hardly drive down a busy freeway without seeing one. But what about their security? In this talk I’ll reveal new research and real attacks in the area of wirelessly controlled gates, garages, and cars. Many cars are now controlled from mobile devices over GSM, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio,...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Samy Kamkar, Automotive...
DEFCON 23
by DEFCONConference
movies
eye 37
favorite 0
comment 0
This year at DEF CON a former FAIL PANEL panelist attempts to keep the spirit alive by playing moderator. Less poetry, more roasting. A new cast of characters, more lulz, and no rules. Nothing is sacred, not the industry, not the audience, not even each other. Our cast of characters will bring you all sorts of technical fail, ROFLCOPTER to back it up. No waffles, but we have other tricks up our sleeve to punish, er, um, show love to our audience, all while raising money of the EFF and HFC. The...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON23, DEF CON...
DEFCON 23
movies
eye 67
favorite 0
comment 0
With insecure low frequency RFID access control badges still in use at businesses around the world and high frequency NFC technology being incorporated into far more consumer products, RFID hacking tools are invaluable for penetration testers and security researchers alike. Software defined radio has revolutionized this field with powerful devices like Proxmark3 and RFIDler available for a modest price. 3D printing has also presented new opportunities for makers to create custom antennas and...
Topics: Youtube, video, Science & Technology, Radio Frequency Identification (Industry), DEF CON, DEF...
DEFCON 23
movies
eye 8
favorite 0
comment 0
Recent hacks to IaaS platforms reveled that we need to master the attack vectors used: Automation and API attack vector, insecure instances and management dashboard with wide capabilities. Those attack vectors are not unique to Cloud Computing but there are magnified due to the cloud characteristics. The fact is that IaaS instance lifecycle is accelerating, nowadays we can find servers that are installed, launched, process data and terminate - all within a range of minutes. This new accelerated...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 40
favorite 0
comment 0
While the NSA ANT team has been busy building the next generation spy toy catalog for the next leak, the NSA Playset team has been busy catching up with more open hardware implementations. GODSURGE is a bit of software that helps to persist malware into a system. It runs on the FLUXBABBIT hardware implant that connects to the depopulated JTAG header of certain models of Dell servers. This talk will introduce SAVIORBURST, our own implementation of a jtag-based malware delivery firmware that will...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 16
favorite 0
comment 0
For 22 years, the best binary ninjas in the world have gathered at DEF CON to play the world’s most competitive Capture-the-Flag. At DEF CON 24, DARPA will challenge machines to play this game for the first time, with the winner taking home a $2 million prize. This talk will include a first public look at the machines, teams, technology, and visualization behind Cyber Grand Challenge. The technology: machines that discover bugs and build patches? We’re bringing our qualifier results to show...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Capture The Flag (Game),...
DEFCON 23
movies
eye 6
favorite 0
comment 0
What time? When? Who is first? Obviously, Time is strongly present in our daily life. We use time in almost everything we do, and computers are not an exception to this rule. Our computers and devices use time in a wide variety of ways such as cache expiration, scheduling tasks or even security technologies. Some of those technologies completely relies on the local clock, and they can be affected by a clock misconfiguration. However, since most operating system providers do not offer secure...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Transport Layer Security...
DEFCON 23
movies
eye 19
favorite 0
comment 0
We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented....
Topics: Youtube, video, Science & Technology, Medicine (Field Of Study), Medical Devices, DEF CON...
DEFCON 23
movies
eye 28
favorite 0
comment 0
Materials Available Here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/DEFCON-23-Aaron-Grattafiori-Linux-Containers-Future-or-Fantasy-UPDATED.pdf Linux Containers: Future or Fantasy? Aaron Grattafiori Principal Security Consultant, iSEC Partners/NCC Group Containers, a pinnacle of fast and secure deployment or a panacea of false security? In recent years Linux containers have developed from an insecure and loose collection of Linux kernel namespaces to a production-ready OS...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 10
favorite 0
comment 0
The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the press coverage. In this talk, we propose “HamSammich”, creating a point-to-point link in order to access WiFi from many miles away, as a means to avoid detection. We show how off-the-shelf devices can be configured to do this for less than $200. After demonstrating the working system, we’ll talk about radio signals. This includes both the FCC regulatory issues which may have caused the...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Radio (Invention), Amateur...
