Skip to main content

DEFCON 23

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.


rss RSS

124
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 23
movies

eye 102

favorite 0

comment 0

Remember that web application you wrote when you where first learning PHP? Ever wonder how vulnerable that code base is? Through the perspective of an attacker you will see how SQL injection can lead to data loss and system compromise. This presentation will take you through the techniques and tools used to take control of a PHP web application starting from an injection point moving to PHP web shells, and ending with a Linux wildcard attack. Speaker Bio: Nemus works as a software engineer in...
Topics: Youtube, video, Science & Technology, Nemus, SQL, SQL Injection, RCE, Remote Code Execution,...
DEFCON 23
movies

eye 36

favorite 0

comment 0

Fuzzing is a well-established technique for finding bugs, hopefully exploitable ones, by brute forcing inputs to explore code paths in an application. In recent years, fuzzing has become a near mandatory part of any major application's security team efforts. Our work focused on fuzzing web browsers, a particularly difficult challenge given the size and quality of some of their security teams, the existing high-quality fuzzers available for this, and, of late, bug bounty programs. Despite this,...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies

eye 75

favorite 0

comment 0

The security of SSL/TLS is built on a rickety scaffolding of trust. At the core of this system is an ever growing number of Certificate Authorities that most people (and software) take for granted. Recent attacks have exploited this inherent trust to covertly intercept, monitor and manipulate supposedly secure communications. These types of attack endanger everyone, especially when they remain undetected. Unfortunately, there are few tools that non-technical humans can use to verify that their...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 63

favorite 0

comment 0

We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented....
Topics: Youtube, video, Science & Technology, Medicine (Field Of Study), Medical Devices, DEF CON...
DEFCON 23
movies

eye 76

favorite 0

comment 0

Certain file formats, like Microsoft Word and PDF, are known to have features that allow for outbound requests to be made when the file opens. Other file formats allow for similar interactions but are not well-known for allowing such functionality. In this talk, we explore various file formats and their ability to make outbound requests, as well as what that means from a security and privacy perspective. Most interestingly, these techniques are not built on mistakes, but intentional design...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies

eye 180

favorite 0

comment 0

Gary Numan said it best. Cars. They’re everywhere. You can hardly drive down a busy freeway without seeing one. But what about their security? In this talk I’ll reveal new research and real attacks in the area of wirelessly controlled gates, garages, and cars. Many cars are now controlled from mobile devices over GSM, while even more can be unlocked and ignitions started from wireless keyfobs over RF. All of these are subject to attack with low-cost tools (such as RTL-SDR, GNU Radio,...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Samy Kamkar, Automotive...
DEFCON 23
by DEFCONConference
movies

eye 68

favorite 0

comment 0

Join us for a fun-filled tour of source control management and services to talk about how to backdoor software. We will focus on one of the most popular, trendy SCM tools and related services out there – Git. Nothing is sacred. Along the way, we will expose the risks and liabilities one is exposed to by faulty usage and deployments. When we are finished, you will be able to use the same tools and techniques to protect or backdoor popular open source projects or your hobby project. Speaker...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON 23, DEF CON 23, DEFCON, DC23, DC-23, DC...
DEFCON 23
by DEFCONConference
movies

eye 85

favorite 0

comment 0

opening ceremonies at DEF CON 23 Source: https://www.youtube.com/watch?v=QrhlY29Pu4c Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC 23, DC-23, hack,...
DEFCON 23
movies

eye 38

favorite 0

comment 0

The IDA Pro APIs for interacting with type information are full of opportunities (horrible problems). I will show you how to create unparseable types, how to apply these types to functions and variables and how to transfer these types from one IDB to another. Speaker Bio: miaubiz is a senior doctor of security at Azimuth Security. he has previously found bugs in web browsers and has spoken at SyScan, Infiltrate, T2. his interests are bad APIs and sniffing ARMpits. Source:...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 46

