Skip to main content

More right-solid
More right-solid
More right-solid
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 22
movies
eye 20
favorite 0
comment 0
Slides Here: /redirect?q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FYoung%2FDEFCON-22-Philip-Young-From-root-to-SPECIAL-Hacking-IBM-Mainframes-Updated.pdf&redir_token=tVZuE7xrTKW5PGb7RxNaa2W6izl8MTUzNzQwMDU4NEAxNTM3MzE0MTg0&event=video_description&v=Xfl4spvM5DI From root to SPECIAL: Pwning IBM Mainframes Philip “Soldier of Fortran” Young 1.1 million transactions are run through mainframes every second worldwide. From your flight to your ATM withdrawal...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Everyone has probably heard about orchestration and automation tools in DFIR but what if we took the same concepts from DFIR and apply that to OSINT? In this talk we will discuss how to use DFIR tools and concepts for reconnaissance, investigations, and OSINT data gathering. We will work through an automated playbook to gather evidence on things like domains, organizations and people, then discuss using integrations like Intrigue.io, Pipl, DataSploit, and more all in parallel and finally...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 22
movies
eye 8
favorite 0
comment 0
DEF CON the Mystery, Myth and Legend Panel It's hard to throw a stone these days without hitting a security/hacking conference. But, when every year the Las Vegas Metro SWAT Team stages for an interdiction of your convention, you know you have something "different". From crawling through Air Ducts to surreptitiously "acquiring" telco equipment, these are the stories of DEF CON you don't often hear about. The stories of yesteryear that not only helped shape defcon but also...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 23
movies
eye 22
favorite 0
comment 0
We've heard about hypothetical quantum computers breaking most of the public-key crypto in use—RSA, elliptic curves, etc.—and we've heard about "post-quantum" systems that resist quantum computers. We also heard about quantum computers' potential to solve other problems considerably faster than classical computers, such as discrete optimization, machine learning, or code verification problems. And we heard about a commercial quantum computer, and we heard vendors of quantum key...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 25
movies
eye 22
favorite 0
comment 0
Online phishing campaigns are one of the most typical social engineering exercises that can be conducted in the internet. In spite of the easiness with which fake websites can be deployed using tools such as Social Engineering Toolkit, attackers will sometimes be limited by the difficulties to achieve a sufficient amount of privacy in the case of being trapped. Thus, finding a set of platforms that can provide this anonymity and untraceability is needed to launch similar campaigns with the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 26
movies
eye 10
favorite 0
comment 0
Fair elections are at the core of every democracy and are of paramount importance to our national security. The confidence in our electoral process is fundamental to ensuring that every vote- and therefore every voice- matters. In recent years, our Nation has become increasingly uneasy about the potential threats to our election infrastructure. The activities to undermine the confidence in the 2016 presidential election have been well documented and the United States (U.S.) Government has...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 24
by DEFCONConference
movies
eye 33
favorite 0
comment 0
MR. ROBOT is a rare treat - a network television show whose hacker protagonist is a fully realized character with a realistically attainable set of skills. No hyper-typing, no gibberish masquerading as tech jargon, no McGuffins to magically paper over plot holes with hacker dust. MR. ROBOT takes the tech as seriously as the drama. One of the main reasons for this verisimilitude is the work of Kor Adana, MR. ROBOT's advisor on all things hackish. His fingerprints are on every terminal window in...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DC24, DC-24, Panel, security...
DEFCON 24
movies
eye 13
favorite 0
comment 0
Is the Internet going to live up to its promise as the greatest force for individual freedom that the world has ever known? Or is the hope for a global community of creative intellectual interaction lost…for now? In last year’s Black Hat keynote—entitled “Lifecycle of a Revolution”—noted privacy and civil liberties advocate Jennifer Granick told the story of the Internet utopians, people who believed that Internet technology could greatly enhance creative and intellectual freedom....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 21
movies
eye 14
favorite 0
comment 0
Legal Aspects of Full Spectrum Computer Network (Active) Defense ROBERT CLARK ATTORNEY Full spectrum computer network (active) defense mean more than simply "hacking back". We've seen a lot of this issue lately. Orin Kerr and Stewart Baker had a lengthy debate about it online. New companies with some high visibility players claim they are providing "active defense" services to their clients. But all-in-all, what does this really mean? And why is it that when you go to your...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 25
favorite 0
comment 0
Android WebLogin: Google's Skeleton Key CRAIG YOUNG VERT SECURITY RESEARCHER, TRIPWIRE Millions of businesses worldwide trust in Google Apps to run their organization's domain. The life-blood of these organizations is routinely stored with Google accounts and accessed with mobile devices. This talk explores how an adversary can parlay the compromise of a single Android device into a complete Google apps domain takeover. The attack vectors explored in this talk make use of various design...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 24
movies
eye 12
favorite 0
comment 0
Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant environment. These virtual machines are typically connected to the physical network via a virtualized network configuration. This could be as simple as a bridged interface to each virtual machine or as complicated as a virtual switch providing more robust networking features such as VLANs, QoS, and monitoring. At DEF CON 23, we presented how attacks known to be successful on physical switches...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 23
by DEFCONConference
movies
eye 2
favorite 0
comment 0
Contests Closing Ceremonies for DEF CON 23 Source: https://www.youtube.com/watch?v=2P7r5g4SkuY Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, Dc-23, hack, hacker,...