DEFCON 23
movies
eye 3
favorite 0
comment 0
Let's Encrypt is a new certificate authority that is being launched by EFF in collaboration with Mozilla, Cisco, Akamai, IdenTrust, and a team at the University of Michigan. It will issue certificates for free, using a new automated protocol called ACME for verification of domain control and issuance. This talk will describe the features of the CA and available clients at launch; explore the security challenges inherent in building such a system; and its effect on the security of the CA...
Topics: Youtube, video, Science & Technology, Let's Encrypt, Encryption (Literature Subject), DEF CON,...
DEFCON 23
movies
eye 4
favorite 0
comment 0
There have been over 20 cryptoparties in New York City, in which people are introduced to open source cryptography software. This doesn't always go smoothly. Usability experts have only recently being included in the design process for encryption tools, but by and large what we have to work with were designed by cryptography experts in the 90s. I'll be going over some pain points between real-world users and their real-life encounters with open source cryptography tools. David Huerta ships...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Alice And Bob, Cryptography...
DEFCON 23
movies
eye 7
favorite 0
comment 0
Extra Materials available here: http://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Nadeem Douba/Extras/BurpKit.jar Today's web apps are developed using a mashup of client- and server-side technologies. Everything from sophisticated Javascript libraries to third-party web services are thrown into the mix. Over the years, we've been asked to test these web apps with security tools that haven't evolved at the same pace. A common short-coming in most of these tools is their inability to...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 9
favorite 0
comment 0
Do you know how many Bluetooth-enabled devices are currently present in the world? With the beginning of the IoT (Internet of Things) and Smart Bluetooth (Low energy) we find in our hands almost a zillion of them. Are they secure? What if I tell you I can unlock your Smartphone? What if I tell you I'm able to open the new shiny SmartLock you are using to secure your house's door? In this talk we will explain briefly how the Bluetooth (BDR/EDR/LE) protocols work, focusing on security aspects. We...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 5
favorite 0
comment 0
In a world full of targeted attacks and complex exploits this talk explores an attack that can simplified so even the most non-technical person can understand, yet the potential impact is massive: Ever wonder what would happen if one of the millions of bits in memory flipped value from a 0 to a 1 or vice versa? This talk will explore abusing that specific memory error, called a bit flip, via DNS. The talk will cover the various hurdles involved in exploiting these errors, as well as the costs...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DC 23, hack, hacking,...
DEFCON 23
by DEFCONConference
movies
eye 19
favorite 0
comment 0
Materials Available here:/redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Atlas-Fun-With-Symboliks.pdf&v=9HL6MljOX0o&event=video_description&redir_token=zp9forkij3SZgqefAwFPCw9-otl8MTUwNzMxNTcxNkAxNTA3MjI5MzE2 Fun with Symboliks atlas dude at Grimm Asking the hard questions... and getting answer! Oh binary, where art thine vulns? Symbolic analysis has been a "thing" for 20 years, and yet it's still left...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
by DEFCONConference
movies
eye 11
favorite 0
comment 0
This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), switch, networking, panel,...
DEFCON 23
movies
eye 7
favorite 0
comment 0
If you thought the security practices of regular software was bad, just wait until you start learning about the security of embedded hardware systems. Recent open-source hardware tools have made this field accessible to a wider range of researchers, and this presentation will show you how to perform these attacks for equipment costing $200. Attacks against a variety of real systems will be presented: AES-256 bootloaders, internet of things devices, hardware crypto tokens, and more. All of the...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 33
favorite 0
comment 0
With over a billion activated devices, Android holds strong as the market leading smartphone operating system. Underneath the hood, it is primarily built on the tens of gigabytes of source code from the Android Open Source Project (AOSP). Thoroughly reviewing a code base of this size is arduous at best -- arguably impossible. Several approaches exist to combat this problem. One such approach is identifying and focusing on a particularly dangerous area of code. This presentation centers around...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
With the advent of the Internet of Things,more and more objects are connected via various communication protocols like Bluetooth,Z-wave,WiFi , ZigBee etc. Among those protocols ZigBee accounts for the largest market share,it has been adapted to various applications like WSN(Wireless Sensor Network),Smart Home . Over the last few years, large amount of research has been conducted on the security of ZigBee. In this presentation we will introduce a new technique to beat the security...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Hacker (Character Power),...
