Skip to main content
Internet Archive's 25th Anniversary Logo

DEFCON 24

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.


rss RSS

116
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Published
Creator
DEFCON 24
Jan 19, 2017 HackersOnBoard
movies

eye 22

favorite 0

comment 0

Anthony Rose Hacker Ben Ramsey, Hacker Many Bluetooth Low Energy (BLE) enabled deadbolts and padlocks have hit the market recently. These devices promise convenience and security through smartphone control. We investigated sixteen of these products from multiple vendors and discovered wireless vulnerabilities in most of them. Using a $50 antenna, we successfully picked vulnerable locks from over 400 meters away. In this presentation we introduce open source tools to crack each of the vulnerable...
Topics: Youtube, video, Entertainment, DEF CON 24, usa, dutchland, australia, hacker, france, conference,...
DEFCON 24
Jan 4, 2017 DEFCONConference
movies

eye 27

favorite 0

comment 0

Description: What can defunct C.I.A. Manuals, radical lesbian separatists, and an 18th century Romantic essayist teach you about engineering the world to be a better place? We often think about social engineering either on the small-scale – how can one operate in individual conversations to manipulate others for data, access, or specific, immediate purposes – or we think about engineering on a large scale, how politicians or other popular figures embrace and direct a culture. But what about...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DC24, DC-24, Social Engineering, Social...
DEFCON 24
movies

eye 31

favorite 0

comment 0

US Army Interrogation techniques and training is the Irish Twin of Social Engineering. Objectives for both Match, obtain information from a source or target. Techniques for both match: Lying and Deception at the Source or Target Sincere and Convincing to the Source or Target Building Rapport and Confidence with the Source or Target The speaker will establish the synergy between both practices and provide insight into how to utilize this information in Social Engineering pentesting and defense...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Jan 4, 2017 DEFCONConference
movies

eye 26

favorite 0

comment 0

As a Japanese security consultant, one of my research questions in social engineering is whether or not cultural difference becomes the barrier for social engineering. It is because the malicious practice of social engineering is different between in Japan and the U.S. I think it is true. Since I have the both experience of being the company in Japan and the U.S., I would like to consider various technique of social engineering from both cultural glasses, such as tailgating, phishing or vishing...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DC24, DC-24, hack, Hackers, Hacking,...
DEFCON 24
Jan 4, 2017 DEFCONConference
movies

eye 23

favorite 0

comment 0

Almost everyone is aware about the Technical Support SCAM calls. “Hi, your PC is infected”” is a known phrase – but sometimes they are calling the wrong person who decides to make fun of the caller.” BIO: Mattias is working for WSP | PB in a global role and also a freelance security professional. He is a Certified Ethical Hacker and always working on increasing his Social-Engineering skills. 34 years old and spent most of his time, booth professional and private, ín the IT field. He...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DC24, DC-24, Social...
DEFCON 24
movies

eye 37

favorite 0

comment 0

There are nonverbal movements and actions, that if you master, can make your target more compliant, easier to influence and even happier to comply with your wishes. BIO: Chris is the sole defender of those who do not want to hear Hornsby. His passion for SE is only match by his passion for the NoHornsby movement. Source: https://www.youtube.com/watch?v=VFnCRVWBISY Uploader: DEFCONConference Upload date: 2017-01-04
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DEFCON, DC24, DC-24, Social...
DEFCON 24
movies

eye 30

favorite 0

comment 0

Description: Social engineering is quickly becoming more prevalent in the InfoSec industry. Users are becoming more educated about social engineering attempts, but they still fall victim to attacks. Why? Well, like all in all industries, with great improvement to technology comes great improvement to exploitation, and maybe not so great improvement to security. This presentation explores the subtleties involved in wordcrafting, tone of voice, and adaptability during – shudder – human...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DEFCON, DC-24, DC24, Social...
DEFCON 24
Jan 4, 2017 DEFCONConference
movies

