Skip to main content
Internet Archive's 25th Anniversary Logo

DEFCON 24

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.


rss RSS

116
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
Prior Page
eye
Title
Date Archived
Creator
DEFCON 24
by DEFCONConference
movies

eye 25

favorite 0

comment 0

Almost everyone is familiar with feature codes, also known as star codes, such as *67 to block caller ID or *69 to find out who called you last. What if the feature codes could be used as a weapon? Caller ID spoofing, tDOSing (Call flooding), and SMS flooding are known attacks on phone networks, but what happens when they become as easy to launch as dialing *40? Weaponize Your Feature Codes will first take the audience through a brief history of feature codes and common usage, and then...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 33

favorite 0

comment 0

The number of IMSI-catchers (rogue cell towers) has been steadily increasing in use by hackers and governments around the world. Rogue cell towers, which can be as small as your home router, pose a large security risk to anyone with a phone. If in range, your phone will automatically connect to the rogue tower with no indication to you that anything has happened. At that point, your information passes through the rogue tower and can leak sensitive information about you and your device....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 59

favorite 0

comment 0

In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in smart cars. Its use is now even spreading outside the car through the OBD-II connector: usage-based policies from insurance companies, air-pollution control from law enforcement or engine diagnostics from smartphones for instance. Nonetheless, these tools will do no more than what...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 30

favorite 0

comment 0

Description: Social engineering is quickly becoming more prevalent in the InfoSec industry. Users are becoming more educated about social engineering attempts, but they still fall victim to attacks. Why? Well, like all in all industries, with great improvement to technology comes great improvement to exploitation, and maybe not so great improvement to security. This presentation explores the subtleties involved in wordcrafting, tone of voice, and adaptability during – shudder – human...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DEFCON, DC-24, DC24, Social...
DEFCON 24
movies

eye 11

favorite 0

comment 0

Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user’s credit card information, Samsung Pay is trying to become one of the securest approaches offering functionality and simplicity for its customers. This app is a complex mechanism which has some limitations relating security. Using random tokenize numbers and implementing Magnetic Secure Transmission (MST) technology, which do not guarantee that every token generated with Samsung Pay would be...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 19

favorite 0

comment 0

Check out some of the fun times from DEF CON 24 in this video mashup by Snubs. All human faces agreed to be in video for Hak5. This video features music by Pronobozo. Support one of our favorite artists! http://www.pronobozo.com/ Special thanks to Viss for the Drone footage! ------------------------------- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5...
Topics: Youtube, video, Science & Technology, hak5, hack, technology, darren kitchen, shannon morse,...
DEFCON 24
movies

eye 28

favorite 0

comment 0

We are releasing a new tool for discovering bluetooth devices and automatically probing them for information. Effectively we have created a new tool with an airodump-ng like display for nearby bluetooth and bluetooth low energy devices. We will discuss the challenges with finding bluetooth devices, as well as how we have overcome them using both standard bluetooth adapters and optionally ubertooth hardware. If you have ever wondered why no one released an effective tool to see all the bluetooth...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, dc24, dc-24, computer...
DEFCON 24
movies

eye 44

favorite 0

comment 0

We’ve all worked on ‘closed systems’ with little to no direct Internet access. And we’ve all struggled with the limitations those systems put on us in the form of available tools or software we want to use. I didn’t like struggling, so I came up with a method to load whatever I wanted on to a closed system without triggering any common security alerts. To do this I had to avoid accessing the Internet or using mag media. In the end all I needed was an office multi-function machine and...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 34

favorite 0

comment 0

As introduced in our former series of talks ‘LTE vs. Darwin‘ there are quite a few of holes in the LTE specs. Now, having our own Macro BaseStation (an eNodeB) on the desk, we will demonstrate practical approaches to and attacks on real life devices. More and more devices are using mobile radio networks such as GSM, UMTS and LTE and there has already been quite a bit of research on (in)securities on the radio part, but only few people have had a look behind the scenes. Luckily, we had the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 22

favorite 0

comment 0

Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant environment. These virtual machines are typically connected to the physical network via a virtualized network configuration. This could be as simple as a bridged interface to each virtual machine or as complicated as a virtual switch providing more robust networking features such as VLANs, QoS, and monitoring. At DEF CON 23, we presented how attacks known to be successful on physical switches...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 12