DEFCON 23
movies
eye 38
favorite 0
comment 0
It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong positioning results. There are many companies provide commercial GPS emulators, which can be used for the GPS spoofing, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce GPS signal through SDR tools, e.g. USRP / bladeRF. This makes the attack cost very low....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies
eye 10
favorite 0
comment 0
The HDMI (High Definition Multimedia Interface) standard has gained extensive market penetration. Nearly every piece of modern home theater equipment has HDMI support and most modern mobile devices actually have HDMI-capable outputs, though it may not be obvious. Lurking inside most modern HDMI-compatible devices is something called HDMI-CEC, or Consumer Electronics Control. This is the functionality that allows a media device to, for example, turn on your TV and change the TV’s input. That...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, Hack, Hacker, Hacking,...
DEFCON 23
movies
eye 35
favorite 0
comment 0
Since RTLSDR became a consumer grade RX device, numerous talks and open source tools enabled the community to monitor airplanes, ships, and cars... but come on, what we really want to track are cell phones. If you know how to run cmake and have $50 to pick up an RTLSDR-E4000, I'll make sure you walk out of here with the power to monitor LTE devices around you on a slick Kibana4 dashboard. You'll also get a primer on geolocating the devices if you've got a second E4000 and some basic soldering...
Topics: Youtube, video, Science & Technology, RTLSDR, LTE, Recon, Tracking, RX, DEF CON (Conference...
DEFCON 23
movies
eye 2
favorite 0
comment 0
Exploring the phone system was once the new and exciting realm of “phone phreaks,” an ancestor of today’s computer “hackers.” The first phreaks “owned” and explored the vague mysteries of the telephone network for a time until their activities drew too much attention from the phone companies and law enforcement. The phone system evolved, somewhat, in an attempt to shut them out, and phreaking became both difficult and legally dangerous. Such events paralleled a new personal...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 4
favorite 0
comment 0
At the end of 2013, an international export control regime known as the Wassenaar Arrangement was updated to include controls on technology related to “Intrusion Software" and “IP Network Surveillance Systems." Earlier this year, the US Government announced a draft interpretation of these new controls, which has kicked off a firestorm of controversy within the information security community. Questions abound regarding what the exact scope of the proposed rules is, and what impact...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC 23, DC-23, DC23, hack,...
DEFCON 23
movies
eye 10
favorite 0
comment 0
For several years I developed and utilized various technologies and methods to track criminals leading to at least two dozen convictions. In the process of recovering stolen devices, larger crimes would be uncovered including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by stolen devices themselves, such as network information, photos captured from laptops and cell phones, but often times there was additional data that would...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 4
favorite 0
comment 0
For 22 years, the best binary ninjas in the world have gathered at DEF CON to play the world’s most competitive Capture-the-Flag. At DEF CON 24, DARPA will challenge machines to play this game for the first time, with the winner taking home a $2 million prize. This talk will include a first public look at the machines, teams, technology, and visualization behind Cyber Grand Challenge. The technology: machines that discover bugs and build patches? We’re bringing our qualifier results to show...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
movies
eye 7
favorite 0
comment 0
Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 11
favorite 0
comment 0
Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology project to protect privacy...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Electronic Frontier...
DEFCON 23
movies
eye 29
favorite 0
comment 0
Recently there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC 23, DC-23, DEFCON, hack,...