eye 25

favorite 0

comment 0

Description: You are being manipulated. There is constant pressure coming from companies, people, and attackers. Millions are spent researching and studying your weaknesses. The attack vectors are subtle. Most times we don’t realize that manipulation has occurred until it is too late. Fear not, we can harden our defenses. We can put safeguards in place to help avoid being the victim. For me, the answer came from an unlikely source: my daughter. Small children are fantastic. Society has not...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 24, DC-24, DC24, DEFCON, social...
DEFCON 24
movies

eye 23

favorite 0

comment 0

In an industry that does so much to uncover and expose the mistakes of others. Which don’t get me wrong is a valuable service in helping to increase security by the discovery of these vulnerabilities. It seems everyone though is very shy about pointing out their own failures! I’ve decided that I could help teach others valuable lessons I learned by showcasing failures I’ve had in Blue Team. failures I’ve had in Red Team and failures I’ve had in this community. I once read that a smart...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DC24, DC-24, social engineering, Social...
DEFCON 24
movies

eye 26

favorite 0

comment 0

Description: In the last couple of years, the number of cases of people being scammed online has risen gradually, and as the number of people become increasingly connected to the online world, so are the number of scammers. Scam cases, from online dating scams, winning lottery scams, free credit card scams, and of course the Nigerian prince who wants to send millions of dollars to your bank account scams are some of those that have been hitting innocent victims the most. Although many such...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DC24, DC-24, Social Engineering, Social...
DEFCON 24
movies

eye 61

favorite 0

comment 0

We’ve all seen the Wizard of Oz in some form regardless if it was the old classic or the recreations or story books as children. Oscar Diggs or also known as Oz the Great and Terrible was the most stunning wizard in all of Oz. His wizardry known through all of the land, except Oz was a fake and his entire wizardry an illusion. We are seeing a number of breaches come down to human interaction and the ability to create a fake Oz landscape in order to coax victims into opening a document or...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DC24, DC-24, Social...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 53

favorite 0

comment 0

So, you think you want to be a penetration tester, or you already are and don’t understand what the difference between you and all the other “so called” penetration testers out there. Think you know the difference between a Red Team, Penetration Test and a Vulnerability assessment? Know how to write a report your clients will actually read and understand? Can you leverage the strengths of your team mates to get through tough roadblocks, migrate, pivot, own and pillage? No? well this talk...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 84

favorite 0

comment 0

It is not uncommon that a software reverse engineer finds themselves desiring to execute a bit of code they are studying in order to better understand that code or alternatively to have that code perform some bit of useful work related to the reverse engineering task at hand. This generally requires access to an execution environment capable of supporting the machine code being studied, both at an architectural level (CPU type) and a packaging level (file container type). Unfortunately, this is...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 52

favorite 0

comment 0

As bandwidth, computing power, and software advancements have improved over the years, we've begun to see larger and larger DDoS attacks against organizations. Often times these attacks employ techniques such as DNS Amplification to take advantage of servers with very large uplinks. This talk explores a similar technique targeting commonly used throughput testing software typically running on very large uplinks. We will explore the process of attacking this software, eventually compromising it...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 24

favorite 0

comment 0

Security assessments of embedded and IoT devices often begin with testing how an attacker could recover firmware from the device. When developers have done their job well you’ll find JTAG locked-up, non-responsive serial ports, locked-down boot, and perhaps even a home brewed secure-boot solution. In this session you’ll learn details of a useful hardware/software penetration technique to attempt when you’ve run out of easier options. We’ve used this technique on two commercial device...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 55

favorite 0

comment 0

Spend some time hacking hardware and you’ll eventually render a piece of equipment unusable either by accident or intentionally. Between us, we’ve got decades of bricking experience that we’d like to share. We’ll document the most common ways of temporarily or permanently damaging your hardware and ways to recover, if possible. We’ll also talk about tips on how to avoid bricking your projects in the first place. If you’re getting into hardware hacking and worried about messing...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 30

