Skip to main content

More right-solid
SHOW DETAILS
eye
Title
Date Archived
Creator
DEFCON 25
movies
eye 21
favorite 0
comment 0
XenoScan is the next generation in tooling for hardcore game hackers. Building on the solid foundation from older tools like Cheat Engine and Tsearch, XenoScan makes many innovations which take memory scanning to a whole new level. This demo-heavy talk will skip the fluff and show the power of the tool in real-time. The talk will demonstrate how the tool can scan for partial structures, detect complex data structures such as binary trees or linked lists, detect class-instances living on the...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 4
favorite 0
comment 0
Before jumping into a mindblowing workstation for programming Lego mindstorms robots, this talk will cover the LegoFirst Core Values so the kids can apply their super human powers for good and good only. Source: https://www.youtube.com/watch?v=6wM5Q31zXKM Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 6
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=ccfNSAfAyis Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the weak perimeter security provided by EAP-TTLS and EAP-PEAP, many organizations use port based NAC appliances to prevent attackers from...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 6
favorite 0
comment 0
Most forms of WPA2-EAP have been broken for nearly a decade. EAP-TTLS and EAP-PEAP have long been susceptible to evil twin attacks, yet most enterprise organizations still rely on these technologies to secure their wireless infrastructure. The reason for this is that the secure alternative, EAP-TLS, is notoriously arduous to implement. To compensate for the weak perimeter security provided by EAP-TTLS and EAP-PEAP, many organizations use port based NAC appliances to prevent attackers from...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
You know the ins and outs of pivoting through your target's domains. You've had the KRBTGT hash for months and laid everything bare. Or have you? More targets today have some or all of their infrastructure in the cloud. Do you know how to follow once the path leads there? Red teams and penetration testers need to think beyond the traditional network boundaries and follow the data and services they are after. This talk will focus on how to take domain access and leverage internal access as a...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
Michele Fincher is the Chief Influencing Agent of Social-Engineer, LLC, possessing over 20 years experience as a behavioral scientist, researcher, and information security professional. Her diverse background has helped solidify Social-Engineer, LLC’s place as the premier social engineering consulting firm. Source: https://www.youtube.com/watch?v=AZw8WugNyIQ Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 14
favorite 0
comment 0
What if you could super-charge your web hacking? Not through pure automation (since it can miss so much) but through powerful alerts created from real threat intelligence? What if you had a Burp plugin that did this for you? What if that plugin not only told you where to look for vulns but also gave you curated resources for additional exploitation and methodology? What if you could organize your web hacking methodology inside of your tools? Well, now you do! HUNT is a new Burp Suite extension...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Surveillance Capitalism is a form of information monetization that aims to predict and modify human behavior as a means to produce revenue and control. It strives to be a pervasive background collector of our cyberspace and meatspace activities, attempting to both generate and profit from data collected about our wants and needs. It's what happens when Marketing decides to plagiarize from the NSA's playbook. The methods used by Surveillance Capitalism's practitioners are intentionally becoming...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
What Mirai missed: Mirai was elegantly simple; using default telnet credentials to compromise large numbers of devices. However, in the quest for simplicity, the author missed numerous more significant vulnerabilities. We have spent the last few months researching the security of more than 30 DVR brands and have made discoveries that make the Mirai telnet issue seem almost trivial by comparison. We discovered multiple vulnerabilities which we will share, including wormable remote code...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
I was able to create a proof of concept application that scrubs a recreation of the Ohio Voter Database, which includes first name, last name, date of birth, home address, and link each entry confidently to its real owners Facebook page. By doing this I have created a method by which you can use the Voter Database to seed you with name address and DOB, and Facebook to hydrate that information with personal information. My application was able to positively link a voter record to a Facebook...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=9Wg4lzMasMo Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
As an amatuer radio operator, I enjoy building mobile implementations for ARES (Amatuer Radio Emergency Service), and for events. During this presentation, I will detail out several years worth of experimentation, research, and showcase my final build w/ modifications and demonstrate the build. Source: https://www.youtube.com/watch?v=CoQsYhFSjtg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 17
favorite 0
comment 0
Digital Forensics and Incident Response (DFIR) for IT systems has been around quite a while, but what about Industrial Control Systems (ICS)? This talk will explore the basics of DFIR for embedded devices used in critical infrastructure such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and controllers. If these are compromised or even have a misoperation, we will show what files, firmware, memory dumps, physical conditions, and other data can be analyzed in embedded...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 15
favorite 0
comment 0
The security of your bitcoins rests entirely in the security of your private key. Bitcoin hardware wallets help protect against software-based attacks to recover or misuse your key. However, hardware attacks on these wallets are not as well studied. In 2015, Jochen Hoenicke was able to extract the private key from a TREZOR using a simple power analysis technique. While that vulnerability was patched, he suggested the Microcontroller on the TREZOR, which is also the same on the KeepKey, may be...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
You want to design customer-focused, easy-to-use products that your customers will love - but you aren’t doing your job if you wait until the last minute (or beyond!) to think about privacy. Tacking on privacy features as an afterthought isn’t only bad for your users, it’s also bad for your company. Privacy starts with your backend systems and carries forward through your product development cycle, your user testing, your product release, and all the way to your customer support. Learn...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 30
favorite 0
comment 0
At risk of appearing like mad scientists, reveling in our latest unholy creation, we proudly introduce you to DeepHack: the open-source hacking AI. This bot learns how to break into web applications using a neural network, trial-and-error, and a frightening disregard for humankind. DeepHack can ruin your day without any prior knowledge of apps, databases - or really anything else. Using just one algorithm, it learns how to exploit multiple kinds of vulnerabilities, opening the door for a host...