DEFCON 25
movies
eye 9
favorite 0
comment 0
WannaCry, Eternal Blue, SambaCry are the popular topic recently. During the outbreak in May 2017, we designed a 'real' Windows 7 / Samba server with the open source Dionaea honeypot and exposed the favourable SMB port to the world. There are tons of expected WannaCry attacked the pot, and interestingly there are more juicy collection than that! In this session, we would like to present the stories from a 15 days SMB honeypot. As a honeypot hobbyist, we deployed an emulated Windows 7 machine...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 23
movies
eye 9
favorite 0
comment 0
In the past year, I found myself immersed in the multi-billion dollar digital advertising industry. This gave me the opportunity to investigate the unique security challenges and issues facing the industry. It was a shock to me at first how complex the advertising ecosystem was particularly in the advent of programmatic advertising. But I dove in head first and learned a lot which I would like to share with my fellow security professionals. During this time, I got involved with unscrupulous...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 25
by DEFCONConference
movies
eye 43
favorite 0
comment 0
Former world chess champion Garry Kasparov has a unique place in history as the proverbial "man" in "man vs. machine" thanks to his iconic matches against the IBM supercomputer Deep Blue. Kasparov walked away from that watershed moment in artificial intelligence history with a passion for finding ways humans and intelligent machines could work together. In the spirit of "if you can't beat'em, join'em," Kasparov has explored that potential for the 20 years since his...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 25, DC25, DC-25, hackers,...
DEFCON 22
movies
eye 12
favorite 0
comment 0
Slides here: /redirect?q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FCampbell%2FDEFCON-22-Christopher-Campbell-The-Secret-Life-of-Krbtgt.pdf&event=video_description&v=7HdcEQGQZDU&redir_token=XUAls5sLm4iDgHPV7bVSprWmtet8MTUzNzM5ODAwNUAxNTM3MzExNjA1 The Secret Life of Krbtgt Christopher Campbell SECURITY RESEARCHER A tale of peril and woe, Krbtgt is the domain account that you just can't quit. Quiet and harmless, it has been with your enterprise since you...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 23
movies
eye 18
favorite 0
comment 0
TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record video and audio, as well as stream video to other devices using its own wireless network and mobile applications. In this...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Intenet of Things, IoT, DEF...
DEFCON 21
movies
eye 13
favorite 0
comment 0
The Bluetooth Device Database RYAN HOLEMAN SENIOR SOFTWARE DEVELOPER, ZIFTEN TECHNOLOGIES As of 2013, it is estimated that there are now billions of bluetooth devices deployed worldwide. The goal of the Bluetooth Database Project is to track and freely distribute real time sightings and statistics of these wide spread devices. The data collected from these devices can be used to answer questions pertaining to various topics, such as device geolocation, device proliferation, population analysis,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 23
movies
eye 15
favorite 0
comment 0
The Harness toolset aims to give penetration testers and red teams the ability to pull a remote powershell interface with all the same features of the native Powershell CLI and more. Several tools and utilities have been released to solve the powershell weaponization problem, but no freely available tool give operators the full capabilities of powershell through a remote interface. We’ll start the talk with a quick survey of the previous methods of weaponizing powershell, and then move into...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 21
movies
eye 10
favorite 0
comment 0
DNS May Be Hazardous to Your Health ROBERT STUCKE SECURITY RESEARCHER The largest manufacturer of laptops, one of the largest consulting firms, and a big data behemoth all walk into a bar... His research explores many self-inflicted gaps that continue to plague even the largest companies. These gaps are often seen as trivial and ignored, thus making all of their DNS investments lead to a false sense of security. Too much effort and trust go into vendor solutions when 'common sense' and 'due...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 22
movies
eye 5
favorite 0
comment 0
Slides Here: /redirect?event=video_description&v=nX9JXI4l3-E&redir_token=4u5f22ke16CDdP3ILZ2m4wch7Mp8MTUzNzM5OTA5N0AxNTM3MzEyNjk3&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FGraham-McMillan-Tentler%2FDEFCON-22-Graham-McMillan-Tentler-Masscaning-the-Internet.pdf Mass Scanning the Internet: Tips, Tricks, Results Robert Graham Paul McMillan Dan Tentler Scanning the net -- the entire net -- is now a thing. This talk will discuss how to do it, such as how to...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 26
movies
eye 11
favorite 0
comment 0
Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Though SDN's software-based architecture enables network programmability, it also introduces dangerous code vulnerabilities into SDN controllers. However, the decoupled SDN control plane and data plane only communicate with each other with pre-defined protocol interactions, which largely increases the difficulty of exploiting such security weaknesses from the data plane. In this...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 21
movies
eye 30
favorite 0
comment 0
Doing Bad Things to 'Good' Security Appliances PHORKUS (MARK CAREY) CHIEF SCIENTIST, PEAK SECURITY EVILROB (ROB BATHURST) THAT GUY The problem with security appliances is verifying that they are as good as the marketing has lead you to believe. You need to spend lots of money to buy a unit, or figure out how to obtain it another way; we chose eBay. We now have a hardened, encrypted, AES 256 tape storage unit and a mission, break it every way possible! We're going to dive into the finer points...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 23
movies
eye 32
favorite 0
comment 0
The security of SSL/TLS is built on a rickety scaffolding of trust. At the core of this system is an ever growing number of Certificate Authorities that most people (and software) take for granted. Recent attacks have exploited this inherent trust to covertly intercept, monitor and manipulate supposedly secure communications. These types of attack endanger everyone, especially when they remain undetected. Unfortunately, there are few tools that non-technical humans can use to verify that their...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 24
movies
eye 13
favorite 0
comment 0
LTE is a more advanced mobile network but not absolutely secure. Recently there already some papers those exposed the vulnerabilities of LTE network. In this presentation, we will introduce one method which jointly exploits the vulnerabilities in tracking area update procedure, attach procedure, and RRC redirection procedure, and finally can force a targeted LTE cellphone to downgrade into a malicious GSM network, then consequently can eavesdrop its data traffic or even voice call. This attack...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 21
