Skip to main content

DEFCON 23

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.

PART OF
Hacker Conferences
More right-solid
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 23
movies
eye 87
favorite 0
comment 0
Gary Numan said it best. Cars. They’re everywhere. You can hardly drive down a busy freeway without seeing one. But what about their security? In this talk I’ll reveal new research and real attacks in the area of wirelessly controlled gates, garages, and cars. Many cars are now controlled from mobile devices over GSM, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio,...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Samy Kamkar, Automotive...
DEFCON 23
movies
eye 81
favorite 1
comment 0
This presentation is beyond fiction. Current research in neuroscience and the extension and augmentation of senses is proceeding in directions that might sound to a twentieth century mind like science fiction. Progress is rapid but unevenly distributed: Some is directed by military, intelligence and corporate interests but beyond their concerns, we can discern the future shape of human identity itself in nascent forms. The human body/brain is being hacked to explore radical applications for...
Topics: Youtube, video, Science & Technology, Richard Thieme (Author), Biohacking, Neuroscience (Field...
DEFCON 23
movies
eye 80
favorite 0
comment 0
The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies
eye 66
favorite 0
comment 0
With insecure low frequency RFID access control badges still in use at businesses around the world and high frequency NFC technology being incorporated into far more consumer products, RFID hacking tools are invaluable for penetration testers and security researchers alike. Software defined radio has revolutionized this field with powerful devices like Proxmark3 and RFIDler available for a modest price. 3D printing has also presented new opportunities for makers to create custom antennas and...
Topics: Youtube, video, Science & Technology, Radio Frequency Identification (Industry), DEF CON, DEF...
DEFCON 23
by DEFCONConference
movies
eye 65
favorite 1
comment 0
When the latest and greatest vulnerability is announced, the media and PR frenzy can be dizzying. However, when the dust settles, how do we actually measure the risk represented by a given vulnerability. When pen testers find holes in an organization, is it really “ZOMG, you’re SO 0WNED!” or is it something more manageable and controlled? When you’re attempting to convince the boss of the necessity of the latest security technology, how do really rank the importance of the technology...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC 23, DEFCON, DC-23, hack, hacker,...
DEFCON 23
movies
eye 60
favorite 0
comment 0
Build a free cellular traffic capture tool with a vxworks based femoto Yuwei Zheng Senior security researcher, Qihoo 360 Technology Co. Ltd. Haoqi Shan Wireless/hardware security researcher, Qihoo 360 Technology Co. Ltd. In recent years, more and more products, are integrated with cellular modem, such as cars of BMW, Tesla, wearable devices, remote meters, i.e. Internet of things. Through this way, manufactories can offer remote service and develop a lot of attractive functions to make their...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, Hacking,...
DEFCON 23
by DEFCONConference
movies
eye 56
favorite 0
comment 0
Have you ever wanted to kill someone? Do you want to get rid of your partner, your boss or your arch nemesis? Perhaps you want to enjoy your life insurance payout whilst you’re still alive. Do you have rich elderly parents that just won’t die quick enough? Or do you want a “Do Over” new identity. Then, this presentation is for you! I’ll provide you with the insight and techniques on how to “kill” someone and obtain a real death certificate and shutdown their lives. It focuses on...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), birth, death certificate,...
DEFCON 23
movies
eye 55
favorite 0
comment 0
Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be captured, dissected, and put on display. Reverse engineers. When they begin snooping through your hard work, it pays to have planned out your defense ahead of time. You can take the traditional defensive route - encryption, obfuscation, anti-debugging - or you can go on the offense, and attack the heart and soul of anyone who dare look at your perfect code. With some carefully crafted...