DEFCON 23
movies
eye 35
favorite 0
comment 0
Remember that web application you wrote when you where first learning PHP? Ever wonder how vulnerable that code base is? Through the perspective of an attacker you will see how SQL injection can lead to data loss and system compromise. This presentation will take you through the techniques and tools used to take control of a PHP web application starting from an injection point moving to PHP web shells, and ending with a Linux wildcard attack. Speaker Bio: Nemus works as a software engineer in...
Topics: Youtube, video, Science & Technology, Nemus, SQL, SQL Injection, RCE, Remote Code Execution,...
DEFCON 23
by DEFCONConference
movies
eye 22
favorite 0
comment 0
Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 32
favorite 0
comment 0
Whether we want it to be or not, the Internet of Things is upon us. Network interfaces are the racing stripes of today's consumer device market. And if you put a network interface on a device, you have to make it do something right? That's where a Simple Object Access Protocol (SOAP) service comes in. SOAP services are designed with ease-of-access in mind, many times at the expense of security. Ludicrous amounts of control over device functionality, just about every category of vulnerability...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hackers,...
DEFCON 23
movies
eye 20
favorite 0
comment 0
The Tesla Model S is the most connected car in the world. It might surprise you to hear that it is also one of the most secure. In this talk we will walk you through the architecture of a Tesla Model S noting things that Tesla got right as well as identifying those that they got wrong. From this talk you will get an intimate understanding of how the many interconnected systems in a Tesla model S work and most importantly how they can be hacked. You will also get a good understanding of the data...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Tesla Model S (Automobile...
DEFCON 23
movies
eye 25
favorite 0
comment 0
Ubiquity or "Everything, Everywhere” - Apple uses this term describe iCloud related items and its availability across all devices. iCloud enables us to have our data synced with every Mac, iPhone, iPad, PC as well as accessible with your handy web browser. You can access your email, documents, contacts, browsing history, notes, keychains, photos, and more all with just a click of the mouse or a tap of the finger - on any device, all synced within seconds. Much of this data gets cached on...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, hacking,...
DEFCON 23
movies
eye 10
favorite 0
comment 0
Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 62
favorite 0
comment 0
Build a free cellular traffic capture tool with a vxworks based femoto Yuwei Zheng Senior security researcher, Qihoo 360 Technology Co. Ltd. Haoqi Shan Wireless/hardware security researcher, Qihoo 360 Technology Co. Ltd. In recent years, more and more products, are integrated with cellular modem, such as cars of BMW, Tesla, wearable devices, remote meters, i.e. Internet of things. Through this way, manufactories can offer remote service and develop a lot of attractive functions to make their...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, Hacking,...
DEFCON 23
movies
eye 15
favorite 0
comment 0
Security research is under attack. Updates to the Wassenaar Arrangement in 2013 established among its 41 member nations an agreement to place a variety of previously undesignated “cybersecurity items” under export control. After 18 months and a half-dozen open advisory meetings, the U.S. has taken the entire security research community by surprise with its proposed rule; we are confronted by a sweeping implementation with profound consequences for academia, independent research, commercial...
Topics: Youtube, video, Science & Technology, Computer Security (Software Genre), DEF CON (Conference...
DEFCON 23
by DEFCONConference
movies
eye 7
favorite 0
comment 0
DEF CON 23 Closing Ceremonies Source: https://www.youtube.com/watch?v=02v0qalqsSU Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hackers,...
DEFCON 23
movies
eye 17
favorite 0
comment 0
Have you ever heard about the famous "green screen"? No, it's not a screensaver... Believe me, it still does exist! In many industries, although the front-end systems are all new and shiny, in the back-end they still rely on well-known, proven IBM i (aka AS/400) technology for their back-office, core systems. Surprisingly, nobody truly seems to care about the security. Even if these nice IBM heavy black boxes are directly connected to the Internet... The aim of the talk is to give you...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON 23, DC 23, DC-23, DC+23,...
