Skip to main content

DEFCON 21

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.


rss RSS

110
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 21
movies

eye 146

favorite 0

comment 0

Hardware Hacking with Microcontrollers: A Panel Discussion JOE GRAND MARK 'SMITTY' SMITH LOST RENDERMAN FIRMWAREZ Microcontrollers and embedded systems come in many shapes, sizes and flavors. From tiny 6-pin devices with only a few bytes of RAM (ala the DEF CON 14 Badge) to 32- bit, eight core multiprocessor systems (ala DEF CON 20 Badge), each has their own strengths and weaknesses. Engineers and designers tend to have their favorites, but how do they decide what part to work with? Join DEFCON...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 46

favorite 0

comment 0

Legal Aspects of Full Spectrum Computer Network (Active) Defense ROBERT CLARK ATTORNEY Full spectrum computer network (active) defense mean more than simply "hacking back". We've seen a lot of this issue lately. Orin Kerr and Stewart Baker had a lengthy debate about it online. New companies with some high visibility players claim they are providing "active defense" services to their clients. But all-in-all, what does this really mean? And why is it that when you go to your...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 71

favorite 0

comment 0

BYO-Disaster and Why Corporate Wireless Security Still Sucks JAMES SNODGRASS (PUNK1NPO0P) HILLBILLY HACKER JOSH HOOVER (WISHBONE) HILLBILLY HACKER Right when you thought this topic had been beaten to death, something new emerges. This horse isn't dead yet! This talk will focus on a completely new vulnerability in the way some devices handle MsChapV2 and present some newer methods for capturing clear text credentials easily and without heavy processing power. We will walk you through a full...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 78

favorite 0

comment 0

We are Legion: Pentesting with an Army of Low-power Low-cost Devices DR. PHILIP POLSTRA HACKER IN RESIDENCE, UNIVERSITY OF DUBUQUE This talk will show attendees how they can do penetration testing with a network of small, battery-powered, penetration testing systems. The small devices discussed will be running a version of The Deck, a full-featured penetration testing and forensics Linux distro. The Deck runs on the BeagleBoard and BeagleBone family of devices (including the next-gen BeagleBone...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 116

favorite 0

comment 0

RFID Hacking: Live Free or RFID Hard FRANCIS BROWN MANAGING PARTNER - BISHOP FOX Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance on how RFID proximity badge systems work. We'll cover what you'll need to build out your own RFID physical penetration toolkit, and how to easily use an Arduino microcontroller to weaponize commercial RFID badge readers — turning them into custom, long-range RFID...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 63

favorite 0

comment 0

Phantom Network Surveillance UAV / Drone RICKY HILL SECURITY CONSULTANT DARPA, 2011, sponsored a contest named UAVForge which challenged teams to build a prototype unmanned aerial vehicle (UAV). Mission: "UAV must be small enough to fit in a soldier's rucksack and able to fly to, perch & stare from useful locations for several hours near targets of interest to provide real-time (visual) persistent surveillance." Long story short: 140 teams participated, no one won. Crashes, remote...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 127

favorite 0

comment 0

IFear the Evil FOCA: IPv6 attacks in Internet connections CHEMA ALONSO SECURITY RESEARCHER, INFORMATICA64 Windows boxes are running IPv6 by default so LANs are too. Internet is not yet ready for IPv6 worldwide, but... you can connect internal IPv6 networks to external IPv4 web sites with few packets. In this session you will see how using the new Evil FOCA tool, created to perform IPv6 networks attacks, it is possible to hack Internet IPv4 connections creating a man in the middle in IPv6...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 20

favorite 0

comment 0

Meet the VCs PING LI PARTNER, ACCEL PARTNERS MATT OCKO PARTNER, DATA COLLECTIVE DEEPAK JEEVANKUMAR PARTNER, GENERAL CATALYST JOHN M. JACK BOARD PARTNER, ANDREESSEN HOROWITZ EILEEN BURBIDGE PARTNER, PASSION CAPITAL Venture capital investments have reached the highest level since the dot-com days. Almost seven billion dollars was invested last quarter alone. While clean-tech deals hit a new low, security deals increased the most. Security is the new black. How should we spend the next billion?...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 115

favorite 1

comment 0

Insecurity - A Failure of Imagination MARC WEBER TOBIAS INVESTIGATIVE ATTORNEY AND SECURITY SPECIALIST, SECURITY.ORG TOBIAS BLUZMANIS SECURITY SPECIALIST, SECURITY.ORG Homeowners, apartment complexes, and businesses throughout the United States and Canada have purchased locks from one of the leading manufacturers in the country in the belief that they were secure. Advertising represents they are the highest grade of residential security available as a result of security ratings from different...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 76