favorite 0

comment 0

With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin’s innocent attempt to fix an issue,...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 22

favorite 0

comment 0

Anthony Rose Hacker Ben Ramsey, Hacker Many Bluetooth Low Energy (BLE) enabled deadbolts and padlocks have hit the market recently. These devices promise convenience and security through smartphone control. We investigated sixteen of these products from multiple vendors and discovered wireless vulnerabilities in most of them. Using a $50 antenna, we successfully picked vulnerable locks from over 400 meters away. In this presentation we introduce open source tools to crack each of the vulnerable...
Topics: Youtube, video, Entertainment, DEF CON 24, usa, dutchland, australia, hacker, france, conference,...
DEFCON 24
movies

eye 16

favorite 0

comment 0

As a defender, have you ever been asked ‘do they win?’ How about ‘what products or capabilities should I buy to even the odds?’ Mapping the functionality to a standard list of desired capabilities only gets you so far. And, many vendors require an organization to pay for a framework, or for access to a framework, to enable tactical and strategic campaigns. Wouldn’t it be great to have an open source way to pick strategies? So what do you do? Build out your own defensive campaigns...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 19

favorite 0

comment 0

Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail Though briefly touching on generic firewall bypass techniques, this talk will largely focus on the kernel-mode...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 25

favorite 0

comment 0

Description: You are being manipulated. There is constant pressure coming from companies, people, and attackers. Millions are spent researching and studying your weaknesses. The attack vectors are subtle. Most times we don’t realize that manipulation has occurred until it is too late. Fear not, we can harden our defenses. We can put safeguards in place to help avoid being the victim. For me, the answer came from an unlikely source: my daughter. Small children are fantastic. Society has not...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DC-24, DC24, DEFCON, social...
DEFCON 24
movies

eye 27

favorite 0

comment 0

On Friday morning, August 5th, DARPA will announce the prize winners and recognize the parties responsible for building and competing in the Cyber Grand Challenge (CGC), the world's first all-machine hacking tournament, which was completed August 4th. Seven high performance computers will have completed an all-machine Capture the Flag contest, reverse engineering unknown binary software, authoring new IDS signatures, probing the security of opponent software, and re-mixing defended services...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 26

favorite 0

comment 0

The use cases for hooking code execution are abundant and this topic is very expansive. EhTracing (pronounced Tracing) is technique that allows monitoring/altering of code execution at a high rate with several distinct advantages. Full context (registers, stack & system state) hooking can be logged without needing to know a function prototype and changes to execution flow can be made as desired. Traditional detours like hooking requires a length disassembly engine than direct binary .text...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 32

favorite 0

comment 0

Machines are getting smarter – so consumer protection enforcers like the Federal Trade Commission need to get smarter too. The FTC is the lead federal agency for protecting the privacy rights and data security of American consumers. In the last year, it brought several enforcement actions against companies for violating consumer privacy and data security and launched new initiatives – PrivacyCon, Start with Security, and a new Office of Technology Research and Investigation– to improve...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DEFCON, DC24, DC-24, hack, hackers,...
DEFCON 24
movies

eye 18

favorite 0

comment 0

Solid state drives drives are fundamentally changing the landscape of the digital forensics industry, primarily due to the manner in which they respond to the deletion of files. Previous research has demonstrated that SSDs do not always behave in an equivalent manner to magnetic hard drives, however, the scope of these differences and the conditions that lead to this behavior are still not well understood. This basic, undeniable anomaly regarding file storage and recovery begs one simple, yet...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON24, DEF CON 24, DEFCON 24, hack,...
DEFCON 24
by DEFCONConference
movies

eye 20

favorite 0

comment 0

Get the latest information about how the law is racing to catch up with technological change from staffers at the Electronic Frontier Foundation, the nation’s premiere digital civil liberties group fighting for freedom and privacy in the computer age. This session will include updates on current EFF issues such as surveillance online, encryption (and backdoors), and fighting efforts to use intellectual property claims to shut down free speech and halt innovation, discussion of our technology...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 27

