Skip to main content

DEFCON 23

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.


rss RSS

Show sorted alphabetically
Show sorted alphabetically
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 23
by DEFCONConference
movies
eye 44
favorite 0
comment 0
opening ceremonies at DEF CON 23 Source: https://www.youtube.com/watch?v=QrhlY29Pu4c Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 44
favorite 0
comment 0
In many circumstances, we all have to wear different hats when pursuing hobbies, jobs and research. This session will discuss the exploration and use of software defined radio from two perspectives; that of a security researcher and Ham Radio operator. We will cover common uses and abuses of hardware to make them work like transceivers that the Ham crowed is use too, as well as extending the same hardware for other research applications. Additionally we will highlight some of the application of...
Topics: Youtube, video, Science & Technology, DEFCON, DEF CON, DEF CON 23, DC 23, DC-23, DC23, hack,...
DEFCON 23
movies
eye 179
favorite 1
comment 0
This presentation is beyond fiction. Current research in neuroscience and the extension and augmentation of senses is proceeding in directions that might sound to a twentieth century mind like science fiction. Progress is rapid but unevenly distributed: Some is directed by military, intelligence and corporate interests but beyond their concerns, we can discern the future shape of human identity itself in nascent forms. The human body/brain is being hacked to explore radical applications for...
Topics: Youtube, video, Science & Technology, Richard Thieme (Author), Biohacking, Neuroscience (Field...
DEFCON 23
movies
eye 14
favorite 0
comment 0
For 22 years, the best binary ninjas in the world have gathered at DEF CON to play the world’s most competitive Capture-the-Flag. At DEF CON 24, DARPA will challenge machines to play this game for the first time, with the winner taking home a $2 million prize. This talk will include a first public look at the machines, teams, technology, and visualization behind Cyber Grand Challenge. The technology: machines that discover bugs and build patches? We’re bringing our qualifier results to show...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
movies
eye 34
favorite 0
comment 0
Numerous botnets employ domain generation algorithms (DGA) to dynamically generate a large number of random domain names from which a small subset is selected for their command and control. A vast majority of DGA algorithms create random sequences of characters. In this work we present a novel language-based technique for detecting strings that are generate by chaining random characters. To evaluate randomness of a given string (domain name in this context) we lookup substrings of the string in...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, DC 23, computer...
DEFCON 23
by DEFCONConference
movies
eye 75
favorite 0
comment 0
This year at DEF CON a former FAIL PANEL panelist attempts to keep the spirit alive by playing moderator. Less poetry, more roasting. A new cast of characters, more lulz, and no rules. Nothing is sacred, not the industry, not the audience, not even each other. Our cast of characters will bring you all sorts of technical fail, ROFLCOPTER to back it up. No waffles, but we have other tricks up our sleeve to punish, er, um, show love to our audience, all while raising money of the EFF and HFC. The...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON23, DEF CON...
DEFCON 23
by DEFCONConference
movies
eye 103
favorite 1
comment 0
Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I'll go over the different stages of a web application pen test, from start to finish. We'll start with the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to fuzzing parameters to find potential SQL injection...
Topics: Youtube, video, Science & Technology, Web Application (Industry), DEF CON (Conference Series),...
DEFCON 23
movies
eye 111
favorite 0
comment 0
The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies
eye 39
favorite 0
comment 0
Materials Available here: /redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Mickey-Shkatov-Jesse-Michael-Scared-poopless-LTE-and-your-laptop-UPDATED.pdf&redir_token=bUXEn8hFCjy3hNMxSxVZeWrXNcB8MTUwNzMyMTQxNUAxNTA3MjM1MDE1&event=video_description&v=q4pRYZjzL_E Scared Poopless – LTE and *your* laptop Mickey Shkatov Security researcher, Intel Advanced Threat Research. Jesse Michael Security researcher With today’s...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 41
favorite 0
comment 0
We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented....
Topics: Youtube, video, Science & Technology, Medicine (Field Of Study), Medical Devices, DEF CON...