Topics: Youtube, video, Science & Technology, DEF CON 23, DEFCON, DEF CON, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies
eye 54
favorite 0
comment 0
There’s an escalating arms race between bots and the people who protect sites from them. Bots, or web scrapers, can be used to gather valuable data, probe large collections of sites for vulnerabilities, exploit found weaknesses, and are often unfazed by traditional solutions like robots.txt files, Ajax loading, and even CAPTCHAs. I’ll give an overview of both sides of the battle and explain what what really separates the bots from the humans. I’ll also demonstrate and easy new tool that...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 48
favorite 0
comment 0
2014 was a year of unprecedented participation in crowdsourced and static bug bounty programs, and 2015 looks like a trendmaker. Join Jason as he explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools, and tips make you better at hacking websites and mobile apps to claim those bounties. Convert edge-case vulnerabilities to practical pwnage even on presumably heavily tested sites. These are tips and tricks that the every-tester can take...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 48
favorite 0
comment 0
Imagine a bank that, by design, made everyone's password hashes and balances public. No two-factor authentication, no backsies on transfers. Welcome to "brainwallets", a way for truly paranoid cryptocurrency users to wager their fortunes on their ability to choose a good password or passphrase. Over the last decade, we've seen the same story play out dozens of times - a website is broken into, the user database is posted online, and most of the password hashes are cracked. Computers...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Ryan Castellucci, Bitcoin,...
DEFCON 23
by DEFCONConference
movies
eye 45
favorite 1
comment 0
Assessing the security posture of a web application is a common project for a penetration tester and a good skill for developers to know. In this talk, I'll go over the different stages of a web application pen test, from start to finish. We'll start with the discovery phase to utilize OSINT sources such as search engines, sub-domain brute-forcing and other methods to help you get a good idea of targets "footprint", all the way to fuzzing parameters to find potential SQL injection...
Topics: Youtube, video, Science & Technology, Web Application (Industry), DEF CON (Conference Series),...
DEFCON 23
by DEFCONConference
movies
eye 43
favorite 0
comment 0
Bruce Schneier Talks Security. Come hear about what's new, what's hot, and what's hype in security. NSA surveillance, airports, voting machines, ID cards, cryptography -- he'll talk about what's in the news and what matters. Always a lively and interesting talk. Speaker Bio: Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 12 booksincluding the New York Times best-seller Data and Goliath: The Hidden Values to...
Topics: Youtube, video, Science & Technology, Bruce Schneier (Academic), DEF CON, DEF CON 23, DEFCON,...
DEFCON 23
movies
eye 41
favorite 0
comment 0
Many hackers today are using process memory infections to maintain stealth residence inside of a compromised system. The current state of forensics tools in Linux, lack the sophistication used by the infection methods found in real world hacks. ECFS (Extended core file snapshot) technology, https://github.com/elfmaster/ecfs is an innovative extension to regular ELF core files, designed to be used as forensics-friendly snapshots of process memory. A brief showcasing of the ECFS technology was...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 39
favorite 0
comment 0
Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We'll also be releasing a slew of new and free RFID...
Topics: Youtube, video, Science & Technology, Radio Frequency Identification (Industry), NFC, UHF,...
DEFCON 23
movies
eye 37
favorite 0
comment 0
While the NSA ANT team has been busy building the next generation spy toy catalog for the next leak, the NSA Playset team has been busy catching up with more open hardware implementations. GODSURGE is a bit of software that helps to persist malware into a system. It runs on the FLUXBABBIT hardware implant that connects to the depopulated JTAG header of certain models of Dell servers. This talk will introduce SAVIORBURST, our own implementation of a jtag-based malware delivery firmware that will...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 36
favorite 0
comment 0
It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong positioning results. There are many companies provide commercial GPS emulators, which can be used for the GPS spoofing, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce GPS signal through SDR tools, e.g. USRP / bladeRF. This makes the attack cost very low....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC 23, DC23, DC-23, hack,...
DEFCON 23
by DEFCONConference
movies
eye 34
favorite 0
comment 0
This year at DEF CON a former FAIL PANEL panelist attempts to keep the spirit alive by playing moderator. Less poetry, more roasting. A new cast of characters, more lulz, and no rules. Nothing is sacred, not the industry, not the audience, not even each other. Our cast of characters will bring you all sorts of technical fail, ROFLCOPTER to back it up. No waffles, but we have other tricks up our sleeve to punish, er, um, show love to our audience, all while raising money of the EFF and HFC. The...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON23, DEF CON...