movies
eye 11
favorite 0
comment 0
Business logic flaws in mobile operators services BOGDAN ALECU INDEPENDENT SECURITY RESEARCHER GSM has been attacked in many different ways in the past years. But regardless of the protocol issues, there are also flaws in the logic of the mobile operators' services. One may think that finding an issue which affects only one specific operator in some country couldn't affect other operators. However, this is not the case as most of the operators are using the same equipment and have the same...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 26
movies
eye 5
favorite 0
comment 0
The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit techniques...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 6
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=PQXCTOKRrNQ Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
Advanced malware such as TDL4, Rovnix, Gapz, Omasco, Mebromi and others have exposed in recent years various techniques used to circumvent the usual defenses and have shown how much companies are not prepared to deal with these sophisticated threats. Although the industry has implemented new protections such as Virtualized Based Security, Windows SMM Security Mitigation Table (WSMT), Kernel Code Signing, HVCI, ELAM, Secure Boot, Boot Guard, BIOS Guard, and many others, it is still unknown the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
Getting started in car hacking can be a daunting and expensive hobby. In this talk I am going to walk you through what you need to buy (and what you can likely skip). I will also be releasing a quick start guide and a script to help new car hackers build a "Car Hacking" system. Source: https://www.youtube.com/watch?v=YFMqGyWyWCo Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 6
favorite 0
comment 0
With a surge in the production of internet of things (IoT) devices, embedded development tools are becoming commonplace and the software they run on is often trusted to run in escalated modes. However, some of the embedded development tools on the market contain serious vulnerabilities that put users at risk. In this talk we discuss the various attack vectors that these embedded development tools expose users to, and why users should not blindly trust their tools. This talk will detail a...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 7
favorite 0
comment 0
With "Trust none over the Internet" mindset, securing all communication between a client and a server with protocols such as TLS has become a common practice. However, while the communication over Internet is routinely secured, there is still an area where such security awareness is not seen: inside individual computers, where adversaries are often not expected. This talk discusses the security of various inter-process communication (IPC) mechanisms that local processes and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
Are you a malware developer for Android devices? We have very bad news for you: the Android-SDK packager (aapt) is leaking your time zone! We have found a bug inside this Android-SDK's component that relies in not properly setting the value of a variable used as an argument for localtime() function, when setting the "Last Modified" field for the Android App's files. Because of this, the time zone of anyone using the Android-SDK packager to generate their APKs is leaked. The curious...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Forget 0 days, long live "forever days" ! In this talk, we'll take a look at how Schneider PLCs rely on an undocumented Modbus function code for administrative actions (start/stop, download and upload ladder logic, ...). We'll also demo the dedicated Metasploit program, and discuss the security level on newer Schneider PLCs. We'll conclude with defensive measures you can take to prevent attacks using this protocol. Source: https://www.youtube.com/watch?v=A_B69Rifu1g Uploader:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 5
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=ImgaEqOQlSQ Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 4
favorite 0
comment 0
Back in 2016, it was very new the way how the Facebook mobile application implements content through ““Instant articles””. A user can view content from third parties directly in the Facebook platform without requiring to open the Browser, for instance. This content can also be shared, saved, opened in browser and so on. In this talk, we will share how this Instant articles, and the way the were shared, lead us to the possibility to access Facebook accounts and how through internet...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
This presentation will walk audience through and explain recently developed Kismet features that greatly benefit multiple radio cards setup. Support for multiple devices allows smarter splitting across them, including separate discovery and tracking activities, as well as dedicating certain radios to targeted bands and channels ranges. Coming Kismet release (currently under development, slated to be released shortly) has new and very flexible configuration options targeting utilization of...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 6
favorite 0
comment 0
What is cognitive memory? How can you "implant" a password into it? Is this truly secure? Curiosity around these questions prompted exploration of the research and concepts surrounding the idea of making the authentication process more secure by implanting passwords into an individual's memory. The result? The idea is that you are not able to reveal your credentials under duress but you are still able to authenticate to a system. We will begin with an understanding of cognitive...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
The Infusion Pumps Market is expected to be worth $10.84 Billion USD by 2021 per "Market and Markets" forecast. The Infusion Pump is a costly and sensitive medical device used to deliver fluids, medications, blood and blood products to adult, pediatric or neonatal patients in a manual or automated way, yes, automated way, any malfunction either intended or unexpected could severely harm humans. We did the investment and bought an IV Pump Unit and IV Pump module made by Bectron since...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 11
favorite 1
comment 0
Source: https://www.youtube.com/watch?v=c5Sen9CBCu0 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 4
favorite 0
comment 0