favorite 0

comment 0

After the Rise of the Machines they'll need to communicate. And we'll need to listen in. The problem is that proprietary protocols are hard to break. If Wireshark barfs then we're done. Or can we listen in, break their Robot Overlord messages and spill it all to the meat-space rebels? Attend this talk to learn techniques for taking network data, identifying unknown protocols, and breaking them down to something you can exploit. Rebels unite! Bios: Tim Estell, a hacker since learning how to mod...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DEFCON 24, hack, hackers,...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 115

favorite 0

comment 0

Inexpensive universal DMA attacking is the new reality of today! In this talk I will explore and demonstrate how it is possible to take total control of operating system kernels by DMA code injection. Once control of the kernel has been gained I will execute code and dump gigabytes of memory in seconds. Full disk encryption will be defeated, authentication will be bypassed and shells will be spawned. This will all be made possible using a $100 piece of hardware together with the easy to use...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON24, DEF CON 24, DC24, DC-24, hack,...
DEFCON 24
movies

eye 19

favorite 0

comment 0

A number of toolsets have been around for a while which propose methods for identifying vulnerabilities in kernels, in particular POSIX kernels. However, none of these identified a method for generic fuzzing across Windows and POSIX kernels and have not been updated for some time. This presentation will outline the research which has occurred in order to find exploitable bugs across both Windows and POSIX kernels, focusing on fuzzing system calls and library calls in the Windows environment....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 49

favorite 0

comment 0

TASBot is an augmented Nintendo R.O.B. robot that can play video games without any of the button mashing limitations us humans have. By pretending to be a controller connected to a game console, TASBot triggers glitches and exploits weaknesses to execute arbitrary opcodes and rewrite games. This talk will cover how these exploits were found and will explore the idea that breaking video games using Tool-Assisted emulators can be a fun way to learn the basics of discovering security...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 55

favorite 0

comment 0

Secure Channel (Schannel) is Microsoft's standard SSL/TLS Library underpinning services like RDP, Outlook, Internet Explorer, Windows Update, SQL Server, LDAPS, Skype and many third party applications. Schannel has been the subject of scrutiny in the past several years from an external perspective due to reported vulnerabilities, including a RCE. What about the internals? How does Schannel guard its secrets? This talk looks at how Schannel leverages Microsoft's CryptoAPI-NG (CNG) to cache the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 122

favorite 0

comment 0

As stated in my bio, besides computer security I also love flight simulators and mountain biking. Last year I gave a talk about hacking a flight simulator (among other games), it was only fitting to research something related to my other hobby too. Old day's bike speedometers have evolved quite a bit, and nowadays a lot of bikers (swimmers, runners, ers) do their sport with tiny computers attached to them. These computers do much more than measuring speed: they have GPS, they can store your...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DC24, DC-24, security...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 24

favorite 0

comment 0

Modern web applications generate a ton of logs. Suites like ELK (Elasticsearch, Logstash, Kibana) exist to help manage these logs, and more people are turning to them for their log analysis needs. These logs contain a treasure trove of information regarding bad actors on your site, but surfacing that information in a timely manner can be difficult. When Etsy moved over from Splunk to ELK in mid-2014, we realized that ELK lacked necessary functionality for real-time alerting. We needed a...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 94

favorite 0

comment 0

If you’re interested in vulnerability research for fun or profit, or if you’re a beginner and you’re not sure how to progress, it can be difficult to sift through the firehose of technical information that’s out there. Plus there are all sorts of non-technical things that established researchers seem to just know. There are many different things to learn, but nobody really talks about the different paths you can take on your journey. We will provide an overview of key concepts in...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 38

favorite 0

comment 0

I got myself a new toy: A solar array… With it, a little device by a top tier manufacturer that manages its performance and reports SLAs to the cloud. After spending a little time describing why it tickled me pink, I’ll walk you through my research and yes, root is involved! Armed with the results of this pen test, we will cover the vendor’s reaction to the bee sting: ostrich strategy, denial, panic, shooting the messenger and more. Finally, not because I know you get it, but because the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 95