DEFCON 23
movies
eye 33
favorite 0
comment 0
EFF's Apollo 1201 project is a 10-year mission to abolish all DRM, everywhere in the world, within a decade. We're working with security researchers to challenge the viability of the dread DMCA, a law that threatens you with jail time and fines when you do your job: discover and disclosing defects in systems that we rely on for life and limb. Speaker Bio: Cory Doctorow (craphound.com) is a science fiction author, activist, journalist and blogger — the co-editor of Boing Boing (boingboing.net)...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
by DEFCONConference
movies
eye 33
favorite 0
comment 0
This talk will show attendees how to use a small ARM-based computer that is connected inline to a wired network for penetration testing. The computer is running a full-featured penetration testing Linux distro. Data may be exfiltrated using the network or via a ZigBee mesh network or GSM modem. The device discussed in this talk is easily integrated into a powerful penetration test that is performed with an army of ARM-based small computer systems connected by XBee or ZigBee mesh networking....
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, Phil Polstra,...
DEFCON 23
movies
eye 33
favorite 0
comment 0
White paper Available Here: http://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Ronny Bull & Jeanna Matthews - UPDATED/DEFCON-23-Ronny-Bull-Jeanna-Matthews-Exploring-Layer-2-Network-Security-In-Virtualized-Enviroments-WP.pdf Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant environment. These virtual machines are typically connected to the physical network via a virtualized network configuration. This could be as simple as a...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
movies
eye 32
favorite 0
comment 0
The security of SSL/TLS is built on a rickety scaffolding of trust. At the core of this system is an ever growing number of Certificate Authorities that most people (and software) take for granted. Recent attacks have exploited this inherent trust to covertly intercept, monitor and manipulate supposedly secure communications. These types of attack endanger everyone, especially when they remain undetected. Unfortunately, there are few tools that non-technical humans can use to verify that their...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
by DEFCONConference
movies
eye 32
favorite 0
comment 0
Hacking is hard. It takes passion, dedication, and an unwavering attention to detail. Hacking requires a breadth of knowledge spread across many domains. We need to have experience with different platforms, operating systems, software packages, tools, programming languages, and technology trends. Being overly deficient in any one of these areas can add hours to our hack, or even worse, bring us total failure. And while all of these things are important for a well-rounded hacker, one of the key...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC 23,...
DEFCON 23
movies
eye 32
favorite 0
comment 0
Since RTLSDR became a consumer grade RX device, numerous talks and open source tools enabled the community to monitor airplanes, ships, and cars... but come on, what we really want to track are cell phones. If you know how to run cmake and have $50 to pick up an RTLSDR-E4000, I'll make sure you walk out of here with the power to monitor LTE devices around you on a slick Kibana4 dashboard. You'll also get a primer on geolocating the devices if you've got a second E4000 and some basic soldering...
Topics: Youtube, video, Science & Technology, RTLSDR, LTE, Recon, Tracking, RX, DEF CON (Conference...
DEFCON 23
by DEFCONConference
movies
eye 32
favorite 0
comment 0
Join us for a fun-filled tour of source control management and services to talk about how to backdoor software. We will focus on one of the most popular, trendy SCM tools and related services out there – Git. Nothing is sacred. Along the way, we will expose the risks and liabilities one is exposed to by faulty usage and deployments. When we are finished, you will be able to use the same tools and techniques to protect or backdoor popular open source projects or your hobby project. Speaker...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON 23, DEF CON 23, DEFCON, DC23, DC-23, DC...
DEFCON 23
movies
eye 32
favorite 0
comment 0
Have you ever wanted to crack open a safe full of cash with nothing but a USB stick? Now you can! The Brink’s CompuSafe cash management product line provides a “smart safe as a service” solution to major retailers and fast food franchises. They offer end-to-end management of your cash, transporting it safely from your storefront safe to your bank via armored car. During this talk, we’ll uncover a major flaw in the Brink’s CompuSafe and demonstrate how to crack one open in seconds...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC-23,...