One software product that red teamers will almost certainly find on any compromised workstation is Microsoft Office. This talk will discuss the ways that native functionality within Office can be abused to obtain persistence. The following opportunities for Office-based persistence will be discussed: (1) WLL and XLL add-ins for Word and Excel - a legacy add-in that allows arbitrary DLL loading. (2) VBA add-ins for Excel and PowerPoint - an alternative to backdoored template files, which...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Is hacking in your blood? Do you see projects where others simply see problems? If something is "broken," do you try to fix it yourself before you ask for help or consider throwing it away? That's awesome, but, there are hurdles to face when embarking on projects... sometimes, the hardest problems to overcome happen right at the start: finding the right tools and parts to use! This talk will offer some tips, tricks, and stories to help you get what you need while avoiding obstacles...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 4
favorite 0
comment 0
You can't protect yourself unless you know what you own. Find out how an attacker finds the hidden parts of companies to know where to attack. Source: https://www.youtube.com/watch?v=zPjgUqeQbVA Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
Opening Ceremonies Source: https://www.youtube.com/watch?v=OIVvRP9-b4M Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Most people lock their doors at night, however if you walk into someone's home you likely won't find every piece of furniture bolted to the floor as well. We trust that if someone is inside our home they are supposed to be there. Unfortunately many developers treat local networks just the same, assuming all internal HTTP traffic is trusted, however this is not always the case. They incorrectly assume that their services will be protected by the same-origin policy in browsers, rather than...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Can you tell the difference between gооgle.com and google.com? How about xn--ggle-55da.com and google.com? Both domain names are valid and show up in the Certificate Transparency log. This talk will be a fun and frustrating look at typosquatting, bitsquatting and IDN homoglyphs. This talk will cover the basics, show real-world examples and show how to use Certificate Transparency to track down particularly malicious impersonating domain names which have valid X.509 certificates. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=v5UcuY33Hic Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 3
favorite 0
comment 0
With 313 million active users and approximately 500 million Tweets sent per day, Twitter has plenty of low-hanging fruit ripe for OSINT picking. Learn from an experienced information professional how to craft advanced searches to retrieve data from this popular social media platform. Understand the search commands that Twitter uses, tips and techniques for extracting data, examine some of the lesser-known features of Twitter, and get a glimpse of some of the resources that work in conjunction...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies
eye 10
favorite 0
comment 0
NFC (Near Field Communication) technology is widely used in security, bank, payment and personal information exchange fields now, which is highly well-developed. Corresponding, the attacking methods against NFC are also emerged in endlessly. To solve this problem, we built a hardware tool which we called "UniProxy". This tool contains two self-modified high frequency card readers and two radio transmitters, which is a master-slave way. The master part can help people easily and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 24
movies
eye 22
favorite 0
comment 0
Many Bluetooth Low Energy (BLE) enabled deadbolts and padlocks have hit the market recently. These devices promise convenience and security through smartphone control. We investigated sixteen of these products from multiple vendors and discovered wireless vulnerabilities in most of them. Using a $50 antenna, we successfully picked vulnerable locks from over 400 meters away. In this presentation we introduce open source tools to crack each of the vulnerable BLE locks. Furthermore, after...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 21
movies
eye 17
favorite 0
comment 0
Please Insert Inject More Coins NICOLAS OBERLI SECURITY ENGINEER, SCRT The ccTalk protocol is widely used in the vending machine sector as well as casino gaming industry, but is actually not that much known, and very little information exists about it except the official documentation. This protocol is used to transfer money-related information between various devices and the machine mainboard like the value of the inserted bill or how many coins need to be given as change to the customer. This...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 19
favorite 0
comment 0
How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers MICHAEL SCHRENK This is the true story of a botnet that created a competitive advantage for a car dealership. This dealership found a website that offered returned lease vehicles—great cars for their inventory—but bad web design and heavy competition from other automotive dealerships made the website useless. In response, a botnet was developed to make automotive purchases with machine precision. With the...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 22
movies
eye 8
favorite 0
comment 0
Slides Here: /redirect?q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FBulygin-Bazhaniul-Furtak-Loucaides%2FDEFCON-22-Bulygin-Bazhaniul-Furtak-Loucaides-Summary-of-attacks-against-BIOS-UPDATED.pdf&v=QDSlWa9xQuA&event=video_description&redir_token=xeTSylyn5qzGHiOQ75r1iakKWGl8MTUzNzM5OTI2NkAxNTM3MzEyODY2 Summary of Attacks Against BIOS and Secure Boot Yuriy Bulygin CHIEF THREAT ARCHITECT, INTEL SECURITY Oleksandr Bazhaniuk SECURITY RESEARCHER, INTEL SECURITY...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 26
movies
eye 13
favorite 0
comment 0
Traditionally SOCs look outward from their network perimeters, missing the adversaries already operating in their networks. As SOCs improve their capabilities by turning inwards, where should they start? What techniques should they be worried about? What tools will help them? Without knowing what your adversaries can do and what your current capabilities are, it’s hard to make improvements. This talk will describe how to use the MITRE ATT&CK framework as a “scorecard” within the SOC...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 24
by DEFCONConference
movies
eye 3
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=KXycoirlm9A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology
DEFCON 25
movies
eye 18
favorite 0
comment 0
Windows Defender Advanced Threat Protection will soon be available for all Blue Teams to utilize within Windows 10 Enterprise, which includes detection of post breach tools, tactics and techniques commonly used by Red Teams, as well as behavior analytics. Combined with Microsoft Advanced Threat Analytics for user behavior analytics across the Domain, Red Teamers will soon face a significantly more challenging time maintaining stealth while performing internal recon, lateral movement, and...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON 25, DEF CON 25, DEFCON 2017,...