Topics: Youtube, video, Science & Technology, DEFCON, DEF CON, DEF CON 25, DEF CON 2017, DC25, hacker,...
DEFCON 25
movies
eye 5
favorite 0
comment 0
Institutions of higher education are supposed to be somewhere that students go, earn a degree, and leave, all while their data is safe. Or is it? In this talk, I discuss the gaping security holes left by FERPA (Family Educational Rights and Privacy Act (20 U.S.C. § 1232g; 34 CFR Part 99) with regard to student data. Almost all student data, with the exception of grades and select demographics picked by each institution, are commonly listed as directory information that is available to anyone...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 16
favorite 0
comment 0
This presentation will dive into hacking wireless security systems present in many residential homes. A number of common wireless sensors are susceptible to a wide range of vulnerabilities including denial of service attacks, replay attacks and information disclosures. Sensors that detect motion, smoke, water leaks, gas leaks and open doors use similar weak communication protocols. Weaknesses in these sensors can present a juicy target to a tech savvy thief. With a Raspberry Pi and an Arduino,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
This topic covers researches made by Critical Infrastructure Defense Team, Kaspersky Lab regarding vast variety of different serious vulnerabilities in popular wanna-be-smart industrial control systems. We found 80+ 0day vulnerabilities and reported to vendors. Some of them are patched already (CVE-2016-5743, CVE-2016-5744, CVE-2016-5874…). However, for most of the bugs it potentially takes more time to fix. Bugs are good, but what can be better? Yes, backdoors! Let’s take a closer look on...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Today, most vehicle manufacturers in the US connect their vehicles to a type of network and delegate controls to mobile or web applications upon vehicle purchasing. Thankfully, security research for consumer devices are now exempt from DMCA which enables us to audit and assess our connected vehicles. Like many devices in the IoT space, a single software bug in connected vehicles can compromise the entire ecosystem. In this talk, we will demonstrate the methodology used to discover and remotely...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies
eye 10
favorite 0
comment 0
Kids currently involved in STEM or cyber programs want to interact kinetically with robots, drones, VR, and next generation nano technology. This talk followed by a workstation will feature help the kids to learn how to interact with a potentially new and relatively expensive macro-technology lineage. One of the demonstrations will focus on advanced adaptations including a wireless assault drone that will be featured at DefCon bridging kinetic and cyber domains. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 6
favorite 0
comment 0
The typical security professional is largely unfamiliar with the Windows named pipes interface, or considers it to be an internal-only communication interface. As a result, open RPC (135) or SMB (445) ports are typically considered potentially entry points in "infrastructure" penetration tests. However, named pipes can in fact be used as an application-level entry vector for well known attacks such as buffer overflow, denial of service or even code injection attacks and XML bombs,...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 37
favorite 0
comment 0
Modern computing platforms offer more freedom than ever before. The rise of Free and Open Source Software has led to more secure and heavily scrutinized cryptographic solutions. However, below the surface of open source operating systems, strictly closed source firmware along with device driver blobs and closed system architecture prevent users from examining, understanding, and trusting the systems where they run their private computations. Embedded technologies like Intel Management Engine...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
The Common Vulnerabilities and Exposures (CVE) program uniquely identifies and names publicly-disclosed vulnerabilities in software and other codebases. Whether you are a vulnerability researcher, a vendor, or a project maintainer, it has never been easier to have CVE IDs assigned to vulnerabilities you are disclosing or coordinating around. This presentation will be an opportunity to find out how to participate as well as a chance to offer your thoughts, questions, or feedback about CVE....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 30
favorite 0
comment 0
Ever been on a job that required you to clone live RFID credentials? There are many different solutions to cloning RFID in the field and they all work fine, but the process can be slow, tedious, and error prone. What if there was a new way of cloning badges that solved these problems? In this presentation, we will discuss a smarter way for cloning RFID in the field that is vastly more efficient, useful, and just plane cool. We will go over the current tools and methods for long-range RFID...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 2017, DEF CON 25, hackers,...
