Skip to main content

DEFCON 26

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.

PART OF
Hacker Conferences
More right-solid
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 26
movies
eye 130
favorite 0
comment 0
Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection- as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security- intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CSPM), software-defined perimeters (SDP), and bunch of other cloud related topics....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 67
favorite 0
comment 0
We will present a sample scene and panel talk on our documentary series Reverse Engineering to the hacking community, which has been in the works for 4 years. We have dozens of interviews spanning the first 3 decades of computer hacking, ultimately there will be hundreds. It's a big story, but for the purposes of DEF CON, we've put together a 17 min. Scene covering the 80s WarGames/Legion of Doom-era of computer hacking in the US. We've spoken to great people, but there are other...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
by DEFCONConference
movies
eye 57
favorite 0
comment 0
Surveillance had been a fact of life for sex workers wherever they have faced prohibition. Only two elements, communication and association, can differentiate between commercial and personal sex, criminal enforcement of prostitution laws have necessarily meant targeting the speech and affiliation of perceived sex workers. Enforcement of this nature is facilitated by profiling, institutional bias, and broad overreaching policies that fundamentally violate individual human rights. This has...
Topics: Youtube, video, Science & Technology, DEF, CON, def con, DEF CON, DEFCON, DEF CON 26, DC26,...
DEFCON 26
movies
eye 52
favorite 1
comment 0
Learn about the elements that go into a computerized light display and how you outfit your own house with dazzling blinking lights set to music. Components of the show are individually explained and live demonstrations of the technology are on display. Come get inspired to computerize your own holiday cheer! Source: https://www.youtube.com/watch?v=x64mrVwuuqs Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 40
favorite 0
comment 0
The security of automobiles accesses control system is a topic often discussed. Today's vehicles rely on key-fob control modules, to ensure the vehicle is accessible to authorized users only. While most traditional automobile key-fob systems have been shown to be insecure in the past, here comes a game changer. Instead of the regular key-fob system, some car owners will be able to access their vehicle by having their smartphone authenticate as a digital car key. In this talk, we will reveal the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
by DEFCONConference
movies
eye 37
favorite 0
comment 0
There are many Software Defined Radios (SDRs) available, with a great deal of time and effort having gone in to their design. These are not those radios. We present four radios that we have designed using crude, novel, and sometimes ridiculous methods for transmitting and receiving signals. The arrival of SDR allowed more hackers than ever to experiment with radio protocols, but we're still using hardware built by other people. In the time honored hacker tradition of rolling our own tools,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 31
favorite 0
comment 0
When it comes to taking advantage of SMB connections, most tools available to penetration testers aim for system enumeration or for performing relay attacks to gain RCE. If signatures are required, or if the victims relayed are not local admins anywhere, that can put a real stint in leveraging SMB to gain any serious footholds in a network. Fortunately, the mentioned attacks are only the tip of the iceberg of the ways to gain RCE with insecure SMB connections – and there’s a new tool to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
by DEFCONConference
movies
eye 27
favorite 0
comment 0
Unless you've been living under a rock for the past 30 years or so, you probably know what a fax machine is. For decades, fax machines were used worldwide as the main way of electronic document delivery. But this happened in the 1980s. Humanity has since developed far more advanced ways to send digital content, and fax machines are all in the past, right? After all, they should now be nothing more than a glorified museum item. Who on earth is still using fax machines? The answer, to our great...
Topics: Youtube, video, Science & Technology, DEF, CON, DEFCON, DEF CON 26, DC26, hacker, hacking,...
DEFCON 26
by DEFCONConference
movies
eye 25
favorite 0
comment 0
The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security. This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats. Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face. The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 26, DEFCON26, DC26, hacker, hacking,...