DEFCON 23
movies
eye 3
favorite 0
comment 0
The ELF format is ancient, and much mystery lurks in its dark depths. For 16 years, it has safely encompassed our software, providing support for binary loading, symbol resolution, and lots of very useful binary stuff. In that time, security has become a key concern, resulting in binary defenses like NX and ASLR, which have made exploiting vulnerabilities quite difficult. ASLR, for example, randomizes the location of the stack, the heap, libraries, and (optionally), the binary itself at every...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC-23, DC 23, DC23, hack,...
DEFCON 24
movies
eye 19
favorite 0
comment 0
To improve road safety and driving experiences, autonomous vehicles have emerged recently, and they can sense their surroundings and navigate without human inputs. Although promising and proving safety features, the trustworthiness of these cars has to be examined before they can be widely adopted on the road. Unlike traditional network security, autonomous vehicles rely heavily on their sensory ability of their surroundings to make driving decision, which opens a new security risk. Thus, in...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DC24, DC-24, hack, hacker, hacking,...
DEFCON 25
movies
eye 12
favorite 0
comment 0
What is cognitive memory? How can you “implant” a password into it? Is this truly secure? Curiosity around these questions prompted exploration of the research and concepts surrounding the idea of making the authentication process more secure by implanting passwords into an individual’s memory. The result? The idea is that you are not able to reveal your credentials under duress but you are still able to authenticate to a system. This talk will cover the stages of memory pertaining to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 24
movies
eye 26
favorite 0
comment 0
VNC is a great tool to use if you need to get to a box you're not physically near. The trouble with VNC is that it was invented 15+ years ago and hasn't been improved upon in any significant way. Besides the internet of things being sprinkled with VNC endpoints, there are companies which use VNC to such a large degree they need a VNC proxy on their perimeter to get to all the internal VNC hosts - some of which are ICS/SCADA devices. Stargate is the result of discovering a vulnerability in these...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON 24, DEF CON 24, DC24, DC-24,...
DEFCON 22
movies
eye 10
favorite 0
comment 0
Slides here: /redirect?v=KFx4lhxMi-M&event=video_description&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FMahjoub-Toonk-Reuille%2FDEFCON-22-Mahjoub-Reuille-Toonk-Catching-Malware-En-Masse-DNS-IP-Style-UPDATED.pdf&redir_token=z7tmvlIzYesz7khWPB8Kw6nTHQN8MTUzNzM5NzAxOUAxNTM3MzEwNjE5 Additional Materials available here:...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 24
movies
eye 13
favorite 0
comment 0
Security assessments of embedded and IoT devices often begin with testing how an attacker could recover firmware from the device. When developers have done their job well you’ll find JTAG locked-up, non-responsive serial ports, locked-down boot, and perhaps even a home brewed secure-boot solution. In this session you’ll learn details of a useful hardware/software penetration technique to attempt when you’ve run out of easier options. We’ve used this technique on two commercial device...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 22
movies
eye 4
favorite 0
comment 0
Slides Here: /redirect?redir_token=4mOePPTFFqiNwzZkdgA8Z9Wyj_N8MTUzNzQwMDA0OUAxNTM3MzEzNjQ5&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FErven-Merdinger%2FDEFCON-22-Scott-Erven-and-Shawn-Merdinger-Just-What-The-DR-Ordered-UPDATED.pdf&event=video_description&v=wTEMSBXtkAc Just What The Doctor Ordered? Scott Erven FOUNDER & PRESIDENT SECMEDIC, INC Shawn Merdinger HEALTHCARE SECURITY RESEARCHER You have already heard the stories of security researchers...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 22
by DEFCONConference
movies
eye 13
favorite 0
comment 0
Panel - Diversity in Information Security Jennifer Imhoff-Dousharm Informatics student, co-organizer of theSummit, NCWIT affiliate member Sandy “Mouse” Clark Security Researcher and part-time Phd. candidate Kristin Paget Jolly Full time hacker Vyrus Independent Security Consultant Scott Martin CIO Spikes Security Discussion from the point of view of a diverse panel of leading representatives currently in or thinking of becoming part of the Information Security industry. This panel will give...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 24
movies
eye 11
favorite 0
comment 0
Over the past year, Apple has consistently added features to prevent exploitation of the iOS kernel. These features, while largely misunderstood, provide a path for understanding of the iOS security model going forward. This talk will examine the history of iOS’s exploit mitigations from iOS 8 to iOS 9.3 in order to teach important features of the architecture. This talk will cover various enhancements that stop attackers from dynamically modifying the functionality of system services, but...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 25
movies
eye 5
favorite 0
comment 0
The second half of 2016 saw the rise of a new generation of IoT botnets consisting of webcams and other IoT devices. These botnets were then subsequently used to launch DDoS attacks on an unprecedented scale against Olympic-affiliated organizations, OVH, the web site of Brian Krebs and Dyn. Early 2017, a multi-stage Windows Trojan containing code to scan for vulnerable IoT devices and inject them with Mirai bot code was discovered. The number of IoT devices which were previously safely hidden...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 24
movies
eye 9
favorite 0
comment 0
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail Though briefly touching on generic firewall bypass techniques, this talk will largely focus on the kernel-mode...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 26