favorite 0

comment 0

In this talk, I'll share how I won 4 Twitter contests per day, every day, for 9 months straight. I'll discuss the methods I used, the delightfully random and surprising things I won, and how to run a Twitter contest to prevent people like me from winning. Bio: Hunter Scott is an electrical and computer engineer with over 7 years of experience designing and implementing hardware systems. He has lead electrical development on a variety of projects, from robotics to communication systems. He has...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 11

favorite 0

comment 0

Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user’s credit card information, Samsung Pay is trying to become one of the securest approaches offering functionality and simplicity for its customers. This app is a complex mechanism which has some limitations relating security. Using random tokenize numbers and implementing Magnetic Secure Transmission (MST) technology, which do not guarantee that every token generated with Samsung Pay would be...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 34

favorite 0

comment 0

As introduced in our former series of talks ‘LTE vs. Darwin‘ there are quite a few of holes in the LTE specs. Now, having our own Macro BaseStation (an eNodeB) on the desk, we will demonstrate practical approaches to and attacks on real life devices. More and more devices are using mobile radio networks such as GSM, UMTS and LTE and there has already been quite a bit of research on (in)securities on the radio part, but only few people have had a look behind the scenes. Luckily, we had the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 58

favorite 0

comment 0

As a matter of fact, it is all about time to reverse engineer the most complex piece of code. Code complicity techniques are usually used just to increase the time and effort needed for reverse engineering. The desired effect of code complicity can be magnified using mechanisms that decrease and narrow the allowed time frame for any reverse engineering attempt into few milliseconds. Such approach can be applied using a metamorphic engine that is aware of the time dimension. Beyond metamorphic...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 12

favorite 0

comment 0

With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin’s innocent attempt to fix an issue,...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 22

favorite 0

comment 0

Cloud service providers offer their customers the ability to deploy virtual machines in a multi-tenant environment. These virtual machines are typically connected to the physical network via a virtualized network configuration. This could be as simple as a bridged interface to each virtual machine or as complicated as a virtual switch providing more robust networking features such as VLANs, QoS, and monitoring. At DEF CON 23, we presented how attacks known to be successful on physical switches...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 19

favorite 0

comment 0

Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail Though briefly touching on generic firewall bypass techniques, this talk will largely focus on the kernel-mode...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 47

favorite 0

comment 0

Network telescopes are collections of unused but BGP-announced IP addresses. They collect the pollution of the Internet: scanning, misconfigurations, backscatter from DoS attacks, bugs, etc. For example, several historical studies used network telescopes to examine worm outbreaks. In this talk I will discuss phenomena that have recently induced many sources to send traffic to network telescopes. By examining this pollution we find a wealth of security-related data. Specifically, I’ll touch on...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 76

favorite 0

comment 0

For 48 years, 9-1-1 has been /the/ emergency telephone number in the United States. It’s also been mired in 48-year-old technology. So let’s just put that on the internet, right? What could possibly go wrong? Without the radical segmentation of the PSTN, the move to IP networks (even the private, managed kind) will bring new 9-1-1 capabilities AND new vulnerabilities. This talk builds on the work of quad, r3plicant, and Peter Hefley (see &lquo;Hacking 911: Adventures in Destruction,...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 27

favorite 0

comment 0

On Friday morning, August 5th, DARPA will announce the prize winners and recognize the parties responsible for building and competing in the Cyber Grand Challenge (CGC), the world's first all-machine hacking tournament, which was completed August 4th. Seven high performance computers will have completed an all-machine Capture the Flag contest, reverse engineering unknown binary software, authoring new IDS signatures, probing the security of opponent software, and re-mixing defended services...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 18

favorite 0

comment 0

Solid state drives drives are fundamentally changing the landscape of the digital forensics industry, primarily due to the manner in which they respond to the deletion of files. Previous research has demonstrated that SSDs do not always behave in an equivalent manner to magnetic hard drives, however, the scope of these differences and the conditions that lead to this behavior are still not well understood. This basic, undeniable anomaly regarding file storage and recovery begs one simple, yet...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON24, DEF CON 24, DEFCON 24, hack,...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 26

