Skip to main content

More right-solid
More right-solid
More right-solid
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 24
movies
eye 17
favorite 0
comment 0
Over the last year, synchronized and coordinated attacks against critical infrastructure have taken center stage. Remote cyber intrusions at three Ukrainian regional electric power distribution companies in December 2015 left approximately 225,000 customers without power. Malware, like BlackEnergy, is being specially developed to target supervisory control and data acquisition (SCADA) systems. Specifically, adversaries are focusing their efforts on obtaining access to the human-machine...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 23
movies
eye 4
favorite 0
comment 0
Additional Materials available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Peter Desfigies, Joshua Brierton & Naveed Ul Islam/DEFCON-23-Desfigies-Brierton-Islam-Guests-N-Goblins-Referenc.txt Wi-Fi is a pervasive part of everyone’s everyday life. Whether it be home networks, open hotspots at cafés, corporate networks or corporate guest networks they can be found virtually everywhere. Fortunately, for the security minded, some steps are taken to secure these weak...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 21
movies
eye 13
favorite 0
comment 0
Decapping Chips the Easy Hard Way ADAM "MAJOR MALFUNCTION" LAURIE CODE MONKEY, APERTURE LABS ZAC FRANKEN CHIP MONKEY, APERTURE LABS For some time it has been possible to discover the inner workings of microprocessors with the help of a microscope and some nasty chemicals such as fuming nitric acid. However, unless you have access to a university or work science lab, this is beyond the reach of most hackers, and, even it were to be attempted, difficult and potentially extremely...
Topics: Youtube, video, Science & Technology, 2013, Security, Las Vegas, dc21, Conference, DEF CON...
DEFCON 21
movies
eye 20
favorite 0
comment 0
Dude, WTF in my car? ALBERTO GARCIA ILLERA JAVIER VAZQUEZ VIDAL The ECU tuning market is weird. There is little help from people in it, and most of the equipment is expensive. Well, not anymore! After hacking some equipment worth thousands of dollars, a new toy was born. Seed/Key algos broken, RSA bustedÖ We will learn all about Bosch EDC15 and EDC16 car ECUs. How they communicate, what protocols they use, their security and why it is worth hacking them. There will be a demonstration of a tool...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies
eye 13
favorite 0
comment 0
Conducting massive attacks with open source distributed computing ALEJANDRO CACERES OWNER, HYPERION GRAY LLC Distributed computing is sexy. Don't believe us? In this talk we'll show you, on a deep, practical level and with lots of (mostly Python) code, how a highly automated and effective computer network attack could be crafted and enhanced with the help of distributed computing over 'Big Data' technologies. Our goal is to demystify the concept of using distributed computing for network...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), 2013 Hacker Dc21 Def Con Def...
DEFCON 21
movies
eye 11
favorite 0
comment 0
An Open Letter - The White Hat's Dilemma: Professional Ethics in the Age of Swartz, PRISM and Stuxnet ALEX STAMOS CO-FOUNDER AND CTO, ISEC PARTNERS The information security world is constantly buffeted by the struggle between whitehats, blackhats, antisec, greenhats, anarchists, statists and dozens of other self-identified interest groups. While much of this internecine conflict is easily dismissed as "InfoSec Drama", the noise of interpersonal grudges often obscures a legitimate and...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies
eye 14
favorite 0
comment 0
Defending Networks with Incomplete Information: A Machine Learning Approach ALEXANDRE PINTO SECURITY RESEARCHER Let's face it: we may win some battles, but we are losing the war pretty badly. Regardless of the advances in malware and targeted attacks detection technologies, our top security practitioners can only do so much in a 24 hour day. Even less, if you let them eat and sleep. On the other hand, there is a severe shortage of capable people to do "simple" security monitoring...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
by DEFCONConference
movies
eye 9
favorite 0
comment 0
Proliferation AMBASSADOR JOSEPH R. DETRANI PRESIDENT, INTELLIGENCE AND NATIONAL SECURITY ALLIANCE (INSA) Ambassador Joseph DeTrani was named President of the Intelligence and National Security Alliance (INSA) on February 5, 2013. As President, he will lead INSA as its Chief Executive Officer on a day-to-day basis. Ambassador DeTrani has dedicated his professional career to public service with more than three decades of work for the U.S. government. Most recently, he served as the Senior Advisor...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies
eye 24
favorite 0
comment 0
Suicide Risk Assessment and Intervention Tactics AMBER BALDET INVESTMENT BANKING TECHNOLOGY Suicide is the 10th leading cause of death in the United States, yet it persists as one of the few remaining taboo topics in modern society. Many characteristics linked to elevated suicide risk are prevalent in the technical community, and the effects of suicide within any community extend far beyond those directly involved. Prevention and intervention, however, are not a mystery. This workshop presents...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 10
favorite 0
comment 0
(Transcription coming soon, sorry for the delay ) EDS: Exploitation Detection System AMR THABET MALWARE RESEARCHER, Q-CERT In the last several years, exploits have become the strongest weapons in cyber warfare. Exploit developers and vulnerability researchers have now become the nuclear scientists of the digital world. OS Companies and third party companies have created several security mitigation tools to make it harder to use these vulnerabilities and have made exploit creation harder. In...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 16
favorite 0
comment 0
Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions ANDY DAVIS RESEARCH DIRECTOR, NCC GROUP Embedded systems are everywhere, from TVs to aircraft, printers to weapon control systems. As a security researcher when you are faced with one of these 'black boxes' to test, sometime in-situ, it is difficult to know where to start. However, if there is a USB port on the device there is useful information that can be gained. This talk is about using techniques to analyze...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 20
