Skip to main content

More right-solid
More right-solid
More right-solid
SHOW DETAILS
eye
Title
Date Archived
Creator
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
On Feb 16th, Google published CVE-2015-7547: glibc getaddrinfo vulnerability that affects all SW compiled with GLIBC for many versions. As this vulnerability is in the code used to parse network addresses it is possible, in theory, to remotely exploit it. The Google team published a crashing POC but chose not to disclose an exploit. Our team has been studying the vulnerability and developed a technique to exploit this vulnerability and achieve remote code execution. The technique applies to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Shortly after the release of Corona, @xvolks came to @pod2g with an interesting observation. He noticed it was...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
Presentation Title Blackbox Android: Breaking "Enterprise Class" Applications and Secure Containers Presentation Abstract The Android platform is growing in popularity and is quickly being adopted in the enterprise environment. Corporations and governments now have to secure potentially sensitive information on mobile phones. In order to facilitate this, security solutions have been developed, such as "secure containers" which claim to help enterprises secure mobile devices....
Topics: Youtube, video, Science & Technology, BlackBox, Android, Breaking, Enterprise, Class,...
Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
To fight against prevalent cyber threat, more mechanisms to protect operating systems have been proposed. Specifically, approaches like DEP, ASLR, and RELRO are frequently applied on Linux to hinder memory corruption vulnerabilities. In other words, it is more difficult for adversaries to exploit bugs to undermine the system security. In this session, we will propose a new attack technique that exploits the FILE structure in GNU C Library (Glibc), and introduce how to circumvent the protection...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, angelboy, hitcon, file...
Hack In The Box Security Conference
movies
eye 18
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Fears of cyber-attacks with catastrophic physical consequences are easily capturing the public imagination. The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action, nobody is going to let one present it at a conference like Hack in the Box. As a poor substitute, this presentation will get as...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 2
favorite 0
comment 0
We have witnessed many kernel vulnerabilities of Android devices. They have already been utilized by underground businesses in malware and APTs. Unfortunately, some of these vulnerabilities remain unfixed for years, partly due to the time-consuming patching and verification procedures, or probably because the vendors care more about innovating new products than securing existing devices. As such, there are still a lot devices all over the world subject to root attacks. In this talk, we will...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, kernel, live patching,...
Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Skilled attackers continually seek out new attack vectors and effective ways of obfuscating old techniques to evade detection. Active defenders can attest to attackers’ prolific obfuscation of JavaScript, VBScript and PowerShell payloads given the ample availability of obfuscation frameworks and their effectiveness at evading many of today’s defenses. However, advanced defenders are increasingly detecting this obfuscation with help from the data science community. This approach paired with...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, obfuscation, daniel...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
Just roughly half a year ago joernchen was given the opportunity to rant about things and stuff[0]. The globe turned round and round in the meantime. So: it’s time for an update! This talk will surprise not only with follow-up raging about what’s changed. But also brand new topics will be considered for being railed against. Brace for some nyan cats, the BEST .gif files and hopefully there’s even a surprise guest on stage to collaboratively deliver the best rant wihtin a radius of roughly...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, joernchen, hitbgsec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 18
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: HTML5 has empowered browser with a number of new features and functionalities. Browsers with this new architecture include features like XMLHttpRequest Object (L2), Local Storage, File System APIs, WebSQL, WebSocket, File APIs and many more. The browser is emerging as a platform like a little operating system and expanded its attack surface significantly. Applications developed in this new...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, html 5, csrf, xss, web,...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
Memory corruption exploitation have been around since 1988, after the Morris worm breakout. Exploitation of memory corruption has been seen widely targeted regardless from closed source to open source. Vulnerability classes has been introduced to differ type of memory corruptions. Different classes will have a different type of exploitation, thus introducing exploitation techniques such as Return Oriented Programming (ROP), return-to-libc (ret2libc), and many more. Memory corruption has been...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jaan yeh, nafiez, hitb...
Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
The underground market offers everything from accommodation, to flight tickets and car rental. This presentation covers research of underground travel fraud schemes which are frequently exploited for profit. This includes a variety of abuses, from credit card fraud to exploitation of vulnerabilities in traveling systems and platforms and mileage programs. We cover a number of typical cases that we encountered in our investigation, studying the victim perspective of the fraud, the “customer”...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, mayra fuentes, lion gu,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
Have you ever cared for the security of the place where you usually live? Have you ever felt that you live in a city that is not taking care of the secure implementations of new technologies and therefore potentially threatening citizens’ life? The aim of this panel discussion is to share thoughts, problems and solutions regarding the communication between users, hackers, vendors and governments or administrative offices. This comes along with the discussion of technical challenges and the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
This talk will provide an in-depth treatment of satellite telephony networks from a security perspective. The overall system seems secure, but in reality, it cannot be expected to be fully reliable. We will briefly cover the satellite mobile system architecture, then discuss GMR (GEO-Mobile Radio) system elements, e.g. GSS (Gateway Station Subsystem), MES (Mobile Earth Station), AOC (Advanced Operation Center), and TCS (Traffic Control Subsystem) for GMR-1 systems and NCC (Network Control...
Topics: Youtube, video, Science & Technology, Satellite, Telephony, Security, What, is, and, Will,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=3cFCs6YkwMs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Since it’s introduction at WWDC in 2014 Swift has progressed significantly as a language and has seen increased adoption by iOS and OSX developers. Despite this, information pertaining to reverse engineering Swift applications is sparse and not openly discussed. This talk will dive into the Swift language and explore reverse engineering Swift apps from a security perspective. Topics that will be covered include quick intro to Swift from a pen testers perspective, various methods for obtaining...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, swift, apple,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Have you ever wondered how to get access to the crucial data stored on a Fortune 2000 CEO’s mobile phone and rule the world? Today, we are witnessing an unprecedented number of mobile devices being integrated into the core business processes of companies and being actively accessed by top executives to manage them remotely. Another aspect is the level of access: even if mobile access for a typical middle...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
In 2016, several Stagefright inspired mitigations have been added to Android Nougat. One outstanding change is that the mediaserver process does not have all the capabilities like Bluetooth, etc. Those capabilities have been granted to several new daemons. Recently, Android 8.0 has released, born with new kernel harden features(PAN and KASLR, etc.) and more strict SELinux policies enforcing. Rooting large numbers of newest Android devices with one single vulnerability is quite a challenge. In...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, yong wang, yang song,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
One of the most insidious actions of malware is abusing the video and audio capabilities of an infected host to record an unknowing user. Macs of course, are not immune; malware such as OSX/Eleanor, OSX/Crisis, and others, all attempt to spy on OS X users. And as was recently shown by the author, more advanced malware could piggyback into legitimate webcam sessions in order to covertly record the local user. As there are no visible indications of this malicious activity (as the LED light is...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, patrick wardle, synack,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: With ever increasing OS, compiler and linker defences it is in the interest of researchers and security teams to understand which binaries don't leverage these available protections. The goal maybe to ensure exploitability should a vulnerability be discovered or it may be understanding where other defensive measures need to be deployed. This talk will provide a comprehensive review of the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hackers, hacking,...
Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
In the era of cyberwarfare, it becomes a norm to see cyber criminals use multi-level attacks to penetrate a multi-layered protected network infrastructure. We often see APT attackers manipulate 0-day or N-day Windows kernel vulnerabilities in order to guarantee a successful full system compromise. It would be a surprise if we do not see Windows kernel exploit involved in such targeted attacks. It is also worth noting that beside APT attackers, the botnet operators also seize the opportunity to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, exploit,...
Hack In The Box Security Conference
movies
eye 2
favorite 0
comment 0
Over the years, ring-0 vulnerabilities in mobile devices have become increasingly difficult to find and exploit. Attackers and defenders alike must find new attack vectors, as well as develop tools to expedite the research process and increase coverage. One significant challenge is a more confining sandbox. While vendors usually put less emphasis on the security of mechanisms which are not operable from within the sandbox, sandboxing applications appropriately is not always that easy. This talk...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, adam donenfeld, ios,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
The first ever HITB keynote panel discussion on the Future of Mobile Malware and Cloud Computing Security Source: https://www.youtube.com/watch?v=eEsB_AwxLQo Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
When an end user reports some “strange looking file names”, which, after investigating, you discover include several hundreds of Gigabytes of encrypted data, you of course know you are going to have a bad day. Your AV solution has failed you, your firewall has failed you, and your SIEM has failed you. Basically every piece of security infrastructure you have put your trust (and money) into has left you out in the cold and you thank (deity of choice) that at least the nightly backup was...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
Analyzing network traffic is a task that comes up often in the context of malware analysis: both before infection, in malware delivery from sites and after infection, in the communication with the C&C servers. Having this information is vital when doing dynamic analysis. However, the current solutions to this issue involve either adding a root CA (certificate authority) to the machine, splitting the traffic and resigning certificates on-the-fly or modifying crypto libraries to log extra...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, telescope,...
Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Since these last few years our world has been getting smarter and smarter. We may ask ourselves: what does smart mean? It is the possibility of building systems which are nodes of a more complex network, digitally connected to the internet and to the final users. Our cities are becoming one of those networks and over time more and more elements are getting connected to such network: from traffic lights to information signs, from traffic and surveillance cameras to transport systems. This last...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, matteo collura, matteo...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
CrowdStrike continues to expose unprecedented efforts by highly sophisticated adversaries targeting — and in some cases, selectively leaking — information stolen from sensitive government, corporate and private networks. These intrusions reflect a broad range of motives and targets, revealing many never-before-seen tactics, techniques and procedures (TTPs) that are advancing the art of data manipulation and attack obfuscation, while raising the bar significantly for organizations seeking to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, george kurtz,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
Modern Intel CPUs allow using JTAG-like interface through USB 3.0, it available on numerous platforms. These make it possible to control a system totally, making the technology attractive not only for debugging and research. Starting with Skylake, Intel introduced Direct Connect Interface(DCI) technology, and you can find a rather superficial description of it in the docs. Exist two types of connection: using a specific device, the so-called Intel SVT Closed Chassis Adapter, or a common USB3...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, mark ermalov, maxim...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
Compilers of interpreter languages were developed in order to speed up execution in the race for web browser performance. Various different compilers and analysis stages are involved to aggressively transform JavaScript code into machine code of the architecture the browser runs on. With the aim to squeeze the very last bit of performance out of our precious and indispensable browsers, Just-In-Time (JIT) compilation gained widespread adoption. It provides near-native run time for otherwise...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, robert gawlik, memory...
Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
Just as Cloud as SaaS changed how networks and applications are built, they also changed how we secure them. Now, we may be on the brink of the next major shift in philosophy toward “mutualization of enterprise infrastructure,” decentralization of data aggregators, and (maybe??) incentivizing everyone everywhere with shiny cryptoeconomic tokens (probably not). In this keynote, Amber Baldet will pick out the truly intriguing signal from the mass of blockchain hype, discussing what’s...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, amber baldet, jp morgan,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 7
favorite 0
comment 0
Keynote 1 @ HITB2010 Malaysia presented by Chris 'weldpond' Wysopal on The Perpetual Insecurity Machine Source: https://www.youtube.com/watch?v=3g3WgFVb3RM Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
In recent years, attacking air gapped networks through HID devices is becoming popular. The HID attack uses the USB interface to forge the user’s keystrokes or mouse movement to modify the system settings and run malware. In 2009, NSA’s Office of Tailored Access Operations (TAO) developed the COTTON-MOUTH – a USB hardware implant which provides a wireless bridge into a target network as well as the ability to load exploit software onto a target machine. Unlike COTTON-MOUTH, Ghost Tunnel...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jun li, kunzhe chai,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
Perf has been added into Linux kernel since 2.6.3x to provide a framework for all things performance analysis. It covers hardware level (CPU/PMU, Performance Monitoring Unit) features and software features (software counters, trace points) as well. Among the supported perf measurable event list, there is a small set of common hardware events monikers which get mapped onto an actual events provided by the CPU, if they exists, otherwise the event cannot be used. So there is no surprise CPU...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, perf,...
Hack In The Box Security Conference
movies
eye 1
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=R-RP0BZGCQ4 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 1
favorite 0
comment 0
The zero-day market has recently experienced an exponential growth with top exploit prices reaching the seven figures. Together with “standard” exploits affecting IT and end-users’ technologies, the black market is nowadays offering a new, widely-wanted and refined product: cyber weapons to target Industrial Control Systems (ICS), Critical Infrastructures, and Smart Cities environments. Objective of this panel will be discussing the impact of exploits leveraging unpublished...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, SAM GOH, Andrea...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=j1dO_UCx9O4 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
For the past ten years the KARMA attack has been the industry standard for causing a Wi-Fi client to automatically connect to an attacker-controlled Access Point. In the KARMA attack the attacker introduces an access point that bares the same characteristics as a (open) network which the client has connected to in the past (and will continue to connect to if given the chance, due to automatic association rules). Information about such networks were leaked to nearby stations during the Wi-Fi...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, George Chatzisofroniou,...
Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
KEYNOTE MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ KEYNOTE ABSTRACT: Organized criminals, nation-state groups and hacktivists continue to wreak havoc within organizations of all sizes in spite of their security teams' best efforts. Are security teams just not getting it? No -- it's just that security teams today must face unknown and unexpected attacks when there is a legacy over-reliance on antiquated incident management processes, an over-dependence on obsolete...
Topics: Youtube, video, Science & Technology, amsterdam, analytics, big data analytics, hitbsecconf,...
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Web browsers have become part of everyday life, and are relied upon by millions of internet citizens each day. The...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Has it ever happened to you on a Friday afternoon, just before closing your laptop, tidying your desk before a long weekend? A weekend that indeed looks now very long in perspective? A server disappeared! A network device that blinks mysteriously and frantically like a Christmas tree. No clues yet to be found? Feeling like calling Watson? Call no one but become Sherlock himself to uncover the truth! This session will reveal some of Moriarty’s machinations and some cyber forensics techniques...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, nicolas collery,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 7
favorite 0
comment 0
Keynote 1 @ HITB2010 Malaysia presented by Chris 'weldpond' Wysopal on The Perpetual Insecurity Machine Source: https://www.youtube.com/watch?v=GLfjXqFfo4c Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
In a world where governments are demanding exceptional (and unprecedented) access to systems under the guise of national security and the looming specter of terrorism, recent events have resurfaced the conflict between privacy and security. While some believe this to be a new battle of the Internet age, it’s just a continuation of the unending crypto war between technologists and law enforcement. Mr Adams will give a brief overview of the recent FBI vs. Apple debate, how companies with large...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, keynote
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 1
favorite 0
comment 0
ChatOps, a concept originating from Github, is chatroom-driven DevOps for distributed teams, using chatbots (like Hubot) to execute custom scripts and plugins. We have applied the concept of ChatOps to the penetration testing workflow, and found that it fits outstandingly – for everything from routine scanning to spearphishing to pentest gamification. This talk discusses the tools that we use (RocketChat, Hubot, Gitlab, pentesting tools), and provides battle stories of using Pentesting...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However, when the system is compromised and requires careful forensic analysis, FDE can be quite painful to forensic analysts. Unless you deal with standard and widely supported encryption such as LUKS, Bitlocker, TrueCrypt or few others, it might really hard to get through the layers of crypto code in proprietary software. This presentation will attempt to solve this by...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, nicolas collery, vitaly...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: IPv6 provides a rich complexity of extension headers and options and a massive address space. This talk shows how … – this can be exploited to perform any kind of attack that are not detected by the major IDS/IPS systems on the market – source blocking can be circumvented – data exfiltration can be performed – and how these attacks can be mitigated – which is difficult. A new tool called...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: This presentation will be a practical demonstration on how to remotely attack and take full control of an aircraft, exposing some of the results of my three years research on the aviation security field. The attack performed will follow the classical methodology, divided in discovery, information gathering, exploitation and post-exploitation phases. The complete attack will be accomplished...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hugo teso, nruns ag,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Human societies run on trust. Every day, we all trust millions of people, organizations, and systems — and we do it so easily that we barely notice. But in any system of trust, there is an...
Topics: Youtube, video, Science & Technology, hitb2012ams, hitb, hitbsecconf, amsterdam, netherlands,...
Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
The “knowledge factor” (using passwords for authentication) will never be enough for security. We need the second layer of defense — a “possession factor” or sometimes called the “Two-Factor Authentication”, hence the term, “2FA”. Nowadays many organization plans to adopt password-free login to authenticate their systems, thereby completely replacing the password-based authentication with key-based authentication, which they believed is more secure. However, the truth is far...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, maxwell koh, hitbgsec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 2
favorite 0
comment 0
Presentation Title Privacy, Secrecy, Freedom and Power Presentation Abstract Technological advances have both diminished and enhanced the ability to keep information private, but on balance have challenged privacy more than strengthened it. As a result, the law has been under pressure to play an increasing role in protecting secrecy, whether in class action lawsuits or national security prosecutions. But the law is a dull tool, so we are living through a kind of information anarchy now where...