DEFCON 23
movies
eye 96
favorite 0
comment 0
Many hackers today are using process memory infections to maintain stealth residence inside of a compromised system. The current state of forensics tools in Linux, lack the sophistication used by the infection methods found in real world hacks. ECFS (Extended core file snapshot) technology, https://github.com/elfmaster/ecfs is an innovative extension to regular ELF core files, designed to be used as forensics-friendly snapshots of process memory. A brief showcasing of the ECFS technology was...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 15
favorite 0
comment 0
Insteon is a leading home automation solution for controlling lights, locks, alarms, and much more. More than forty percent of homes with automation installed use Insteon. For the last fifteen years, Insteon has published detailed documentation of their protocols—documentation that is purposely misleading, filled with errors, and at times deliberately obfuscated. As my research over the last year has revealed, this sad state of affairs is the direct result of Insteon papering over the fact...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 35
favorite 0
comment 0
The term “Bad USB” has gotten some much needed press in last few months. There have been talks that have identified the risks that are caused by the inherent trust between the OS and any device attached by USB. I found in my research that most of the available payloads for the USB rubber ducky would be stopped by common enterprise security solutions. I then set out to create a new exploit that would force the victim to trust my Man-In-The-Middle access point. After my payload is deployed,...
Topics: Youtube, video, Science & Technology, USB (Invention), DEF CON (Conference Series), Encryption...
DEFCON 23
by DEFCONConference
movies
eye 89
favorite 1
comment 0
When the latest and greatest vulnerability is announced, the media and PR frenzy can be dizzying. However, when the dust settles, how do we actually measure the risk represented by a given vulnerability. When pen testers find holes in an organization, is it really “ZOMG, you’re SO 0WNED!” or is it something more manageable and controlled? When you’re attempting to convince the boss of the necessity of the latest security technology, how do really rank the importance of the technology...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC 23, DEFCON, DC-23, hack, hacker,...
DEFCON 23
movies
eye 34
favorite 0
comment 0
Materials Available here: /redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Chris-Sistrunk-NSM-101-for-ICS.pdf&event=video_description&redir_token=K8vPOhWePGLx5rcK9yEU9cPWnaZ8MTUwNzMxNjgwNUAxNTA3MjMwNDA1&v=H6AWRziR028 NSM 101 for ICS Chris Sistrunk Sr. ICS Security Consultant, FireEye Is your ICS breached? Are you sure? How do you know? The current state of security in Industrial Control Systems is a widely publicized...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 48
favorite 0
comment 0
We've heard about hypothetical quantum computers breaking most of the public-key crypto in use—RSA, elliptic curves, etc.—and we've heard about "post-quantum" systems that resist quantum computers. We also heard about quantum computers' potential to solve other problems considerably faster than classical computers, such as discrete optimization, machine learning, or code verification problems. And we heard about a commercial quantum computer, and we heard vendors of quantum key...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
by DEFCONConference
movies
eye 46
favorite 0
comment 0
ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through the screen. Any user that has screen and keyboard access to a shell (CLI, GUI or browser) in an enterprise IT environment has the ability to transfer arbitrary data, code and executables in and out of that environment without raising alarms, today. This includes staff, partners and suppliers, both on and off-shore. And implementation of best practice Data Center (Jump hosts), Perimeter / Remote Access...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 20
favorite 0
comment 0
Automating packer and compiler/toolchain detection can be tricky and best and downright frustrating at worst. The majority of existing solutions are old, closed source or aren’t cross platform. Originally, a method of packer identification that leveraged some text analysis algorithms was presented. The goal is to create a method to identify compilers and packers based on the structural changes they leave behind in PE files. This iteration builds upon previous work of using assembly mnemonics...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
movies
eye 62
favorite 0
comment 0