favorite 0
comment 0
Stepping P3wns: Adventures in full spectrum embedded exploitation (and defense!) ANG CUI PH.D. CANDIDATE, COLUMBIA UNIVERSITY MICHAEL COSTELLO RESEARCH STAFF, COLUMBIA UNIVERSITY Our presentation focuses on two live demonstrations of exploitation and defense of a wide array of ubiquitous networked embedded devices like printers, phones and routers. The first demonstration will feature a proof-of-concept embedded worm capable of stealthy, autonomous polyspecies propagation. This PoC worm will...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 25
favorite 0
comment 0
All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio BALINT SEEBER SPENCH.NET Ever wondered what traffic is flowing through the many satellites in orbit above you? Have you wanted to intercept RADAR signals from air traffic control and visualise your local airspace in real-time on a 3D map? While youíre at it, check how many faults have been reported by the next plane youíll be travelling on (e.g. do the toilets work?). How about tracking down the source of a...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 11
favorite 0
comment 0
Business logic flaws in mobile operators services BOGDAN ALECU INDEPENDENT SECURITY RESEARCHER GSM has been attacked in many different ways in the past years. But regardless of the protocol issues, there are also flaws in the logic of the mobile operators' services. One may think that finding an issue which affects only one specific operator in some country couldn't affect other operators. However, this is not the case as most of the operators are using the same equipment and have the same...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies
eye 18
favorite 0
comment 0
Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine BRANDON WILEY RESEARCHER, STEP THREE: PROFIT! The greatest danger to free speech on the Internet today is filtering of traffic using protocol fingerprinting. Protocols such as SSL, Tor, BitTorrent, and VPNs are being summarily blocked, regardless of their legal and ethical uses. Fortunately, it is possible to bypass this filtering by reencoding traffic into a form which cannot be correctly fingerprinted by the filtering...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies
eye 8
favorite 0
comment 0
Stalking a City for Fun and Frivolity BRENDAN O'CONNOR Tired of the government being the only entity around that can keep tabs on a whole city at once? Frustrated by dictators du jour knowing more about you than you know about them? Fed up with agents provocateur slipping into your protests, rallies, or golf outings? Suffer no more, because CreepyDOL is here to help! With open-source software, off-the-shelf sensors, several layers of encryption, and a deployment methodology of "pull pin,...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies
eye 10
favorite 0
comment 0
Java Every-Days: Exploiting Software Running on 3 Billion Devices BRIAN GORENC ZERO DAY INITIATIVE, HP SECURITY RESEARCH JASIEL SPELMAN SECURITY RESEARCHER Over the last three years, Oracle Java has become the exploit author's best friend. And why not? Java has a rich attack surface, broad install base, and runs on multiple platforms allowing attackers to maximize their return-on-investment. The increased focus on uncovering weaknesses in the Java Runtime Environment (JRE) shifted research...
Topics: Youtube, video, Science & Technology, 2013, Security, Las Vegas, dc21, Conference, DEF CON...
DEFCON 21
movies
eye 17
favorite 0
comment 0
Adventures in Automotive Networks and Control Units CHARLIE MILLER SECURITY ENGINEER, TWITTER CHRIS VALASEK DIRECTOR OF SECURITY INTELLIGENCE AT IOACTIVE, INC. Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a...
Topics: Youtube, video, Science & Technology, 2013, Security, Las Vegas, dc21, Conference, DEF CON...
DEFCON 21
movies
eye 18
favorite 0
comment 0
IFear the Evil FOCA: IPv6 attacks in Internet connections CHEMA ALONSO SECURITY RESEARCHER, INFORMATICA64 Windows boxes are running IPv6 by default so LANs are too. Internet is not yet ready for IPv6 worldwide, but... you can connect internal IPv6 networks to external IPv4 web sites with few packets. In this session you will see how using the new Evil FOCA tool, created to perform IPv6 networks attacks, it is possible to hack Internet IPv4 connections creating a man in the middle in IPv6...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 13
favorite 0
comment 0
Defense by numbers: Making problems for script kiddies and scanner monkeys CHRIS JOHN RILEY On the surface most common browsers look the same, function the same, and deliver web content to the user in a relatively uniformed fashion. Under the shiny surface however, the way specific user agents handle traffic varies in a number of interesting and unique ways. This variation allows for defenders to play games with attackers and scripted attacks in a way that most normal users will never even see....
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 11
favorite 0
comment 0
Predicting Susceptibility to Social Bots on Twitter CHRIS SUMNER RANDALL WALD Are some Twitter users more naturally predisposed to interacting with social bots and can social bot creators exploit this knowledge to increase the odds of getting a response? Social bots are growing more intelligent, moving beyond simple reposts of boilerplate ad content to attempt to engage with users and then exploit this trust to promote a product or agenda. While much research has focused on how to identify such...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 9
favorite 0
comment 0
Privacy In DSRC Connected Vehicles CHRISTIE DUDLEY PRIVACY LEGAL RESEARCHER To date, remote vehicle communications such as OnStar have provided little in the way of privacy. The planned DSRC system will become the first large-scale nationwide direct public participation network outside of the internet. Much information and misinformation has been spread on what the upcoming DSRC system is and can do, especially in the information security community. The recent field trial in the US of a...
Topics: Youtube, video, Science & Technology, DEFCON21, 2013, DEF CON 21, Security, dc21, Conference,...