Topics: Youtube, video, Science & Technology, Privacy, Secrecy
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
In recent years, there has been a push towards using open-source and third party libraries as part of software development. There are thousands of new libraries released to sites such as npm, RubyGems and Maven Central every day which contributes to this growing phenomenon and allows developers to use package managers to keep track of them. However, alongside the convenience of having pieces of programs pre-written, it also opens up software to third party risk. There have been a several...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, copy-paste...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
Six years ago a tweet about a broken elevator was the starting point of endless rumors and a gigantic hype in the jailbreak scene about a miraculous iOS jailbreak called elevat0r. While the name was originally a joke by some people who wanted to fool the jailbreaking scene since then it has been my goto name for all my private jailbreaks. Since then a long time has passed and all the vulnerabilities used in the original incarnation of the first elevat0r have been fixed by Apple. But their story...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, stefan esser, ionic,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
Content Security Policy (CSP) is a defense-in-depth mechanism to restrict resources that can be loaded, embedded and executed in a web application, significantly reducing the risk and impact of injections. It is supported by most modern browsers, and it already is at its third iteration – yet, adoption in the web is struggling. In this presentation we will highlight the major roadblocks that make CSP deployment difficult, common mistakes, talk about what works and what doesn’t in different...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, csp,...
Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
QEMU is a fundamental part of modern open source virtualization solution, especially in KVM and Xen. As a complete virtualization solution, QEMU should emulate the processor, memory and peripheral device. These makes QEMU very complex and exposes a lot of attack surfaces. In this year, we did a deep vulnerability discovery in QEMU and discovered 60+ vulnerabilities and got 70+ CVE now. We have summarized kinds of the attack surface and vulnerability types in QEMU. In this presentation, we will...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, qiang li, zhibin hu,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 2
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: The debate between security and privacy advocates usually comes down to three core arguments: The Security advocate argues that the risk of material or significant impact to critical infrastructure and services is high (and growing), and that these concerns trump the need to protect the privacy of the individual. The Privacy advocate defends their position with a defense of civil liberties as absolute and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
The Internet and the security industry have been on fire for the last several months with threats that are plaguing the Internet: worms and SMB vulnerabilities. Wait is it 2017 or 2003? It’s obvious that we are failing at basic security. Case in point: 991,812. That’s how many internet-connected hosts were listening on port 445 as of May 19th 2017. This talk will discuss how everything is cyclical and the last handful of years we have regressed from strong security controls to one of data...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 7
favorite 0
comment 0
In his talk Chris van den Hooven explores the relationship between CISO’s and hackers. Where hackers have their fun hacking applications and networks while finding and reporting vulnerabilities, CISO’s face their own challenges. Next to assessing the risk of getting hacked there is always the question where to put the company’s money. How can the hacker help the CISO? === Chris holds a bachelor degree in Engineering and he did his Master in Management &ICT. He has more than 15 years...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Chris van den Hooven,...
Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated uniquely with the Onion Routing (TOR), the DeepWeb’s ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 26
favorite 0
comment 0
A last minute open panel discussion slotted in to replace the PEDA talk by Thanh Nguyen and Long Le of VNSECURITY which had to unfortunately be cancelled. Featuring (L-R): Rodrigo 'bsdaemon' Branco, Ben Nagy, The Grugq, Saumil Shah (who joined the discussion in the second half), Marc 'van hauser' Heuse and Felix 'FX' Lindner . ABOUT RODRIGO RUBIRA BRANCO Rodrigo Rubira Branco (BSDaemon) is the Director of Vulnerability & Malware Research at Qualys. In 2011 he was honored as one of the top...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, open bottle, panel...
Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
Having had great success with the first part of our research "A crushing blow at the heart of SAP's J2EE Engine" this is a continuation in this series of presentations and will look deeper at new web-based attacks and post exploitations on SAP's J2EE applications. We will explain the architecture of SAP's J2EE engine and give a complete tour into its internals. Thereafter, we will show a number of previously unknown architecture and program vulnerabilities from auth bypasses,...
Topics: Youtube, video, Science & Technology, SAPocalypse Now
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
The history of hacking both new and old will be presented in music in this serious all-singing musical revue. Your favorite new hacks, long forgotten hacks, 0days, and computer security lessons will be told in song. It’s all happened before, and it will all happen again. These cautionary tales of hacking, crypto, computer security, reverse engineering, and pen testing will reawaken your passion for getting things right both at work and at home. Think you know all about your servers? Do you...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, fbz, fabienne serriere,...