favorite 0

comment 0

Materials Available Here: ; /redirect?redir_token=WERQ52A1H7A4vP3-aqPh_3Mk1hx8MTUwNzMxNTE1MEAxNTA3MjI4NzUw&v=6wiBl3lohu4&q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Amit-Ashbel-Maty-Siman-Game-of-Hacks-Play-Hack-and-Track-UPDATED.pdf&event=video_description Game of Hacks: Play, Hack & Track Amit Ashbel Product Evangelist Checkmarx Maty Siman CTO and Founder Checkmarx Fooling around with some ideas we found ourselves...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies

eye 179

favorite 0

comment 0

2014 was a year of unprecedented participation in crowdsourced and static bug bounty programs, and 2015 looks like a trendmaker. Join Jason as he explores successful tactics and tools used by himself and the best bug hunters. Practical methodologies, tools, and tips make you better at hacking websites and mobile apps to claim those bounties. Convert edge-case vulnerabilities to practical pwnage even on presumably heavily tested sites. These are tips and tricks that the every-tester can take...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies

eye 140

favorite 0

comment 0

The post-exploitation activities in a penetration test can be challenging if the tester has low-privileges on a fully patched, well configured Windows machine. This work presents a technique for helping the tester to find useful information by sniffing network traffic of the applications on the compromised machine, despite his low-privileged rights. Furthermore, the encrypted traffic is also captured before being sent to the encryption layer, thus all traffic (clear-text and encrypted) can be...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies

eye 91

favorite 0

comment 0

While the NSA ANT team has been busy building the next generation spy toy catalog for the next leak, the NSA Playset team has been busy catching up with more open hardware implementations. GODSURGE is a bit of software that helps to persist malware into a system. It runs on the FLUXBABBIT hardware implant that connects to the depopulated JTAG header of certain models of Dell servers. This talk will introduce SAVIORBURST, our own implementation of a jtag-based malware delivery firmware that will...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies

eye 42

favorite 0

comment 0

Working together to keep the Internet safe and secure Alejandro Mayorkas Deputy Secretary of Homeland Security We all have a role to play when it comes to ensuring the safety and security of the Internet, whether you are a federal employee, the CEO of a company, or a private citizen. Today’s threats require the engagement of our entire society. This shared responsibility means that we have to work with each other in ways that is often new for the government and the private sector. This means...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies

eye 76

favorite 0

comment 0

Your precious 0-day? That meticulously crafted exploit? The perfect foothold? At some point, they'll be captured, dissected, and put on display. Reverse engineers. When they begin snooping through your hard work, it pays to have planned out your defense ahead of time. You can take the traditional defensive route - encryption, obfuscation, anti-debugging - or you can go on the offense, and attack the heart and soul of anyone who dare look at your perfect code. With some carefully crafted...
Topics: Youtube, video, Science & Technology, DEF CON 23, DEFCON, DEF CON, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies

eye 89

favorite 0

comment 0

Have you ever wanted to crack open a safe full of cash with nothing but a USB stick? Now you can! The Brink’s CompuSafe cash management product line provides a “smart safe as a service” solution to major retailers and fast food franchises. They offer end-to-end management of your cash, transporting it safely from your storefront safe to your bank via armored car. During this talk, we’ll uncover a major flaw in the Brink’s CompuSafe and demonstrate how to crack one open in seconds...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, DC-23,...
DEFCON 23
movies

eye 95

favorite 1

comment 0

Over the past few years state-sponsored hacking has received attention that would make a rockstar jealous. Discussion of malware has shifted in focus from ‘cyber crime’ to ‘cyber weapons’, there have been intense public debates on attribution of various high profile attacks, and heated policy discussion surrounding regulation of offensive tools. We’ve also seen the sale of ‘lawful intercept’ malware become a global trade. While a substantial focus has revolved around the...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC 23, DEFCON, DC-23, hack,...
DEFCON 23
movies