favorite 0

comment 0

Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO) JUSTIN ENGLER SENIOR SECURITY ENGINEER, ISEC PARTNERS PAUL VINES Password and PIN systems are often encountered on mobile devices. A software approach to cracking these systems is often the simplest, but in some cases there may be no better option than to start pushing buttons. This talk will cover automated PIN cracking techniques using two new tools and discuss the practicality of these attacks against various...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 79

favorite 0

comment 0

ACL Steganography - Permissions to Hide Your Porn MICHAEL PERKLIN SECURITY RESEARCHER Everyone's heard the claim: Security through obscurity is no security at all. Challenging this claim is the entire field of steganography itself - the art of hiding things in plain sight. Most people know you can hide a text file inside a photograph, or embed a photograph inside an MP3. But how does this work under the hood? What's new in the stego field? This talk will explore how various techniques employed...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 55

favorite 0

comment 0

All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio BALINT SEEBER SPENCH.NET Ever wondered what traffic is flowing through the many satellites in orbit above you? Have you wanted to intercept RADAR signals from air traffic control and visualise your local airspace in real-time on a 3D map? While youíre at it, check how many faults have been reported by the next plane youíll be travelling on (e.g. do the toilets work?). How about tracking down the source of a...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 55

favorite 0

comment 0

The Bluetooth Device Database RYAN HOLEMAN SENIOR SOFTWARE DEVELOPER, ZIFTEN TECHNOLOGIES As of 2013, it is estimated that there are now billions of bluetooth devices deployed worldwide. The goal of the Bluetooth Database Project is to track and freely distribute real time sightings and statistics of these wide spread devices. The data collected from these devices can be used to answer questions pertaining to various topics, such as device geolocation, device proliferation, population analysis,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 70

favorite 0

comment 0

Dude, WTF in my car? ALBERTO GARCIA ILLERA JAVIER VAZQUEZ VIDAL The ECU tuning market is weird. There is little help from people in it, and most of the equipment is expensive. Well, not anymore! After hacking some equipment worth thousands of dollars, a new toy was born. Seed/Key algos broken, RSA bustedÖ We will learn all about Bosch EDC15 and EDC16 car ECUs. How they communicate, what protocols they use, their security and why it is worth hacking them. There will be a demonstration of a tool...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies

eye 55

favorite 0

comment 0

Building an Android IDS on Network Level JAIME SANCHEZ A3SEC Being popular is not always a good thing and hereís why. As mobile devices grow in popularity, so do the incentives for attackers. Mobile malware and threats are clearly on the rise, as attackers experiment with new business models by targeting mobile phones. Nowadays, several behavior-based malware analysis and detection techniques for mobile threats have been proposed for mobile devices. We'll show how we built a new detection...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 58

favorite 0

comment 0

Transcending Cloud Limitations by Obtaining Inner Piece ZAK BLACHER With the abundance of cloud storage providers competing for your data, some have taken to offering services in addition to free storage. This presentation demonstrates the ability to gain unlimited cloud storage by abusing an overlooked feature of some of these services. Zak Blacher is currently pursuing a Masters of Mathematics in Computer Science, and expects to be graduating at the end of August. He has previously completed...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 44

favorite 0

comment 0

HiveMind: Distributed File Storage Using JavaScript Botnets SEAN MALONE PRINCIPAL SECURITY CONSULTANT, FUSIONX Some data is too sensitive or volatile to store on systems you own. What if we could store it somewhere else without compromising the security or availability of the data, while leveraging intended functionality to do so? This presentation will cover the methodology and tools required to create a distributed file store built on top of a JavaScript botnet. This type of data storage...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 120

favorite 0

comment 0

The Government and UFOs: A Historical Analysis by Richard Thieme RICHARD THIEME This talk is about the ways the many components of governments interact and respond to challenging and anomalous events--highly relevant to hacking by all definitions and at all levels. If you donít know the lay of the land, you can not engage in appropriate research and reconnaissance, counter-measures, and operations. The proliferation of reliable reports of unidentified flying objects from the 1940s forward...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 64

favorite 0

comment 0

Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot AMIR ETEMADIEH RESEARCH SCIENTIST AT ACCUVANT LABS CJ HERES IT CONSULTANT MIKE BAKER CO-FOUNDER OPENWRT HANS NIELSEN SENIOR SECURITY CONSULTANT AT MATASANO Google TV is intended to bring the Android operating system out of the mobile environment and into consumers' living rooms. Unfortunately, content providers began to block streaming access to popular content from the Google TV platform which hindered its reach. Furthermore,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 60