DEFCON 26
movies
eye 25
favorite 0
comment 0
Blockchain adaptation has reached a fever pitch, andthe community is late to the game of securing these platforms against attack. With the open source community enamored with the success of Ethereum, the enterprise community has been quietly building the next generation of distributed trustless applications on permissioned blockchain technologies. As of early 2018, an estimated half of these blockchain projects relied on the Hyperledger Fabric platform. In this talk we will discuss tools and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 22
favorite 0
comment 0
We started our own transit Internet Service Provider (ISP) to safely route anonymized packets across the globe, and you can too. Emerald Onion is a Seattle-based 501(c)3 not-for-profit and we want to help other hacker collectives start their own. Getting your own Autonomous System Number (ASN), managing Internet Protocol (IP) scopes, using Border Gateway Protocol (BGP) in Internet Exchange Points (IXPs), dealing with abuse complaints or government requests for user data -- this is all stuff...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 22
favorite 0
comment 0
Many hackers like to contribute code, binaries, and exploits under pseudonyms, but how anonymous are these contributions really? In this talk, we will discuss our work on programmer de-anonymization from the standpoint of machine learning. We will show how abstract syntax trees contain stylistic fingerprints and how these can be used to potentially identify programmers from code and binaries. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found in...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 21
favorite 0
comment 0
Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, security...
DEFCON 26
movies
eye 20
favorite 0
comment 0
Why does my bank's website require my MFA token but Quicken sync does not? How is using Quicken or any personal financial software different from using my bank's website? How are they communicating with my bank? These questions ran through my head when balancing the family checkbook every month. Answering these questions led me to deeply explore the 20 year old Open Financial Exchange (OFX) protocol and the over 3000 North American banks that support it. They led me to the over 30 different...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 20
favorite 0
comment 0
Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 19
favorite 0
comment 0
Ever worry about the hardware you leave behind? In a world where servers are co-located, and notebooks get left in hotel rooms, the ability to resist tampering, and if necessary actively respond to attack, has become increasingly important. And of course everybody knows the best booby traps are the ones you don't know are there. This talk will prepare you for life in 1984, where the maids are evil, and step brothers can't be trusted. Whether your running servers as a high value target, or...
Topics: Youtube, video, Science & Technology, DEF, CON, DEFCON, DEF CON 26, DEF CON 2018, hackers,...
DEFCON 26
movies
eye 18
favorite 0
comment 0
The Automotive Exploitation Sandbox is a hands-on educational tool designed to provide stakeholders with little to no previous exposure to automotive security a hands-on experience with real hardware following a basic attack chain against a typical automotive development board. The attack chain provides instructions for the user to remotely exploit, escalate privilege, exfiltrate data, and modify memory using synthetic vulnerabilities placed on a remote test platform running an OS and hardware...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 18
favorite 0
comment 0
Automation has been the forefront of almost every tool or talk in the recent years. The DFIR industry has been moving rapidly towards automating everything! With some great work being done in the area of integrating workflows and various toolsets to make things easier for analysts, automation has really taken off. While that sounds like a worthwhile solution to help SOC analysts weed out the run of the mill adware/PUPs or phishing expeditions, can we really automate a response to the more...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 17
favorite 0
comment 0
Logs, right? Do you run an expensive SIEM? If not, this talk is for you. An effective process for managing logs and security events with built-in and open-source tools will be detailed. I'll share reports and tickets from our organization and describe how we analyze them to improve IT operations, situational awareness, security posture, and pass audits. Source: https://www.youtube.com/watch?v=3yYD3CYiwx4 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 16
favorite 0
comment 0
When my implant gets discovered how will I know? Did the implant stop responding for some benign reason or is the IR team responding? With any luck they'll upload the sample somewhere public so I can find it, but what if I can find out if they start looking for specific bread crumbles in public data sources? At some point without any internal data all blue teams turn to OSINT which puts their searches within view of the advertising industry. In this talk I will detail how I was able to use...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 15
favorite 0
comment 0
OpenXC builds its firmware -- for both the open and proprietary builds -- using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational excersise) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How strings lead reverse engineers to interesting code via backwards...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 15
favorite 0
comment 0
In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 15
favorite 0
comment 0
In 2012, back when DEF CON still fit in the Riviera (RIP), I recognized a gap to fill. I wanted to create a mobile version of the paper DEF CON booklet that everyone could use at the con. I was unable to attend the conference that year. I was 8 months pregnant with my first child, and because I couldn't be there in person, I spent a lot of time wishing I was. So I built it. I spent countless hours pouring my heart into what became the Hacker Tracker, shiny graphics and all, and was committing...