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
In recent years, there has been a rapid growth in smartphone sales and adoption. According to Gartner there was 379,977.3 thousand smartphones sold in the first quarter of 2017, representing 9 percent year over year (YoY) growth over the first quarter of 2016. On the other hand, according to IDC, the PC market only experience a tepid year-over-year growth of 0.6%, resulting in a 60,328 thousands of units being shipped in the same period. Of all smartphones being sold in the first quarter of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, minh tran, machine...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Honeypot is not simply a piece of cybersecurity technology. I view it as a concept which value lies heavily on education rather than simply operations. I’ve been conducting research and development with students from polytechnics to experiment with honeypots to learn more about “the more interesting stuff” (i.e. the topics cited above) rather than honeypots itself. Many aspiring cybersecurity professionals chooses the path of red team by default because it’s something they can do on...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, emil tan, smurf,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=t0SeSapcguI Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware. Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, bsdaemon, rodrigo rubira...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 2
favorite 0
comment 0
Keynote 2 @ HITB2010 Malaysia presented by Paul Vixie on Taking Back the DNS Source: https://www.youtube.com/watch?v=9ioxGlpm7h8 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: I've been in the home computing industry ever since it started. From the IBM-360 Main frame through a college course, to a small mini-computer operated by a private individual, Call Computer. Having lived in Silicon valley, the center of all this activity, I managed to be in the right spots most of the time, and have a knack for putting people together -- Steve Wozniak with Alex from Call...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, john draper, captain...
Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
From the ’60s and ’70s, the hacker community started to design tools and procedures in order to take advantage of telephone networks (such as blue boxes, phreaking, etc.). These old school hacking techniques are coming back with the commercialization of cheap open hardware which establish new threats. In this talk, we are going to contextualize some phreaking practices and introduce new threats including a way to modify the behaviour of GSM (Global System for Mobile Communications) antennas...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Jorge Cuadrado Saez,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
Zero-­day vulnerabilities – holes in software that are unknown to the parties who can mitigate their specific negative effects, are gaining a prominent role in the modern­-day intelligence, national security, and law enforcement operations. At the same time, the lack of transparency and accountability in their trade and adoption, their possible over-exploitation or abuse, the latent conflict of interests by entities handling them, and their potential double effect may pose societal risks or...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Modern cyber network operations, whether defensive or offensive suffer from a unique predicament. As professionals in the field of cybersecurity we are inundated with information overload, defining return on investment, metrics, and politics. All the while we seek the same goals as our physical-world intelligence and counterintelligence counterparts, which is to protect the secrets that allow our organizations to provide for our way of life. By reframing the context of our daily cybersecurity...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, joseph hesse, kamal...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Listening to the network traffic and detecting network attacks are always exciting experiences. In this session, we will explore the emerging threat landscape brought about by the explosion of IoT (Internet of Things) devices and showcase an IoT honeypot developed for fun (and profit?). === Tan Kean Siong is an independent security researcher and Hack In The Box.my Core Crew. As the member of The Honeynet Project (Malaysian Chapter), he enjoys reading the backlog of various honeypot sensors...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, iot, honeypot,...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
Sandboxing is a popular modern technique used by vendors to minimize the damages that attackers might inflict on a compromised system by restricting the application’s trust boundaries. Sandboxing raises the bar for exploitation because the compromised application is now “contained”, and typically need at least another vulnerability to escape the sandbox container to achieve the same level of system compromise. As a testament of its effectiveness, popular applications that have adopted...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, yong chuan koh, mwr,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
This talk is based on results of R&D project aimed to build a solution for user behavior security analytics. I will describe various methods and ideas for anomaly detection solutions built to understand user behavior trends and find abnormal activity using state-of-the-art neural networks. The talk covers things like: Empowering a feature selection process with clustering algorithms Checking the quality of data with a serial correlation algorithm Implementing a behavioral whitelisting with...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, eugene neyolov, machine...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: The importance of software security and integrity of common embedded devices is still often overlooked by many. Compromising the important part of a network (modems, routers/switches, etc.) yields a unique and powerful vector for both eavesdropping and injection of packets. This talk will cover the main aspects of a typical DSL modem and the risks that emerge from the ways ISP's are trying to...