While the NSA ANT team has been busy building the next generation spy toy catalog for the next leak, the NSA Playset team has been busy catching up with more open hardware implementations. GODSURGE is a bit of software that helps to persist malware into a system. It runs on the FLUXBABBIT hardware implant that connects to the depopulated JTAG header of certain models of Dell servers. This talk will introduce SAVIORBURST, our own implementation of a jtag-based malware delivery firmware that will...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 100
favorite 0
comment 0
It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong positioning results. There are many companies provide commercial GPS emulators, which can be used for the GPS spoofing, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce GPS signal through SDR tools, e.g. USRP / bladeRF. This makes the attack cost very low....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies
eye 52
favorite 0
comment 0
Materials Available Here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/DEFCON-23-Aaron-Grattafiori-Linux-Containers-Future-or-Fantasy-UPDATED.pdf Linux Containers: Future or Fantasy? Aaron Grattafiori Principal Security Consultant, iSEC Partners/NCC Group Containers, a pinnacle of fast and secure deployment or a panacea of false security? In recent years Linux containers have developed from an insecure and loose collection of Linux kernel namespaces to a production-ready OS...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 52
favorite 0
comment 0
Security has gone from a curiosity to a phenomenon in the last decade. Fortunately for us, despite the rise of memory-safe, interpreted, lame languages, the security of binaries is as relevant as ever. On top of that, (computer security) Capture the Flag competitions have skyrocketed in popularity, with new and exciting binaries on offer for hacking every weekend. This all sounds great, and it is. Unfortunately, the more time goes by, the older we get, and the more our skills fade. Whereas we...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the...
Topics: Youtube, video, Science & Technology, Vulnerability Assessment (Competitive Space), DEF CON...
DEFCON 23
movies
eye 96
favorite 0
comment 0
With insecure low frequency RFID access control badges still in use at businesses around the world and high frequency NFC technology being incorporated into far more consumer products, RFID hacking tools are invaluable for penetration testers and security researchers alike. Software defined radio has revolutionized this field with powerful devices like Proxmark3 and RFIDler available for a modest price. 3D printing has also presented new opportunities for makers to create custom antennas and...
Topics: Youtube, video, Science & Technology, Radio Frequency Identification (Industry), DEF CON, DEF...
DEFCON 23
movies
eye 74
favorite 0
comment 0
This talk will present a device that can be used as a dropbox, remote hacking drone, hacking command console, USB writeblocker, USB Mass Storage device impersonator, or scripted USB HID device. The device is based on the BeagleBone Black, can be battery operated for several days, and is easily constructed for under $100. The dropbox, remote hacking drone, and hacking command console functionality were presented at DEF CON 21. This talk will emphasize the new USB-based attack functionality....
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), dropbox, drone,...
DEFCON 23
movies
eye 23
favorite 0
comment 0
In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader. Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples. We’ll detail out how to chain several unique issues to obtain execution in a privileged context. Finally, we’ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption....
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Adobe Systems (Award...
DEFCON 23
by DEFCONConference
movies
eye 105
favorite 0
comment 0
This talk will show attendees how to use a small ARM-based computer that is connected inline to a wired network for penetration testing. The computer is running a full-featured penetration testing Linux distro. Data may be exfiltrated using the network or via a ZigBee mesh network or GSM modem. The device discussed in this talk is easily integrated into a powerful penetration test that is performed with an army of ARM-based small computer systems connected by XBee or ZigBee mesh networking....
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, Phil Polstra,...
DEFCON 23
by DEFCONConference
movies
eye 25
favorite 0
comment 0
The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac's are in fact vulnerable...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC-23,...