Topics: Youtube, video, Science & Technology, DEF, CON, DEFCON, DEF CON, DEF CON 26, DEF CON 2018,...
DEFCON 26
movies
eye 15
favorite 0
comment 0
The security operations aspect of your Information Security risk management program is where the “rubber meets the road” — the tools and people you have to implement the process and procedures you put together to find the badness and put out the fires. How has the concept of security operations evolved, and where are we headed? There is plenty of buzzword bingo: UBA, UEBA, machine learning and artificial intelligence, network abnormality detection, the marketing conversations of evolving...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 14
favorite 0
comment 0
Traditionally SOCs look outward from their network perimeters, missing the adversaries already operating in their networks. As SOCs improve their capabilities by turning inwards, where should they start? What techniques should they be worried about? What tools will help them? Without knowing what your adversaries can do and what your current capabilities are, it’s hard to make improvements. This talk will describe how to use the MITRE ATT&CK framework as a “scorecard” within the SOC...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 14
favorite 0
comment 0
While you may not always be aware of them or even have heard of them, Crestron devices are everywhere. They can be found in universities, modern office buildings, sports arenas, and even high-end Las Vegas hotel rooms. If an environment has a lot of audio/video infrastructure, needs to interconnect or automate different IoT and building systems, or just wants the shades to close when the TV is turned on, chances are high that a Crestron device is controlling things from behind the scenes. And...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 14
favorite 0
comment 0
Complexity is increasing. Trust eroding. In the wake of Spectre and Meltdown, when it seems that things cannot get any darker for processor security, the last light goes out. This talk will demonstrate what everyone has long feared but never proven: there are hardware backdoors in some x86 processors, and they're buried deeper than we ever imagined possible. While this research specifically examines a third-party processor, we use this as a stepping stone to explore the feasibility of more...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 14
favorite 0
comment 0
Public keys are everywhere, after all, they are public. These keys are waiting to be reaped by those who know their real value. Hidden behind this public face lurks some potentially dangerous issues which could lead to a compromise of data and privacy. Leveraging hundreds of minion devices, we built a public key reaping machine (which we are open sourcing) and operated it on a global scale. Collected keys are tested for vulnerabilities such as the recent ROCA vulnerability or factorization...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 14
favorite 0
comment 0
MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written by the Equation Group and dumped by the Shadow Brokers, have been used in the most damaging cyber attacks in computing history: WannaCry, NotPetya, Olympic Destroyer, and many others. Yet, how these complicated exploits work has not been made clear to most. This is due to the ETERNAL exploits taking advantage of...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 14
favorite 0
comment 0
In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 14
favorite 0
comment 0
Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small factories to critical infrastructures like nuclear power plants, dams and wastewater systems. Although PLCs were made robust to sustain tough environments, little care was taken to raise defenses against potential cyber threats. As a consequence, threats started pouring in and causing havoc. During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 14
favorite 0
comment 0
Most people are familiar with homograph attacks due to phishing or other attack campaigns using Internationalized Domain Names with look-alike characters. But homograph attacks exist against wide variety of systems that have gotten far less attention. This talk discusses the use of homographs to attack machine learning systems, to submit malicious software patches, and to craft cryptographic canary traps and leak repudiation mechanisms. It then introduces a generalized defense strategy that...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 13
favorite 0
comment 0
Are you a malware developer for Android devices? We have very bad news for you: the Android-SDK packager (aapt) is leaking your time zone! We have found a bug inside this Android-SDK's component that relies in not properly setting the value of a variable used as an argument for localtime() function, when setting the "Last Modified" field for the Android App's files. Because of this, the time zone of anyone using the Android-SDK packager to generate their APKs is leaked. The curious...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
by DEFCONConference
movies
eye 13
favorite 0
comment 0
First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends. Wait, no, not really. It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 13
favorite 0
comment 0
First, Dragnet collects dozens of OSINT data points on past and present social engineering targets. Then, using conversion data from previous engagements, Dragnet provides recommendations for use on your current targets: phishing templates, vishing scripts and physical pretexts- all to increase conversions with minimal effort. Finally, features like landing page cloning and domain registration (alongside your standard infrastructure deployment, call scheduling and email delivery) make Dragnet...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 13
favorite 0
comment 0
When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks. The ESI language consists of a small set of instructions represented by XML tags, served by...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 13
favorite 0
comment 0