Topics: Youtube, video, Science & Technology, ISP, peter geissler, hitb2013ams, hackinthebox, ADSL,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: If you want to believe popular movies or worse yet popular news, a hacker's perfect habitat is either a riverside apartment in the tropics, an ominous apartment in Eastern Europe or an unsuspecting mother's basement in the United States. Obviously, neither movie directors nor reporters have ever worked security in the Far East. In this presentation, we will shine a light on how security...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, paul sebastian ziegler,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 7
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Huawei routers are no longer devices only seen in China. Entire countries run their Internet infrastructure exclusively on these products and established tier 1 ISPs make increasing use of them. However, very little is known of Huawei's Software Platform and its security. This presentation will introduce the architecture, special properties of configurations and services as well as how to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, 0day, hackers, hacking,...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=KoRUF-YC1JY Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=fFkGdT6W2FA Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
Hosting providers, while a critical enabler of online businesses globally, are used to carry out ransomware, phishing, and other attacks by cybercriminals. For all the legitimate hosting providers in the world, providing IT services to ordinary businesses, abuse of hosting providers is widespread. The problem of legitimate-but-abused and bulletproof hosters is a problem that exists in any country that is a nexus of internet hosting. Therefore, this talk is of particular relevance and interest...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2018ams, rogue...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 2
favorite 0
comment 0
The Haxpo track is a series of fast paced, 30-min lightning talks on technology, security, and emerging innovations. Over the years, the Haxpo track has hosted numerous ground breaking talks, including by Facebook’s Director of Security Operations and Philip Zimmermann, the creator of PGP. Agenda: https://haxpo.nl/haxpo-track/ Source: https://www.youtube.com/watch?v=DhLNEJEZYYY Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, haxpo, hitbhaxpo,...
Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
This talks explores a real-world Red Teaming operation where the targeted organization, a company operating in the manufacturing sector, defined a very clear goal for the mission: steal a receipt adopted by a brand-new machinery installed in a company’s facility. Since the receipt was stored inside the PLC used by the machinery some SCADA hacking was required. The talk will run through the preparation steps required to perform the physical intrusion and the process for the creation of an...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, matteo beccaro, red...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
The majority of applications written in Java use Object-relational Mapping (ORM) libraries for working with underlying relational database management systems (RDBMS). Java has API for utilizing ORM functionality called Java Persistence API (JPA), which is the part of J2SE and J2EE specifications since version 5. Usage of ORM simplifies database programming and gives solid benefits to the developer over plain JDBC, like providing database and schema independence, leveraging object oriented...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, orm...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
PRESENTATION ABSTRACT: OAuth has recently become a proposed standard for web authorization, intended to solve security issues of resource sharing and is being deployed by all major service providers such as Google, Facebook, Twitter, etc. We performed a security study of one of the world's largest implementations -- Facebook's OAuth 2.0 and in this presentation we will share a technical description of multiple high-impact security issues we uncovered including: - Data leakage of private...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2013ams, oauth,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 2
favorite 0
comment 0
GET operations are usually inevitable in most web exploits and the replacement of schemes in a target URL could result in different outcomes for an attacker. This presentation discusses an attack route via URL schemes. We will first briefly cover the background of URL and URI schemes, their inherent similarities and differences. We then move on to see how we can use and abuse URL schemes to extend attack surfaces and overcome limitations in current SSRF and XXE attack methods. Additionally we...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, yu hong, hitb2017ams,...
Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
SOME – “Same Origin Method Execution” is a new technique (2 years since its first big exposure) that abuses callback endpoints in order to perform a limitless number of unintended actions on a website on behalf of users, by assembling a malicious set of timed iframes and/or windows. The attack was proven against vast platforms such as WordPress and various web applications built by Google, Paypal, Microsoft and etc. This attack is not UI related nor it is confined in terms of user...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ben hayak, some, same...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
ECMAScript is the standard used to implement JavaScript in browsers and script engines. As new features are added, new tools become available to manipulate browsers’ underlying native code leading to new and exciting bugs. This talk discusses some of the more interesting parts of the ECMAScript specification, and how they led to bugs in Microsoft’s Chakra JavaScript Engine. A keynote recommended for people who want to find more or better browser bugs! === Natalie Silvanovich is a security...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Natalie Silvanovich,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Over the years RFID card cloning attacks have risen steadily in Red Team activity. While card cloning can be effective, entry isn’t always gained with this method alone. As Red Team members, we often focus too much on the card and not enough on the technology that supports it. Why settle for access to one door when you can have access to them all? Physical Access Systems (PACS) have several components...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=kVzXTT8oNIQ Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Most people are disturbed when they witness just how much of their personal information is accessible the very moment they visit a website. Then, if you give that [malicious] website just one mouse-click — out goes even more personally identifiable data. We're talking about full names, where you live, the town where you grew up and went to school, martial status, list of friends, sites you...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jeremiah grossman,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Unified Extensible Firmware Interface or UEFI, is the result of a common effort from several manufacturers and industry stakeholders based on an initiative from Intel. It is a new software component or 'middleware' interposed between the hardware and the operating system designed to replace the traditional aka old BIOS. This presentation is a study of the overall architecture of UEFI from a...