DEFCON 25
movies
eye 31
favorite 0
comment 0
Get over it!" as Scott McNeeley said - unhelpfully. Only if we understand why it is gone and not coming back do we have a shot at rethinking what privacy means in a new context. Thieme goes deep and wide as he rethinks the place of privacy in the new social/cultural context and challenges contemporary discussions to stop using 20th century frames. Pictures don't fit those frames, including pictures of "ourselves." We have always known we were cells in a body, but we emphasized...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
Law enforcement agencies have used aircraft for decades to conduct surveillance, but modern radio, camera, and electronics technology has dramatically expanded the power and scope of police surveillance capabilities. The Iraq War and other conflicts have spurred the development of mass surveillance technologies and techniques that are now widely available to domestic police. The FBI, DEA, and other agencies flew powerful surveillance aircraft over cities for years in relative secrecy before...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Do you run web analytics on your websites, such as Google Analytics? If you were viewing your web analytics and noticed lots of traffic being referred to your website from an interesting domain, would you investigate? Wouldn’t you be curious as to why you were receiving this traffic and what it could mean? This sort of curiosity could be used against you! This talk will cover the intricacies of social engineering with web analytics! Come find out how the world wide web could be manipulated...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies
eye 17
favorite 0
comment 0
On April 24, 2015, Apple launched themselves into the wearables category with the introduction of Apple Watch. This June, at Apple's Worldwide Developer Conference, Apple announced that their watch is not only the #1 selling smartwatch worldwide by far, but also announced the introduction of new capabilities that will come with the release of watchOS 4. Like other devices, Apple Watch contains highly sensitive user data such as email and text messages, contacts, GPS and more, and like other...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 25, DEFCON, DC25, DC-25, hack, hacker,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
Meow will be presenting on the capabilities for biological weapons that are currently able to be produced in home or community bio labs. He will explore the role that emerging technologies play in drastically reducing the technological and cost barriers to creating these constructs, and suggest ways that legislation and regulation may be employed to ensure maximum freedoms and innovation coupled with effective monitoring. Make sure to get your vaccinations before attending please. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=x1RmNXQAydg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
The Justice Department and white hat hackers have frequently worked side-by-side to stop malware from destroying computers around the globe. This talk would explain how vulnerabilities can be exploited to create something as large, powerful, and potentially destructive as a botnet but also how technology can be leveraged to combat botnets. This talk would provide a basic explanation of botnets and describe how the combined efforts of white hat hackers and law enforcement have identified...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 3
favorite 0
comment 0
Vehicle-to-vehicle (V2V) and, more generally, vehicle-to-everything (V2X) wireless communications enable semi-autonomous driving via the exchange of state information between a network of connected vehicles and infrastructure units. Following 10+ years of standards development, particularly of IEEE 802.11p and the IEEE 1609 family, a lack of available implementations has prevented the involvement of the security community in development and testing of these standards. Analysis of the WAVE/DSRC...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Attention Red Teamers, Penetration Testers, and Offensive Security Operators, isn't the overhead of fighting attribution, spinning up infrastructure, and having to constantly re-write malware an absolute pain and timesink!?! It was for us too, so we're fixing that for good (well, maybe for evil). Join us for the public unveiling and open source release of our latest project, MEATPISTOL, a modular malware framework for implant creation, infrastructure automation, and shell interaction. This...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Over the next ten years, blockchain and distributed ledger technologies will fundamentally change the delivery of care around the globe. The blockchain provides a technical framework where trust is moved from central controlling intermediaries to the open source protocol, freeing data and assets from the control of traditional corporate interests. The great hope is that this evolution will result in the empowerment of consumers, communities, and markets centered on sustainable wellness and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Portia: it's a new tool we have written at SpiderLabs to aid in internal penetration testing test engagements. The tool allows you to supply a username and password that you have captured and cracked from Responder or other sources as well as an IP ranges, subnet or list of IP addresses. The tool finds its way around the network and attempts to gain access into the hosts, finds and dumps the passwords/hashes, reuses them to compromise other hosts in the network. In short, the tool helps with...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 4
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=k0mRkhbptiA Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Psychographic targeting and the so called "Weaponized AI Propaganda Machine" have been blamed for swaying public opinion in recent political campaigns. But how effective are they? Why are people so divided on certain topics? And what influences their views? This talk presents the results of five studies exploring each of these questions. The studies examined authoritarianism, threat perception, personality-targeted advertising and biases in relation to support for communication...