DEFCON 23
movies
eye 33
favorite 0
comment 0
There are a lot of presentations and suggestions that indicate HSMs, TrustZone, AMT, TrEE, SecureBoot, Attestation, TPMs, IOMMU, DRTM, etc. are silver bullets. What does it all mean, should we be afraid, excited, hopeful? Hardware-based security features are not the end of the world, nor its savior, but they can be fun and useful. Although these technologies are vulnerability research targets, their trust concepts can be used to build secure software and devices. This primer covers practical...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies
eye 27
favorite 0
comment 0
For several years I developed and utilized various technologies and methods to track criminals leading to at least two dozen convictions. In the process of recovering stolen devices, larger crimes would be uncovered including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by stolen devices themselves, such as network information, photos captured from laptops and cell phones, but often times there was additional data that would...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 33
favorite 0
comment 0
You are predictable. Your passwords are predictable, and so are your PINs. This fact is being used by the hackers, as well as the agencies watching you. But what about your Android lock patterns? Can who you are reveal what patterns you create? This presentation will present the result from an analysis of 3400 user-selected patterns. The interesting part is that we collected additional information about the respondents, not just the patterns themselves. Will being left-handed and having...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 5
favorite 0
comment 0
Exploring the phone system was once the new and exciting realm of “phone phreaks,” an ancestor of today’s computer “hackers.” The first phreaks “owned” and explored the vague mysteries of the telephone network for a time until their activities drew too much attention from the phone companies and law enforcement. The phone system evolved, somewhat, in an attempt to shut them out, and phreaking became both difficult and legally dangerous. Such events paralleled a new personal...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 11
favorite 0
comment 0
Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 67
favorite 0
comment 0
Everybody plays games, and a whole lot of people plays computer games. Despite this fact, very few of us, security researchers consider them as interesting targets. Granted, you won't likely be able to directly hack into a big corporate network via game exploits, but you could for example target the people running the company via their favorite games. Or their children's favorite games. Another scenario: you should consider that a hacked game could allow Not So Admirable people access to your...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), video games, Video Game...
DEFCON 23
movies
eye 10
favorite 0
comment 0
Let's Encrypt is a new certificate authority that is being launched by EFF in collaboration with Mozilla, Cisco, Akamai, IdenTrust, and a team at the University of Michigan. It will issue certificates for free, using a new automated protocol called ACME for verification of domain control and issuance. This talk will describe the features of the CA and available clients at launch; explore the security challenges inherent in building such a system; and its effect on the security of the CA...
Topics: Youtube, video, Science & Technology, Let's Encrypt, Encryption (Literature Subject), DEF CON,...
DEFCON 23
movies
eye 7
favorite 0
comment 0
Description Source: https://www.youtube.com/watch?v=z8VkZCCWqgg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, How-to (Website Category), home detention, DEF CON...
DEFCON 23
movies
eye 13
favorite 0
comment 0
In a world full of targeted attacks and complex exploits this talk explores an attack that can simplified so even the most non-technical person can understand, yet the potential impact is massive: Ever wonder what would happen if one of the millions of bits in memory flipped value from a 0 to a 1 or vice versa? This talk will explore abusing that specific memory error, called a bit flip, via DNS. The talk will cover the various hurdles involved in exploiting these errors, as well as the costs...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DC 23, hack, hacking,...
DEFCON 23
movies
eye 60
favorite 0
comment 0
Remember that web application you wrote when you where first learning PHP? Ever wonder how vulnerable that code base is? Through the perspective of an attacker you will see how SQL injection can lead to data loss and system compromise. This presentation will take you through the techniques and tools used to take control of a PHP web application starting from an injection point moving to PHP web shells, and ending with a Linux wildcard attack. Speaker Bio: Nemus works as a software engineer in...
Topics: Youtube, video, Science & Technology, Nemus, SQL, SQL Injection, RCE, Remote Code Execution,...