DEFCON 23
movies
eye 31
favorite 0
comment 0
My neighbor’s kid is constantly flying his quad copter outside my windows. I see the copter has a camera and I know the little sexed crazed monster has been snooping around the neighborhood. With all of the hype around geo-fencing and drones, this got me to wondering: Would it be possible to force a commercial quad copter to land by sending a low-level pulse directly to it along the frequencies used by GPS? Of course, radio signal jamming is illegal in the U.S and, frankly, it would disrupt...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 31
favorite 0
comment 0
Remember that web application you wrote when you where first learning PHP? Ever wonder how vulnerable that code base is? Through the perspective of an attacker you will see how SQL injection can lead to data loss and system compromise. This presentation will take you through the techniques and tools used to take control of a PHP web application starting from an injection point moving to PHP web shells, and ending with a Linux wildcard attack. Speaker Bio: Nemus works as a software engineer in...
Topics: Youtube, video, Science & Technology, Nemus, SQL, SQL Injection, RCE, Remote Code Execution,...
DEFCON 23
movies
eye 31
favorite 0
comment 0
With over a billion activated devices, Android holds strong as the market leading smartphone operating system. Underneath the hood, it is primarily built on the tens of gigabytes of source code from the Android Open Source Project (AOSP). Thoroughly reviewing a code base of this size is arduous at best -- arguably impossible. Several approaches exist to combat this problem. One such approach is identifying and focusing on a particularly dangerous area of code. This presentation centers around...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 31
favorite 0
comment 0
Certain file formats, like Microsoft Word and PDF, are known to have features that allow for outbound requests to be made when the file opens. Other file formats allow for similar interactions but are not well-known for allowing such functionality. In this talk, we explore various file formats and their ability to make outbound requests, as well as what that means from a security and privacy perspective. Most interestingly, these techniques are not built on mistakes, but intentional design...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
by DEFCONConference
movies
eye 30
favorite 0
comment 0
Responsible Incident: Covert Keys Against Subverted Technology Latencies, Especially Yubikey LosT We're no strangers to love You know the rules and so do I A full commitment's what I'm thinking of You wouldn't get this from any other guy I just wanna tell you how I'm feeling Gotta make you understand Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you LosT also runs the annual...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON Video Series, DEF...
DEFCON 23
movies
eye 29
favorite 0
comment 0
Global Honeypot Trends Elliot Brink Many of my computer systems are constantly compromised, attacked, hacked, 24/7. How do I know this? I've been allowing it. This presentation will cover over one year of research running several vulnerable systems (or honeypots) in multiple countries including the USA, mainland China, Russia and others. We'll be taking a look at: a brief introduction to honeypots, common attacker trends (both sophisticated and script kiddie), brief malware analysis and the...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 28
favorite 0
comment 0
Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show...
Topics: Youtube, video, Science & Technology, Vehicle (Product Category), hacking, DEF CON (Conference...
DEFCON 23
movies
eye 28
favorite 0
comment 0
This project consists of the hardware and software necessary to hijack wired network communications. The hardware allows an attacker to splice into live network cabling without ever breaking the physical connection. This allows the traffic on the line to be passively tapped and examined. Once the attacker has gained enough knowledge about the data being sent, the device switches to an active tap topology, where data in both directions can be modified on the fly. Through our custom...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, Dc-23, hack, hacker, hacking,...
DEFCON 23
movies
eye 28
favorite 0
comment 0
Materials Available Here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/DEFCON-23-Aaron-Grattafiori-Linux-Containers-Future-or-Fantasy-UPDATED.pdf Linux Containers: Future or Fantasy? Aaron Grattafiori Principal Security Consultant, iSEC Partners/NCC Group Containers, a pinnacle of fast and secure deployment or a panacea of false security? In recent years Linux containers have developed from an insecure and loose collection of Linux kernel namespaces to a production-ready OS...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 27
favorite 1
comment 0
Over the past few years state-sponsored hacking has received attention that would make a rockstar jealous. Discussion of malware has shifted in focus from ‘cyber crime’ to ‘cyber weapons’, there have been intense public debates on attribution of various high profile attacks, and heated policy discussion surrounding regulation of offensive tools. We’ve also seen the sale of ‘lawful intercept’ malware become a global trade. While a substantial focus has revolved around the...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC 23, DEFCON, DC-23, hack,...