movies
eye 8
favorite 0
comment 0
Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been seen in...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 24
movies
eye 11
favorite 0
comment 0
There are multiple x86 processors in your monitor! OSD, or on-screen-display controllers are ubiquitous components in nearly all modern monitors. OSDs are typically used to generate simple menus on the monitor, allowing the user to change settings like brightness, contrast and input source. However, OSDs are effectively independent general-purpose computers that can: read the content of the screen, change arbitrary pixel values, and execute arbitrary code supplied through numerous control...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 25
movies
eye 11
favorite 0
comment 0
Windows kernel exploitation is a difficult field to get into. Learning the field well enough to write your own exploits require full walkthroughs and few of those exist. This talk will do that, release two exploits and a new GDI object abuse technique. We will provide all the detailed steps taken to develop a full privilege escalation exploit. The process includes reversing a Microsoft's patch, identifying and analyzing two bugs, developing PoCs to trigger them, turning them into code execution...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 22
movies
eye 12
favorite 0
comment 0
Slides Here: /redirect?q=https%3A%2F%2Fwww.defcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FKouns-Eiram%2FDEFCON-22-Kouns-Eiram-Screw-Becoming-A-Pentester-Bug-Bounty-Hunter-UPDATED.pdf&v=759ZalgD1vg&event=video_description&redir_token=c18lmjGhyRtvbnYkQ3KitntbMip8MTUzNzM5NTg1M0AxNTM3MzA5NDUz Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! Jake Kouns CISO, RISK BASED SECURITY Carsten Eiram CHIEF RESEARCH OFFICER, RISK BASED SECURITY Everywhere you...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 24
movies
eye 7
favorite 0
comment 0
US Army Interrogation techniques and training is the Irish Twin of Social Engineering. Objectives for both Match, obtain information from a source or target. Techniques for both match: Lying and Deception at the Source or Target Sincere and Convincing to the Source or Target Building Rapport and Confidence with the Source or Target The speaker will establish the synergy between both practices and provide insight into how to utilize this information in Social Engineering pentesting and defense...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 25
movies
eye 15
favorite 0
comment 0
operating system (and set of application programs) built on the digital molecules DNA and RNA. The genome has thousands of publicly documented, unpatchable security vulnerabilities, previously called "genetic diseases." Because emerging DNA/RNA technologies, including CRISPR-Cas9 and especially those arising from the Cancer Moonshot program, will create straightforward methods to digitally reprogram the genome in free-living humans, malicious exploitation of genomic vulnerabilities...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 24
movies
eye 5
favorite 0
comment 0
Get mirandized for an encrypted world. This talk will cover the legal doctrines and statues our government is perverting to compel individuals into decrypting their data, or conscript technology companies into subverting the security of their own products. We’ll survey the arguments being advanced by prosecutors, the resulting case law, and the ethical dilemmas facing technology companies. The session will cover the rights and civil liberties we’ve already lost, and review the current...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 21
movies
eye 14
favorite 0
comment 0
Defending Networks with Incomplete Information: A Machine Learning Approach ALEXANDRE PINTO SECURITY RESEARCHER Let's face it: we may win some battles, but we are losing the war pretty badly. Regardless of the advances in malware and targeted attacks detection technologies, our top security practitioners can only do so much in a 24 hour day. Even less, if you let them eat and sleep. On the other hand, there is a severe shortage of capable people to do "simple" security monitoring...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 25
movies
eye 10
favorite 0
comment 0
In a world filled with danger emanating from all sorts of digital channels, having a proxy (or two) that you create, control, manage and direct is not just useful, but a requirement. Instead of worrying about an ineffectual government or an incomprehensible privacy policy, it’s possible that fake identities are a way to take ownership of the problem. Fake identities in the hands of the individual, are the way to swing the pendulum of privacy back to the people. The presentation will present...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 16
favorite 0
comment 0
Why can't microscopes diagnose disease? What if they could? For the past four years our team from NYU Tandon School of Engineering has been building an IoT system capable of turning a standard microscope into a digital imaging tool. And the goal is to connect every laboratory in the world into a global network. We call our device the Auto Diagnostic Assistant, or ADA, in honor of Ada Lovelace, who likely died from undiagnosed cervical cancer. We think the biohacking village will enjoy learning...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 23
movies
eye 3
favorite 0
comment 0
Are you interested in the gory details in fixing ugly bugs? No? Just like watching stuff blow up? Go to some other talk! But if you want to see what it takes to comprehensively end an entire bug class -- how you dive into a code base, what performance and usability and maintainability and debuggability constraints it takes to make a web browser more secure -- oh do I have some dirt for you. Dan Kaminsky is Chief Scientist of White Ops. Source: https://www.youtube.com/watch?v=9wx2TnaRSGs...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Dan Kaminsky (Person),...