DEFCON 21
movies
eye 21
favorite 0
comment 0
Backdoors, Government Hacking and The Next Crypto Wars CHRISTOPHER SOGHOIAN PRINCIPAL TECHNOLOGIST, PRIVACY & TECHNOLOGY PROJECT, ACLU The FBI claims it is going dark. Encryption technologies have finally been deployed by software companies, and critically, enabled by default, such that emails are flowing over HTTPS, and disk encryption is now frequently used. Friendly telcos, who were once a one-stop-shop for surveillance can no longer meet the needs of our government. What can the FBI and...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 25
favorite 0
comment 0
Android WebLogin: Google's Skeleton Key CRAIG YOUNG VERT SECURITY RESEARCHER, TRIPWIRE Millions of businesses worldwide trust in Google Apps to run their organization's domain. The life-blood of these organizations is routinely stored with Google accounts and accessed with mobile devices. This talk explores how an adversary can parlay the compromise of a single Android device into a complete Google apps domain takeover. The attack vectors explored in this talk make use of various design...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 13
favorite 0
comment 0
Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust DAN GRIFFIN PRESIDENT, JW SECURE, INC. The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks. And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 10
favorite 0
comment 0
Utilizing Popular Websites for Malicious Purposes Using RDI DANIEL CHECHIK SECURITY RESEARCHER, TRUSTWAVE SPIDERLABS ANAT (FOX) DAVIDI SECURITY RESEARCHER, TRUSTWAVE SPIDERLABS Reflected DOM Injection is a new attack vector that will be unveiled for the first time in our talk! We will explain the technique and show a live demo where we use it to hide malicious code within popular and trusted websites. Daniel Chechik is a veteran security researcher at Trustwave's SpiderLabs. Among other things,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 21
favorite 0
comment 0
The Dirty South -- Getting Justified with Technology DAVID KENNEDY FOUNDER & PRINCIPAL SECURITY CONSULTANT, TRUSTEDSEC NICK HITCHCOCK SENIOR SECURITY CONSULTANT, TRUSTEDSEC It seems that every day there's a new NextGen firewall, whitelisting and blacklisting, DLP, or the latest technology thats suppose to stop us. But does it really stop "hackers"? Truth is, naw not really. In this talk we'll be showing off the latest bypass techniques for the "latest" hacker stoppers,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 16
favorite 0
comment 0
BYO-Disaster and Why Corporate Wireless Security Still Sucks JAMES SNODGRASS (PUNK1NPO0P) HILLBILLY HACKER JOSH HOOVER (WISHBONE) HILLBILLY HACKER Right when you thought this topic had been beaten to death, something new emerges. This horse isn't dead yet! This talk will focus on a completely new vulnerability in the way some devices handle MsChapV2 and present some newer methods for capturing clear text credentials easily and without heavy processing power. We will walk you through a full...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 11
favorite 0
comment 0
I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell DOUG DEPERRY SENIOR SECURITY CONSULTANT, ISEC PARTNERS TOM RITTER SENIOR SECURITY CONSULTANT, ISEC PARTNERS I have a box on my desk that your CDMA cell phone will automatically connect to while you send and receive phone calls, text messages, emails, and browse the Internet. I own this box. I watch all the traffic that crosses it and you don't even know you're connected to me. Welcome to...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 16
favorite 0
comment 0
We are Legion: Pentesting with an Army of Low-power Low-cost Devices DR. PHILIP POLSTRA HACKER IN RESIDENCE, UNIVERSITY OF DUBUQUE This talk will show attendees how they can do penetration testing with a network of small, battery-powered, penetration testing systems. The small devices discussed will be running a version of The Deck, a full-featured penetration testing and forensics Linux distro. The Deck runs on the BeagleBoard and BeagleBone family of devices (including the next-gen BeagleBone...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 12
favorite 0
comment 0
Torturing Open Government Systems for Fun, Profit and Time Travel TOM KEENAN PROFESSOR, UNIVERSITY OF CALGARY "I'm from the government and I'm here to help you" takes on a sinister new meaning as jurisdictions around the world stumble over each other to 'set the people's data free'. NYC boasts in subway ads that 'our apps are whiz kid certified' (i.e. third party) which of course translates to 'we didn't pay for them, and don't blame us if somebody got it wrong and the bus don't...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 14
favorite 0
comment 0
his presentation will self-destruct in 45 minutes: A forensic deep dive into self-destructing message apps DREA LONDON DIGITAL FORENSIC EXAMINER, STROZ FRIEDBERG KYLE O'MEARA DIGITAL FORENSIC EXAMINER, STROZ FRIEDBERG Prior to 2013, the phrase 'Self Destructing Message' was most commonly associated with Inspector Gadget, Maxwell Smart, and the occasional Tom Cruise movie. With the advent of smartphone apps like Snapchat, Wickr, and Facebook Poke, the self-destructing message has left the world...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 9
favorite 0
comment 0
The Politics of Privacy and Technology: Fighting an Uphill Battle ERIC FULTON CEO, SUBSECTOR SOLUTIONS DANIEL ZOLNIKOV STATE REPRESENTATIVE, MONTANA In the past few decades the world has been dramatically transformed by technology. People have significantly evolved in how they interact with each other and the world; a side effect of this evolution is the drastic change in personal privacy. Private citizens, corporations, and governments all have different ideas on what privacy means and what...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 10
favorite 0
comment 0
Getting The Goods With smbexec ERIC MILAM PRINCIPAL CONSULTANT, ACCUVANT LABS Individuals often upload and execute a payload to a remote system during penetration tests for foot printing, gathering information, and to compromise additional hosts. When trying to remain stealthy, uploading a shell to a target may not be wise. smbexec takes advantage of native Windows functionality and SMB authentication to execute commands on remote Windows systems without having to upload a payload, decreasing...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 34
favorite 0
comment 0
Forensic Fails - Shift + Delete won't help you here ERIC ROBI FORENSIC EXAMINER, ELLUMA DISCOVERY MICHAEL PERKLIN CYBER INVESTIGATOR Forensic fails illustrates the rather comedic attempts at "anti-forensics" by inept computer users trying to hide their tracks. We will recount real-life stories about folks whose level of hacker-mojo might aspire to 1337 status but fall a little short. This talk covers why and how these fails happened and illustrate the forensic artifacts and the...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 27
favorite 0
comment 0
VoIP Wars: Return of the SIP FATIH OZAVCI INFORMATION SECURITY RESEARCHER AND CONSULTANT, VIPROY SECURITY NGN (Next Generation Network) is modern TDM/PSTN system for communication infrastructure. SIP (Session Initiation Protocol) Servers are center of NGN services, they provide signaling services. SIP based communication is insecure, because of protocol implementation. Based on this fact, NGN is not actually Next Generation. It can be hacked with old stuff, but a few new attack types will be...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 8