favorite 0

comment 0

The use cases for hooking code execution are abundant and this topic is very expansive. EhTracing (pronounced Tracing) is technique that allows monitoring/altering of code execution at a high rate with several distinct advantages. Full context (registers, stack & system state) hooking can be logged without needing to know a function prototype and changes to execution flow can be made as desired. Traditional detours like hooking requires a length disassembly engine than direct binary .text...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 58

favorite 0

comment 0

While traveling through airports, we usually don’t give a second thought about why our boarding passes are scanned at various places. After all, it’s all for the sake of passengers’ security. Or is it? The fact that boarding pass security is broken has been proven many times by researchers who easily crafted their passes, effectively bypassing not just ‘passenger only’ screening, but also no-fly lists. Since then, not only security problems have not been solved, but boarding passes...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 126

favorite 0

comment 0

The Internet of Things is expected to be involved in the near future in all major aspects of our modern society. On that front, we argue that 6LoWPAN is a protocol that will be a dominant player as it is the only IoT-capable protocol that brings a full IP stack to the smallest devices. As evidence of this, we can highlight the fact that even the latest ZigBee Smart Energy standard is based on ZigBee IP which itself relies on 6LoWPAN, a competitor of the initial ZigBee protocol. Efficient...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 68

favorite 0

comment 0

Over the last year, synchronized and coordinated attacks against critical infrastructure have taken center stage. Remote cyber intrusions at three Ukrainian regional electric power distribution companies in December 2015 left approximately 225,000 customers without power. Malware, like BlackEnergy, is being specially developed to target supervisory control and data acquisition (SCADA) systems. Specifically, adversaries are focusing their efforts on obtaining access to the human-machine...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 50

favorite 0

comment 0

Over the past year, Apple has consistently added features to prevent exploitation of the iOS kernel. These features, while largely misunderstood, provide a path for understanding of the iOS security model going forward. This talk will examine the history of iOS’s exploit mitigations from iOS 8 to iOS 9.3 in order to teach important features of the architecture. This talk will cover various enhancements that stop attackers from dynamically modifying the functionality of system services, but...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 28

favorite 0

comment 0

What is the root cause of memory and network traffic bloat? Our current research using tools we previously released Badger at Black Hat in 2014 and the Kobra released at BsidesLV 2015 shows a 40 percent increase in outside unique IP traffic destinations and a 400 percent increase in data transmitted towards these destinations. But through the course of the research we found currently used IRP monitoring tools were lacking to help produce enough information to forensically investigate the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 128

favorite 0

comment 0

As our homes become smarter and more connected we come up with new ways of reasoning about our privacy and security. Vendors promise security, but provide little technical information to back up their claims. Further complicating the matter, many of these devices are closed systems which can be difficult to assess. This talk will explore the validity of claims made by one smart lock manufacturer about the security of their product. The entire solution will be deconstructed and examined all the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 38

favorite 0

comment 0

This presentation is the screaming goat anti-forensics version of those ‘Stupid Pet Tricks’ segments on late night US talk shows. Nothing ground-breaking here, but we’ll cover new (possibly) and trolly (definitely) techniques that forensic investigators haven’t considered or encountered. Intended targets cover a variety of OS platforms. Bio: int0x80 is the rapper in Dual Core. Drink all the booze, hack all the things! Source: https://www.youtube.com/watch?v=_fZfDGWpP4U Uploader:...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 81

favorite 0

comment 0

Managed Code Rootlets (MCRs) are terrifying post-exploitation attacks that open the doors for cementing and expanding a foothold in a target network. While the concept isn’t new, practical tools for developing MCRs don’t currently exist. Ere Metula released ReFrameworker in 2010 with the ability to inject attack modules into the C# runtime, paving the way for MCRs, but the tool requires the attacker to have knowledge of intermediate languages, does not support other runtimes, and is no...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 47