DEFCON 25
movies
eye 14
favorite 0
comment 0
Much of next-gen AV relies on machine learning to generalize to never-before-seen malware. Less well appreciated, however, is that machine learning can be susceptible to attack by, ironically, other machine learning models. In this talk, we demonstrate an AI agent trained through reinforcement learning to modify malware to evade machine learning malware detection. Reinforcement learning has produced game-changing AI's that top human level performance in the game of Go and a myriad of hacked...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 22
movies
eye 12
favorite 0
comment 0
Slides Here: /redirect?redir_token=7a7GIl-mZ_KTw7nfO4rEPlMRp0t8MTUzNzQwMDM4NUAxNTM3MzEzOTg1&event=video_description&v=d5jqV06Yijw&q=https%3A%2F%2Fdefcon.org%2Fimages%2Fdefcon-22%2Fdc-22-presentations%2FRowley%2FDEFCON-22-Robert-Rowley-Detecting-Defending-Against-Surveillance-State.pdf Detecting and Defending Against a Surveillance State Robert RowleySECURITY RESEARCHER, TRUSTWAVE SPIDERLABS This talk is based on semi-recent reported leaks that detail how state-actors could be...
Topics: Youtube, video, Science & Technology, DEFCON Video Series, DEFCON Conference, Defcon, DEF CON,...
DEFCON 26
movies
eye 5
favorite 0
comment 0
Google Play Store provides thousands of applications for monitoring your children/family members. Since these apps deal with highly sensitive information, they immediately raise questions on privacy and security. Who else can track the users? Is this data properly protected? To answer these questions, we analyzed a selection of the most popular tracking apps from the Google Play Store. Many apps and services suffer from grave security issues. Some apps use self-made algorithms instead of proper...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 25
movies
eye 11
favorite 0
comment 0
The conflict between cyber attackers and defenders is too often in favor of attackers. Recent results of graph theory research incorporated into red-team tools such as BloodHound, shift the balance even more dramatically towards attackers. Any regular domain user can map an entire network and extract the precise path of lateral movements needed to obtain domain admin credentials or a foothold at any other high-value asset. In this talk, we present a new practical defensive approach: deceive the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 26
movies
eye 19
favorite 0
comment 0
Why does my bank's website require my MFA token but Quicken sync does not? How is using Quicken or any personal financial software different from using my bank's website? How are they communicating with my bank? These questions ran through my head when balancing the family checkbook every month. Answering these questions led me to deeply explore the 20 year old Open Financial Exchange (OFX) protocol and the over 3000 North American banks that support it. They led me to the over 30 different...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
by DEFCONConference
movies
eye 6
favorite 0
comment 0
Ten years ago, DEF CON 101 was founded by HighWiz as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
OpenXC builds its firmware -- for both the open and proprietary builds -- using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational excersise) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How strings lead reverse engineers to interesting code via backwards...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 23
movies
eye 9
favorite 0
comment 0
A pass the hash (PtH) attack is one of the most devastating attacks to execute on the systems in a Windows domain. Many system admins are unaware about this type of attack and the amount of damage it can do. This presentation is for the system admins that don't have a full time forensics person working with them. This presentation will help identify key windows events and explain why these events are important. The presentation will also show various free tools that can assist in examining some...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DEFCON 23, DC23, DC 23,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Ever wonder why there isn't a metasploit-style framework for Android apps? We did! Whether you're a developer trying to protect your insecure app from winding up on devices, an Android n00b or a pentester trying to pwn all the things, QARK is just what you've been looking for! This tool combines SCA, teaching and automated exploitation into one, simple to use application! Speaker Bio: Tony Trummer (@SecBro1) - has been working in the IT industry for nearly 20 years and has been focused on...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, hacking,...