DEFCON 23
movies
eye 4
favorite 0
comment 0
Description Source: https://www.youtube.com/watch?v=z8VkZCCWqgg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, How-to (Website Category), home detention, DEF CON...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Working together to keep the Internet safe and secure Alejandro Mayorkas Deputy Secretary of Homeland Security We all have a role to play when it comes to ensuring the safety and security of the Internet, whether you are a federal employee, the CEO of a company, or a private citizen. Today’s threats require the engagement of our entire society. This shared responsibility means that we have to work with each other in ways that is often new for the government and the private sector. This means...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 34
favorite 0
comment 0
White paper Available Here: http://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Ronny Bull & Jeanna Matthews - UPDATED/DEFCON-23-Ronny-Bull-Jeanna-Matthews-Exploring-Layer-2-Network-Security-In-Virtualized-Enviroments-WP.pdf Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant environment. These virtual machines are typically connected to the physical network via a virtualized network configuration. This could be as simple as a...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 6
favorite 0
comment 0
Regular Expression Denial of Service has existed for well over a decade, but has not received the love it deserves lately. There are some proof of concept attacks out there currently, most of which are ineffective due to implementation optimizations. Regardless of the effectiveness most of these PoC's are geared only to NFA engines. This talk will demonstrate working PoC's that bypass optimizations. Both NFA and DFA engines will get love. Tools will be released (with demonstration) that...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 7
favorite 0
comment 0
Secure" messaging programs and protocols continue to proliferate, and crypto experts can debate their minutiae, but there is very little information available to help the rest of the world differentiate between the different programs and their features. This talk will discuss the types of attacks various secure messaging features can defend against so those who are tech-savvy but not crypto-experts can make informed decisions on which crypto applications to use. This talk is intended for...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Secure Messaging, Justin...
DEFCON 23
by DEFCONConference
movies
eye 16
favorite 0
comment 0
ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through the screen. Any user that has screen and keyboard access to a shell (CLI, GUI or browser) in an enterprise IT environment has the ability to transfer arbitrary data, code and executables in and out of that environment without raising alarms, today. This includes staff, partners and suppliers, both on and off-shore. And implementation of best practice Data Center (Jump hosts), Perimeter / Remote Access...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
by DEFCONConference
movies
eye 46
favorite 0
comment 0
Bruce Schneier Talks Security. Come hear about what's new, what's hot, and what's hype in security. NSA surveillance, airports, voting machines, ID cards, cryptography -- he'll talk about what's in the news and what matters. Always a lively and interesting talk. Speaker Bio: Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 12 booksincluding the New York Times best-seller Data and Goliath: The Hidden Values to...
Topics: Youtube, video, Science & Technology, Bruce Schneier (Academic), DEF CON, DEF CON 23, DEFCON,...
DEFCON 23
movies
eye 36
favorite 0
comment 0
Have you ever wanted to crack open a safe full of cash with nothing but a USB stick? Now you can! The Brink’s CompuSafe cash management product line provides a “smart safe as a service” solution to major retailers and fast food franchises. They offer end-to-end management of your cash, transporting it safely from your storefront safe to your bank via armored car. During this talk, we’ll uncover a major flaw in the Brink’s CompuSafe and demonstrate how to crack one open in seconds...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC-23,...
DEFCON 23
movies
eye 75
favorite 0
comment 0
Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We'll also be releasing a slew of new and free RFID...
Topics: Youtube, video, Science & Technology, Radio Frequency Identification (Industry), NFC, UHF,...
DEFCON 23
by DEFCONConference
movies
eye 34
favorite 0
comment 0
Join us for a fun-filled tour of source control management and services to talk about how to backdoor software. We will focus on one of the most popular, trendy SCM tools and related services out there – Git. Nothing is sacred. Along the way, we will expose the risks and liabilities one is exposed to by faulty usage and deployments. When we are finished, you will be able to use the same tools and techniques to protect or backdoor popular open source projects or your hobby project. Speaker...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON 23, DEF CON 23, DEFCON, DC23, DC-23, DC...