DEFCON 23
movies
eye 23
favorite 0
comment 0
In the past year, I found myself immersed in the multi-billion dollar digital advertising industry. This gave me the opportunity to investigate the unique security challenges and issues facing the industry. It was a shock to me at first how complex the advertising ecosystem was particularly in the advent of programmatic advertising. But I dove in head first and learned a lot which I would like to share with my fellow security professionals. During this time, I got involved with unscrupulous...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 25
favorite 0
comment 0
Fuzzing is a well-established technique for finding bugs, hopefully exploitable ones, by brute forcing inputs to explore code paths in an application. In recent years, fuzzing has become a near mandatory part of any major application's security team efforts. Our work focused on fuzzing web browsers, a particularly difficult challenge given the size and quality of some of their security teams, the existing high-quality fuzzers available for this, and, of late, bug bounty programs. Despite this,...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
by DEFCONConference
movies
eye 60
favorite 0
comment 0
Join us for a fun-filled tour of source control management and services to talk about how to backdoor software. We will focus on one of the most popular, trendy SCM tools and related services out there – Git. Nothing is sacred. Along the way, we will expose the risks and liabilities one is exposed to by faulty usage and deployments. When we are finished, you will be able to use the same tools and techniques to protect or backdoor popular open source projects or your hobby project. Speaker...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON 23, DEF CON 23, DEFCON, DC23, DC-23, DC...
DEFCON 23
movies
eye 23
favorite 0
comment 0
The Harness toolset aims to give penetration testers and red teams the ability to pull a remote powershell interface with all the same features of the native Powershell CLI and more. Several tools and utilities have been released to solve the powershell weaponization problem, but no freely available tool give operators the full capabilities of powershell through a remote interface. We’ll start the talk with a quick survey of the previous methods of weaponizing powershell, and then move into...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 44
favorite 0
comment 0
Responsible Incident: Covert Keys Against Subverted Technology Latencies, Especially Yubikey LosT We're no strangers to love You know the rules and so do I A full commitment's what I'm thinking of You wouldn't get this from any other guy I just wanna tell you how I'm feeling Gotta make you understand Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you LosT also runs the annual...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON Video Series, DEF...
DEFCON 23
movies
eye 11
favorite 0
comment 0
Secure" messaging programs and protocols continue to proliferate, and crypto experts can debate their minutiae, but there is very little information available to help the rest of the world differentiate between the different programs and their features. This talk will discuss the types of attacks various secure messaging features can defend against so those who are tech-savvy but not crypto-experts can make informed decisions on which crypto applications to use. This talk is intended for...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Secure Messaging, Justin...
DEFCON 23
movies
eye 8
favorite 0
comment 0
There have been over 20 cryptoparties in New York City, in which people are introduced to open source cryptography software. This doesn't always go smoothly. Usability experts have only recently being included in the design process for encryption tools, but by and large what we have to work with were designed by cryptography experts in the 90s. I'll be going over some pain points between real-world users and their real-life encounters with open source cryptography tools. David Huerta ships...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Alice And Bob, Cryptography...
DEFCON 23
movies
eye 47
favorite 0
comment 0
Ever wonder why there isn't a metasploit-style framework for Android apps? We did! Whether you're a developer trying to protect your insecure app from winding up on devices, an Android n00b or a pentester trying to pwn all the things, QARK is just what you've been looking for! This tool combines SCA, teaching and automated exploitation into one, simple to use application! Speaker Bio: Tony Trummer (@SecBro1) - has been working in the IT industry for nearly 20 years and has been focused on...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, hacking,...
DEFCON 23
movies
eye 48
favorite 0
comment 0
Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion Marina Krotofil Senior Security Consultant. European Network for Cyber Security Jason Larsen Principal Security Consultant, IOActive The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this...
Topics: Youtube, video, Science & Technology, DEF CON 23, DEF CON, DC23, DEFCON, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 62
favorite 0
comment 0
White paper Available Here: http://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Ronny Bull & Jeanna Matthews - UPDATED/DEFCON-23-Ronny-Bull-Jeanna-Matthews-Exploring-Layer-2-Network-Security-In-Virtualized-Enviroments-WP.pdf Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant environment. These virtual machines are typically connected to the physical network via a virtualized network configuration. This could be as simple as a...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
movies
eye 97
favorite 0
comment 0
Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We'll also be releasing a slew of new and free RFID...
Topics: Youtube, video, Science & Technology, Radio Frequency Identification (Industry), NFC, UHF,...