Topics: Youtube, video, Science & Technology, DEFCON, DEF CON, DEFCON25, DEF CON 25, DEFCON2017, hack,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Enabling better communications between geeks and management. As humans, we have had 60,000 years to perfect communication, but those of us working in IT, regardless of which side (Blue or Red Team), still struggle with this challenge. We have done our best over the centuries to yell "FIRE!" in a manner befitting our surroundings, yet today we seem utterly incapable of providing that very basic communication capability inside organizations. This talk will endeavor to explain HOW we can...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 4
favorite 0
comment 0
The late 80's and early 90's played a pivotal role in the forming of the Israeli tech scene as we know it today, producing companies like Checkpoint, Waze, Wix, Mobileye, Viber and billions of dollars in fundraising and exits. The people who would later build that industry were in anywhere from elementary school to high school, and their paths included some of the best hacking stories of the time (certainly in the eyes of the locals). The combination of extremely expensive Internet and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
GoTenna is a wireless communication tool, popular for providing encrypted "off-the-grid" communications on unlicensed MURS channels. Using SDR, GNU Radio, and scapy we developed a tool to capture packets from all the channels, simultaneously. This allowed us to characterize device behavior, study the packet protocol, and passively monitor communications. In this talk, we will explain or methodologies, demonstrate our tools live, and show how to preform link analysis: who is talking...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies
eye 9
favorite 0
comment 0
Do you love DEF CON? Do you hate having to wait for it all year? Well, thanks to DEF CON groups, you're able to carry the spirit of DEF CON with you year round, and with local people, transcending borders, languages, and anything else that may separate us! In this talk, you'll hear from DEF CON's founder, Dark Tangent, who is also moderating the panel. Jayson E. Street, the Ambassador of DEF CON groups will also discuss updates about the program and share information from his global travel to...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
It’s no secret that trying to change corporate culture is hard. This is primarily due to the fact that large corporations are complex systems and fundamentally averse to change. This reluctance is rooted in a systematic misalignment of shared vision, shared values, and shared culture within the organization. This talk defines a new method of business transformation by illustrating how to effectively influence corporate cultures towards collective action. To achieve that end, we outline an...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 5
favorite 0
comment 0
Credentials have always served as a favorite target for advanced attackers, since these allow to efficiently traverse a network, without using any exploits. Moreover, compromising the network might not be sufficient, as attackers strive to obtain persistency, which requires the use of advanced techniques to evade the security mechanisms installed along the way. One of the challenges adversaries must face is: How to create threats that will continuously evade security mechanisms, and even if...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Today there is practically a year-round CTF circuit, on which teams hone their skills, win prizes and attain stature. For many, the ultimate goal is to dominate in the utmost competition, DEF CON's CTF, and walk away with a coveted black badge. Capture-the-Flag (CTF) is one of DEF CON's oldest contests, dating back to DEF CON 4. Over the past decades, the perennial contest has matured into an annual event requiring months of preparation and nearly continuous dedication both of players and...
Topics: Youtube, video, Science & Technology, def con, dc25, defcon, def con 25, dc-25, hack, hacking,...
DEFCON 25
movies
eye 15
favorite 0
comment 0
Traditional techniques for C2 channels, exfiltration, surveillance, and exploitation are often frustrated by the growing sophistication and prevalence of security protections, monitoring solutions, and controls. Whilst all is definitely not lost, from an attacker's perspective - we constantly see examples of attackers creatively bypassing such protections - it is always beneficial to have more weapons in one's arsenal, particularly when coming up against heavily-defended networks and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 19
favorite 0
comment 0
In this talk, we'll be exploring how wireless communication works. We'll capture digital data live (with Software-Defined Radio), and see how the actual bits are transmitted. From here, we'll see how to view, listen to, manipulate, and replay wireless signals. We'll also look at interrupting wireless communication, and finally, we'll even generate new radio waves from scratch (which can be useful for fuzzing and brute force attacks). I'll also be demoing some brand new tools I've written to...