eye 50

favorite 0

comment 0

Materials Available here: /redirect?v=XF_5t547Qfg&event=video_description&redir_token=AyQOHvc5eUBGuavUOuLvsBQY2pp8MTUwNzMxNTA1M0AxNTA3MjI4NjUz&q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-David-An-When-the-Secretary-of-State-says-Stop-Hacking-us.pdf When the Secretary of State says: “Please Stop Hacking Us…” David An Former U.S. State Department Senior American officials routinely hold dialogues with foreign officials...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies

eye 77

favorite 0

comment 0

The Tesla Model S is the most connected car in the world. It might surprise you to hear that it is also one of the most secure. In this talk we will walk you through the architecture of a Tesla Model S noting things that Tesla got right as well as identifying those that they got wrong. From this talk you will get an intimate understanding of how the many interconnected systems in a Tesla model S work and most importantly how they can be hacked. You will also get a good understanding of the data...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Tesla Model S (Automobile...
DEFCON 23
movies

eye 114

favorite 0

comment 0

Build a free cellular traffic capture tool with a vxworks based femoto Yuwei Zheng Senior security researcher, Qihoo 360 Technology Co. Ltd. Haoqi Shan Wireless/hardware security researcher, Qihoo 360 Technology Co. Ltd. In recent years, more and more products, are integrated with cellular modem, such as cars of BMW, Tesla, wearable devices, remote meters, i.e. Internet of things. Through this way, manufactories can offer remote service and develop a lot of attractive functions to make their...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, Hacking,...
DEFCON 23
movies

eye 72

favorite 0

comment 0

The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such like Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, it exclusively has almost focused on the executables or the memory dump...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 16

favorite 0

comment 0

Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 16

favorite 0

comment 0

Description Source: https://www.youtube.com/watch?v=z8VkZCCWqgg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, How-to (Website Category), home detention, DEF CON...
DEFCON 23
movies

eye 8

favorite 0

comment 0

Exploring the phone system was once the new and exciting realm of “phone phreaks,” an ancestor of today’s computer “hackers.” The first phreaks “owned” and explored the vague mysteries of the telephone network for a time until their activities drew too much attention from the phone companies and law enforcement. The phone system evolved, somewhat, in an attempt to shut them out, and phreaking became both difficult and legally dangerous. Such events paralleled a new personal...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, DC 23, hack,...
DEFCON 23
movies

eye 35

favorite 0

comment 0

In the past year, I found myself immersed in the multi-billion dollar digital advertising industry. This gave me the opportunity to investigate the unique security challenges and issues facing the industry. It was a shock to me at first how complex the advertising ecosystem was particularly in the advent of programmatic advertising. But I dove in head first and learned a lot which I would like to share with my fellow security professionals. During this time, I got involved with unscrupulous...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, DC 23, hack,...
DEFCON 23
by DEFCONConference
movies

eye 56

favorite 0

comment 0

Responsible Incident: Covert Keys Against Subverted Technology Latencies, Especially Yubikey LosT We're no strangers to love You know the rules and so do I A full commitment's what I'm thinking of You wouldn't get this from any other guy I just wanna tell you how I'm feeling Gotta make you understand Never gonna give you up Never gonna let you down Never gonna run around and desert you Never gonna make you cry Never gonna say goodbye Never gonna tell a lie and hurt you LosT also runs the annual...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON Video Series, DEF...
DEFCON 23
movies

eye 20

favorite 0

comment 0

In a world full of targeted attacks and complex exploits this talk explores an attack that can simplified so even the most non-technical person can understand, yet the potential impact is massive: Ever wonder what would happen if one of the millions of bits in memory flipped value from a 0 to a 1 or vice versa? This talk will explore abusing that specific memory error, called a bit flip, via DNS. The talk will cover the various hurdles involved in exploiting these errors, as well as the costs...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DC 23, hack, hacking,...
DEFCON 23
movies