DEFCON 23
movies
eye 32
favorite 0
comment 0
Certain file formats, like Microsoft Word and PDF, are known to have features that allow for outbound requests to be made when the file opens. Other file formats allow for similar interactions but are not well-known for allowing such functionality. In this talk, we explore various file formats and their ability to make outbound requests, as well as what that means from a security and privacy perspective. Most interestingly, these techniques are not built on mistakes, but intentional design...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 19
favorite 0
comment 0
Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core Etienne Martineau Software engineer, Cisco Systems On x86 multi-core covert channels between co-located Virtual Machine (VM) are real and practical thanks to the architecture that has many imperfections in the way shared resources are isolated. This talk will demonstrate how a non-privileged application from one VM can ex-filtrate data or even establish a reverse shell into a co-located VM using a cache timing...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 15
favorite 0
comment 0
Organizations continue to unknowingly leak trade secrets on the Internet. To those in the know, these leaks are a valuable source of competitive intelligence. This talk describes how the speaker collects competitive intelligence for his own online retail business. Specifically, you learn how he combines, trends, and analyzes information within specific contexts to manufacture useful data that is real, but technically doesn't exist on it's own. For example, you will learn about the trade secrets...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON23, DEF CON...
DEFCON 23
movies
eye 34
favorite 0
comment 0
Human Machine Interfaces (HMIs) are the subsets of the Supervisory Control and Data Acquisition (SCADA) systems. HMIs are control panels that provide interfaces for humans to interact with machines and to manage operations of various types of SCADA systems. HMIs have direct access to SCADA databases including critical software programs. The majority of SCADA systems have web-based HMIs that allow the humans to control the SCADA operations remotely through Internet. This talk unveils various...
Topics: Youtube, video, Science & Technology, Aditya K. Sood, SCADA, HMI, Vulnerabilties, Vulnerability...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Kerberos “Golden Tickets” were unveiled by Alva “Skip” Duckwall & Benjamin Delpy in 2014 during their Black Hat USA presentation. Around this time, Active Directory (AD) admins all over the world felt a great disturbance in the Force. Golden Tickets are the ultimate method for persistent, forever AD admin rights to a network since they are valid Kerberos tickets and can’t be detected, right? This talk explores the latest Active Directory attack vectors and describes how Golden...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 12
favorite 0
comment 0
A talk was cancelled and Priest takes to the stage to do an impromtu "Spot the Fed". What is Spot the Fed you ask? Well it's a game we've played at DEF CON forever now...Here's a description from Priest: "Like a paranoid version of pin the tail on the donkey, the favorite sport at this gathering of computer hackers and phone phreaks seems to be hunting down real and imagined telephone security and Federal and local law enforcement authorities who the attendees are certain are...
Topics: Youtube, video, Science & Technology
DEFCON 23
movies
eye 16
favorite 0
comment 0
Materials Available here: /redirect?v=XF_5t547Qfg&event=video_description&redir_token=AyQOHvc5eUBGuavUOuLvsBQY2pp8MTUwNzMxNTA1M0AxNTA3MjI4NjUz&q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-David-An-When-the-Secretary-of-State-says-Stop-Hacking-us.pdf When the Secretary of State says: “Please Stop Hacking Us…” David An Former U.S. State Department Senior American officials routinely hold dialogues with foreign officials...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 24
favorite 0
comment 0
Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to operating system events in real time. FireEye has recently seen a surge in attacker use of WMI to carry out objectives such as system reconnaissance, remote code execution, persistence, lateral movement, covert data storage, and VM detection. Defenders and forensic analysts have largely remained unaware...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 11
favorite 0
comment 0
Your private drone opens up limitless possibilities – how can manufacturers and policymakers ensure you are able to realize them? As private drone ownership becomes the norm, drone makers and lawmakers will need to make important policy decisions that account for the privacy and free speech issues raised by this new technology. What legal and technical rules are being considered right now, and how might they affect your ability to do things like record footage at a city park, monitor police...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC 23, DC-23, DC23, hack,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Fuzzing is a well-established technique for finding bugs, hopefully exploitable ones, by brute forcing inputs to explore code paths in an application. In recent years, fuzzing has become a near mandatory part of any major application's security team efforts. Our work focused on fuzzing web browsers, a particularly difficult challenge given the size and quality of some of their security teams, the existing high-quality fuzzers available for this, and, of late, bug bounty programs. Despite this,...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 15