favorite 0

comment 0

How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles JASON STAGGS GRAD STUDENT AND RESEARCH ASSISTANT, UNIVERSITY OF TULSA This presentation introduces the underlying protocols on automobile communication system networks of passenger vehicles and evaluates their security. Although reliable for communication, vehicle protocols lack inherit security measures. This work focuses strongly on controller area networks (CANs) and the lack of...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 61

favorite 0

comment 0

Prowling Peer-to-Peer Botnets After Dark TILLMANN WERNER CROWDSTRIKE, INC. Peer-to-peer botnets have become the backbone of the cybercrime ecosystem. Due to their distributed nature, they are more difficult to understand and contain than traditional botnets. To combat this problem, we have developed the open-source framework *prowler* for peer-to-peer botnet tracking and node enumeration. It combines efficient crawling strategies with the ability to plug in implementations for custom...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 52

favorite 0

comment 0

Conducting massive attacks with open source distributed computing ALEJANDRO CACERES OWNER, HYPERION GRAY LLC Distributed computing is sexy. Don't believe us? In this talk we'll show you, on a deep, practical level and with lots of (mostly Python) code, how a highly automated and effective computer network attack could be crafted and enhanced with the help of distributed computing over 'Big Data' technologies. Our goal is to demystify the concept of using distributed computing for network...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), 2013 Hacker Dc21 Def Con Def...
DEFCON 21
by DEFCONConference
movies

eye 109

favorite 0

comment 0

Hacking Driverless Vehicles by Zoz Cannytrophic Design Are driverless vehicles ripe for the hacking? Autonomous and unmanned systems are already patrolling our skies and oceans and being tested on our streets and highways. All trends indicate these systems are at an inflection point that will show them rapidly becoming commonplace. It is therefore a salient time for a discussion of the capabilities and potential vulnerabilities of these systems. This session will be an informative and...
Topics: Youtube, video, Science & Technology, Robotics (Invention), Zoz, Security, Autonomous Car...
DEFCON 21
by DEFCONConference
movies

eye 49

favorite 0

comment 0

From Nukes to Cyber -- Alternative Approaches for Proactive Defense and Mission Assurance LT. GEN. ROBERT ELDER USAF (RETIRED) In typical military operations, the advantage goes to the offense because the initiator controls the timing and is able to concentrate forces. A good defense is designed to undermine the advantage of the offense. Proactive defense approaches include: masking (obfuscation), maneuvering, and hardening of critical capabilities. The other alternative, which is often...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 67

favorite 0

comment 0

Utilizing Popular Websites for Malicious Purposes Using RDI DANIEL CHECHIK SECURITY RESEARCHER, TRUSTWAVE SPIDERLABS ANAT (FOX) DAVIDI SECURITY RESEARCHER, TRUSTWAVE SPIDERLABS Reflected DOM Injection is a new attack vector that will be unveiled for the first time in our talk! We will explain the technique and show a live demo where we use it to hide malicious code within popular and trusted websites. Daniel Chechik is a veteran security researcher at Trustwave's SpiderLabs. Among other things,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 72

favorite 0

comment 0

HTTP Time Bandit VAAGN TOUKHARIAN PRINCIPAL ENGINEER, QUALYS TIGRAN GEVORGYAN ENGINEERING MANAGER, QUALYS While web applications have become richer to provide a higher level user experience, they run increasingly large amounts of code on both the server and client sides. A few of the pages on the web server may be performance bottlenecks. Identifying those pages gives both application owners as well as potential attackers the chance to be more efficient in performance or attack. We will discuss...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 58

favorite 0

comment 0

I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell DOUG DEPERRY SENIOR SECURITY CONSULTANT, ISEC PARTNERS TOM RITTER SENIOR SECURITY CONSULTANT, ISEC PARTNERS I have a box on my desk that your CDMA cell phone will automatically connect to while you send and receive phone calls, text messages, emails, and browse the Internet. I own this box. I watch all the traffic that crosses it and you don't even know you're connected to me. Welcome to...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 81

favorite 0

comment 0

The Dark Arts of OSINT NOAH SCHIFFMAN SKYDOG The proliferation and availability of public information has increased with the evolution of its dissemination. With the constant creation of digital document archives and the migration towards a paperless society, vast databases of information are continuously being generated. Collectively, these publicly available databases contain enough specific information to pose certain vulnerabilities. The actionable intelligence ascertained from these data...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 63