DEFCON 23
movies
eye 11
favorite 0
comment 0
Extra Materials available here: http://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Nadeem Douba/Extras/BurpKit.jar Today's web apps are developed using a mashup of client- and server-side technologies. Everything from sophisticated Javascript libraries to third-party web services are thrown into the mix. Over the years, we've been asked to test these web apps with security tools that haven't evolved at the same pace. A common short-coming in most of these tools is their inability to...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 57
favorite 0
comment 0
Since RTLSDR became a consumer grade RX device, numerous talks and open source tools enabled the community to monitor airplanes, ships, and cars... but come on, what we really want to track are cell phones. If you know how to run cmake and have $50 to pick up an RTLSDR-E4000, I'll make sure you walk out of here with the power to monitor LTE devices around you on a slick Kibana4 dashboard. You'll also get a primer on geolocating the devices if you've got a second E4000 and some basic soldering...
Topics: Youtube, video, Science & Technology, RTLSDR, LTE, Recon, Tracking, RX, DEF CON (Conference...
DEFCON 23
movies
eye 29
favorite 0
comment 0
Materials Available Here: ; /redirect?redir_token=WERQ52A1H7A4vP3-aqPh_3Mk1hx8MTUwNzMxNTE1MEAxNTA3MjI4NzUw&v=6wiBl3lohu4&q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Amit-Ashbel-Maty-Siman-Game-of-Hacks-Play-Hack-and-Track-UPDATED.pdf&event=video_description Game of Hacks: Play, Hack & Track Amit Ashbel Product Evangelist Checkmarx Maty Siman CTO and Founder Checkmarx Fooling around with some ideas we found ourselves...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
by DEFCONConference
movies
eye 35
favorite 0
comment 0
Materials Available here:/redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Atlas-Fun-With-Symboliks.pdf&v=9HL6MljOX0o&event=video_description&redir_token=zp9forkij3SZgqefAwFPCw9-otl8MTUwNzMxNTcxNkAxNTA3MjI5MzE2 Fun with Symboliks atlas dude at Grimm Asking the hard questions... and getting answer! Oh binary, where art thine vulns? Symbolic analysis has been a "thing" for 20 years, and yet it's still left...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 28
favorite 0
comment 0
Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
As the leading federal agency responsible for protecting your privacy rights online, technology is at the core of the Federal Trade Commission's work. You may be familiar with the agency's enforcement actions against some of the world's biggest tech companies for privacy/data security violations - but you may not know how your research skills can inform its investigations and policy. Come hear about some of the Commission's recent tech-related actions, research and reports, plus how its work...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies
eye 25
favorite 0
comment 0
Materials Available here: /redirect?v=XF_5t547Qfg&event=video_description&redir_token=AyQOHvc5eUBGuavUOuLvsBQY2pp8MTUwNzMxNTA1M0AxNTA3MjI4NjUz&q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-David-An-When-the-Secretary-of-State-says-Stop-Hacking-us.pdf When the Secretary of State says: “Please Stop Hacking Us…” David An Former U.S. State Department Senior American officials routinely hold dialogues with foreign officials...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Wireless traffic analysis has been commonplace for quite a while now, frequently used in penetration testing and various areas of research. But what happens when channel hopping just doesn't cut it anymore -- can we monitor all 802.11 channels? In this presentation we describe the analysis, different approaches and the development of a system to monitor and inject frames using routers running OpenWRT as wireless workers. At the end of this presentation we will release the tool we used to solve...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC-23,...
DEFCON 23
movies
eye 38
favorite 0
comment 0
Global Honeypot Trends Elliot Brink Many of my computer systems are constantly compromised, attacked, hacked, 24/7. How do I know this? I've been allowing it. This presentation will cover over one year of research running several vulnerable systems (or honeypots) in multiple countries including the USA, mainland China, Russia and others. We'll be taking a look at: a brief introduction to honeypots, common attacker trends (both sophisticated and script kiddie), brief malware analysis and the...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 13
favorite 0
comment 0
At the end of 2013, an international export control regime known as the Wassenaar Arrangement was updated to include controls on technology related to “Intrusion Software" and “IP Network Surveillance Systems." Earlier this year, the US Government announced a draft interpretation of these new controls, which has kicked off a firestorm of controversy within the information security community. Questions abound regarding what the exact scope of the proposed rules is, and what impact...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC 23, DC-23, DC23, hack,...
