Skip to main content

More right-solid
SHOW DETAILS
eye
Title
Date Archived
Creator
DEFCON 23
movies
eye 4
favorite 0
comment 0
There have been over 20 cryptoparties in New York City, in which people are introduced to open source cryptography software. This doesn't always go smoothly. Usability experts have only recently being included in the design process for encryption tools, but by and large what we have to work with were designed by cryptography experts in the 90s. I'll be going over some pain points between real-world users and their real-life encounters with open source cryptography tools. David Huerta ships...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Alice And Bob, Cryptography...
DEFCON 23
movies
eye 24
favorite 0
comment 0
Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to operating system events in real time. FireEye has recently seen a surge in attacker use of WMI to carry out objectives such as system reconnaissance, remote code execution, persistence, lateral movement, covert data storage, and VM detection. Defenders and forensic analysts have largely remained unaware...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 15
favorite 0
comment 0
This speech will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers and attackers to carry out advanced post exploitation attacks. This presentation gives an overview of how to use these tools in a real attack sequence and gives a view into the .NET hacker space. Topher...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, security...
DEFCON 23
movies
eye 8
favorite 0
comment 0
The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the press coverage. In this talk, we propose “HamSammich”, creating a point-to-point link in order to access WiFi from many miles away, as a means to avoid detection. We show how off-the-shelf devices can be configured to do this for less than $200. After demonstrating the working system, we’ll talk about radio signals. This includes both the FCC regulatory issues which may have caused the...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Radio (Invention), Amateur...
DEFCON 23
movies
eye 3
favorite 0
comment 0
Let's Encrypt is a new certificate authority that is being launched by EFF in collaboration with Mozilla, Cisco, Akamai, IdenTrust, and a team at the University of Michigan. It will issue certificates for free, using a new automated protocol called ACME for verification of domain control and issuance. This talk will describe the features of the CA and available clients at launch; explore the security challenges inherent in building such a system; and its effect on the security of the CA...
Topics: Youtube, video, Science & Technology, Let's Encrypt, Encryption (Literature Subject), DEF CON,...
DEFCON 23
movies
eye 4
favorite 0
comment 0
Additional Materials available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Peter Desfigies, Joshua Brierton & Naveed Ul Islam/DEFCON-23-Desfigies-Brierton-Islam-Guests-N-Goblins-Referenc.txt Wi-Fi is a pervasive part of everyone’s everyday life. Whether it be home networks, open hotspots at cafés, corporate networks or corporate guest networks they can be found virtually everywhere. Fortunately, for the security minded, some steps are taken to secure these weak...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 27
favorite 0
comment 0
This talk will show attendees how to use a small ARM-based computer that is connected inline to a wired network for penetration testing. The computer is running a full-featured penetration testing Linux distro. Data may be exfiltrated using the network or via a ZigBee mesh network or GSM modem. The device discussed in this talk is easily integrated into a powerful penetration test that is performed with an army of ARM-based small computer systems connected by XBee or ZigBee mesh networking....
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, Phil Polstra,...
DEFCON 23
movies
eye 21
favorite 0
comment 0
This talk will present a device that can be used as a dropbox, remote hacking drone, hacking command console, USB writeblocker, USB Mass Storage device impersonator, or scripted USB HID device. The device is based on the BeagleBone Black, can be battery operated for several days, and is easily constructed for under $100. The dropbox, remote hacking drone, and hacking command console functionality were presented at DEF CON 21. This talk will emphasize the new USB-based attack functionality....
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), dropbox, drone,...
DEFCON 23
by DEFCONConference
movies
eye 8
favorite 0
comment 0
The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac's are in fact vulnerable...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC-23,...
DEFCON 23
by DEFCONConference
movies
eye 15
favorite 0
comment 0
Everybody plays games, and a whole lot of people plays computer games. Despite this fact, very few of us, security researchers consider them as interesting targets. Granted, you won't likely be able to directly hack into a big corporate network via game exploits, but you could for example target the people running the company via their favorite games. Or their children's favorite games. Another scenario: you should consider that a hacked game could allow Not So Admirable people access to your...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), video games, Video Game...
DEFCON 23
movies
eye 7
favorite 0
comment 0
Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 31
favorite 0
comment 0
Remember that web application you wrote when you where first learning PHP? Ever wonder how vulnerable that code base is? Through the perspective of an attacker you will see how SQL injection can lead to data loss and system compromise. This presentation will take you through the techniques and tools used to take control of a PHP web application starting from an injection point moving to PHP web shells, and ending with a Linux wildcard attack. Speaker Bio: Nemus works as a software engineer in...