Topics: Youtube, video, Science & Technology, esx, kaczmarek, hitbsecconf, sebastien kaczmarek,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 1
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: In this talk we will trace the evolution of politically motivated targeted malware attacks in Asia and (diaspora groups related to Asia) over the past five years. We have been tracking targeted attack campaign attacks against human rights groups, independent media organizations, and political parties in communities related to Hong Kong, China, and the Tibetan diaspora. Through cluster analysis we identify a...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ This presentation will showcase security threats in the context of the novel platform of digital satellite TV...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: It's no surprise that a typical hackers professional path hits against custom crypto protocols from time to time. There are lots of application-specific crypto-hardened protocols written from scratch which could be found in banking, SCADA, and other types of not-so-common hardware and software systems. In this presentation, we propose a methodology for cracking such systems using a top-down...
Topics: Youtube, video, Science & Technology, scada, Hitb2013ams, hackinthebox, bank, banking, banking...
Hack In The Box Security Conference
movies
eye 3
favorite 0
comment 0
Say hello to KeRanger, Eleanor, Keydnap, Mokes, and more! 2016 was a busy year for Mac malware authors who released a variety of new macOS malware creations. Sure adware remained common, but 2016 also saw the first ‘real’ ransomware targeting Macs, plus a variety of persistent RATs and backdoors. And unfortunately the majority of this malware was initially undetected by all traditional antivirus products leaving mac users exposed! The talk will begin by providing a technical overview of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, patrick wardle, synack,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 1
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=ao-DcP6jvvs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks have in common? Vulnerable wireless protocols. Exploitation of wireless devices is growing increasingly common, thanks to the proliferation of RF protocols driven by mobile and IoT. While non-Wi-Fi and non-Bluetooth RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. Join us as we walk through the fundamentals of radio exploitation. After...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, matt knight, marc...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=Vdg7QQR3Gu8 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 17
favorite 0
comment 0
Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe. Qualcomm, a supplier of 80% of the chipsets in the Android ecosystem, has almost as much effect on Android’s security as Google. With this in mind, we decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, qualcomm, mobile...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 4
favorite 0
comment 0
Over several years, ATMs were jackpotted so many times with malware. They had various names, but equal possibility – malware based on financial applications standard. However, when banks tried to protect their ATMs from malware attacks, fraudster continued the cat-and-mouse game by ignoring the host and using different attack vectors. Malicious guys use so called “black boxes” to connect directly to dispenser to eject money. Such attacks circumvent all software protections on the host...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, atm, olga kochetova,...
Hack In The Box Security Conference
movies
eye 6
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: This lecture presents a bunch of clever tricks that will save you time and headaches when writing exploits for small embedded systems, such as smart meters, thermostats, keyboards, and mice. You'll learn how to write tiny shellcode that's quickly portable to any variant of ARM, as well as how to exploit memory corruption on an 8-bit micro that's incapable of executing RAM. You'll learn how to...
Topics: Youtube, video, Science & Technology, embedded hardware, thermostats, Tutorial, hackinthebox,...
Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
In this session, we will reveal and demonstrate perfect exfiltration via indirect covert channels (i.e. the communicating parties don’t directly exchange network packets). This is a family of techniques to exfiltrate data (low throughput) from an enterprise in a manner indistinguishable from genuine traffic. Using HTTP and exploiting a byproduct of how some websites choose to cache their pages, we will demonstrate how data can be leaked without raising any suspicion. These techniques are...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
YARA is a tool aimed at helping malware researchers to identify and classify malware samples. Yara’s real powers are unleashed when scanning big malware libraries, finding more and more similarities. Researcher in GReAT use Yara daily. But what happens if your virus collection increases daily? Speed is a huge factor when hunting for new pieces of malware and running yara locally is not an option any more due to computing power and storage considerations. To solve this problem, we are using a...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, dan demeter, hitbgsec,...