DEFCON 23
movies
eye 27
favorite 0
comment 0
Security has gone from a curiosity to a phenomenon in the last decade. Fortunately for us, despite the rise of memory-safe, interpreted, lame languages, the security of binaries is as relevant as ever. On top of that, (computer security) Capture the Flag competitions have skyrocketed in popularity, with new and exciting binaries on offer for hacking every weekend. This all sounds great, and it is. Unfortunately, the more time goes by, the older we get, and the more our skills fade. Whereas we...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 27
favorite 0
comment 0
Recently there have been several highly publicized talks about satellite hacking. However, most only touch on the theoretical rather than demonstrate actual vulnerabilities and real world attack scenarios. This talk will demystify some of the technologies behind satellite communications and do what no one has done before - take the audience step-by-step from reverse engineering to exploitation of the GlobalStar simplex satcom protocol and demonstrate a full blown signals intelligence collection...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC 23, DC-23, DEFCON, hack,...
DEFCON 23
movies
eye 26
favorite 0
comment 0
This talk will present a device that can be used as a dropbox, remote hacking drone, hacking command console, USB writeblocker, USB Mass Storage device impersonator, or scripted USB HID device. The device is based on the BeagleBone Black, can be battery operated for several days, and is easily constructed for under $100. The dropbox, remote hacking drone, and hacking command console functionality were presented at DEF CON 21. This talk will emphasize the new USB-based attack functionality....
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), dropbox, drone,...
DEFCON 23
movies
eye 25
favorite 0
comment 0
You are predictable. Your passwords are predictable, and so are your PINs. This fact is being used by the hackers, as well as the agencies watching you. But what about your Android lock patterns? Can who you are reveal what patterns you create? This presentation will present the result from an analysis of 3400 user-selected patterns. The interesting part is that we collected additional information about the respondents, not just the patterns themselves. Will being left-handed and having...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 25
favorite 0
comment 0
Ubiquity or "Everything, Everywhere” - Apple uses this term describe iCloud related items and its availability across all devices. iCloud enables us to have our data synced with every Mac, iPhone, iPad, PC as well as accessible with your handy web browser. You can access your email, documents, contacts, browsing history, notes, keychains, photos, and more all with just a click of the mouse or a tap of the finger - on any device, all synced within seconds. Much of this data gets cached on...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, hacking,...
DEFCON 23
movies
eye 24
favorite 0
comment 0
Windows Management Instrumentation (WMI) is a remote management framework that enables the collection of host information, execution of code, and provides an eventing system that can respond to operating system events in real time. FireEye has recently seen a surge in attacker use of WMI to carry out objectives such as system reconnaissance, remote code execution, persistence, lateral movement, covert data storage, and VM detection. Defenders and forensic analysts have largely remained unaware...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies
eye 23
favorite 0
comment 0
The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such like Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, it exclusively has almost focused on the executables or the memory dump...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 22
favorite 0
comment 0
In many circumstances, we all have to wear different hats when pursuing hobbies, jobs and research. This session will discuss the exploration and use of software defined radio from two perspectives; that of a security researcher and Ham Radio operator. We will cover common uses and abuses of hardware to make them work like transceivers that the Ham crowed is use too, as well as extending the same hardware for other research applications. Additionally we will highlight some of the application of...
Topics: Youtube, video, Science & Technology, DEFCON, DEF CON, DEF CON 23, DC 23, DC-23, DC23, hack,...
DEFCON 23
movies
eye 22
favorite 0
comment 0
We've heard about hypothetical quantum computers breaking most of the public-key crypto in use—RSA, elliptic curves, etc.—and we've heard about "post-quantum" systems that resist quantum computers. We also heard about quantum computers' potential to solve other problems considerably faster than classical computers, such as discrete optimization, machine learning, or code verification problems. And we heard about a commercial quantum computer, and we heard vendors of quantum key...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 20
favorite 0
comment 0
Missed DEF CON 23? Listen to Ken Westin, Tripwire Sr. Security Analyst, talk about his experience as a professional cyber stalker. Source: https://www.youtube.com/watch?v=zVJGY2bZ-Ko Uploader: Tripwire, Inc. Upload date: 2015-09-18
Topics: Youtube, video, Science & Technology, Infosec, Information Security, Tripwire, Security,...