favorite 0
comment 0
10,000 Yen into the Sea FLIPPER The use of a pressure housing in an underwater vehicle can be difficult to implement without becoming a cost-center. Flipper will walk the audience through a new design for an Autonomous Underwater Glider which challenges assumptions about what is required or necessary to deploy sensors, transmitters, and payloads across long distances in the ocean. The speaker assumes no priory knowledge of subject matter & hopes the audience can help him to find new...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 37
favorite 0
comment 0
RFID Hacking: Live Free or RFID Hard FRANCIS BROWN MANAGING PARTNER - BISHOP FOX Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance on how RFID proximity badge systems work. We'll cover what you'll need to build out your own RFID physical penetration toolkit, and how to easily use an Arduino microcontroller to weaponize commercial RFID badge readers — turning them into custom, long-range RFID...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 17
favorite 0
comment 0
Exploiting Music Streaming with JavaScript FRANZ PAYER PROGRAMMER, TACTICAL NETWORK SOLUTIONS As the music industry transitioned from physical to digital distribution, they have forgotten the one thing they hold most dear to them: Their DRM. Many browser-based music streaming services use no DRM to secure their music. By doing this, they leave their library of high quality songs free for the picking. This presentation details the use of JavaScript to circumvent the security of several...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 19
favorite 0
comment 0
Let's screw with nmap GREGORY PICKETT PENETRATION TESTER, HELLFIRE SECURITY Differences in packet headers allow tools like nmap to fingerprint operating systems. My new approach to packet normalization removes these header differences. Starting TTL, TCP Options used, and TCP Option order, after normalization, are the same from one packet to the next no matter which operating system sends it. If we normalized the packets transiting our network, could we keep nmap, and tools like it from remotely...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 18
favorite 0
comment 0
Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks HUNTER SCOTT M2M, IoT, whatever buzzword you want to use, telecoms are predicting and preparing for a huge increase in embedded, connected devices within the next 10 years and predict spectrum utilization will increase even faster in the next 5 years. One of the ways this growth will be addressed is with cognitive radio networks. This talk will discuss the new kinds of security issues that are faced by these networks,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 11
favorite 0
comment 0
C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood JACOB THOMPSON Common wisdom dictates that web applications serving sensitive data must use an encrypted connection (i.e., HTTPS) to protect data in transit. Once served, that same sensitive data must be protected at rest, either through encryption, or more appropriately by not storing the sensitive data on disk at all. In the past, web browser disk caching policies maintained a distinction between HTTP and HTTPS requests, typically...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 23
favorite 0
comment 0
Examining the Bitsquatting Attack Surface JAESON SCHULTZ THREAT RESEARCH ENGINEER, CISCO SYSTEMS Bit errors in computer memory, when they occur in a stored domain name, can cause Internet traffic to be directed to the wrong Internet location potentially compromising security. When a domain name one bit different from a target domain is registered, this is called "bitsquatting". This presentation builds on previous work in this area presented by Artem Dinaburg at Blackhat 2011. Cisco's...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 12
favorite 0
comment 0
gitDigger: Creating useful wordlists from public GitHub repositories JAIME FILSON (WIK) ROB FULLER (MUBIX) This presentation intends to cover the thought process and logistics behind building a better wordlist using github public repositories as its source. With an estimated 2,000,000 github projects to date, how would one store that amount of data? Would you even want or need to? After downloading approximately 500,000 repositories, storing 6TB on multiple usb drives; this will be a story of...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 15
favorite 0
comment 0
Building an Android IDS on Network Level JAIME SANCHEZ A3SEC Being popular is not always a good thing and hereís why. As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Nowadays, several behavior-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices. We'll show how we built a new detection...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 12
favorite 0
comment 0
How to Disclose or Sell an Exploit Without Getting in Trouble JAMES DENARO PARTNER, CIPHERLAW You have identified a vulnerability and may have developed an exploit. What should you do with it? You might consider going to the vendor, blogging about it, or selling it. There are risks in each of these options. This 20-minute session will cover the legal risks to security researchers involved in publishing or selling information that details the operation of hacks, exploits, vulnerabilities and...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 18
favorite 0
comment 0
How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles JASON STAGGS GRAD STUDENT AND RESEARCH ASSISTANT, UNIVERSITY OF TULSA This presentation introduces the underlying protocols on automobile communication system networks of passenger vehicles and evaluates their security. Although reliable for communication, vehicle protocols lack inherit security measures. This work focuses strongly on controller area networks (CANs) and the lack of...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 8
favorite 0
comment 0
PowerPwning: Post-Exploiting By Overpowering PowerShell JOE BIALEK SECURITY ENGINEER, MICROSOFT PowerShell is a scripting language included with all modern Windows operating systems, which, among other features, provides access to the Win32 API and the capability to run scripts on remote servers without writing to disk. PowerShell scripts bypass application white listing, application-signing requirements, and generally bypass anti-virus as well. While all of these characteristics are very...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 14
favorite 0
comment 0
JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces JOE GRAND AKA KINGPIN On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a primary vector used by hackers to extract program code or data, modify memory contents, or affect device operation on-the-fly. Depending on the complexity of the target device, manually locating available OCD connections can be a difficult and time consuming task, sometimes requiring physical destruction or modification of...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 23
favorite 0
comment 0