eye 229

favorite 1

comment 0

This presentation is beyond fiction. Current research in neuroscience and the extension and augmentation of senses is proceeding in directions that might sound to a twentieth century mind like science fiction. Progress is rapid but unevenly distributed: Some is directed by military, intelligence and corporate interests but beyond their concerns, we can discern the future shape of human identity itself in nascent forms. The human body/brain is being hacked to explore radical applications for...
Topics: Youtube, video, Science & Technology, Richard Thieme (Author), Biohacking, Neuroscience (Field...
DEFCON 23
by DEFCONConference
movies

eye 77

favorite 0

comment 0

Everybody plays games, and a whole lot of people plays computer games. Despite this fact, very few of us, security researchers consider them as interesting targets. Granted, you won't likely be able to directly hack into a big corporate network via game exploits, but you could for example target the people running the company via their favorite games. Or their children's favorite games. Another scenario: you should consider that a hacked game could allow Not So Admirable people access to your...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), video games, Video Game...
DEFCON 23
movies

eye 17

favorite 0

comment 0

Let's Encrypt is a new certificate authority that is being launched by EFF in collaboration with Mozilla, Cisco, Akamai, IdenTrust, and a team at the University of Michigan. It will issue certificates for free, using a new automated protocol called ACME for verification of domain control and issuance. This talk will describe the features of the CA and available clients at launch; explore the security challenges inherent in building such a system; and its effect on the security of the CA...
Topics: Youtube, video, Science & Technology, Let's Encrypt, Encryption (Literature Subject), DEF CON,...
DEFCON 23
movies

eye 82

favorite 0

comment 0

Materials Available Here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/DEFCON-23-Aaron-Grattafiori-Linux-Containers-Future-or-Fantasy-UPDATED.pdf Linux Containers: Future or Fantasy? Aaron Grattafiori Principal Security Consultant, iSEC Partners/NCC Group Containers, a pinnacle of fast and secure deployment or a panacea of false security? In recent years Linux containers have developed from an insecure and loose collection of Linux kernel namespaces to a production-ready OS...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies

eye 65

favorite 0

comment 0

Security has gone from a curiosity to a phenomenon in the last decade. Fortunately for us, despite the rise of memory-safe, interpreted, lame languages, the security of binaries is as relevant as ever. On top of that, (computer security) Capture the Flag competitions have skyrocketed in popularity, with new and exciting binaries on offer for hacking every weekend. This all sounds great, and it is. Unfortunately, the more time goes by, the older we get, and the more our skills fade. Whereas we...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 59

favorite 0

comment 0

Materials Available here: /redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Mickey-Shkatov-Jesse-Michael-Scared-poopless-LTE-and-your-laptop-UPDATED.pdf&redir_token=bUXEn8hFCjy3hNMxSxVZeWrXNcB8MTUwNzMyMTQxNUAxNTA3MjM1MDE1&event=video_description&v=q4pRYZjzL_E Scared Poopless – LTE and *your* laptop Mickey Shkatov Security researcher, Intel Advanced Threat Research. Jesse Michael Security researcher With today’s...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies

eye 29

favorite 0

comment 0

The Harness toolset aims to give penetration testers and red teams the ability to pull a remote powershell interface with all the same features of the native Powershell CLI and more. Several tools and utilities have been released to solve the powershell weaponization problem, but no freely available tool give operators the full capabilities of powershell through a remote interface. We’ll start the talk with a quick survey of the previous methods of weaponizing powershell, and then move into...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 45

favorite 0

comment 0

This speech will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers and attackers to carry out advanced post exploitation attacks. This presentation gives an overview of how to use these tools in a real attack sequence and gives a view into the .NET hacker space. Topher...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DC23, security...
DEFCON 23
movies

eye 38

favorite 0

comment 0

You are predictable. Your passwords are predictable, and so are your PINs. This fact is being used by the hackers, as well as the agencies watching you. But what about your Android lock patterns? Can who you are reveal what patterns you create? This presentation will present the result from an analysis of 3400 user-selected patterns. The interesting part is that we collected additional information about the respondents, not just the patterns themselves. Will being left-handed and having...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies

eye 31

favorite 0

comment 0

The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the press coverage. In this talk, we propose “HamSammich”, creating a point-to-point link in order to access WiFi from many miles away, as a means to avoid detection. We show how off-the-shelf devices can be configured to do this for less than $200. After demonstrating the working system, we’ll talk about radio signals. This includes both the FCC regulatory issues which may have caused the...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Radio (Invention), Amateur...
DEFCON 23
by DEFCONConference
movies

eye 18

favorite 0

comment 0

Contests Closing Ceremonies for DEF CON 23 Source: https://www.youtube.com/watch?v=2P7r5g4SkuY Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, Dc-23, hack, hacker,...
DEFCON 23
movies

eye 57

favorite 0

comment 0

Have you ever heard about the famous "green screen"? No, it's not a screensaver... Believe me, it still does exist! In many industries, although the front-end systems are all new and shiny, in the back-end they still rely on well-known, proven IBM i (aka AS/400) technology for their back-office, core systems. Surprisingly, nobody truly seems to care about the security. Even if these nice IBM heavy black boxes are directly connected to the Internet... The aim of the talk is to give you...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON 23, DC 23, DC-23, DC+23,...
DEFCON 23
movies

eye 63

favorite 0

comment 0

Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology project to protect privacy...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Electronic Frontier...
DEFCON 23
by DEFCONConference
movies

eye 34

favorite 0

comment 0

This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), switch, networking, panel,...
DEFCON 23
movies

eye 40

favorite 0

comment 0

The Open Network Install Environment, or ONIE, makes commodity or WhiteBox Ethernet possible. By placing a common, Linux-based, install environment onto the firmware of the switch, customers can deploy the Network Operating Systems of their choice onto the switch and do so whenever they like without replacing the hardware. The problem is, if this gets compromised, it also makes it possible for hackers to install malware onto the switch. Malware that can manipulate it and your network, and keep...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC, DC23, DC 23, DC-23,...
DEFCON 23
by DEFCONConference
movies

eye 68

favorite 0

comment 0

A talk was cancelled and Priest takes to the stage to do an impromtu "Spot the Fed". What is Spot the Fed you ask? Well it's a game we've played at DEF CON forever now...Here's a description from Priest: "Like a paranoid version of pin the tail on the donkey, the favorite sport at this gathering of computer hackers and phone phreaks seems to be hunting down real and imagined telephone security and Federal and local law enforcement authorities who the attendees are certain are...
Topics: Youtube, video, Science & Technology
DEFCON 23
by DEFCONConference
movies

eye 84

favorite 0

comment 0

Have you ever wanted to kill someone? Do you want to get rid of your partner, your boss or your arch nemesis? Perhaps you want to enjoy your life insurance payout whilst you’re still alive. Do you have rich elderly parents that just won’t die quick enough? Or do you want a “Do Over” new identity. Then, this presentation is for you! I’ll provide you with the insight and techniques on how to “kill” someone and obtain a real death certificate and shutdown their lives. It focuses on...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), birth, death certificate,...
DEFCON 23
movies

eye 157

favorite 0

comment 0

Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show...
Topics: Youtube, video, Science & Technology, Vehicle (Product Category), hacking, DEF CON (Conference...
DEFCON 23
movies

eye 99

favorite 0

comment 0

There’s an escalating arms race between bots and the people who protect sites from them. Bots, or web scrapers, can be used to gather valuable data, probe large collections of sites for vulnerabilities, exploit found weaknesses, and are often unfazed by traditional solutions like robots.txt files, Ajax loading, and even CAPTCHAs. I’ll give an overview of both sides of the battle and explain what what really separates the bots from the humans. I’ll also demonstrate and easy new tool that...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 50

favorite 0

comment 0

TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record video and audio, as well as stream video to other devices using its own wireless network and mobile applications. In this...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Intenet of Things, IoT, DEF...
DEFCON 23
by DEFCONConference
movies