favorite 0

comment 0

Yes, we did, we made our own DEF CON black badges. Why? Because we didn't want to wait in line ever again-- Not really. We are a bunch of hackers that always look for a challenge, and what better challenge is there than to try and reverse engineer from scratch three DEF CON black badges? In this talk we will go through the 2 year long process of making the DC14, DC22 and DC23 Black badges which include amazing hacking techniques like social engineering, patience, reverse engineering, EAGLE...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 76

favorite 0

comment 0

Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and bonnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content. We present a recurrent neural network that learns to...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 89

favorite 0

comment 0

Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe. Qualcomm, a supplier of 80% of the chipsets in the Android ecosystem, has almost as much effect on Android’s security as Google. With this in mind, we decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DC24, DC-24, defcon security conference,...
DEFCON 24
movies

eye 47

favorite 0

comment 0

Active Directory domain privilege escalation is a critical component of most penetration tests and red team assessments, but standard methodology dictates a manual and often tedious process – gather credentials, analyze new systems we now have admin rights on, pivot, and repeat until we reach our objective. Then — and only then — we can look back and see the path we took in its entirety. But that may not be the only, nor shortest path we could have taken. By combining our concept of...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 29

favorite 0

comment 0

Take a look at weaknesses in Point of sale systems and the foundation of hotel key data and the Property management systems that manage the keys. Using a modified MST injection method Weston will demonstrate several attacks on POS and Hotel keys including brute forcing other guest’s keys from your card information as a start point. And methods of injecting keystrokes into POS systems just as if you had a keyboard plugged into the system. This includes injecting keystrokes to open cash drawer...
Topics: Youtube, video, Science & Technology
DEFCON 24
movies

eye 71

favorite 0

comment 0

In this presentation we are going to explain and demonstrate step by step in a real attack scenario how a remote attacker could elevate privileges in order to take control remotely in a production seismological network located at 183mts under the sea. We found several seismographs in production connected to the public internet providing graphs and data to anyone who connects to the embed web server running at port 80. The seismographs provide real time data based in the perturbations from earth...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 31

favorite 0

comment 0

Rogue access points provide attackers with powerful capabilities, but in 2016 modern privacy protections such as HTTPS Everywhere, free TLS certificates and HSTS are de-facto standards. Surely our encrypted traffic is now safe on the local coffee shop network? If not, my VPN will definitely protect me… right? In this talk we’ll reveal how recent improvements in online security and privacy can be undermined by decades old design flaws in obscure specifications. These design weakness can be...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 14

favorite 0

comment 0

Tor is a widely used anonymity network that protects users' privacy and and identity from corporations, agencies and governments. However, Tor remains a practical system with a variety of limitations, some of which were indeed exploited in the recent past. In particular, Tor's security relies on the fact that a substantial number of its nodes do not misbehave. Previous work showed the existence of malicious participating Tor relays. For example, there are some Exit nodes that actively interfere...
Topics: Youtube, video, Science & Technology
DEFCON 24
movies

eye 57

favorite 0

comment 0

“Super Smash Bros: Melee.” - Furrowed brows, pain in your thumbs, trash talk your Mom would blush to hear. That sweet rush of power you once knew as you beat all the kids on your block will be but a distant memory as SmashBot challenges you to a duel for your pride — live on stage. SmashBot is the Artificial Intelligence I created that plays the cult classic video game Smash Bros optimally. It can’t be bargained with. It can’t be reasoned with. It doesn’t feel pity, remorse, or...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 78

favorite 0

comment 0

VNC is a great tool to use if you need to get to a box you're not physically near. The trouble with VNC is that it was invented 15+ years ago and hasn't been improved upon in any significant way. Besides the internet of things being sprinkled with VNC endpoints, there are companies which use VNC to such a large degree they need a VNC proxy on their perimeter to get to all the internal VNC hosts - some of which are ICS/SCADA devices. Stargate is the result of discovering a vulnerability in these...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON 24, DEF CON 24, DC24, DC-24,...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 41