Topics: Youtube, video, Science & Technology, Nemus, SQL, SQL Injection, RCE, Remote Code Execution,...
DEFCON 23
movies
eye 10
favorite 0
comment 0
For several years I developed and utilized various technologies and methods to track criminals leading to at least two dozen convictions. In the process of recovering stolen devices, larger crimes would be uncovered including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by stolen devices themselves, such as network information, photos captured from laptops and cell phones, but often times there was additional data that would...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 13
favorite 0
comment 0
Security research is under attack. Updates to the Wassenaar Arrangement in 2013 established among its 41 member nations an agreement to place a variety of previously undesignated “cybersecurity items” under export control. After 18 months and a half-dozen open advisory meetings, the U.S. has taken the entire security research community by surprise with its proposed rule; we are confronted by a sweeping implementation with profound consequences for academia, independent research, commercial...
Topics: Youtube, video, Science & Technology, Computer Security (Software Genre), DEF CON (Conference...
DEFCON 23
movies
eye 11
favorite 0
comment 0
Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology project to protect privacy...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Electronic Frontier...
DEFCON 23
movies
eye 3
favorite 0
comment 0
Are you interested in the gory details in fixing ugly bugs? No? Just like watching stuff blow up? Go to some other talk! But if you want to see what it takes to comprehensively end an entire bug class -- how you dive into a code base, what performance and usability and maintainability and debuggability constraints it takes to make a web browser more secure -- oh do I have some dirt for you. Dan Kaminsky is Chief Scientist of White Ops. Source: https://www.youtube.com/watch?v=9wx2TnaRSGs...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Dan Kaminsky (Person),...
DEFCON 23
movies
eye 9
favorite 0
comment 0
The HDMI (High Definition Multimedia Interface) standard has gained extensive market penetration. Nearly every piece of modern home theater equipment has HDMI support and most modern mobile devices actually have HDMI-capable outputs, though it may not be obvious. Lurking inside most modern HDMI-compatible devices is something called HDMI-CEC, or Consumer Electronics Control. This is the functionality that allows a media device to, for example, turn on your TV and change the TV’s input. That...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, Hack, Hacker, Hacking,...
DEFCON 23
movies
eye 6
favorite 0
comment 0
What time? When? Who is first? Obviously, Time is strongly present in our daily life. We use time in almost everything we do, and computers are not an exception to this rule. Our computers and devices use time in a wide variety of ways such as cache expiration, scheduling tasks or even security technologies. Some of those technologies completely relies on the local clock, and they can be affected by a clock misconfiguration. However, since most operating system providers do not offer secure...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Transport Layer Security...
DEFCON 23
movies
eye 18
favorite 0
comment 0
There are a lot of presentations and suggestions that indicate HSMs, TrustZone, AMT, TrEE, SecureBoot, Attestation, TPMs, IOMMU, DRTM, etc. are silver bullets. What does it all mean, should we be afraid, excited, hopeful? Hardware-based security features are not the end of the world, nor its savior, but they can be fun and useful. Although these technologies are vulnerability research targets, their trust concepts can be used to build secure software and devices. This primer covers practical...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies
eye 25
favorite 0
comment 0
You are predictable. Your passwords are predictable, and so are your PINs. This fact is being used by the hackers, as well as the agencies watching you. But what about your Android lock patterns? Can who you are reveal what patterns you create? This presentation will present the result from an analysis of 3400 user-selected patterns. The interesting part is that we collected additional information about the respondents, not just the patterns themselves. Will being left-handed and having...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 4
favorite 0
comment 0
Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the...
Topics: Youtube, video, Science & Technology, Vulnerability Assessment (Competitive Space), DEF CON...
DEFCON 23
by DEFCONConference
movies
eye 11
favorite 0
comment 0
DEF CON has changed for the better since the days at the Alexis Park. It has evolved from a few speaking tracks to an event that still offers the speakers, but also Villages, where you can get hands-on experience and Demo Labs where you can see tools in action. Of course, there is still the entertainment and Contest Area, as well as, Capture The Flag. There is so much more to DEF CON than there was in the past and it is our goal to help you get the best experience possible. In addition to...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 31
favorite 0
comment 0
Hacking is hard. It takes passion, dedication, and an unwavering attention to detail. Hacking requires a breadth of knowledge spread across many domains. We need to have experience with different platforms, operating systems, software packages, tools, programming languages, and technology trends. Being overly deficient in any one of these areas can add hours to our hack, or even worse, bring us total failure. And while all of these things are important for a well-rounded hacker, one of the key...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC 23,...