Topics: Youtube, video, Science & Technology, defcon, def con, computer security, defcon 2017, defcon...
DEFCON 25
movies
eye 16
favorite 0
comment 0
Koadic C3, or COM Command & Control, is a Windows post-exploitation tool similar to other penetration testing rootkits such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using the Windows Script Host (a.k.a. JScript/VBScript), with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10. An in-depth view of default COM...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Active Directory (AD) object discretionary access control lists (DACLs) are an untapped offensive landscape, often overlooked by attackers and defenders alike. The control relationships between AD objects align perfectly with the "attackers think in graphs" philosophy and expose an entire class of previously unseen control edges, dramatically expanding the number of paths to complete domain compromise. While DACL misconfigurations can provide numerous paths that facilitate elevation...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON25, DEF CON 25, DC25, Dc-25, hacker...
DEFCON 25
movies
eye 8
favorite 0
comment 0
When Google announced an intent to revoke trust from certificates issued by Symantec, this set off alarm bells all over the certificate authority industry. But that was March. What actually happened? Rendition Infosec has periodically tracked the SSL certificates on the Alexa top 1 million sites. In this talk, we’ll review that data set and examine what, if any, changes the Google announcement regarding Symantec certs had on certificate renewal/reissuance. We’ll also offer realistic...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 30
favorite 0
comment 0
Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While most people use Tor to reach ordinary websites more safely, a tiny fraction of Tor traffic makes up what overhyped journalists like to call the "dark web". Tor onion services (formerly known as Tor hidden services) let people run Internet services such as websites in a way where both the service and the people reaching it can get stronger security and privacy. I wrote...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 14
favorite 0
comment 0
In 2015, BBC sponsored Micro:Bit was launched and offered to one million students in the United Kingdom to teach them how to code. This device is affordable and have a lot of features and can be programmed in Python rather than C++ like the Arduino. When we discovered this initiative in 2016, we quickly thought it was possible to turn this tiny device into some kind of super-duper portable wireless attack tool, as it is based on a well-known 2.4GHz RF chip produced by Nordic Semiconductor. It...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON 25, DEFCON2017, DC25, DEF CON...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=gCMEi7gTh0A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Closing Ceremonies Source: https://www.youtube.com/watch?v=Ly7uurZ2d9A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 21
favorite 0
comment 0
At Cloudflare we deal with DDoS attacks every day. Over the years, we've gained a lot of experience in defending from all different kinds of threats. We have found that the largest attacks that cause the internet infrastructure to burn are only possible due to IP spoofing. In this talk we'll discuss what we learned about the L3 (Layer 3 OSI stack) IP spoofing. We'll explain why L3 attacks are even possible in today's internet and what direct and reflected L3 attacks look like. We'll describe...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 15
favorite 0
comment 0
One vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network will be presented. In the CSFB procedure, we found the authentication step is missing. This results in that an attacker can hijack the victim's communication. We named this attack as 'Ghost Telephonist'. Several exploitations can be made based on this vulnerability. When the call or SMS is not encrypted, or weakly encrypted, the attacker can impersonate the victim to receive the "Mobile Terminated" calls and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 6
favorite 0
comment 0
Robin's expertise showcases the future of medical technology, and how the convergence of accelerating tech will enable patients to be the key decision maker, executor, driver and ultimately the one responsible on the healthcare team. Patient empowerment and engagement through technological advancements including wearable technology, sensors, point-of-care diagnostics, 3D Printing, Tissue Engineering, Power of the Crowd, data, networks, artificial intelligence and robotics. These are some of the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
Over the past few years, cars and automotive systems have gained increasing attention as cyber-attack targets. Cars are expensive. Breaking cars can cost a lot. So how can we find vulnerabilities in a car with no budget? We’ll take you with us on a journey from zero car security validation experience through the discovery and disclosure of multiple remotely-exploitable automotive vulnerabilities. Along the way, we’ll visit a wrecking yard, reassemble (most) of a 2015 Nissan Leaf in our lab,...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community. Individuals in the high functioning autistic community are often overlooked for job positions due to their social...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
This session aims to gently introduce graph theory and the applied use of graphs for people who, like the speaker, consider themselves lacking the often perceived advanced math, science, and computer programming knowledge needed to harness their power. The session will include live attendee interaction to help explain the general concepts of graph theory in a safe and inclusive way that should help solidify basic knowledge… Source: https://www.youtube.com/watch?v=EijTmwSgqmA Uploader:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