favorite 0

comment 0

With this presentation, we take a new approach to reverse engineering. Instead of attempting to decompile code, we seek to undo the work of the linker and produce relocatable files, the typical output of a compiler. The main benefit of the later technique over the former being that it does work. Once achieved universal code ‘reuse’ by relinking those relocatable objects as arbitrary shared libraries, we’ll create a form of binary reflection, add scripting capabilities and in memory...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 169

favorite 0

comment 0

MV (Chip & Pin) card ATM's are taking over the industry with the deadlines passed and approaching the industry rushes ATM's to the market. Are they more secure and hack proof? Over the past year I have worked at understanding and breaking the new methods that ATM manufactures have implemented on production ‘Next Generation’ Secure ATM systems. This includes bypassing Anti-skimming/Anti-Shimming methods introduced to the latest generation ATM's. along with NFC long range attack that...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 24, DEFCON 24, hack, hackers,...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 82

favorite 0

comment 0

In this talk, we’ll cover some novel USB-level attacks, that can provide remote command and control of, even air-gapped machines, with a minimal forensic footprint, and release an open-source toolset using freely available hardware. In 2000, Microsoft published its 10 Immutable laws of security [1]. One of which was “if a bad guy has unrestricted access to your computer, it’s not your computer anymore.” This has been robustly demonstrated over the years. Examples include numerous...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 62

favorite 0

comment 0

LTE is a more advanced mobile network but not absolutely secure. Recently there already some papers those exposed the vulnerabilities of LTE network. In this presentation, we will introduce one method which jointly exploits the vulnerabilities in tracking area update procedure, attach procedure, and RRC redirection procedure, and finally can force a targeted LTE cellphone to downgrade into a malicious GSM network, then consequently can eavesdrop its data traffic or even voice call. This attack...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 77

favorite 0

comment 0

Since these last few years our world has been getting smarter and smarter. We may ask ourselves: what does smart mean? It is the possibility of building systems which are nodes of a more complex network, digitally connected to the internet and to the final users. Our cities are becoming one of those networks and over time more and more elements are getting connected to such network: from traffic lights to information signs, from traffic and surveillance cameras to transport systems. This last...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 26

favorite 0

comment 0

When the machines rise up and take away our freedom to communicate we're going to need a way out. Exfiltration of data across trust boundaries will be our only means of communication. How do we do that when the infrastructure we built to defend ourselves is the very boundary we must defeat? We use the same pathways we used to, but bend the rules to meet our needs. Whether its breaking protocol, attaching payloads, or pirating the airwaves we'll find a way. We'll cover using a custom server...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 56

favorite 0

comment 0

Much of the time and attention dedicated to modern network security focuses on detecting the contemporary vulnerabilities and exploits which power the breaches that make the headlines. With almost all of the emphasis is placed around the endless cycle of new entry points, we are often overlooking what is perhaps one of the most profoundly interesting aspects of modern network breaches; the post-exploit communication of a compromised system to the attacker—known as command and control. Once...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 55

favorite 0

comment 0

HTTP is everywhere, everybody wants to write an HTTP server. So I wrote mine :-) But mine not fast, and come with an HTTP client which sends very bad HTTP queries. My tool is a stress tester for HTTP servers and proxies, and I wrote it because I found flaws in all HTTP agents that I have checked in the last year i.e. nodejs, golang, Apache httpd, FreeBSD http, Nginx, Varnish and even Haproxy. This presentation will try to explain how flaws in HTTP parsers can be exploited for bad things; we'll...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 28

favorite 0

comment 0

Continuing the series of hacker foundational skills,  YbfG jvyy nqqerff shaqnzragny fxvyyf gung rirel unpxre fubhyq xabj.  Whfg sbe sha jr jvyy nyfb tb sebz gur guerr onfvp ybtvp tngrf gb n shapgvbany cebprffbe juvyr enpvat n pybpx.  Qb lbh xabj ubj n cebprffbe ernyyl jbexf?  Jul qb lbh pner?  Pbzr svaq bhg.  Bu, naq pelcgb. Bio: Ryan "1o57" Clarke self-identifies as a hacker. Formerly a member of the Advanced Programs Group (APG) at Intel, he continues to do 'security stuff'...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 12