favorite 0

comment 0

Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices WESLEY MCGREW RESEARCH ASSOCIATE, MISSISSIPPI STATE UNIVERSITY Malicious attackers and penetration testers alike are drawn to the ease and convenience of small, disguise-able attacker-controlled devices that can be implanted physically in a target organization. When such devices are discovered in an organization, that organization may wish to perform a forensic analysis of the device in order to determine what systems...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 40

favorite 0

comment 0

PowerPreter: Post Exploitation Like a Boss NIKHIL MITTAL SECURITY RESEARCHER Powerpreter is "The" post exploitation tool. It is written completely in powershell which is present on all modern Windows systems. Powerpreter has multiple capabilties which any post exploitation shell worth its salt must have, minus the detection by anti virus or other countermeasure tools. Powerpreter has, to name a few, functions like stealing infromation, logging keys, dumping system secrets, in-memory...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 89

favorite 0

comment 0

Do-It-Yourself Cellular IDS SHERRI DAVIDOFF LMG SECURITY SCOTT FRETHEIM LMG SECURITY DAVID HARRISON LMG SECURITY RANDI PRICE LMG SECURITY For less than $500, you can build your own cellular intrusion detection system to detect malicious activity through your own local femtocell. Our team will show how we leveraged root access on a femtocell, reverse engineered the activation process, and turned it into a proof-of-concept cellular network intrusion monitoring system. We leveraged commercial Home...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 30

favorite 0

comment 0

An Open Letter - The White Hat's Dilemma: Professional Ethics in the Age of Swartz, PRISM and Stuxnet ALEX STAMOS CO-FOUNDER AND CTO, ISEC PARTNERS The information security world is constantly buffeted by the struggle between whitehats, blackhats, antisec, greenhats, anarchists, statists and dozens of other self-identified interest groups. While much of this internecine conflict is easily dismissed as "InfoSec Drama", the noise of interpersonal grudges often obscures a legitimate and...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies

eye 57

favorite 0

comment 0

Exploiting Music Streaming with JavaScript FRANZ PAYER PROGRAMMER, TACTICAL NETWORK SOLUTIONS As the music industry transitioned from physical to digital distribution, they have forgotten the one thing they hold most dear to them: Their DRM. Many browser-based music streaming services use no DRM to secure their music. By doing this, they leave their library of high quality songs free for the picking. This presentation details the use of JavaScript to circumvent the security of several...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 48

favorite 0

comment 0

The Dirty South -- Getting Justified with Technology DAVID KENNEDY FOUNDER & PRINCIPAL SECURITY CONSULTANT, TRUSTEDSEC NICK HITCHCOCK SENIOR SECURITY CONSULTANT, TRUSTEDSEC It seems that every day there's a new NextGen firewall, whitelisting and blacklisting, DLP, or the latest technology thats suppose to stop us. But does it really stop "hackers"? Truth is, naw not really. In this talk we'll be showing off the latest bypass techniques for the "latest" hacker stoppers,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 68

favorite 0

comment 0

DEF CON Comedy Jam Part VI, Return of the Fail DAVID MORTMAN CHIEF SECURITY ARCHITECT, ENSTRATIUS RICH MOGULL ANALYST & CEO, SECUROSIS CHRIS HOFF RATIONAL SECURITY DAVE MAYNOR ERRATA LARRY PESCE PAULDOTCOM.COM ENERNEX JAMES ARLEN LIQUIDMATRIX / LEVIATHAN SECURITY ROB GRAHAM ERRATA ALEX ROTHMAN SHOSTACK, ESQ. You know you can't stay away! The most talked about panel at DEF CON! More FAIL than you can shake a stick at. Come hear some of the loudest mouths in the industry talk about the epic...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 49

favorite 0

comment 0

JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces JOE GRAND AKA KINGPIN On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a primary vector used by hackers to extract program code or data, modify memory contents, or affect device operation on-the-fly. Depending on the complexity of the target device, manually locating available OCD connections can be a difficult and time consuming task, sometimes requiring physical destruction or modification of...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 87

favorite 0

comment 0

Stepping P3wns: Adventures in full spectrum embedded exploitation (and defense!) ANG CUI PH.D. CANDIDATE, COLUMBIA UNIVERSITY MICHAEL COSTELLO RESEARCH STAFF, COLUMBIA UNIVERSITY Our presentation focuses on two live demonstrations of exploitation and defense of a wide array of ubiquitous networked embedded devices like printers, phones and routers. The first demonstration will feature a proof-of-concept embedded worm capable of stealthy, autonomous polyspecies propagation. This PoC worm will...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 92