DEFCON 23
by DEFCONConference
movies
eye 20
favorite 0
comment 0
Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 20
favorite 0
comment 0
The term “Bad USB” has gotten some much needed press in last few months. There have been talks that have identified the risks that are caused by the inherent trust between the OS and any device attached by USB. I found in my research that most of the available payloads for the USB rubber ducky would be stopped by common enterprise security solutions. I then set out to create a new exploit that would force the victim to trust my Man-In-The-Middle access point. After my payload is deployed,...
Topics: Youtube, video, Science & Technology, USB (Invention), DEF CON (Conference Series), Encryption...
DEFCON 23
movies
eye 20
favorite 0
comment 0
Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion Marina Krotofil Senior Security Consultant. European Network for Cyber Security Jason Larsen Principal Security Consultant, IOActive The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this...
Topics: Youtube, video, Science & Technology, DEF CON 23, DEF CON, DC23, DEFCON, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 19
favorite 0
comment 0
The Tesla Model S is the most connected car in the world. It might surprise you to hear that it is also one of the most secure. In this talk we will walk you through the architecture of a Tesla Model S noting things that Tesla got right as well as identifying those that they got wrong. From this talk you will get an intimate understanding of how the many interconnected systems in a Tesla model S work and most importantly how they can be hacked. You will also get a good understanding of the data...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Tesla Model S (Automobile...
DEFCON 23
movies
eye 18
favorite 0
comment 0
TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record video and audio, as well as stream video to other devices using its own wireless network and mobile applications. In this...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Intenet of Things, IoT, DEF...
DEFCON 23
movies
eye 18
favorite 0
comment 0
There are a lot of presentations and suggestions that indicate HSMs, TrustZone, AMT, TrEE, SecureBoot, Attestation, TPMs, IOMMU, DRTM, etc. are silver bullets. What does it all mean, should we be afraid, excited, hopeful? Hardware-based security features are not the end of the world, nor its savior, but they can be fun and useful. Although these technologies are vulnerability research targets, their trust concepts can be used to build secure software and devices. This primer covers practical...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies
eye 18
favorite 0
comment 0
We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented....
Topics: Youtube, video, Science & Technology, Medicine (Field Of Study), Medical Devices, DEF CON...
DEFCON 23
movies
eye 17
favorite 0
comment 0
Whether we want it to be or not, the Internet of Things is upon us. Network interfaces are the racing stripes of today's consumer device market. And if you put a network interface on a device, you have to make it do something right? That's where a Simple Object Access Protocol (SOAP) service comes in. SOAP services are designed with ease-of-access in mind, many times at the expense of security. Ludicrous amounts of control over device functionality, just about every category of vulnerability...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hackers,...
DEFCON 23
by DEFCONConference
movies
eye 17
favorite 0
comment 0
Materials Available here:/redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Atlas-Fun-With-Symboliks.pdf&v=9HL6MljOX0o&event=video_description&redir_token=zp9forkij3SZgqefAwFPCw9-otl8MTUwNzMxNTcxNkAxNTA3MjI5MzE2 Fun with Symboliks atlas dude at Grimm Asking the hard questions... and getting answer! Oh binary, where art thine vulns? Symbolic analysis has been a "thing" for 20 years, and yet it's still left...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 17
favorite 0
comment 0
Inter-VM data exfiltration: The art of cache timing covert channel on x86 multi-core Etienne Martineau Software engineer, Cisco Systems On x86 multi-core covert channels between co-located Virtual Machine (VM) are real and practical thanks to the architecture that has many imperfections in the way shared resources are isolated. This talk will demonstrate how a non-privileged application from one VM can ex-filtrate data or even establish a reverse shell into a co-located VM using a cache timing...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 16
favorite 0
comment 0
One of the most challenging steps of a penetration test is popping something and not having full administrative level rights over the system. Companies are cutting back on administrative level rights for endpoints or how about those times where you popped an external web application and were running as Apache or Network Service? Privilege escalation or pillaging systems can be difficult and require extensive time if successful at all. One of the most challenging aspects around pentesting was...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Pivot, Pivoter, penetration...