In this talk, we will scan the local area for bluetooth packets with the help of the Ubertooth one, intercept them, and extrapolate as much information as possible, such as tracing mac addresses to find the device type, or brute-forcing encrypted packets to unveil the information you thought to be, “secure.” We will also scan the local area for vulnerable wireless networks using weak encryption methods. Finally, we'll watch hours of anime anywhere with the mobility of a Raspberry Pi for...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Denial of service. It requires a low level of resources and knowledge, it is very easy to deploy, it is very common and it is remarkable how effective it is overall. PEIMA is a brand new method of client side malicious activity detection based on mathematical laws, usually used in finance, text retrieval and social media analysis, that is fast, accurate, and capable of determining when denial of service attacks start and stop without flagging legitimate heavy interest in your server...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=9uBzqiYMzLg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=5FMSedKwekE Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 6
favorite 0
comment 0
In September 2016 the House Committee on oversight finally released their report. Four years after the original breach, we are still asking how the f*#! did this happen. This talk with go over the key findings of the report and the impact on those who were effected. Source: https://www.youtube.com/watch?v=uXB4AiQw98s Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 5
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=K7lew7XlgKk Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
A year ago, Mudge and I introduced the non-profit Cyber ITL at DEF CON and its approach to automated software safety analysis. Now, we'll be covering highlights from the past year's research findings, including our in-depth analysis of several different operating systems, browsers, and IoT products. Parts of our methodologies have now been adopted by Consumer Reports and rolled into their Digital Standard for evaluating safety, security, and privacy, in a range of consumer devices. The standard...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 5
favorite 0
comment 0
Wireless technologies are seeing increased use on the plant floor to enable pervasive monitoring and control of processes. Off-the-shelf security tools focus on assessing the security properties of commercial and consumer protocols such as 802.11 and Bluetooth. Several new standards have emerged for use in industrial environments. In this talk, Blake will offer an introduction to Software Defined Radio (SDR) tools and their application in industrial security assessments. We will review two...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
By looking at key experiments and trials done by the military we can learn about psychoactive chemicals and protocols that work, and don’t work, on humans. From biological enhancement to chemical deterrents, there is a wealth of information that grassroot scientists and body augmenters can use for their research and experiments. Source: https://www.youtube.com/watch?v=lKBzOdsGonQ Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
This talk will introduce a cheat engine using demos of hacking simple games such as Counterstrike and/or emulated games like Super Mario 64 etc. This talk will open the kids' horizons to developing game cheats and will challenge them to build skills in reverse engineering to combine with skills in the cheat engine tool Source: https://www.youtube.com/watch?v=x-LRfh_-IGI Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
This presentation aims to demo the effectiveness of visual tooling for malware and file-format forensics. It will cover structural analysis and visualization of malware and network artifacts. Various techniques like entropy/n-gram visualization, using compression-ratio and theoretical minsize to identify file type and packed content will be shown. Along with this, a framework that helps automate these tasks will be presented. Attendees with an interest in network monitoring, signature writing,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 14
favorite 0
comment 0
Before hackers got involved in cybersecurity the industry was focused on products and compliance. Security was security features: firewalls, authentication, encryption. Little thought was given to vulnerabilities that allowed the bypassing of those features. Hackers came along with the idea that you use offensive techniques to simulate how an attacker would discover vulnerabilities in a networks, a system, or an application. Offensive skills have been on the rise ever since and now the best way...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Most people who work on the defensive side of computer security only see the landscape from that perspective! In this talk Jayson will show how an attacker views your website & employees, then uses them against you. We’ll start with how a successful spear phish is created. By using the information gathered from the companies own ‘about’ page as well as scouring social media sites for useful information to exploit employees. The majority of the talk will be covering successful...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
Over the past decade, the ways we pursue human improvement have become increasingly invasive. We’ve so far been fortunate, but it’s likely if not inevitable that a death will occur due to biohacking. This presentation discusses the many precautions being taken by biohackers to make our procedures and projects as safe as possible. Source: https://www.youtube.com/watch?v=nn0kglB46BU Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Data breaches have become all too common. Major security incidents typically occur at least once a month. With the rise of both security incidents and full data breaches, blue teams are often left scrambling to put out fires and defend themselves without enough information. This is something that can be changed with the right tools. Tools now available allow blue teams to weaponize data and use it to their advantage. This talk reviews frameworks for clean, consistent data collection and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