DEFCON 23
movies
eye 19
favorite 0
comment 0
In the last year there's been an explosion of electric skateboards onto the market- seemingly volleyed into popularity by the Boosted Boards kickstarter. Following on from the success of their original Boosted Board exploit, the team went on to get their hands on the other popular boards on the market, and predictably broke all of them. Richo and Mike will investigate the security of several popular skateboards, including Boosted's flagship model and demonstrate several vulnerabilities that...
Topics: Youtube, video, Science & Technology, Skateboarding, Skateboard (Sports Equipment), DEF CON,...
DEFCON 23
movies
eye 32
favorite 0
comment 0
Docker is all the rage these days. Everyone is talking about it and investing in it, from startups to enterprises and everything in between. But is it secure? What are the costs and benefits of using it? Is this just a huge risk or a huge opportunity? There's a while lot of ranting and raving going on, but not nearly enough rational discourse. I'll cover the risks and rewards of using Docker and similar technologies such as AppC as well as discuss the larger implications of using orchestration...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 128
favorite 0
comment 0
Gary Numan said it best. Cars. They’re everywhere. You can hardly drive down a busy freeway without seeing one. But what about their security? In this talk I’ll reveal new research and real attacks in the area of wirelessly controlled gates, garages, and cars. Many cars are now controlled from mobile devices over GSM, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio,...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Samy Kamkar, Automotive...
DEFCON 23
movies
eye 71
favorite 1
comment 0
Over the past few years state-sponsored hacking has received attention that would make a rockstar jealous. Discussion of malware has shifted in focus from ‘cyber crime’ to ‘cyber weapons’, there have been intense public debates on attribution of various high profile attacks, and heated policy discussion surrounding regulation of offensive tools. We’ve also seen the sale of ‘lawful intercept’ malware become a global trade. While a substantial focus has revolved around the...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC 23, DEFCON, DC-23, hack,...
DEFCON 23
by DEFCONConference
movies
eye 73
favorite 0
comment 0
Bruce Schneier Talks Security. Come hear about what's new, what's hot, and what's hype in security. NSA surveillance, airports, voting machines, ID cards, cryptography -- he'll talk about what's in the news and what matters. Always a lively and interesting talk. Speaker Bio: Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 12 booksincluding the New York Times best-seller Data and Goliath: The Hidden Values to...
Topics: Youtube, video, Science & Technology, Bruce Schneier (Academic), DEF CON, DEF CON 23, DEFCON,...
DEFCON 23
movies
eye 56
favorite 0
comment 0
EFF's Apollo 1201 project is a 10-year mission to abolish all DRM, everywhere in the world, within a decade. We're working with security researchers to challenge the viability of the dread DMCA, a law that threatens you with jail time and fines when you do your job: discover and disclosing defects in systems that we rely on for life and limb. Speaker Bio: Cory Doctorow (craphound.com) is a science fiction author, activist, journalist and blogger — the co-editor of Boing Boing (boingboing.net)...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 13
favorite 0
comment 0
If you thought the security practices of regular software was bad, just wait until you start learning about the security of embedded hardware systems. Recent open-source hardware tools have made this field accessible to a wider range of researchers, and this presentation will show you how to perform these attacks for equipment costing $200. Attacks against a variety of real systems will be presented: AES-256 bootloaders, internet of things devices, hardware crypto tokens, and more. All of the...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 55
favorite 0
comment 0
The Tesla Model S is the most connected car in the world. It might surprise you to hear that it is also one of the most secure. In this talk we will walk you through the architecture of a Tesla Model S noting things that Tesla got right as well as identifying those that they got wrong. From this talk you will get an intimate understanding of how the many interconnected systems in a Tesla model S work and most importantly how they can be hacked. You will also get a good understanding of the data...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Tesla Model S (Automobile...