DEFCON 23
movies
eye 16
favorite 0
comment 0
Materials Available here: /redirect?v=XF_5t547Qfg&event=video_description&redir_token=AyQOHvc5eUBGuavUOuLvsBQY2pp8MTUwNzMxNTA1M0AxNTA3MjI4NjUz&q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-David-An-When-the-Secretary-of-State-says-Stop-Hacking-us.pdf When the Secretary of State says: “Please Stop Hacking Us…” David An Former U.S. State Department Senior American officials routinely hold dialogues with foreign officials...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
by DEFCONConference
movies
eye 16
favorite 0
comment 0
Everybody plays games, and a whole lot of people plays computer games. Despite this fact, very few of us, security researchers consider them as interesting targets. Granted, you won't likely be able to directly hack into a big corporate network via game exploits, but you could for example target the people running the company via their favorite games. Or their children's favorite games. Another scenario: you should consider that a hacked game could allow Not So Admirable people access to your...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), video games, Video Game...
DEFCON 23
movies
eye 16
favorite 0
comment 0
For 22 years, the best binary ninjas in the world have gathered at DEF CON to play the world’s most competitive Capture-the-Flag. At DEF CON 24, DARPA will challenge machines to play this game for the first time, with the winner taking home a $2 million prize. This talk will include a first public look at the machines, teams, technology, and visualization behind Cyber Grand Challenge. The technology: machines that discover bugs and build patches? We’re bringing our qualifier results to show...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Capture The Flag (Game),...
DEFCON 23
movies
eye 16
favorite 0
comment 0
Have you ever heard about the famous "green screen"? No, it's not a screensaver... Believe me, it still does exist! In many industries, although the front-end systems are all new and shiny, in the back-end they still rely on well-known, proven IBM i (aka AS/400) technology for their back-office, core systems. Surprisingly, nobody truly seems to care about the security. Even if these nice IBM heavy black boxes are directly connected to the Internet... The aim of the talk is to give you...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON 23, DC 23, DC-23, DC+23,...
DEFCON 23
movies
eye 15
favorite 0
comment 0
The Harness toolset aims to give penetration testers and red teams the ability to pull a remote powershell interface with all the same features of the native Powershell CLI and more. Several tools and utilities have been released to solve the powershell weaponization problem, but no freely available tool give operators the full capabilities of powershell through a remote interface. We’ll start the talk with a quick survey of the previous methods of weaponizing powershell, and then move into...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies
eye 15
favorite 0
comment 0
This speech will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers and attackers to carry out advanced post exploitation attacks. This presentation gives an overview of how to use these tools in a real attack sequence and gives a view into the .NET hacker space. Topher...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, security...
DEFCON 23
movies
eye 15
favorite 0
comment 0
Materials Available here: /redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Mickey-Shkatov-Jesse-Michael-Scared-poopless-LTE-and-your-laptop-UPDATED.pdf&redir_token=bUXEn8hFCjy3hNMxSxVZeWrXNcB8MTUwNzMyMTQxNUAxNTA3MjM1MDE1&event=video_description&v=q4pRYZjzL_E Scared Poopless – LTE and *your* laptop Mickey Shkatov Security researcher, Intel Advanced Threat Research. Jesse Michael Security researcher With today’s...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Docker is all the rage these days. Everyone is talking about it and investing in it, from startups to enterprises and everything in between. But is it secure? What are the costs and benefits of using it? Is this just a huge risk or a huge opportunity? There's a while lot of ranting and raving going on, but not nearly enough rational discourse. I'll cover the risks and rewards of using Docker and similar technologies such as AppC as well as discuss the larger implications of using orchestration...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Numerous botnets employ domain generation algorithms (DGA) to dynamically generate a large number of random domain names from which a small subset is selected for their command and control. A vast majority of DGA algorithms create random sequences of characters. In this work we present a novel language-based technique for detecting strings that are generate by chaining random characters. To evaluate randomness of a given string (domain name in this context) we lookup substrings of the string in...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, DC 23, computer...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Security research is under attack. Updates to the Wassenaar Arrangement in 2013 established among its 41 member nations an agreement to place a variety of previously undesignated “cybersecurity items” under export control. After 18 months and a half-dozen open advisory meetings, the U.S. has taken the entire security research community by surprise with its proposed rule; we are confronted by a sweeping implementation with profound consequences for academia, independent research, commercial...