Wireless sensor networks are commonly thought of as IoT devices communicating using familiar short-range wireless protocols like Zigbee, MiWi, Thread and OpenWSN. A lesser known fact is that about a decade ago, two industrial wireless protocols (WirelessHART and ISA100.11a) have been designed for industrial applications, which are based on the common IEEE 802.15.4 RF standard. These Wireless Industrial Sensor Networks (WISN) are used in process field device networks to monitor temperature,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
Getting started in car hacking can be a daunting and expensive hobby. In this talk I am going to walk you through what you need to buy (and what you can likely skip). I will also be releasing a quick start guide and a script to help new car hackers build a "Car Hacking" system. Source: https://www.youtube.com/watch?v=YFMqGyWyWCo Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
Advanced malware such as TDL4, Rovnix, Gapz, Omasco, Mebromi and others have exposed in recent years various techniques used to circumvent the usual defenses and have shown how much companies are not prepared to deal with these sophisticated threats. Although the industry has implemented new protections such as Virtualized Based Security, Windows SMM Security Mitigation Table (WSMT), Kernel Code Signing, HVCI, ELAM, Secure Boot, Boot Guard, BIOS Guard, and many others, it is still unknown the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
by DEFCONConference
movies
eye 12
favorite 0
comment 0
With the presense of 2FA/MFA solutions growing, the attack surface for external attackers that have successfully phished/captured/cracked credentials is shrinking. However, many 2FA/MFA solutions leave gaps in their coverage which can allow attackers to leverage those credentials. For example, while OWA may be protected with 2FA, the Exchange Web Services Management API (EWS) offers many of the same features and functionalities without the same protections. In this talk, I will introduce...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
So how do you debug bios and triage a vulnerability for exploitability with no stack trace or error log? How do BIOS developers do it? Do not worry! We will explain how anyone can have debug capabilities on modern Intel platforms and show you how this massively simplifies exploit dev. Developing an exploit for a BIOS vulnerability is a different experience than other types of exploit dev. Your available code base to draw from is unlike what you would expect when running at the operating system...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
We all protect our home networks, but how safe is your data once it leaves on its journey to the latest cat pictures? How does your traffic make it to its destination and what threats does it face on its way? What is BGP and why should you care? In this talk, I'll explain the basic structure of the network that is the Internet and the trust relationships on which it is built. We'll explore several types of attacks that you may have seen in the news that exploit this relationship to bring down...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
Golang is a pretty nifty language, and it's remarkably well suited for car hacking. SocketCAN provides a great framework for interacting with CAN devices, so why not use it from Go? We'll present an open source Go library for making SocketCAN easy, and show how to work with raw CAN and ISOTP data. Attendees will get all the info they need to start hacking CAN buses with Go. Source: https://www.youtube.com/watch?v=PlOj0Mt-2NM Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
Regarding ptmalloc2, many heap exploitation techniques have been invented in the recent years, well documented on the famous how2heap repository, or as writeups of famous CTF challenges (like House of Orange). However, most of them require atleast a libc/heap leak , or fail in non-PIE binaries. My new technique titled House of Roman leverages a single bug to gain shell leaklessly on a PIE enabled Binary. I shall showcase the ease of aligning the heap to perform this attack, thus demonstrating...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
The presentation will cover security implications of GPS and positioning attacks. We will discuss real world attacks and incidents. We will touch upon increased reliance on positioning data in accident reconstruction and assistive driving technologies. Source: https://www.youtube.com/watch?v=i3S9wiHF8c0 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
Windows Defender Antivirus's mpengine.dll implements the core of Defender's functionality in an enormous ~11 MB, 30,000+ function DLL. In this presentation, we'll look at Defender's emulator for analysis of potentially malicious Windows binaries on the endpoint. To the best of my knowledge, there has never been a conference talk or publication on reverse engineering any antivirus binary emulator before. We'll cover a range of topics including emulator internals—machine code to intermediate...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 12
favorite 0
comment 0
With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
Fair elections are at the core of every democracy and are of paramount importance to our national security. The confidence in our electoral process is fundamental to ensuring that every vote- and therefore every voice- matters. In recent years, our Nation has become increasingly uneasy about the potential threats to our election infrastructure. The activities to undermine the confidence in the 2016 presidential election have been well documented and the United States (U.S.) Government has...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Though SDN's software-based architecture enables network programmability, it also introduces dangerous code vulnerabilities into SDN controllers. However, the decoupled SDN control plane and data plane only communicate with each other with pre-defined protocol interactions, which largely increases the difficulty of exploiting such security weaknesses from the data plane. In this...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately...