favorite 0

comment 0

Description: What can defunct C.I.A. Manuals, radical lesbian separatists, and an 18th century Romantic essayist teach you about engineering the world to be a better place? We often think about social engineering either on the small-scale – how can one operate in individual conversations to manipulate others for data, access, or specific, immediate purposes – or we think about engineering on a large scale, how politicians or other popular figures embrace and direct a culture. But what about...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DC24, DC-24, Social Engineering, Social...
DEFCON 24
movies

eye 53

favorite 0

comment 0

So, you think you want to be a penetration tester, or you already are and don’t understand what the difference between you and all the other “so called” penetration testers out there. Think you know the difference between a Red Team, Penetration Test and a Vulnerability assessment? Know how to write a report your clients will actually read and understand? Can you leverage the strengths of your team mates to get through tough roadblocks, migrate, pivot, own and pillage? No? well this talk...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
by DEFCONConference
movies

eye 10

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=KXycoirlm9A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology
DEFCON 24
movies

eye 76

favorite 0

comment 0

What if your wireless mouse was an effective attack vector? Research reveals this to be the case for mice from Logitech, Microsoft, Dell, Lenovo, Hewlett-Packard, Gigabyte, and Amazon. Dubbed 'MouseJack', this class of security vulnerabilities allows keystroke injection into non-Bluetooth wireless mice. Imagine you are catching up on some work at the airport, and you reach into your laptop bag to pull out your phone charger. As you glance back at your screen, you see the tail end of an ASCII...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DC24, DEFCON 24, DEF CON 2016,...
DEFCON 24
movies

eye 84

favorite 0

comment 0

It is not uncommon that a software reverse engineer finds themselves desiring to execute a bit of code they are studying in order to better understand that code or alternatively to have that code perform some bit of useful work related to the reverse engineering task at hand. This generally requires access to an execution environment capable of supporting the machine code being studied, both at an architectural level (CPU type) and a packaging level (file container type). Unfortunately, this is...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 52

favorite 0

comment 0

As bandwidth, computing power, and software advancements have improved over the years, we've begun to see larger and larger DDoS attacks against organizations. Often times these attacks employ techniques such as DNS Amplification to take advantage of servers with very large uplinks. This talk explores a similar technique targeting commonly used throughput testing software typically running on very large uplinks. We will explore the process of attacking this software, eventually compromising it...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 24

favorite 0

comment 0

Security assessments of embedded and IoT devices often begin with testing how an attacker could recover firmware from the device. When developers have done their job well you’ll find JTAG locked-up, non-responsive serial ports, locked-down boot, and perhaps even a home brewed secure-boot solution. In this session you’ll learn details of a useful hardware/software penetration technique to attempt when you’ve run out of easier options. We’ve used this technique on two commercial device...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 49

favorite 0

comment 0

TASBot is an augmented Nintendo R.O.B. robot that can play video games without any of the button mashing limitations us humans have. By pretending to be a controller connected to a game console, TASBot triggers glitches and exploits weaknesses to execute arbitrary opcodes and rewrite games. This talk will cover how these exploits were found and will explore the idea that breaking video games using Tool-Assisted emulators can be a fun way to learn the basics of discovering security...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 55

favorite 0

comment 0

Secure Channel (Schannel) is Microsoft's standard SSL/TLS Library underpinning services like RDP, Outlook, Internet Explorer, Windows Update, SQL Server, LDAPS, Skype and many third party applications. Schannel has been the subject of scrutiny in the past several years from an external perspective due to reported vulnerabilities, including a RCE. What about the internals? How does Schannel guard its secrets? This talk looks at how Schannel leverages Microsoft's CryptoAPI-NG (CNG) to cache the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 55

favorite 0

comment 0

Spend some time hacking hardware and you’ll eventually render a piece of equipment unusable either by accident or intentionally. Between us, we’ve got decades of bricking experience that we’d like to share. We’ll document the most common ways of temporarily or permanently damaging your hardware and ways to recover, if possible. We’ll also talk about tips on how to avoid bricking your projects in the first place. If you’re getting into hardware hacking and worried about messing...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 30

favorite 0

comment 0

After the Rise of the Machines they'll need to communicate. And we'll need to listen in. The problem is that proprietary protocols are hard to break. If Wireshark barfs then we're done. Or can we listen in, break their Robot Overlord messages and spill it all to the meat-space rebels? Attend this talk to learn techniques for taking network data, identifying unknown protocols, and breaking them down to something you can exploit. Rebels unite! Bios: Tim Estell, a hacker since learning how to mod...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DEFCON 24, hack, hackers,...
DEFCON 24
movies