Fast Forensics Using Simple Statistics and Cool Tools JOHN ORTIZ COMPUTER ENGINEER, CRUCIAL SECURITY/HARRIS Ever been attacked by malicious code leaving unknown files all over your computer? Trying to figure out if a file is encrypted or just compressed? Is the file really something else? Is there hidden data? Are you short on time! This talk leads you through file identification and analysis using some custom FREE tools that apply statistics and visualization to answer these questions and...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 10
favorite 0
comment 0
Blucat: Netcat For Bluetooth JOSEPH PAUL COHEN TCP/IP has tools such as nmap and netcat to explore devices and create socket connections. Bluetooth has sockets but doesn't have the same tools. Blucat fills this need for the Bluetooth realm. Blucat can be thought of as a: debugging tool for bluetooth applications device exploration tool a component in building other applications Blucat is designed to run on many different platforms (including Raspberry Pi) by abstracting core logic from native...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 18
favorite 0
comment 0
BoutiqueKit: Playing WarGames with expensive rootkits and malware JOSH 'M0NK' THOMAS APPLIED RESEARCH SCIENTIST - ACCUVANT "Theoretical" targeted rootkits need to play by different rules than the common malware that ends up filling our inboxes with spam and attempting to steal our CC numbers... The costs involved of getting popped are huge in comparison, the value is in the secrecy of being truly hidden and embedded for the long term. I've spent the past year considering what the next...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 13
favorite 0
comment 0
BYOD PEAP Show JOSH YAVOR ISEC PARTNERS The onslaught of Bring Your Own Device(s) in recent years places a new focus on the security of wireless networks. In "The BYOD PEAP Show", Josh Yavor explores fundamental flaws in one of the most common and widely supported 802.1x authentication protocols used by countless corporate WPA2-Enterprise networks today. A series of events in the recent past created a situation in which PEAP can no longer be used safely. In this talk, we will re-trace...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 32
favorite 0
comment 0
Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO) JUSTIN ENGLER SENIOR SECURITY ENGINEER, ISEC PARTNERS PAUL VINES Password and PIN systems are often encountered on mobile devices. A software approach to cracking these systems is often the simplest, but in some cases there may be no better option than to start pushing buttons. This talk will cover automated PIN cracking techniques using two new tools and discuss the practicality of these attacks against various...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 16
favorite 0
comment 0
So You Think Your Domain Controller is Secure? JUSTIN HENDRICKS SECURITY ENGINEER, MICROSOFT Domain Controllers are the crown jewels of an organization. Once they fall, everything in the domain falls . Organizations go to great lengths to secure their domain controllers, however they often fail to properly secure the software used to manage these servers. This presentation will cover unconventional methods for gaining domain admin by abusing commonly used management software that organizations...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 17
favorite 0
comment 0
The Secret Life of SIM Cards KARL KOSCHER GRAD STUDENT, UNIVERSITY OF WASHINGTON ERIC BUTLER SIM cards can do more than just authenticate your phone with your carrier. Small apps can be installed and run directly on the SIM separate from and without knowledge of the phone OS. Although SIM Applications are common in many parts of the world, they are mostly unknown in the U.S. and the closed nature of the ecosystem makes it difficult for hobbyists to find information and experiment. This talk,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 21
favorite 0
comment 0
How to use CSP to stop XSS KENNETH LEE PRODUCT SECURITY ENGINEER, ETSY INC. Crosssite scripting attacks have always been a mainstay of the OWASP Top 10 list. The problem with detecting XSS is that you can't go looking at web log traffic to determine if a request contains an actual cross site scripting attack attempt, much less one that will actually succeed against your defenses. Our work has helped reveal some nuances with implementing content security policy to help detect and prevent XSS...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 13
favorite 0
comment 0
DEF CON 21 - LosT - Welcome and Making of the Badges LosT welcomes everyone to the conference and discusses the making of the DEF CON Badges. Source: https://www.youtube.com/watch?v=yS_KiWKLS2c Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 17
favorite 0
comment 0
From Nukes to Cyber -- Alternative Approaches for Proactive Defense and Mission Assurance LT. GEN. ROBERT ELDER USAF (RETIRED) In typical military operations, the advantage goes to the offense because the initiator controls the timing and is able to concentrate forces. A good defense is designed to undermine the advantage of the offense. Proactive defense approaches include: masking (obfuscation), maneuvering, and hardening of critical capabilities. The other alternative, which is often...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 20
favorite 0
comment 0
Insecurity - A Failure of Imagination MARC WEBER TOBIAS INVESTIGATIVE ATTORNEY AND SECURITY SPECIALIST, SECURITY.ORG TOBIAS BLUZMANIS SECURITY SPECIALIST, SECURITY.ORG Homeowners, apartment complexes, and businesses throughout the United States and Canada have purchased locks from one of the leading manufacturers in the country in the belief that they were secure. Advertising represents they are the highest grade of residential security available as a result of security ratings from different...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 13
favorite 0
comment 0
A Thorny Piece Of Malware (And Me): The Nastiness of SEH, VFTables & Multi-Threading MARION MARSCHALEK ANALYST, IKARUS SECURITY SOFTWARE GMBH Reverse Engineering is the supreme discipline in analyzing malware, how else would you find out all capabilities of a malicious sample? But this task gets trickier nearly every day, as malware authors apply new techniques to evade analysis. Even worse, documentation of said techniques is barely existent, which makes our job even harder. This talk will...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 17
favorite 0
comment 0
The Growing Irrelevance of US Government Cybersecurity Intelligence Information MARK WEATHERFORD PRINCIPAL, THE CHERTOFF GROUP The rapidly changing threat landscape has finally provided relevant business justification for commercial companies to invest in developing cybersecurity intelligence that used to be the domain of the government -- and they are doing it at a pace that is making the value of government "Classified" cybersecurity information increasingly irrelevant. The organic...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 17
favorite 0
comment 0
Noise Floor: Exploring the world of unintentional radio emissions by Melissa Elliott Application security researcher, Veracode If it's electronic, it makes noise. Not necessarily noise that you and I can hear, of course -- unless you know how to tune in. The air around us is filled with bloops, bleeps, and bzzts of machines going about their business, betraying their existence through walls or even from across the street. The unintentional noise lurking among intentional signals can even reveal...
Topics: Youtube, video, Science & Technology, Security, Information Security (Software Genre), DC21,...