Topics: Youtube, video, Science & Technology, Computer Security (Software Genre), DEF CON (Conference...
DEFCON 23
movies
eye 14
favorite 0
comment 0
Working together to keep the Internet safe and secure Alejandro Mayorkas Deputy Secretary of Homeland Security We all have a role to play when it comes to ensuring the safety and security of the Internet, whether you are a federal employee, the CEO of a company, or a private citizen. Today’s threats require the engagement of our entire society. This shared responsibility means that we have to work with each other in ways that is often new for the government and the private sector. This means...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
by DEFCONConference
movies
eye 14
favorite 0
comment 0
ThruGlassXfer (TGXf) is a new and exciting technique to steal files from a computer through the screen. Any user that has screen and keyboard access to a shell (CLI, GUI or browser) in an enterprise IT environment has the ability to transfer arbitrary data, code and executables in and out of that environment without raising alarms, today. This includes staff, partners and suppliers, both on and off-shore. And implementation of best practice Data Center (Jump hosts), Perimeter / Remote Access...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies
eye 13
favorite 0
comment 0
The Open Network Install Environment, or ONIE, makes commodity or WhiteBox Ethernet possible. By placing a common, Linux-based, install environment onto the firmware of the switch, customers can deploy the Network Operating Systems of their choice onto the switch and do so whenever they like without replacing the hardware. The problem is, if this gets compromised, it also makes it possible for hackers to install malware onto the switch. Malware that can manipulate it and your network, and keep...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC, DC23, DC 23, DC-23,...
DEFCON 23
movies
eye 13
favorite 0
comment 0
Ever wonder why there isn't a metasploit-style framework for Android apps? We did! Whether you're a developer trying to protect your insecure app from winding up on devices, an Android n00b or a pentester trying to pwn all the things, QARK is just what you've been looking for! This tool combines SCA, teaching and automated exploitation into one, simple to use application! Speaker Bio: Tony Trummer (@SecBro1) - has been working in the IT industry for nearly 20 years and has been focused on...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, hacking,...
DEFCON 23
movies
eye 13
favorite 0
comment 0
Organizations continue to unknowingly leak trade secrets on the Internet. To those in the know, these leaks are a valuable source of competitive intelligence. This talk describes how the speaker collects competitive intelligence for his own online retail business. Specifically, you learn how he combines, trends, and analyzes information within specific contexts to manufacture useful data that is real, but technically doesn't exist on it's own. For example, you will learn about the trade secrets...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON23, DEF CON...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Materials Available here: /redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Chris-Sistrunk-NSM-101-for-ICS.pdf&event=video_description&redir_token=K8vPOhWePGLx5rcK9yEU9cPWnaZ8MTUwNzMxNjgwNUAxNTA3MjMwNDA1&v=H6AWRziR028 NSM 101 for ICS Chris Sistrunk Sr. ICS Security Consultant, FireEye Is your ICS breached? Are you sure? How do you know? The current state of security in Industrial Control Systems is a widely publicized...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Memory corruption vulnerabilities have plagued computer systems since we started programming software. Techniques for transforming memory corruption primitives into arbitrary code execution exploits have evolved significantly over the past two decades, from "smashing the stack for fun and profit" to the current apex of "just in time code reuse" while playing a cat and mouse game with similarly evolving defensive mitigations: from PaX/NX-bit to fine-grained ASLR and beyond....
Topics: Youtube, video, Science & Technology, DEF CON 23, DEF CON, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies
eye 12
favorite 0
comment 0
Fuzzing is a well-established technique for finding bugs, hopefully exploitable ones, by brute forcing inputs to explore code paths in an application. In recent years, fuzzing has become a near mandatory part of any major application's security team efforts. Our work focused on fuzzing web browsers, a particularly difficult challenge given the size and quality of some of their security teams, the existing high-quality fuzzers available for this, and, of late, bug bounty programs. Despite this,...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...