DEFCON 23
movies
eye 13
favorite 0
comment 0
The Open Network Install Environment, or ONIE, makes commodity or WhiteBox Ethernet possible. By placing a common, Linux-based, install environment onto the firmware of the switch, customers can deploy the Network Operating Systems of their choice onto the switch and do so whenever they like without replacing the hardware. The problem is, if this gets compromised, it also makes it possible for hackers to install malware onto the switch. Malware that can manipulate it and your network, and keep...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC, DC23, DC 23, DC-23,...
DEFCON 23
movies
eye 80
favorite 0
comment 0
The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies
eye 8
favorite 0
comment 0
In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader. Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples. We’ll detail out how to chain several unique issues to obtain execution in a privileged context. Finally, we’ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption....
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Adobe Systems (Award...
DEFCON 25
movies
eye 8
favorite 0
comment 0
Is Net Neutrality on the up or down? Is DRM rising or falling? Is crypto being banned, or will it win, and if it does, will its major application be ransomware or revolution? Is the arc of history bending toward justice, or snapping abruptly and plummeting toward barbarism? It's complicated. A better world isn't a product, it's a process. The right question isn't, "Does the internet make us better or worse," its: "HOW DO WE MAKE AN INTERNET THAT MAKES THE WORLD BETTER?" We...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies
eye 18
favorite 0
comment 0
As the previous Director of Security at companies like Linksys, Belkin, and Wink, I learned hard lessons about the pitfalls of PKI. This was especially true on IoT devices, where the responsibility was on consumers or site managers to update devices when security issues arose. I've experienced expired keys that killed device connections, private keys being accidentally dropped on consumer devices, and breaches that required replacing all keys on devices, servers, and user applications. That led...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 3
favorite 0
comment 0
Since Keccak has been selected as the winner of the SHA-3 competition in 2012, a myriad of different hash functions have been trending. From BLAKE2 to KangarooTwelve we'll cover what hash functions are out there, what is being used, and what you should use. Extending hash functions, we’ll also discover STROBE, a symmetric protocol framework derived from SHA-3. Source: https://www.youtube.com/watch?v=BJnjAF2cz48 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 7
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=CKfm414YsjU Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies
eye 11
favorite 0
comment 0
Recent advances in genome editing have quickly turned ideas thought restricted to science fiction into reality such as custom synthetic organisms and designer babies. These technologies rely on the fidelity of the genetic code, which translates nucleotides into proteins. The underlying mechanism of translation is well understood where triplets of nucleotides, known as codons, are recognized by transfer RNAs with complementally nucleotide triplets. These transfer RNAs carry one of twenty amino...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 23
movies
eye 9
favorite 0
comment 0
In the last year there's been an explosion of electric skateboards onto the market- seemingly volleyed into popularity by the Boosted Boards kickstarter. Following on from the success of their original Boosted Board exploit, the team went on to get their hands on the other popular boards on the market, and predictably broke all of them. Richo and Mike will investigate the security of several popular skateboards, including Boosted's flagship model and demonstrate several vulnerabilities that...
Topics: Youtube, video, Science & Technology, Skateboarding, Skateboard (Sports Equipment), DEF CON,...
DEFCON 24
movies
eye 11
favorite 0
comment 0
Secure Channel (Schannel) is Microsoft's standard SSL/TLS Library underpinning services like RDP, Outlook, Internet Explorer, Windows Update, SQL Server, LDAPS, Skype and many third party applications. Schannel has been the subject of scrutiny in the past several years from an external perspective due to reported vulnerabilities, including a RCE. What about the internals? How does Schannel guard its secrets? This talk looks at how Schannel leverages Microsoft's CryptoAPI-NG (CNG) to cache the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 25
movies
eye 12
favorite 0
comment 0
Crypto has served an important role in securing sensitive data throughout the years, but ransomware has flipped this script on its head by leveraging crypto as a means to instead prevent users from accessing their own data. The crypto seen in ransomware covers a wide range of complexity of symmetric and asymmetric algorithms, but flaws in their implementation and key storage / transmission routines have left the door open for users to retrieve their data in certain cases. In this talk, I'll...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 22
by DEFCONConference
movies
eye 2
favorite 0
comment 0
Dark Mail is not the only solution in the secure mail space, but just as Lavabit’s preoccupation with privacy and user autonomy was a rarity when it started over a decade ago, it hopes once again to push mail security forward into a new frontier. It is Dark Mail's objective to achieve the highest degree of security possible - with the introduction of an interoperable mail protocol as an open standard. To that end, we are publishing documents describing the protocol, along with a reference...
Topics: Youtube, video, Science & Technology, Dark Mail Alliance, Ladar Levison, Stephen Watt, DEF CON...
DEFCON 24
movies
eye 11
favorite 0
comment 0
The use cases for hooking code execution are abundant and this topic is very expansive. EhTracing (pronounced Tracing) is technique that allows monitoring/altering of code execution at a high rate with several distinct advantages. Full context (registers, stack & system state) hooking can be logged without needing to know a function prototype and changes to execution flow can be made as desired. Traditional detours like hooking requires a length disassembly engine than direct binary .text...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...