DEFCON 23
by DEFCONConference
movies
eye 57
favorite 0
comment 0
Hacking is hard. It takes passion, dedication, and an unwavering attention to detail. Hacking requires a breadth of knowledge spread across many domains. We need to have experience with different platforms, operating systems, software packages, tools, programming languages, and technology trends. Being overly deficient in any one of these areas can add hours to our hack, or even worse, bring us total failure. And while all of these things are important for a well-rounded hacker, one of the key...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC 23,...
DEFCON 23
movies
eye 44
favorite 0
comment 0
Memory corruption vulnerabilities have plagued computer systems since we started programming software. Techniques for transforming memory corruption primitives into arbitrary code execution exploits have evolved significantly over the past two decades, from "smashing the stack for fun and profit" to the current apex of "just in time code reuse" while playing a cat and mouse game with similarly evolving defensive mitigations: from PaX/NX-bit to fine-grained ASLR and beyond....
Topics: Youtube, video, Science & Technology, DEF CON 23, DEF CON, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 24
favorite 0
comment 0
With the advent of the Internet of Things,more and more objects are connected via various communication protocols like Bluetooth,Z-wave,WiFi , ZigBee etc. Among those protocols ZigBee accounts for the largest market share,it has been adapted to various applications like WSN(Wireless Sensor Network),Smart Home . Over the last few years, large amount of research has been conducted on the security of ZigBee. In this presentation we will introduce a new technique to beat the security...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Hacker (Character Power),...
DEFCON 23
movies
eye 15
favorite 0
comment 0
Recent hacks to IaaS platforms reveled that we need to master the attack vectors used: Automation and API attack vector, insecure instances and management dashboard with wide capabilities. Those attack vectors are not unique to Cloud Computing but there are magnified due to the cloud characteristics. The fact is that IaaS instance lifecycle is accelerating, nowadays we can find servers that are installed, launched, process data and terminate - all within a range of minutes. This new accelerated...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 13
favorite 0
comment 0
Do you know how many Bluetooth-enabled devices are currently present in the world? With the beginning of the IoT (Internet of Things) and Smart Bluetooth (Low energy) we find in our hands almost a zillion of them. Are they secure? What if I tell you I can unlock your Smartphone? What if I tell you I'm able to open the new shiny SmartLock you are using to secure your house's door? In this talk we will explain briefly how the Bluetooth (BDR/EDR/LE) protocols work, focusing on security aspects. We...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 14
favorite 0
comment 0
The HDMI (High Definition Multimedia Interface) standard has gained extensive market penetration. Nearly every piece of modern home theater equipment has HDMI support and most modern mobile devices actually have HDMI-capable outputs, though it may not be obvious. Lurking inside most modern HDMI-compatible devices is something called HDMI-CEC, or Consumer Electronics Control. This is the functionality that allows a media device to, for example, turn on your TV and change the TV’s input. That...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, Hack, Hacker, Hacking,...
DEFCON 23
movies
eye 8
favorite 0
comment 0
Are you interested in the gory details in fixing ugly bugs? No? Just like watching stuff blow up? Go to some other talk! But if you want to see what it takes to comprehensively end an entire bug class -- how you dive into a code base, what performance and usability and maintainability and debuggability constraints it takes to make a web browser more secure -- oh do I have some dirt for you. Dan Kaminsky is Chief Scientist of White Ops. Source: https://www.youtube.com/watch?v=9wx2TnaRSGs...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Dan Kaminsky (Person),...
DEFCON 23
movies
eye 11
favorite 0
comment 0
Additional Materials available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Peter Desfigies, Joshua Brierton & Naveed Ul Islam/DEFCON-23-Desfigies-Brierton-Islam-Guests-N-Goblins-Referenc.txt Wi-Fi is a pervasive part of everyone’s everyday life. Whether it be home networks, open hotspots at cafés, corporate networks or corporate guest networks they can be found virtually everywhere. Fortunately, for the security minded, some steps are taken to secure these weak...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...