DEFCON 21
movies
eye 29
favorite 0
comment 0
ACL Steganography - Permissions to Hide Your Porn MICHAEL PERKLIN SECURITY RESEARCHER Everyone's heard the claim: Security through obscurity is no security at all. Challenging this claim is the entire field of steganography itself - the art of hiding things in plain sight. Most people know you can hide a text file inside a photograph, or embed a photograph inside an MP3. But how does this work under the hood? What's new in the stego field? This talk will explore how various techniques employed...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 19
favorite 0
comment 0
How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers MICHAEL SCHRENK This is the true story of a botnet that created a competitive advantage for a car dealership. This dealership found a website that offered returned lease vehicles—great cars for their inventory—but bad web design and heavy competition from other automotive dealerships made the website useless. In response, a botnet was developed to make automotive purchases with machine precision. With the...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 13
favorite 0
comment 0
Abusing NoSQL Databases Ming Chow Lecturer, Tufts University Department of Computer Science The days of selecting from a few SQL database options for an application are over. There is now a plethora of NoSQL database options to choose from: some are better than others for certain jobs. There are good reasons why developers are choosing them over traditional SQL databases including performance, scalabiltiy, and ease-of-use. Unfortunately like for many hot techologies, security is largely an...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 22
favorite 0
comment 0
Unexpected Stories From a Hacker Who Made it Inside the Government by Peiter Mudge Zatko Having had the opportunity to see things from within the hacker community and from a senior position in the DoD, Mudge has some enlightening stories to share, and is picking some of his favorites. He'll discuss Julian's story to him about US government involvement in the origins of Wikileaks, how the DoD accidentally caused Anonymous to target government systems, some of the ways in which the defense...
Topics: Youtube, video, Science & Technology, Security, Mudge, Hacker (Character Power), DC21,...
DEFCON 21
by DEFCONConference
movies
eye 10
favorite 0
comment 0
EMET 4.0 PKI Mitigation NEIL SIKKA SOFTWARE SECURITY ENGINEER, MICROSOFT Microsoft EMET is a free Mitigation tool. In addition to its memory corruption exploit mitigations, a newly introduced feature is the PKI mitigation. This mitigation implements x509 certificate pinning to prevent usage of forged certificates in HTTPS sessions in the web browser. This talk is technical as it demos EMET in action and explains how the PKI mitigation works. Neil Sikka (@neilsikka) is a computer security...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 24
favorite 0
comment 0
The Cavalry Isn't Coming: Starting the Revolution to Fsck it All! NICHOLAS J. PERCOCO SENIOR VICE PRESIDENT AND HEAD OF SPIDERLABS, TRUSTWAVE JOSHUA CORMAN DIRECTOR OF SECURITY INTELLIGENCE, AKAMAI TECHNOLOGIES We have some good news and some bad news. The good news is that security is now top of mind for the people of planet Earth. The bad news is that their security illiteracy has lead to very dangerous precedents and this is likely just the beginning. The reactionary stances taken by the...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 17
favorite 0
comment 0
Please Insert Inject More Coins NICOLAS OBERLI SECURITY ENGINEER, SCRT The ccTalk protocol is widely used in the vending machine sector as well as casino gaming industry, but is actually not that much known, and very little information exists about it except the official documentation. This protocol is used to transfer money-related information between various devices and the machine mainboard like the value of the inserted bill or how many coins need to be given as change to the customer. This...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 11
favorite 0
comment 0
PowerPreter: Post Exploitation Like a Boss NIKHIL MITTAL SECURITY RESEARCHER Powerpreter is "The" post exploitation tool. It is written completely in powershell which is present on all modern Windows systems. Powerpreter has multiple capabilties which any post exploitation shell worth its salt must have, minus the detection by anti virus or other countermeasure tools. Powerpreter has, to name a few, functions like stealing infromation, logging keys, dumping system secrets, in-memory...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 22
favorite 0
comment 0
The Dark Arts of OSINT NOAH SCHIFFMAN SKYDOG The proliferation and availability of public information has increased with the evolution of its dissemination. With the constant creation of digital document archives and the migration towards a paperless society, vast databases of information are continuously being generated. Collectively, these publicly available databases contain enough specific information to pose certain vulnerabilities. The actionable intelligence ascertained from these data...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 23
favorite 0
comment 0
Ask the EFF: The Year in Digital Civil Liberties KURT OPSAHL ELECTRONIC FRONTIER FOUNDATION MARCIA HOFFMANN FELLOW, EFF DAN AUERBACH STAFF TECHNOLOGIST, EFF EVA GALPERIN GLOBAL POLICY ANALYST, EFF MARC JAYCOX POLICY ANALYST AND LEGISLATIVE ASSISTANT, EFF MITCH STOLTZ STAFF ATTORNEY, EFF Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 10
favorite 0
comment 0
DEF CON Comedy Jam Part VI, Return of the Fail DAVID MORTMAN CHIEF SECURITY ARCHITECT, ENSTRATIUS RICH MOGULL ANALYST & CEO, SECUROSIS CHRIS HOFF RATIONAL SECURITY DAVE MAYNOR ERRATA LARRY PESCE PAULDOTCOM.COM ENERNEX JAMES ARLEN LIQUIDMATRIX / LEVIATHAN SECURITY ROB GRAHAM ERRATA ALEX ROTHMAN SHOSTACK, ESQ. You know you can't stay away! The most talked about panel at DEF CON! More FAIL than you can shake a stick at. Come hear some of the loudest mouths in the industry talk about the epic...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 32
favorite 0
comment 0
Do-It-Yourself Cellular IDS SHERRI DAVIDOFF LMG SECURITY SCOTT FRETHEIM LMG SECURITY DAVID HARRISON LMG SECURITY RANDI PRICE LMG SECURITY For less than $500, you can build your own cellular intrusion detection system to detect malicious activity through your own local femtocell. Our team will show how we leveraged root access on a femtocell, reverse engineered the activation process, and turned it into a proof-of-concept cellular network intrusion monitoring system. We leveraged commercial Home...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 14
favorite 0
comment 0
Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot AMIR ETEMADIEH RESEARCH SCIENTIST AT ACCUVANT LABS CJ HERES IT CONSULTANT MIKE BAKER CO-FOUNDER OPENWRT HANS NIELSEN SENIOR SECURITY CONSULTANT AT MATASANO Google TV is intended to bring the Android operating system out of the mobile environment and into consumers' living rooms. Unfortunately, content providers began to block streaming access to popular content from the Google TV platform which hindered its reach. Furthermore,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 49
favorite 0
comment 0
Hardware Hacking with Microcontrollers: A Panel Discussion JOE GRAND MARK 'SMITTY' SMITH LOST RENDERMAN FIRMWAREZ Microcontrollers and embedded systems come in many shapes, sizes and flavors. From tiny 6-pin devices with only a few bytes of RAM (ala the DEF CON 14 Badge) to 32- bit, eight core multiprocessor systems (ala DEF CON 20 Badge), each has their own strengths and weaknesses. Engineers and designers tend to have their favorites, but how do they decide what part to work with? Join DEFCON...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 11
favorite 0
comment 0
Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices DANIEL "UNICORNFURNACE" CROWLEY MANAGING CONSULTANT, SPIDERLABS, TRUSTWAVE JENNIFER "SAVAGEJEN" SAVAGE SOFTWARE ENGINEER DAVID "VIDEOMAN" BRYAN A growing trend in electronics is to have them integrate with your home network in order to provide potentially useful features like automatic updates or to extend the usefulness of existing technologies such as door locks you can open and close from anywhere...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 24
favorite 0
comment 0
Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock DAVID LAWRENCE STUDENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY ERIC VAN ALBERT STUDENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY ROBERT JOHNSON STUDENT, MASSACHUSETTS INSTITUTE OF TECHNOLOGY The Schlage Primus is one of the most common high-security locks in the United States. We reverse-engineered the operation of this lock, constructed a parameterized 3d model of a working key, and constructed a software tool to...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 10
favorite 0
comment 0
Meet the VCs PING LI PARTNER, ACCEL PARTNERS MATT OCKO PARTNER, DATA COLLECTIVE DEEPAK JEEVANKUMAR PARTNER, GENERAL CATALYST JOHN M. JACK BOARD PARTNER, ANDREESSEN HOROWITZ EILEEN BURBIDGE PARTNER, PASSION CAPITAL Venture capital investments have reached the highest level since the dot-com days. Almost seven billion dollars was invested last quarter alone. While clean-tech deals hit a new low, security deals increased the most. Security is the new black. How should we spend the next billion?...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 9
favorite 0
comment 0
DEF CON is proud to announce the 3rd annual DEF CON awards ceremony, renamed the DC Recognize Awards. These awards are given to deserving individuals in the community, industry, and media. Your hosts again this year will be Jericho, Jeff Moss, and Russ Rogers. Source: https://www.youtube.com/watch?v=pIGejjv8Gt8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 14
favorite 0
comment 0
The ACLU Presents: NSA Surveillance and More ALEX ABDO STAFF ATTORNEY, ACLU NATIONAL SECURITY PROJECT CATHERINE CRUMP STAFF ATTORNEY, ACLU SPEECH PRIVACY & TECHNOLOGY PROJECT CHRISTOPHER SOGHOIAN PRINCIPAL TECHNOLOGIST, ACLU SPEECH PRIVACY & TECHNOLOGY PROJECT KADE CROCKFORD ACLU OF MASSACHUSETTS TECHNOLOGY FOR LIBERTY PROJECT NICOLE OZER TECHNOLOGY AND CIVIL LIBERTIES POLICY DIRECTOR, ACLU OF CALIFORNIA From the NSA's PRISM and metadata programs to IMSI catchers, location tracking to...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 17
favorite 0
comment 0
Defeating SEAndroid PAU OLIVA FORA SR. MOBILE SECURITY ENGINEER, VIAFORENSICS Security Enhancements for Android (SEAndroid) enables the use of SELinux in Android in order to limit the damage that can be done by malicious apps, trying to make exploitation harder. Some OEMs are trying hard to implement extra mitigations in their devices, especially those aiming to reach the enterprise market. We will present some issues that are found in devices currently implementing SEAndroid, and demonstrate...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 30
favorite 0
comment 0
Doing Bad Things to 'Good' Security Appliances PHORKUS (MARK CAREY) CHIEF SCIENTIST, PEAK SECURITY EVILROB (ROB BATHURST) THAT GUY The problem with security appliances is verifying that they are as good as the marketing has lead you to believe. You need to spend lots of money to buy a unit, or figure out how to obtain it another way; we chose eBay. We now have a hardened, encrypted, AES 256 tape storage unit and a mission, break it every way possible! We're going to dive into the finer points...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 16
favorite 0
comment 0
Pwn'ing You(r) Cyber Offenders PIOTR DUSZYNSKI SENIOR SECURITY CONSULTANT, TRUSTWAVE SPIDERLABS It is commonly believed that Offensive Defense is just a theory that is difficult to be used effectively in practice, but that is not entirely true... During my talk along with a new service emulation technique, that will render standard port scanner results nearly useless and leave your attackers with an arduous analysis, I will focus on practical (automated) exploitation of a hackers' offensive...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 20
favorite 0
comment 0
The Road Less Surreptitiously Traveled PUKINGMONKEY Anonymously driving your own vehicle is becoming unattainable with the proliferation of automatic license plate readers (ALPRs) now coming into wide-spread use. Combined with always-on electronic toll tags, smart phone traffic apps and even plain cell phones are adding to this problem. There is little public disclosure of this tracking and little legislation limiting the length of time data is retained, even if it is not involved in any...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 27
favorite 0
comment 0
Combatting Mac OSX/iOS Malware with Data Visualization REMY BAUMGARTEN SECURITY ENGINEER, ANRC-SERVICES Apple has successfully pushed both its mobile and desktop platforms into our homes, schools and work environments. With such a dominant push of its products into our everyday lives it comes as no surprise that both of Apple's operating systems, OSX and iOS should fall under attack by malware developers and network intruders. Numerous organizations and Enterprises who have implemented BYOD...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 30
favorite 0
comment 0