favorite 0

comment 0

Fast Forensics Using Simple Statistics and Cool Tools JOHN ORTIZ COMPUTER ENGINEER, CRUCIAL SECURITY/HARRIS Ever been attacked by malicious code leaving unknown files all over your computer? Trying to figure out if a file is encrypted or just compressed? Is the file really something else? Is there hidden data? Are you short on time! This talk leads you through file identification and analysis using some custom FREE tools that apply statistics and visualization to answer these questions and...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 25

favorite 0

comment 0

Stalking a City for Fun and Frivolity BRENDAN O'CONNOR Tired of the government being the only entity around that can keep tabs on a whole city at once? Frustrated by dictators du jour knowing more about you than you know about them? Fed up with agents provocateur slipping into your protests, rallies, or golf outings? Suffer no more, because CreepyDOL is here to help! With open-source software, off-the-shelf sensors, several layers of encryption, and a deployment methodology of "pull pin,...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies

eye 50

favorite 0

comment 0

The Road Less Surreptitiously Traveled PUKINGMONKEY Anonymously driving your own vehicle is becoming unattainable with the proliferation of automatic license plate readers (ALPRs) now coming into wide-spread use. Combined with always-on electronic toll tags, smart phone traffic apps and even plain cell phones are adding to this problem. There is little public disclosure of this tracking and little legislation limiting the length of time data is retained, even if it is not involved in any...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 57

favorite 0

comment 0

Made Open: Hacking Capitalism TODD BONNEWELL MAN WITH A MESSAGE, MADEOPEN.COM The game is Capitalism. The rule makers are the banks, corporations and governments. This presentation is about playing a game that is rigged by the rule makers, and winning in such fashion that the game is never the same. If you like breaking things and building them back up, or are a person, please at least watch this at a later time. I forgive you for not attending, but you will not forgive yourself for missing it....
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 45

favorite 0

comment 0

Decapping Chips the Easy Hard Way ADAM "MAJOR MALFUNCTION" LAURIE CODE MONKEY, APERTURE LABS ZAC FRANKEN CHIP MONKEY, APERTURE LABS For some time it has been possible to discover the inner workings of microprocessors with the help of a microscope and some nasty chemicals such as fuming nitric acid. However, unless you have access to a university or work science lab, this is beyond the reach of most hackers, and, even it were to be attempted, difficult and potentially extremely...
Topics: Youtube, video, Science & Technology, 2013, Security, Las Vegas, dc21, Conference, DEF CON...
DEFCON 21
movies

eye 48

favorite 0

comment 0

Evolving Exploits Through Genetic Algorithms SOEN HACKER FOR TEAM VANNED This talk will discuss the next logical step from dumb fuzzing to breeding exploits via machine learning & evolution. Using genetic algorithms, this talk will take simple SQL exploits and breed them into precision tactical weapons. Stop looking at SQL error messages and carefully crafting injections, let genetic algorithms take over and create lethal exploits to PWN sites for you! soen (@soen_vanned) is a reverse...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 53

favorite 0

comment 0

Evil DoS Attacks and Strong Defenses SAM BOWNE MATTHEW PRINCE On the attack side, this talk will explain and demonstrate attacks which crash Mac OS X, Windows 8, Windows Server 2012, and Web servers; causing a BSOD or complete system freeze. The Mac and Windows systems fall to the new IPv6 Router Advertisement flood in thc-ipv6-2.1, but only after creating a vulnerable state with some "priming" router advertisements. Servers fail from Sockstress--a brutal TCP attack which was invented...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 48

favorite 0

comment 0

DNS May Be Hazardous to Your Health ROBERT STUCKE SECURITY RESEARCHER The largest manufacturer of laptops, one of the largest consulting firms, and a big data behemoth all walk into a bar... His research explores many self-inflicted gaps that continue to plague even the largest companies. These gaps are often seen as trivial and ignored, thus making all of their DNS investments lead to a false sense of security. Too much effort and trust go into vendor solutions when 'common sense' and 'due...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 25

favorite 0

comment 0

DEF CON is proud to announce the 3rd annual DEF CON awards ceremony, renamed the DC Recognize Awards. These awards are given to deserving individuals in the community, industry, and media. Your hosts again this year will be Jericho, Jeff Moss, and Russ Rogers. Source: https://www.youtube.com/watch?v=pIGejjv8Gt8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 73