eye 19

favorite 0

comment 0

A number of toolsets have been around for a while which propose methods for identifying vulnerabilities in kernels, in particular POSIX kernels. However, none of these identified a method for generic fuzzing across Windows and POSIX kernels and have not been updated for some time. This presentation will outline the research which has occurred in order to find exploitable bugs across both Windows and POSIX kernels, focusing on fuzzing system calls and library calls in the Windows environment....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 115

favorite 0

comment 0

Inexpensive universal DMA attacking is the new reality of today! In this talk I will explore and demonstrate how it is possible to take total control of operating system kernels by DMA code injection. Once control of the kernel has been gained I will execute code and dump gigabytes of memory in seconds. Full disk encryption will be defeated, authentication will be bypassed and shells will be spawned. This will all be made possible using a $100 piece of hardware together with the easy to use...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON24, DEF CON 24, DC24, DC-24, hack,...
DEFCON 24
movies

eye 64

favorite 0

comment 0

In May of 2015, it was estimated that a pod-based coffee maker could be found in nearly one in three American homes. Despite the continued popularity of these single-cup coffee conjurers at home as well as in the workplace, it has become clear that these devices are not impervious to mechanical and/or electrical failure. It was this intersection of extremely prevalent hardware and relatively short lifespan that prompted me to begin exploring the upper limits of what could be created by...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DC24, DEF CON 24, DC-24, hack, hacker,...
DEFCON 24
movies

eye 26

favorite 0

comment 0

The Internet of Things is filled with vulnerabilities, would you expect the Internet of Vibrating Things to be any different? As teledildonics come into the mainstream, human sexual pleasure has become connected with the concerns of privacy and security already familiar to those who previously only wanted to turn on their lights, rather than their lover. Do you care if someone else knows if you or your lover is wearing a remote control vibrator? Do you care if the manufacturer is tracking your...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 154

favorite 1

comment 0

This is not just another "I found a problem in a single IOT device" talk. Focusing on attacking three major consumer product lines that have grown rapidly in the past years, Zack and Erin will review flaws they’ve discovered and weaponized against home Windows installs, DIY security solutions, personal fitness tracking devices, and digital notification devices. We’ll review the security of these popular products and services in a ‘consumer reports’ style walkthrough, the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DC24, DC-24, DC 24, Zack...
DEFCON 24
movies

eye 29

favorite 0

comment 0

Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer...
Topics: Youtube, video, Science & Technology
DEFCON 24
movies

eye 71

favorite 0

comment 0

In this presentation we are going to explain and demonstrate step by step in a real attack scenario how a remote attacker could elevate privileges in order to take control remotely in a production seismological network located at 183mts under the sea. We found several seismographs in production connected to the public internet providing graphs and data to anyone who connects to the embed web server running at port 80. The seismographs provide real time data based in the perturbations from earth...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 41

favorite 0

comment 0

There has been much buzz about car hacking, but what about the larger heavy-duty brother, the big rig? Heavy trucks are increasingly networked, connected and susceptible to attack. Networks inside trucks frequently use Internet connected devices even on safety-critical networks where access to brakes and engine control is possible. Unfortunately, tools for doing analysis on heavy trucks are expensive and proprietary. Six_Volts and Haystack have put together a set of tools that include open...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 139

favorite 1

comment 0

Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer...
Topics: Youtube, video, Science & Technology, def con, defcon, DEF CON 24, Dc24, DC 24, DC-24, weston...
DEFCON 24
by DEFCONConference
movies

eye 108

favorite 0

comment 0

MR. ROBOT is a rare treat - a network television show whose hacker protagonist is a fully realized character with a realistically attainable set of skills. No hyper-typing, no gibberish masquerading as tech jargon, no McGuffins to magically paper over plot holes with hacker dust. MR. ROBOT takes the tech as seriously as the drama. One of the main reasons for this verisimilitude is the work of Kor Adana, MR. ROBOT's advisor on all things hackish. His fingerprints are on every terminal window in...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DC24, DC-24, Panel, security...