favorite 0
comment 0
Materials Available here: /redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Mickey-Shkatov-Jesse-Michael-Scared-poopless-LTE-and-your-laptop-UPDATED.pdf&redir_token=bUXEn8hFCjy3hNMxSxVZeWrXNcB8MTUwNzMyMTQxNUAxNTA3MjM1MDE1&event=video_description&v=q4pRYZjzL_E Scared Poopless – LTE and *your* laptop Mickey Shkatov Security researcher, Intel Advanced Threat Research. Jesse Michael Security researcher With today’s...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 35
favorite 0
comment 0
EFF's Apollo 1201 project is a 10-year mission to abolish all DRM, everywhere in the world, within a decade. We're working with security researchers to challenge the viability of the dread DMCA, a law that threatens you with jail time and fines when you do your job: discover and disclosing defects in systems that we rely on for life and limb. Speaker Bio: Cory Doctorow (craphound.com) is a science fiction author, activist, journalist and blogger — the co-editor of Boing Boing (boingboing.net)...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 5
favorite 0
comment 0
When a Windows domain is compromised, an attacker has several options to create backdoors, obscure his tracks, and make his access difficult to detect and remove. In this talk, I discuss ways that an attacker who has obtained domain administrator privileges can extend, persist, and maintain control, as well as how a forensic examiner or incident responder could detect these activities and root out an attacker. Speaker Bio: Grant Bugher has been hacking and coding since the early 90's and...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC 23, DEFCON, DC23, DC-23, Hack,...
DEFCON 23
movies
eye 24
favorite 0
comment 0
The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such like Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, it exclusively has almost focused on the executables or the memory dump...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 8
favorite 0
comment 0
The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac's are in fact vulnerable...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC-23,...
DEFCON 23
movies
eye 9
favorite 0
comment 0
You may ask; "why would Apple add an XPC service that can create setuid files anywhere on the system - and then blindly allow any local user to leverage this service?" Honestly, I have no idea! The undocumented 'writeconfig' XPC service was recently uncovered by Emil Kvarnhammar, who determined its lax controls could be abused to escalate one's privileges to root. Dubbed ‘rootpipe,' this bug was patched in OS X 10.10.3. End of story, right? Nope, instead things then got quite...
Topics: Youtube, video, Science & Technology, DEF CON, DC23, DC-23, DEFCON, DEF CON 23, hack, hackers,...
DEFCON 23
movies
eye 55
favorite 0
comment 0
Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be captured, dissected, and put on display. Reverse engineers. When they begin snooping through your hard work, it pays to have planned out your defense ahead of time. You can take the traditional defensive route - encryption, obfuscation, anti-debugging - or you can go on the offense, and attack the heart and soul of anyone who dare look at your perfect code. With some carefully crafted...
Topics: Youtube, video, Science & Technology, DEF CON 23, DEFCON, DEF CON, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies
eye 52
favorite 0
comment 0
This talk will present a device that can be used as a dropbox, remote hacking drone, hacking command console, USB writeblocker, USB Mass Storage device impersonator, or scripted USB HID device. The device is based on the BeagleBone Black, can be battery operated for several days, and is easily constructed for under $100. The dropbox, remote hacking drone, and hacking command console functionality were presented at DEF CON 21. This talk will emphasize the new USB-based attack functionality....
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), dropbox, drone,...
DEFCON 23
movies
eye 20
favorite 0
comment 0
The term “Bad USB” has gotten some much needed press in last few months. There have been talks that have identified the risks that are caused by the inherent trust between the OS and any device attached by USB. I found in my research that most of the available payloads for the USB rubber ducky would be stopped by common enterprise security solutions. I then set out to create a new exploit that would force the victim to trust my Man-In-The-Middle access point. After my payload is deployed,...
Topics: Youtube, video, Science & Technology, USB (Invention), DEF CON (Conference Series), Encryption...