People are the cause of many security problems, but people are also the most effective resource for combating them. Technology is critical, but without trained professionals, it is ineffective. In the context two case studies, the presenter will describe specific instances where human creativity and skill overcame technical deficiencies. The presenter believes this topic to be particularly relevant for the Packet Hacking Village, as many techniques used are the same that are pertinent for...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Ever stuttered when someone asked you "So, what *is* cryptography, anyway?" We're all in infosec but explaining crypto easily and memorably to people without making it too complicated or insulting their intelligence is nontrivial. Keeping it simple is never stupid, and we all need more converts to understanding that crypto isn't magic, it's just a bit of math and trust. Source: https://www.youtube.com/watch?v=gUhqA2PRtw0 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
GPS is central to a lot of the systems we deal with on a day-to-day basis. Be it Uber, Tinder, or aviation systems, all of them rely on GPS signals to receive their location and/or time. GPS Spoofing is now a valid attack vector and can be done with minimal effort and cost. This raises some concerns when GPS is depended upon by safety of life applications. This presentation will look at the process for GPS and NMEA (the serial format that GPS receivers output) spoofing, how to detect the...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
The most trivial communications were weaponized and drastically changed the course of the 2016 elections right before our eyes. As a result, information security is now a number one priority for all political campaigns — domestic and international. Yet many in the political community, including France, the UK, and the US, are deploying the same old practices, tools, and user training for communicating highly-sensitive information. In addition to continuing to hoard high-target data, political...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 14
favorite 0
comment 0
The past 5 years have seen a number of arrests and a number of convictions of parties engaged in criminal activities on the Dark Web. From Dread Pirate Roberts to French Maid, Willy Clock to Shiny Flakes, and others, we will explore operational security failures made that led to their arrests, and in some cases, convictions. Why look at this? There are lessons to be learned from these cases even if you aren't in a position to be accused of running a multinational drug distribution ring. Whether...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 6
favorite 0
comment 0
How does the science of human perception and decision making influence the security sector? How can we use information about how people make decisions to create more successful security professionals? In the 1970s, “fringe” psychologists began to question the phenomenon of decision making, seeking to understand the mechanism by which individuals will make seemingly unfathomable choices in the face of obvious deterrents. For example, virtually every story told by those that lived in areas...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
Modern Android applications are large and complex, and can be a pain to analyze even without obfuscation - static analysis can only get one so far, the debugger sucks, Frida doesn't give you enough access to the Java environment, and editing smali or writing Xposed hooks can be time consuming and error prone. There has to be a better way! What if we could inject a command line REPL into an app to drive functionality? And what if we could also make writing function hooks fast and easy? In this...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 25, DEFCON, DEFCON2017, hacker, computer...
DEFCON 25
movies
eye 6
favorite 0
comment 0
There are more cloud service providers offering serverless or Function-as-a-service platforms for quickly deploying and scaling applications without the need for dedicated server instances and the overhead of system administration. This technical talk will cover the basic concepts of microservices and FaaS, and how to use them to scale time consuming offensive security testing tasks. Attacks that were previously considered impractical due to time and resource constraints can now be considered...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Recon is an important phase in Penetration Testing. But wait, not everyone does that because everyone’s busy filling forms with values. Effective recon can often give you access to assets/boxes that are less commonly found by regular penetration testers. In this talk, the speaker will demonstrate few effective techniques using which researchers/pen testers can do better information gathering. The speaker would also share many stories which allowed him to earn some bounties using these recon...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
We discovered a wide array of critical vulnerabilities in ISP-provided, RDK-based wireless gateways and set-top boxes from vendors including Cisco, Arris, Technicolor, and Motorola. Our research shows that it was possible to remotely and wirelessly tap all Internet and voice traffic passing through the affected gateways, impacting millions of ISP customers. Imagine for a moment that you want a root shell on an ISP-provided wireless gateway, but you're tired of the same old web vulns. You want...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
A number of talks in the last few years have addressed various topics in the generic area of industrial control system insecurity but only few have tapped into security of building automation systems, albeit its prevalence. The usage of building automation, regardless if in private homes or corporate buildings, aims to optimize comfort, energy efficiency and physical access for its users. Is cyber security part of the equation? Unfortunately, not to the extent one might expect, cyber security...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 14
favorite 0
comment 0