favorite 0

comment 0

BoutiqueKit: Playing WarGames with expensive rootkits and malware JOSH 'M0NK' THOMAS APPLIED RESEARCH SCIENTIST - ACCUVANT "Theoretical" targeted rootkits need to play by different rules than the common malware that ends up filling our inboxes with spam and attempting to steal our CC numbers... The costs involved of getting popped are huge in comparison, the value is in the secrecy of being truly hidden and embedded for the long term. I've spent the past year considering what the next...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
Source: https://www.youtube.com/watch?v=RgODzaH1NlQ Uploader: DEFCON Upload date: 2014-08-28
Topics: Youtube, video, People & Blogs, defcon, def con, security, hacking, how to hack, learn to hack,...
DEFCON 21
by DEFCONConference
movies

eye 22

favorite 0

comment 0

Proliferation AMBASSADOR JOSEPH R. DETRANI PRESIDENT, INTELLIGENCE AND NATIONAL SECURITY ALLIANCE (INSA) Ambassador Joseph DeTrani was named President of the Intelligence and National Security Alliance (INSA) on February 5, 2013. As President, he will lead INSA as its Chief Executive Officer on a day-to-day basis. Ambassador DeTrani has dedicated his professional career to public service with more than three decades of work for the U.S. government. Most recently, he served as the Senior Advisor...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
by DEFCONConference
movies

eye 37

favorite 0

comment 0

Abusing NoSQL Databases Ming Chow Lecturer, Tufts University Department of Computer Science The days of selecting from a few SQL database options for an application are over. There is now a plethora of NoSQL database options to choose from: some are better than others for certain jobs. There are good reasons why developers are choosing them over traditional SQL databases including performance, scalabiltiy, and ease-of-use. Unfortunately like for many hot techologies, security is largely an...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 62

favorite 0

comment 0

Noise Floor: Exploring the world of unintentional radio emissions by Melissa Elliott Application security researcher, Veracode If it's electronic, it makes noise. Not necessarily noise that you and I can hear, of course -- unless you know how to tune in. The air around us is filled with bloops, bleeps, and bzzts of machines going about their business, betraying their existence through walls or even from across the street. The unintentional noise lurking among intentional signals can even reveal...
Topics: Youtube, video, Science & Technology, Security, Information Security (Software Genre), DC21,...
DEFCON 21
by DEFCONConference
movies

eye 34

favorite 0

comment 0

DEF CON 21 - LosT - Welcome and Making of the Badges LosT welcomes everyone to the conference and discusses the making of the DEF CON Badges. Source: https://www.youtube.com/watch?v=yS_KiWKLS2c Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 45

favorite 0

comment 0

Business logic flaws in mobile operators services BOGDAN ALECU INDEPENDENT SECURITY RESEARCHER GSM has been attacked in many different ways in the past years. But regardless of the protocol issues, there are also flaws in the logic of the mobile operators' services. One may think that finding an issue which affects only one specific operator in some country couldn't affect other operators. However, this is not the case as most of the operators are using the same equipment and have the same...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies

eye 97

favorite 0

comment 0

Ask the EFF: The Year in Digital Civil Liberties KURT OPSAHL ELECTRONIC FRONTIER FOUNDATION MARCIA HOFFMANN FELLOW, EFF DAN AUERBACH STAFF TECHNOLOGIST, EFF EVA GALPERIN GLOBAL POLICY ANALYST, EFF MARC JAYCOX POLICY ANALYST AND LEGISLATIVE ASSISTANT, EFF MITCH STOLTZ STAFF ATTORNEY, EFF Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation's premiere digital civil liberties group fighting for...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 46

favorite 0

comment 0

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust DAN GRIFFIN PRESIDENT, JW SECURE, INC. The US National Security Agency has been public about the inevitability of mobile computing and the need to support cloud-based service use for secret projects. General Alexander, head of the NSA, recently spoke of using smartphones as ID cards on classified networks. And yet, mobile devices have a poor security track record, both as data repositories and as sources of trustworthy...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 30

favorite 0

comment 0

How to Disclose or Sell an Exploit Without Getting in Trouble JAMES DENARO PARTNER, CIPHERLAW You have identified a vulnerability and may have developed an exploit. What should you do with it? You might consider going to the vendor, blogging about it, or selling it. There are risks in each of these options. This 20-minute session will cover the legal risks to security researchers involved in publishing or selling information that details the operation of hacks, exploits, vulnerabilities and...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 48