DEFCON 23
movies
eye 44
favorite 0
comment 0
Many hackers today are using process memory infections to maintain stealth residence inside of a compromised system. The current state of forensics tools in Linux, lack the sophistication used by the infection methods found in real world hacks. ECFS (Extended core file snapshot) technology, https://github.com/elfmaster/ecfs is an innovative extension to regular ELF core files, designed to be used as forensics-friendly snapshots of process memory. A brief showcasing of the ECFS technology was...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 67
favorite 0
comment 0
This talk will show attendees how to use a small ARM-based computer that is connected inline to a wired network for penetration testing. The computer is running a full-featured penetration testing Linux distro. Data may be exfiltrated using the network or via a ZigBee mesh network or GSM modem. The device discussed in this talk is easily integrated into a powerful penetration test that is performed with an army of ARM-based small computer systems connected by XBee or ZigBee mesh networking....
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, Phil Polstra,...
DEFCON 23
movies
eye 10
favorite 0
comment 0
The IDA Pro APIs for interacting with type information are full of opportunities (horrible problems). I will show you how to create unparseable types, how to apply these types to functions and variables and how to transfer these types from one IDB to another. Speaker Bio: miaubiz is a senior doctor of security at Azimuth Security. he has previously found bugs in web browsers and has spoken at SyScan, Infiltrate, T2. his interests are bad APIs and sniffing ARMpits. Source:...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 57
favorite 0
comment 0
Have you ever wanted to kill someone? Do you want to get rid of your partner, your boss or your arch nemesis? Perhaps you want to enjoy your life insurance payout whilst you’re still alive. Do you have rich elderly parents that just won’t die quick enough? Or do you want a “Do Over” new identity. Then, this presentation is for you! I’ll provide you with the insight and techniques on how to “kill” someone and obtain a real death certificate and shutdown their lives. It focuses on...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), birth, death certificate,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Automating packer and compiler/toolchain detection can be tricky and best and downright frustrating at worst. The majority of existing solutions are old, closed source or aren’t cross platform. Originally, a method of packer identification that leveraged some text analysis algorithms was presented. The goal is to create a method to identify compilers and packers based on the structural changes they leave behind in PE files. This iteration builds upon previous work of using assembly mnemonics...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
movies
eye 29
favorite 0
comment 0
Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion Marina Krotofil Senior Security Consultant. European Network for Cyber Security Jason Larsen Principal Security Consultant, IOActive The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this...
Topics: Youtube, video, Science & Technology, DEF CON 23, DEF CON, DC23, DEFCON, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Quantum computation has recently become an important area for security research, with its applications to factoring large numbers and secure communication. In practice, only one company (D-Wave) has claimed to create a quantum computer which can solve relatively hard problems, and that claim has been met with much skepticism. Regardless of whether it is using quantum effects for computation or not, the D-Wave architecture cannot run the standard quantum algorithms, such as Grover’s and...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC 23, DC23, DC-23, hack,...
DEFCON 23
by DEFCONConference
movies
eye 55
favorite 0
comment 0
Everybody plays games, and a whole lot of people plays computer games. Despite this fact, very few of us, security researchers consider them as interesting targets. Granted, you won't likely be able to directly hack into a big corporate network via game exploits, but you could for example target the people running the company via their favorite games. Or their children's favorite games. Another scenario: you should consider that a hacked game could allow Not So Admirable people access to your...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), video games, Video Game...
DEFCON 23
movies
eye 16
favorite 0
comment 0
The Harness toolset aims to give penetration testers and red teams the ability to pull a remote powershell interface with all the same features of the native Powershell CLI and more. Several tools and utilities have been released to solve the powershell weaponization problem, but no freely available tool give operators the full capabilities of powershell through a remote interface. We’ll start the talk with a quick survey of the previous methods of weaponizing powershell, and then move into...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 10
favorite 0
comment 0
In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader. Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples. We’ll detail out how to chain several unique issues to obtain execution in a privileged context. Finally, we’ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption....
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Adobe Systems (Award...