In the past few years, attacks against industrial control systems (ICS) have increased year over year. Stuxnet in 2010 exploited the insecurity of the S7Comm protocol, the communication protocol used between Siemens Simatic S7 PLCs to cause serious damage in nuclear power facilities. After the exposure of Stuxnet, Siemens has implemented some security reinforcements into the S7Comm protocol. The current S7CommPlus protocol implementing encryption has been used in S7-1200 V4.0 and above, as well...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 13
favorite 0
comment 0
The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=uIj7wkAoJ6Y Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 14
favorite 0
comment 0
In recent months it seems like not a week passes where you do not encounter a headline that states that a healthcare organization has been held for ransom or in some other way involved in a breach. Healthcare has been a sector that has routinely been described as being lax with the implementation and enforcement of information security controls and the challenges faced by healthcare organizations are growing as attackers begin to look past EHR and PACS systems and target the medical devices...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 14
favorite 0
comment 0
Everything you know about your environment mediated by your senses. Likely, you can see in a range of colors, hear a car horn honking, and feel the roughness of sandpaper, but light exists in bands too narrow or wide to be processed by your eyes, some sounds are too high or low to be recognized by your ears, and magnetic fields pulse around you all day. Most of us hardly notice. Dr. Paul Bach-y-Rita’s research in the 60’s eventually lead to The BrainPort which lets a user see through an...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 42
favorite 0
comment 0
The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=LmBixGkhEuI Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 13
favorite 0
comment 0
Social engineering tests are typically performed in a point-in-time fashion, targeting specific people at particular points in their day or their workflow. Additionally, our industry has invested considerable research in improving the way we prepare for and execute these types of attacks. From the perspective of managing security for a company, knowing that people will make mistakes only goes so far from a utility and risk management perspective. This talk will explore a new way to extract...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 6
favorite 0
comment 0
Metasploit x86 shellcode has been defeated by EMET and other techniques not only in exploit payloads but through using those payloads in non-exploit situations (e.g. binary payload generation, PowerShell deployment, etc..). This talk describes taking Metasploit payloads (minus Stephen Fewer's hash API), incorporating techniques to bypass Caller/EAF[+] checks (post ASLR/DEP bypass) and merging those techniques together with automation to make something better. Source:...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 18
favorite 0
comment 0
We've built a $200 open source robot that cracks combination safes using a mixture of measuring techniques and set testing to reduce crack times to under an hour. By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, 'set testing' is a new method we created to decrease the time between combination...
Topics: Youtube, video, Science & Technology, defcon, def con, dc25, dc-25, def con 25, hack, Hackers,...
DEFCON 25
movies
eye 13
favorite 0
comment 0
ICSs were, and continue to be, designed to meet reliability, safety, and regulatory requirements. Cyber securing the ICS system consists not only of securing the OT networks but also the instrumentation, actuators, drives, analyzers, and controllers which often are serial-based before the conversion to Ethernet communications. Level 1 sensors, other field devices, and their communication protocols are generally not cyber secure. Additionally, it is often not possible to tell the difference...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
Get out your rollerblades, plug in your camo keyboard, and fire up your BLT drive. It's 25 years later and we're still hacking the planet. The Exploitee.rs are back with new 0day, new exploits and more fun. Celebrating a quarter century of DEF CON the best way we know how: hacking everything! Our presentation will showcase vulnerabilities discovered during our research into thousands of dollars of IoT gear performed exclusively for DEF CON. We will be releasing all the vulnerabilities during...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
“Genomics saved my life.” – Jen “My father can rot in hell.” - Darren How is personalized medicine important? Should I get a genomic test? Is the Illuminati collecting my data? What can I learn from genetic testing? What are the risks? How do I choose a test? Will my doctor hate me if I get a genetic test? These questions won’t be answered in thirty minutes, but we offer grist for the discussion mill. We will present two personal stories on how genomics can have a real effect on...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Over past decade, electronic medical records (EMR's) and networked medical devices have become a healthcare norm. However, vendors and consumers alike have not paid sufficient attention to the security implications of EMR's and networked medical devices. In this talk, I will cover my experience [ethical] hacking and social engineering my way into healthcare networks. I will highlight security issues with healthcare networks and share real life stories. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
As internet DDoS attacks get bigger and more elaborate, the importance of high performance network traffic filtering increases. Attacks of hundreds of millions of packets per second are now commonplace. In this session, we will introduce modern techniques for high speed network packet filtering on Linux. We will follow the evolution of the subject, starting with Iptables and userspace offload solutions (such as EF_VI and Netmap), discussing their use cases and their limitations. We will then...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...