eye 53

favorite 1

comment 0

Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 43

favorite 0

comment 0

For several years I developed and utilized various technologies and methods to track criminals leading to at least two dozen convictions. In the process of recovering stolen devices, larger crimes would be uncovered including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by stolen devices themselves, such as network information, photos captured from laptops and cell phones, but often times there was additional data that would...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 21

favorite 0

comment 0

What time? When? Who is first? Obviously, Time is strongly present in our daily life. We use time in almost everything we do, and computers are not an exception to this rule. Our computers and devices use time in a wide variety of ways such as cache expiration, scheduling tasks or even security technologies. Some of those technologies completely relies on the local clock, and they can be affected by a clock misconfiguration. However, since most operating system providers do not offer secure...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Transport Layer Security...
DEFCON 23
movies

eye 54

favorite 0

comment 0

Kerberos “Golden Tickets” were unveiled by Alva “Skip” Duckwall & Benjamin Delpy in 2014 during their Black Hat USA presentation. Around this time, Active Directory (AD) admins all over the world felt a great disturbance in the Force. Golden Tickets are the ultimate method for persistent, forever AD admin rights to a network since they are valid Kerberos tickets and can’t be detected, right? This talk explores the latest Active Directory attack vectors and describes how Golden...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, hack, hacker,...
DEFCON 23
movies

eye 14

favorite 0

comment 0

Secure" messaging programs and protocols continue to proliferate, and crypto experts can debate their minutiae, but there is very little information available to help the rest of the world differentiate between the different programs and their features. This talk will discuss the types of attacks various secure messaging features can defend against so those who are tech-savvy but not crypto-experts can make informed decisions on which crypto applications to use. This talk is intended for...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Secure Messaging, Justin...
DEFCON 23
movies

eye 12

favorite 0

comment 0

There have been over 20 cryptoparties in New York City, in which people are introduced to open source cryptography software. This doesn't always go smoothly. Usability experts have only recently being included in the design process for encryption tools, but by and large what we have to work with were designed by cryptography experts in the 90s. I'll be going over some pain points between real-world users and their real-life encounters with open source cryptography tools. David Huerta ships...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Alice And Bob, Cryptography...
DEFCON 23
movies

eye 16

favorite 0

comment 0

Extra Materials available here: http://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Nadeem Douba/Extras/BurpKit.jar Today's web apps are developed using a mashup of client- and server-side technologies. Everything from sophisticated Javascript libraries to third-party web services are thrown into the mix. Over the years, we've been asked to test these web apps with security tools that haven't evolved at the same pace. A common short-coming in most of these tools is their inability to...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 120

favorite 0

comment 0

Many hackers today are using process memory infections to maintain stealth residence inside of a compromised system. The current state of forensics tools in Linux, lack the sophistication used by the infection methods found in real world hacks. ECFS (Extended core file snapshot) technology, https://github.com/elfmaster/ecfs is an innovative extension to regular ELF core files, designed to be used as forensics-friendly snapshots of process memory. A brief showcasing of the ECFS technology was...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 132

favorite 0

comment 0

Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We'll also be releasing a slew of new and free RFID...
Topics: Youtube, video, Science & Technology, Radio Frequency Identification (Industry), NFC, UHF,...
DEFCON 23
movies

eye 26

favorite 0

comment 0

Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the...
Topics: Youtube, video, Science & Technology, Vulnerability Assessment (Competitive Space), DEF CON...
DEFCON 23
movies

eye 58

favorite 0

comment 0

Ever wonder why there isn't a metasploit-style framework for Android apps? We did! Whether you're a developer trying to protect your insecure app from winding up on devices, an Android n00b or a pentester trying to pwn all the things, QARK is just what you've been looking for! This tool combines SCA, teaching and automated exploitation into one, simple to use application! Speaker Bio: Tony Trummer (@SecBro1) - has been working in the IT industry for nearly 20 years and has been focused on...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, hack, hacker, hacking,...
DEFCON 23
movies