The Government and UFOs: A Historical Analysis by Richard Thieme RICHARD THIEME This talk is about the ways the many components of governments interact and respond to challenging and anomalous events--highly relevant to hacking by all definitions and at all levels. If you donít know the lay of the land, you can not engage in appropriate research and reconnaissance, counter-measures, and operations. The proliferation of reliable reports of unidentified flying objects from the 1940s forward...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 25
favorite 0
comment 0
Phantom Network Surveillance UAV / Drone RICKY HILL SECURITY CONSULTANT DARPA, 2011, sponsored a contest named UAVForge which challenged teams to build a prototype unmanned aerial vehicle (UAV). Mission: "UAV must be small enough to fit in a soldier's rucksack and able to fly to, perch & stare from useful locations for several hours near targets of interest to provide real-time (visual) persistent surveillance." Long story short: 140 teams participated, no one won. Crashes, remote...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 14
favorite 0
comment 0
Legal Aspects of Full Spectrum Computer Network (Active) Defense ROBERT CLARK ATTORNEY Full spectrum computer network (active) defense mean more than simply "hacking back". We've seen a lot of this issue lately. Orin Kerr and Stewart Baker had a lengthy debate about it online. New companies with some high visibility players claim they are providing "active defense" services to their clients. But all-in-all, what does this really mean? And why is it that when you go to your...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 10
favorite 0
comment 0
DNS May Be Hazardous to Your Health ROBERT STUCKE SECURITY RESEARCHER The largest manufacturer of laptops, one of the largest consulting firms, and a big data behemoth all walk into a bar... His research explores many self-inflicted gaps that continue to plague even the largest companies. These gaps are often seen as trivial and ignored, thus making all of their DNS investments lead to a false sense of security. Too much effort and trust go into vendor solutions when 'common sense' and 'due...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 19
favorite 0
comment 0
Safety of the Tor network: a look at network diversity, relay operators, and malicious relays RUNA A. SANDVIK DEVELOPER, THE TOR PROJECT Rumor has it that the Tor network is a CIA honeypot, that all relays are malicious, and that only bad people use Tor to do bad things online. How much of this is true? How much can we say about the safety of the network? The safety of the Tor network has been a much discussed topic ever since the onion routing network was deployed in September 2002. This talk...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 13
favorite 0
comment 0
The Bluetooth Device Database RYAN HOLEMAN SENIOR SOFTWARE DEVELOPER, ZIFTEN TECHNOLOGIES As of 2013, it is estimated that there are now billions of bluetooth devices deployed worldwide. The goal of the Bluetooth Database Project is to track and freely distribute real time sightings and statistics of these wide spread devices. The data collected from these devices can be used to answer questions pertaining to various topics, such as device geolocation, device proliferation, population analysis,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 21
favorite 0
comment 0
DragonLady: An Investigation of SMS Fraud Operations in Russia RYAN W. SMITH SENIOR RESEARCH AND RESPONSE ENGINEER, LOOKOUT MOBILE SECURITY TIM STRAZZERE LEAD RESEARCH AND RESPONSE ENGINEER, LOOKOUT MOBILE SECURITY One of the top types of Android malware are trojans that claim to provide a useful service, but instead send SMS messages to premium shortcodes, charging the victims and putting money directly into the attackers' hands. We've seen a steady increase in this type of malware over the...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 21
favorite 0
comment 0
Data Evaporation from SSDs SAM BOWNE INSTRUCTOR, CITY COLLEGE SAN FRANCISCO Files on magnetic hard drives remain on the drive even after they are deleted, so they can be recovered later with forensic tools. Sometimes SSDs work the same way, but under other conditions they erase this latent data in a "garbage collection" process. Understanding when and how this happens is important to forensic investigators and people who handle confidential data. I'll explain the purpose of garbage...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 24
favorite 0
comment 0
Evil DoS Attacks and Strong Defenses SAM BOWNE MATTHEW PRINCE On the attack side, this talk will explain and demonstrate attacks which crash Mac OS X, Windows 8, Windows Server 2012, and Web servers; causing a BSOD or complete system freeze. The Mac and Windows systems fall to the new IPv6 Router Advertisement flood in thc-ipv6-2.1, but only after creating a vulnerable state with some "priming" router advertisements. Servers fail from Sockstress--a brutal TCP attack which was invented...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 14
favorite 0
comment 0
MITM All The IPv6 Things SCOTT BEHRENS SENIOR SECURITY CONSULTANT, NEOHAPSIS BRENT BANDELGAR ASSOCIATE SECURITY CONSULTANT, NEOHAPSIS Back in 2011, Alec Waters demonstrated how to overlay a malicious IPv6 network on top of an IPv4-only network, so that an attacker can carry out man-in-the-middle attacks on IPv4 traffic and subvert the assumed end to end security model. This attack is potentially powerful but requires involves a complex series of manual system configuration and setup activities,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 10
favorite 0
comment 0
HiveMind: Distributed File Storage Using JavaScript Botnets SEAN MALONE PRINCIPAL SECURITY CONSULTANT, FUSIONX Some data is too sensitive or volatile to store on systems you own. What if we could store it somewhere else without compromising the security or availability of the data, while leveraging intended functionality to do so? This presentation will cover the methodology and tools required to create a distributed file store built on top of a JavaScript botnet. This type of data storage...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies
eye 19
favorite 0
comment 0
Evolving Exploits Through Genetic Algorithms SOEN HACKER FOR TEAM VANNED This talk will discuss the next logical step from dumb fuzzing to breeding exploits via machine learning & evolution. Using genetic algorithms, this talk will take simple SQL exploits and breed them into precision tactical weapons. Stop looking at SQL error messages and carefully crafting injections, let genetic algorithms take over and create lethal exploits to PWN sites for you! soen (@soen_vanned) is a reverse...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies
eye 11
favorite 0
comment 0
The Dark Tangent and GOONS end the conference with closing ceremonies and awards. Source: https://www.youtube.com/watch?v=w39MZsBCBi8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...