DEFCON 23
movies
eye 87
favorite 0
comment 0
Gary Numan said it best. Cars. They’re everywhere. You can hardly drive down a busy freeway without seeing one. But what about their security? In this talk I’ll reveal new research and real attacks in the area of wirelessly controlled gates, garages, and cars. Many cars are now controlled from mobile devices over GSM, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio,...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Samy Kamkar, Automotive...
DEFCON 23
movies
eye 13
favorite 0
comment 0
The Open Network Install Environment, or ONIE, makes commodity or WhiteBox Ethernet possible. By placing a common, Linux-based, install environment onto the firmware of the switch, customers can deploy the Network Operating Systems of their choice onto the switch and do so whenever they like without replacing the hardware. The problem is, if this gets compromised, it also makes it possible for hackers to install malware onto the switch. Malware that can manipulate it and your network, and keep...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC, DC23, DC 23, DC-23,...
DEFCON 23
movies
eye 80
favorite 0
comment 0
The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies
eye 22
favorite 0
comment 0
In many circumstances, we all have to wear different hats when pursuing hobbies, jobs and research. This session will discuss the exploration and use of software defined radio from two perspectives; that of a security researcher and Ham Radio operator. We will cover common uses and abuses of hardware to make them work like transceivers that the Ham crowed is use too, as well as extending the same hardware for other research applications. Additionally we will highlight some of the application of...
Topics: Youtube, video, Science & Technology, DEFCON, DEF CON, DEF CON 23, DC 23, DC-23, DC23, hack,...
DEFCON 23
movies
eye 18
favorite 0
comment 0
The term “Bad USB” has gotten some much needed press in last few months. There have been talks that have identified the risks that are caused by the inherent trust between the OS and any device attached by USB. I found in my research that most of the available payloads for the USB rubber ducky would be stopped by common enterprise security solutions. I then set out to create a new exploit that would force the victim to trust my Man-In-The-Middle access point. After my payload is deployed,...
Topics: Youtube, video, Science & Technology, USB (Invention), DEF CON (Conference Series), Encryption...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Human Machine Interfaces (HMIs) are the subsets of the Supervisory Control and Data Acquisition (SCADA) systems. HMIs are control panels that provide interfaces for humans to interact with machines and to manage operations of various types of SCADA systems. HMIs have direct access to SCADA databases including critical software programs. The majority of SCADA systems have web-based HMIs that allow the humans to control the SCADA operations remotely through Internet. This talk unveils various...
Topics: Youtube, video, Science & Technology, Aditya K. Sood, SCADA, HMI, Vulnerabilties, Vulnerability...
DEFCON 23
by DEFCONConference
movies
eye 43
favorite 0
comment 0
Bruce Schneier Talks Security. Come hear about what's new, what's hot, and what's hype in security. NSA surveillance, airports, voting machines, ID cards, cryptography -- he'll talk about what's in the news and what matters. Always a lively and interesting talk. Speaker Bio: Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 12 booksincluding the New York Times best-seller Data and Goliath: The Hidden Values to...
Topics: Youtube, video, Science & Technology, Bruce Schneier (Academic), DEF CON, DEF CON 23, DEFCON,...
DEFCON 23
movies
eye 7
favorite 0
comment 0
Secure" messaging programs and protocols continue to proliferate, and crypto experts can debate their minutiae, but there is very little information available to help the rest of the world differentiate between the different programs and their features. This talk will discuss the types of attacks various secure messaging features can defend against so those who are tech-savvy but not crypto-experts can make informed decisions on which crypto applications to use. This talk is intended for...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Secure Messaging, Justin...
DEFCON 23
movies
eye 13
favorite 0
comment 0
Organizations continue to unknowingly leak trade secrets on the Internet. To those in the know, these leaks are a valuable source of competitive intelligence. This talk describes how the speaker collects competitive intelligence for his own online retail business. Specifically, you learn how he combines, trends, and analyzes information within specific contexts to manufacture useful data that is real, but technically doesn't exist on it's own. For example, you will learn about the trade secrets...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON23, DEF CON...