eye 82

favorite 0

comment 0

Since RTLSDR became a consumer grade RX device, numerous talks and open source tools enabled the community to monitor airplanes, ships, and cars... but come on, what we really want to track are cell phones. If you know how to run cmake and have $50 to pick up an RTLSDR-E4000, I'll make sure you walk out of here with the power to monitor LTE devices around you on a slick Kibana4 dashboard. You'll also get a primer on geolocating the devices if you've got a second E4000 and some basic soldering...
Topics: Youtube, video, Science & Technology, RTLSDR, LTE, Recon, Tracking, RX, DEF CON (Conference...
DEFCON 23
movies

eye 79

favorite 0

comment 0

White paper Available Here: http://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Ronny Bull & Jeanna Matthews - UPDATED/DEFCON-23-Ronny-Bull-Jeanna-Matthews-Exploring-Layer-2-Network-Security-In-Virtualized-Enviroments-WP.pdf Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant environment. These virtual machines are typically connected to the physical network via a virtualized network configuration. This could be as simple as a...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
by DEFCONConference
movies

eye 44

favorite 0

comment 0

Materials Available here:/redirect?q=https%3A%2F%2Fmedia.defcon.org%2FDEF%2520CON%252023%2FDEF%2520CON%252023%2520presentations%2FDEFCON-23-Atlas-Fun-With-Symboliks.pdf&v=9HL6MljOX0o&event=video_description&redir_token=zp9forkij3SZgqefAwFPCw9-otl8MTUwNzMxNTcxNkAxNTA3MjI5MzE2 Fun with Symboliks atlas dude at Grimm Asking the hard questions... and getting answer! Oh binary, where art thine vulns? Symbolic analysis has been a "thing" for 20 years, and yet it's still left...
Topics: Youtube, video, Science & Technology, DEF CON Video Series, DEF CON Conference, Conference...
DEFCON 23
movies

eye 68

favorite 0

comment 0

Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion Marina Krotofil Senior Security Consultant. European Network for Cyber Security Jason Larsen Principal Security Consultant, IOActive The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this...
Topics: Youtube, video, Science & Technology, DEF CON 23, DEF CON, DC23, DEFCON, DC-23, DC 23, hack,...
DEFCON 23
movies

eye 34

favorite 0

comment 0

Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEF CON 23, DEFCON, DC23,...
DEFCON 23
movies

eye 18

favorite 0

comment 0

Access control systems are everywhere. They are used to protect everything from residential communities to commercial offices. People depend on these to work properly, but what if I had complete control over your access control solution just by using my phone? Or perhaps I input a secret keypad combination that unlocks your front door? You may not be as secure as you think. The world relies on access control systems to ensure that secured areas are only accessible to authorized users. Usually,...
Topics: Youtube, video, Science & Technology, physical security, Access Control, DEF CON (Conference...
DEFCON 23
by DEFCONConference
movies

eye 21

favorite 0

comment 0

DEF CON 23 Closing Ceremonies Source: https://www.youtube.com/watch?v=02v0qalqsSU Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hackers,...
DEFCON 23
movies

eye 17

favorite 0

comment 0

The ELF format is ancient, and much mystery lurks in its dark depths. For 16 years, it has safely encompassed our software, providing support for binary loading, symbol resolution, and lots of very useful binary stuff. In that time, security has become a key concern, resulting in binary defenses like NX and ASLR, which have made exploiting vulnerabilities quite difficult. ASLR, for example, randomizes the location of the stack, the heap, libraries, and (optionally), the binary itself at every...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC-23, DC 23, DC23, hack,...
DEFCON 23
movies

eye 21

favorite 0

comment 0

For 22 years, the best binary ninjas in the world have gathered at DEF CON to play the world’s most competitive Capture-the-Flag. At DEF CON 24, DARPA will challenge machines to play this game for the first time, with the winner taking home a $2 million prize. This talk will include a first public look at the machines, teams, technology, and visualization behind Cyber Grand Challenge. The technology: machines that discover bugs and build patches? We’re bringing our qualifier results to show...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DC-23, DEFCON, hack, hacker,...
DEFCON 23
movies