Topics: Youtube, video, Science & Technology, DEF, CON, DEFCON, DEF CON 26, DC26, hackers, hacking...
DEFCON 26
movies
eye 11
favorite 1
comment 0
In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products. However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source. This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy'...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
Defenders have been slowly adapting to the new reality: Any organization is a target. They bought boxes that blink and software that floods the SOC with alerts. None of this matters as much as how administration is performed: Pop an admin, own the system. Admins are being dragged into a new paradigm where they have to more securely administer the environment. What does this mean for the pentester or Red Teamer? Admins are gradually using better methods like two-factor and more secure...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
There is a rising trend within Threat actors to find newer, more effective and stealthy ways to attack and gain persistence in a network. One way to achieve this is by abusing legitimate software such as Windows Management Instrumentation and PowerShell. This is the case for Living Off the Land and Fileless threats. By using these techniques, attackers can distribute their malicious code bypassing software whitelisting and avoid antivirus detection. A method to detect these threats is by...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
Unified Diagnostic Services (UDS) provides a powerful interface into vehicle diagnostics. OEMs use these services to update firmware, manipulate calibration data, send and receive information from vehicle ECUs, and now more recently for over the air updates. This talk pulls back the curtain on automotive bootloaders and how poor security design or implementation choices can be used by attackers to exfiltrate firmware or even gain persistent code execution. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
In his notorious book Leviathan, the XVII century English philosopher Thomas Hobbes stated that: we should give our obedience to an unaccountable sovereign otherwise what awaits us is a state of nature that closely resembles civil war—a situation of universal insecurity. It looks like a lot of current political leaders have red and found the teachings of Hobbes applicable to modern day online life. We witness the rise of the Digital Leviathan. The same apps and applications that people use to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 11
favorite 0
comment 0
In the past, when hackers did malicious program code injection, they used to adopt RunPE, AtomBombing, cross-process creation threads, and other approaches. They could forge their own execution program as any critical system service. However with increasing process of anti-virus techniques, these sensitive approaches have been gradually proactively killed. Therefore, hackers began to aim at another place, namely memory-level weakness, due to the breakages of critical system service itself. This...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
by DEFCONConference
movies
eye 10
favorite 0
comment 0
Do you love DEF CON? Do you hate having to wait for it all year? Well, thanks to DEF CON groups, you're able to carry the spirit of DEF CON with you year round, and with local people, transcending borders, languages, and anything else that may separate us! In this special event, your DEF CON groups team who works behind the scenes to make DCG possible will introduce themselves and provide status updates. After we're done talking, the remainder of time will be an informal open floor right there...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
The Teddy Ruxpin is an iconic toy from the 1980's featuring an animatronic teddy bear that reads stories from cassette tapes to children. In late 2017, a new model of the toy was released with improvements including Bluetooth connectivity, LCD eyes, and a companion mobile application. While the new bear features a number of improvements, the Teddy Ruxpin's original ability to add new stories by replacing the included cassettes is no longer applicable, and it requires users to supply files to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment and most games can run on these emulators fast and soundly. The bad news for game vendors is that these emulators are usually shipped with root permission in the first place. On the other hand, cheating tools developers are happy because they can easily distribute their tools to abusers without requiring the abusers to have a physical rooted device, nor do they need to perform laborious tuning for...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
There exist several approaches to misbehavior detection in V2X networks in research literature, many of them not necessarily taking automotive restrictions into account. Only few approaches do and there is only one approach that has been tested in actual vehicles as far as I know. And that approach has it challenges - although it is an important first step towards implementation. I will present how this (and one or two other) approach works and how it can be tricked. Although misbehavior...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