favorite 1

comment 0

DragonLady: An Investigation of SMS Fraud Operations in Russia RYAN W. SMITH SENIOR RESEARCH AND RESPONSE ENGINEER, LOOKOUT MOBILE SECURITY TIM STRAZZERE LEAD RESEARCH AND RESPONSE ENGINEER, LOOKOUT MOBILE SECURITY One of the top types of Android malware are trojans that claim to provide a useful service, but instead send SMS messages to premium shortcodes, charging the victims and putting money directly into the attackers' hands. We've seen a steady increase in this type of malware over the...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 86

favorite 0

comment 0

Doing Bad Things to 'Good' Security Appliances PHORKUS (MARK CAREY) CHIEF SCIENTIST, PEAK SECURITY EVILROB (ROB BATHURST) THAT GUY The problem with security appliances is verifying that they are as good as the marketing has lead you to believe. You need to spend lots of money to buy a unit, or figure out how to obtain it another way; we chose eBay. We now have a hardened, encrypted, AES 256 tape storage unit and a mission, break it every way possible! We're going to dive into the finer points...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 34

favorite 0

comment 0

10,000 Yen into the Sea FLIPPER The use of a pressure housing in an underwater vehicle can be difficult to implement without becoming a cost-center. Flipper will walk the audience through a new design for an Autonomous Underwater Glider which challenges assumptions about what is required or necessary to deploy sensors, transmitters, and payloads across long distances in the ocean. The speaker assumes no priory knowledge of subject matter & hopes the audience can help him to find new...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 43

favorite 0

comment 0

The Dark Tangent and GOONS end the conference with closing ceremonies and awards. Source: https://www.youtube.com/watch?v=w39MZsBCBi8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 60

favorite 0

comment 0

Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices DANIEL "UNICORNFURNACE" CROWLEY MANAGING CONSULTANT, SPIDERLABS, TRUSTWAVE JENNIFER "SAVAGEJEN" SAVAGE SOFTWARE ENGINEER DAVID "VIDEOMAN" BRYAN A growing trend in electronics is to have them integrate with your home network in order to provide potentially useful features like automatic updates or to extend the usefulness of existing technologies such as door locks you can open and close from anywhere...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 55

favorite 0

comment 0

BYOD PEAP Show JOSH YAVOR ISEC PARTNERS The onslaught of Bring Your Own Device(s) in recent years places a new focus on the security of wireless networks. In "The BYOD PEAP Show", Josh Yavor explores fundamental flaws in one of the most common and widely supported 802.1x authentication protocols used by countless corporate WPA2-Enterprise networks today. A series of events in the recent past created a situation in which PEAP can no longer be used safely. In this talk, we will re-trace...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 51

favorite 0

comment 0

The Secret Life of SIM Cards KARL KOSCHER GRAD STUDENT, UNIVERSITY OF WASHINGTON ERIC BUTLER SIM cards can do more than just authenticate your phone with your carrier. Small apps can be installed and run directly on the SIM separate from and without knowledge of the phone OS. Although SIM Applications are common in many parts of the world, they are mostly unknown in the U.S. and the closed nature of the ecosystem makes it difficult for hobbyists to find information and experiment. This talk,...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 126

favorite 0

comment 0

Collaborative Penetration Testing With Lair TOM STEELE SENIOR SECURITY CONSULTANT, FISHNET SECURITY DAN KOTTMANN SECURITY CONSULTANT, FISHNET SECURITY Lair is an open-source project developed for and by pentesters. Built on Meteor and Node.js with a dash of Python, Lair is a web application that normalizes, centralizes, and manages diverse test data from a number of common tools including Nmap, Nessus, Nexpose, and Burp. Unlike existing alternatives, Lair encourages team-based collaboration by...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 31

favorite 0

comment 0

C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood JACOB THOMPSON Common wisdom dictates that web applications serving sensitive data must use an encrypted connection (i.e., HTTPS) to protect data in transit. Once served, that same sensitive data must be protected at rest, either through encryption, or more appropriately by not storing the sensitive data on disk at all. In the past, web browser disk caching policies maintained a distinction between HTTP and HTTPS requests, typically...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 34

favorite 0

comment 0

Predicting Susceptibility to Social Bots on Twitter CHRIS SUMNER RANDALL WALD Are some Twitter users more naturally predisposed to interacting with social bots and can social bot creators exploit this knowledge to increase the odds of getting a response? Social bots are growing more intelligent, moving beyond simple reposts of boilerplate ad content to attempt to engage with users and then exploit this trust to promote a product or agenda. While much research has focused on how to identify such...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 57