eye 119

favorite 0

comment 0

Imagine a bank that, by design, made everyone's password hashes and balances public. No two-factor authentication, no backsies on transfers. Welcome to "brainwallets", a way for truly paranoid cryptocurrency users to wager their fortunes on their ability to choose a good password or passphrase. Over the last decade, we've seen the same story play out dozens of times - a website is broken into, the user database is posted online, and most of the password hashes are cracked. Computers...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Ryan Castellucci, Bitcoin,...
DEFCON 23
movies

eye 148

favorite 0

comment 0

It is known that GPS L1 signal is unencrypted so that someone can produce or replay the fake GPS signal to make GPS receivers get wrong positioning results. There are many companies provide commercial GPS emulators, which can be used for the GPS spoofing, but the commercial emulators are quite expensive, or at least not free. Now we found by integrating some open source projects related to GPS we can produce GPS signal through SDR tools, e.g. USRP / bladeRF. This makes the attack cost very low....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 23, DC 23, DC23, DC-23, hack,...
DEFCON 23
movies

eye 38

favorite 0

comment 0

Missed DEF CON 23? Listen to Ken Westin, Tripwire Sr. Security Analyst, talk about his experience as a professional cyber stalker. Source: https://www.youtube.com/watch?v=zVJGY2bZ-Ko Uploader: Tripwire, Inc. Upload date: 2015-09-18
Topics: Youtube, video, Science & Technology, Infosec, Information Security, Tripwire, Security,...
DEFCON 23
movies

eye 31

favorite 0

comment 0

Your private drone opens up limitless possibilities – how can manufacturers and policymakers ensure you are able to realize them? As private drone ownership becomes the norm, drone makers and lawmakers will need to make important policy decisions that account for the privacy and free speech issues raised by this new technology. What legal and technical rules are being considered right now, and how might they affect your ability to do things like record footage at a city park, monitor police...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC 23, DC-23, DC23, hack,...
DEFCON 23
movies

eye 38

favorite 0

comment 0

One of the most challenging steps of a penetration test is popping something and not having full administrative level rights over the system. Companies are cutting back on administrative level rights for endpoints or how about those times where you popped an external web application and were running as Apache or Network Service? Privilege escalation or pillaging systems can be difficult and require extensive time if successful at all. One of the most challenging aspects around pentesting was...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), Pivot, Pivoter, penetration...
DEFCON 23
movies

eye 81

favorite 0

comment 0

My neighbor’s kid is constantly flying his quad copter outside my windows. I see the copter has a camera and I know the little sexed crazed monster has been snooping around the neighborhood. With all of the hype around geo-fencing and drones, this got me to wondering: Would it be possible to force a commercial quad copter to land by sending a low-level pulse directly to it along the frequencies used by GPS? Of course, radio signal jamming is illegal in the U.S and, frankly, it would disrupt...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DEFCON, DC23, DC-23, hack, hacker,...
DEFCON 23
movies

eye 50

favorite 0

comment 0

There are a lot of presentations and suggestions that indicate HSMs, TrustZone, AMT, TrEE, SecureBoot, Attestation, TPMs, IOMMU, DRTM, etc. are silver bullets. What does it all mean, should we be afraid, excited, hopeful? Hardware-based security features are not the end of the world, nor its savior, but they can be fun and useful. Although these technologies are vulnerability research targets, their trust concepts can be used to build secure software and devices. This primer covers practical...
Topics: Youtube, video, Science & Technology, DEF CON (Conference Series), DEFCON, DEF CON 23, DC23,...
DEFCON 23
movies

eye 83

favorite 0

comment 0

With over a billion activated devices, Android holds strong as the market leading smartphone operating system. Underneath the hood, it is primarily built on the tens of gigabytes of source code from the Android Open Source Project (AOSP). Thoroughly reviewing a code base of this size is arduous at best -- arguably impossible. Several approaches exist to combat this problem. One such approach is identifying and focusing on a particularly dangerous area of code. This presentation centers around...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 23, DC23, DEFCON, DC-23, DC 23, hack,...