These days it's hard to find a business that doesn't accept faster payments. Mobile Point of Sales (mPOS) terminals have propelled this growth lowering the barriers for small and micro-sized businesses to accept non-cash payments. Older payment technologies like mag-stripe still account for the largest majority of all in-person transactions. This is complicated further by the introduction of new payment standards such as NFC. As with each new iteration in payment technology, inevitably...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
To avoid the tedious task of collecting water usage data by go user's home _ water meters that are equipped with wireless communication modules are now being put into use, in this talk we will take a water meter _which is using Lora wireless protocol_ as an example to analyze the security and privacy risks of this kind of meters_we will explain how to reverse engineer and analyze both the firmware and the hardware of a water meter system, we will be talking about its security risks from...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
Financial institutions, home automation products, and offices near universal cryptographic decoders have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning and text-to-speech have shown that synthetic, high-quality audio of subjects can be generated using transcripted speech from the target. Are current techniques for audio generation enough to spoof voice authentication algorithms? We demonstrate, using freely available machine learning...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 10
favorite 0
comment 0
Recently, the inspection of huge traffic log is imposing a great burden on security analysts. Unfortunately, there have been few research efforts focusing on scalablility in analyzing very large PCAP file with reasonable computing resources. Asura is a portable and scalable PCAP file analyzer for detecting anomaly packets using massive multithreading. Asura's parallel packet dump inspection is based on task-based decomposition and therefore can handle massive threads for large PCAP file without...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 9
favorite 0
comment 0
Hack a lock and get free rides! (No free beer yet though...). This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't. Previous talks on...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 9
favorite 0
comment 0
The term"smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 9
favorite 0
comment 0
Have you wondered whether developers can play any significant role in the security world? Come hear from a diehard programmer and hacker who loves to break and loves to build, and learn how a regular programmer can make major contributions to security from the trenches. This presentation will dive into the intersection between development and security. You will learn about the SDL -- Secure Development Lifecycle, and why in the world a hacker would care about processes and procedures. You will...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 8
favorite 0
comment 0
Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been seen in...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 8
favorite 0
comment 0
Multiple Credit Card Readers are Flawed, the Amazon Echo Gets Creepy, and the Voting Machine Hacking Village creates waves. All that coming up now on ThreatWire. -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Shop → http://www.hakshop.com Subscribe → http://www.youtube.com/hak5 RSS Feeds → https://www.hak5.org/subscribe Support → http://www.patreon.com/threatwire Amazon Associates → https://amzn.to/2pHgf8T Our Site → http://www.hak5.org Contact Us...
Topics: Youtube, video, Science & Technology, hak5, hack, technology, darren kitchen, shannon morse,...
DEFCON 26
movies
eye 8
favorite 0
comment 0
Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, and other signal processing in addition to the application processor. Have you ever been curious about how your phone actually makes calls and texts on a low level? Or maybe you want to learn more about the internals of the baseband but have no clue where to start. We will dive into the internals of a qualcomm baseband, tracing it's evolution over the years until its...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
DEFCON 26
movies
eye 8
favorite 0
comment 0
In this modern digital age of technically competent adversaries we forget that there may still be a need to conduct old school physical surveillance against a target. Many organisations utilise surveillance teams and these may be in-house in the case of government agencies or third-party teams contracted for a specific task and their targets range from suspected terrorists to people accused of bogus insurance claims. Whilst most people think that they may never be placed under surveillance some...
Topics: Youtube, video, Science & Technology, DEF, CON, DEFCON 26, DEFCON, DEF CON, hackers, hacking...
DEFCON 26
movies
eye 8
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=N5_dNdp8SNc Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...