favorite 0

comment 0

Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine BRANDON WILEY RESEARCHER, STEP THREE: PROFIT! The greatest danger to free speech on the Internet today is filtering of traffic using protocol fingerprinting. Protocols such as SSL, Tor, BitTorrent, and VPNs are being summarily blocked, regardless of their legal and ethical uses. Fortunately, it is possible to bypass this filtering by reencoding traffic into a form which cannot be correctly fingerprinted by the filtering...
Topics: Youtube, video, Science & Technology, 2013, Security, dc21, Conference, Las Vegas, Def Con,...
DEFCON 21
movies

eye 77

favorite 0

comment 0

Adventures in Automotive Networks and Control Units CHARLIE MILLER SECURITY ENGINEER, TWITTER CHRIS VALASEK DIRECTOR OF SECURITY INTELLIGENCE AT IOACTIVE, INC. Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a...
Topics: Youtube, video, Science & Technology, 2013, Security, Las Vegas, dc21, Conference, DEF CON...
DEFCON 21
by DEFCONConference
movies

eye 26

favorite 0

comment 0

Open Public Sensors, Trend Monitoring and Data Fusion DANIEL BURROUGHS ASSOCIATE DIRECTOR OF TECHNOLOGY, CENTER FOR LAW ENFORCEMENT TECHNOLOGY, TRAINING AND RESEARCH Our world is instrumented with countless sensors. While many are outside of our direct control, there is an incredible amount of publicly available information being generated and gathered all the time. While much of this data goes by unnoticed or ignored it contains fascinating insight into the behavior and trends that we see...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 54

favorite 0

comment 0

Let's screw with nmap GREGORY PICKETT PENETRATION TESTER, HELLFIRE SECURITY Differences in packet headers allow tools like nmap to fingerprint operating systems. My new approach to packet normalization removes these header differences. Starting TTL, TCP Options used, and TCP Option order, after normalization, are the same from one packet to the next no matter which operating system sends it. If we normalized the packets transiting our network, could we keep nmap, and tools like it from remotely...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 62

favorite 0

comment 0

GoPro or GTFO: A Tale of Reversing an Embedded System TODD MANNING SENIOR RESEARCH CONSULTANT, ACCUVANT LABS ZACH LANIER SENIOR RESEARCH CONSULTANT, ACCUVANT LABS Embedded systems are shrinking in size and becoming widely used in many consumer devices. High quality optic sensors and lenses are also shrinking in size. The GoPro Hero 3 camera leverages high quality camera equipment with multiple embedded operating systems to offer not only great imagery, but an interesting platform to explore and...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
by DEFCONConference
movies

eye 26

favorite 0

comment 0

Getting The Goods With smbexec ERIC MILAM PRINCIPAL CONSULTANT, ACCUVANT LABS Individuals often upload and execute a payload to a remote system during penetration tests for foot printing, gathering information, and to compromise additional hosts. When trying to remain stealthy, uploading a shell to a target may not be wise. smbexec takes advantage of native Windows functionality and SMB authentication to execute commands on remote Windows systems without having to upload a payload, decreasing...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 70

favorite 0

comment 0

Combatting Mac OSX/iOS Malware with Data Visualization REMY BAUMGARTEN SECURITY ENGINEER, ANRC-SERVICES Apple has successfully pushed both its mobile and desktop platforms into our homes, schools and work environments. With such a dominant push of its products into our everyday lives it comes as no surprise that both of Apple's operating systems, OSX and iOS should fall under attack by malware developers and network intruders. Numerous organizations and Enterprises who have implemented BYOD...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 57

favorite 0

comment 0

Defense by numbers: Making problems for script kiddies and scanner monkeys CHRIS JOHN RILEY On the surface most common browsers look the same, function the same, and deliver web content to the user in a relatively uniformed fashion. Under the shiny surface however, the way specific user agents handle traffic varies in a number of interesting and unique ways. This variation allows for defenders to play games with attackers and scripted attacks in a way that most normal users will never even see....
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...
DEFCON 21
movies

eye 114

favorite 0

comment 0

The Cavalry Isn't Coming: Starting the Revolution to Fsck it All! NICHOLAS J. PERCOCO SENIOR VICE PRESIDENT AND HEAD OF SPIDERLABS, TRUSTWAVE JOSHUA CORMAN DIRECTOR OF SECURITY INTELLIGENCE, AKAMAI TECHNOLOGIES We have some good news and some bad news. The good news is that security is now top of mind for the people of planet Earth. The bad news is that their security illiteracy has lead to very dangerous precedents and this is likely just the beginning. The reactionary stances taken by the...
Topics: Youtube, video, Science & Technology, 2013 Hacker Dc21 Def Con Def Con Las Vegas Defcon...