DEFCON 23
movies
eye 18
favorite 0
comment 0
We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented....
Topics: Youtube, video, Science & Technology, Medicine (Field Of Study), Medical Devices, DEF CON...
DEFCON 23
by DEFCONConference
movies
eye 34
favorite 0
comment 0
This year at DEF CON a former FAIL PANEL panelist attempts to keep the spirit alive by playing moderator. Less poetry, more roasting. A new cast of characters, more lulz, and no rules. Nothing is sacred, not the industry, not the audience, not even each other. Our cast of characters will bring you all sorts of technical fail, ROFLCOPTER to back it up. No waffles, but we have other tricks up our sleeve to punish, er, um, show love to our audience, all while raising money of the EFF and HFC. The...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON23, DEF CON...
DEFCON 23
movies
eye 32
favorite 0
comment 0
Since RTLSDR became a consumer grade RX device, numerous talks and open source tools enabled the community to monitor airplanes, ships, and cars... but come on, what we really want to track are cell phones. If you know how to run cmake and have $50 to pick up an RTLSDR-E4000, I'll make sure you walk out of here with the power to monitor LTE devices around you on a slick Kibana4 dashboard. You'll also get a primer on geolocating the devices if you've got a second E4000 and some basic soldering...
Topics: Youtube, video, Science & Technology, RTLSDR, LTE, Recon, Tracking, RX, DEF CON (Conference...
DEFCON 23
by DEFCONConference
movies
eye 11
favorite 0
comment 0
This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), switch, networking, panel,...
DEFCON 23
movies
eye 35
favorite 0
comment 0
It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong positioning results. There are many companies provide commercial GPS emulators, which can be used for the GPS spoofing, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce GPS signal through SDR tools, e.g. USRP / bladeRF. This makes the attack cost very low....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies
eye 6
favorite 0
comment 0
Access control systems are everywhere. They are used to protect everything from residential communities to commercial offices. People depend on these to work properly, but what if I had complete control over your access control solution just by using my phone? Or perhaps I input a secret keypad combination that unlocks your front door? You may not be as secure as you think. The world relies on access control systems to ensure that secured areas are only accessible to authorized users. Usually,...
Topics: Youtube, video, Science & Technology, physical security, Access Control, DEF CON (Conference...
DEFCON 23
movies
eye 8
favorite 0
comment 0
In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader. Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples. We’ll detail out how to chain several unique issues to obtain execution in a privileged context. Finally, we’ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption....
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Adobe Systems (Award...
DEFCON 23
movies
eye 16
favorite 0
comment 0
For 22 years, the best binary ninjas in the world have gathered at DEF CON to play the world’s most competitive Capture-the-Flag. At DEF CON 24, DARPA will challenge machines to play this game for the first time, with the winner taking home a $2 million prize. This talk will include a first public look at the machines, teams, technology, and visualization behind Cyber Grand Challenge. The technology: machines that discover bugs and build patches? We’re bringing our qualifier results to show...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Capture The Flag (Game),...
DEFCON 23
movies
eye 66
favorite 0
comment 0
With insecure low frequency RFID access control badges still in use at businesses around the world and high frequency NFC technology being incorporated into far more consumer products, RFID hacking tools are invaluable for penetration testers and security researchers alike. Software defined radio has revolutionized this field with powerful devices like Proxmark3 and RFIDler available for a modest price. 3D printing has also presented new opportunities for makers to create custom antennas and...
Topics: Youtube, video, Science & Technology, Radio Frequency Identification (Industry), DEF CON, DEF...
DEFCON 23
by DEFCONConference
movies
eye 45
favorite 1
comment 0
Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I'll go over the different stages of a web application pen test, from start to finish. We'll start with the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to fuzzing parameters to find potential SQL injection...
Topics: Youtube, video, Science & Technology, Web Application (Industry), DEF CON (Conference Series),...
DEFCON 23
movies
eye 81
favorite 1
comment 0
This presentation is beyond fiction. Current research in neuroscience and the extension and augmentation of senses is proceeding in directions that might sound to a twentieth century mind like science fiction. Progress is rapid but unevenly distributed: Some is directed by military, intelligence and corporate interests but beyond their concerns, we can discern the future shape of human identity itself in nascent forms. The human body/brain is being hacked to explore radical applications for...
Topics: Youtube, video, Science & Technology, Richard Thieme (Author), Biohacking, Neuroscience (Field...