favorite 0

comment 0

With the rise of the Internet of Things, the line between the physical and the digital is growing ever more hazy. Devices that once only existed in the tangible world are now accessible by anyone with a network connection. Even physical security systems, a significant part of any large organization’s overall security posture, are being given network interfaces to make management and access more convenient. But that convenience also significantly increases the risk of attack, and hacks that...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 48

favorite 0

comment 0

Today’s evil often comes in the form of ransomware, keyloggers, or spyware, against which AntiVirus applications are usually an end user’s only means of protection. But current security apps not only scan for malware, they also aid end users by detecting malicious URLs, scams or phishing attacks. Generally, security apps appear so self-evidently useful that institutions such as online-banking providers even require users to install anti-virus programs. In this talk, however, we show that...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DC24, DC-24, hack, hackers, hacking,...
DEFCON 24
movies

eye 57

favorite 0

comment 0

You want to phish your company or your client. You’ve never done this for work before, you’ve got a week to do it, and you figure that’s plenty of time. Then someone objects to the pretext at the last minute. Or spam filters block everything. Or you decide to send slowly, to avoid detection, but the third recipient alerts the entire company. Or you can only find 5 target addresses. We’ve all been there on our first professional phishing exercise. What should be as easy as building a two...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 33

favorite 0

comment 0

The number of IMSI-catchers (rogue cell towers) has been steadily increasing in use by hackers and governments around the world. Rogue cell towers, which can be as small as your home router, pose a large security risk to anyone with a phone. If in range, your phone will automatically connect to the rogue tower with no indication to you that anything has happened. At that point, your information passes through the rogue tower and can leak sensitive information about you and your device....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 25

favorite 0

comment 0

Almost everyone is familiar with feature codes, also known as star codes, such as *67 to block caller ID or *69 to find out who called you last. What if the feature codes could be used as a weapon? Caller ID spoofing, tDOSing (Call flooding), and SMS flooding are known attacks on phone networks, but what happens when they become as easy to launch as dialing *40? Weaponize Your Feature Codes will first take the audience through a brief history of feature codes and common usage, and then...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 44

favorite 0

comment 0

The presentation will begin by discussing the protocol (http://mqtt.org/) and results from a simple query on shodan, showing the number of servers directly available on the internet. We will then go through the protocol specifications which shows that security is more or less non-existent. We are able to directly connect to many of the servers which are open to the internet, and following protocol specifications, see what devices they are communicating with. We will show how its possible to...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 59

favorite 0

comment 0

In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in smart cars. Its use is now even spreading outside the car through the OBD-II connector: usage-based policies from insurance companies, air-pollution control from law enforcement or engine diagnostics from smartphones for instance. Nonetheless, these tools will do no more than what...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 41

favorite 0

comment 0

Deep learning and neural networks have gained incredible popularity in recent years. The technology has grown to be the most talked-about and least well-understood branch of machine learning. Aside from it’s highly publicized victories in playing Go, numerous successful applications of deep learning in image and speech recognition has kickstarted movements to integrate it into critical fields like medical imaging and self-driving cars. In the security field, deep learning has shown good...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 16

favorite 0

comment 0

At DEF CON 16 in 2008, we released the original BSODomizer (www.bsodomizer.com), an open source VGA pranking tool and introductory hacking platform for the multicore Propeller micro-controller. Hours of productivity were replaced with rage and frustration as unwitting computer users were confronted with fake Blue Screens of Death and revolting ASCII art. But, the world has changed. The machines have risen in capability. HDMI is the graphical transmission protocol of choice and hacking with...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
movies

eye 24

favorite 0

comment 0

It's recently become easier and less expensive to create malicious GSM Base Transceiver Station (BTS) devices, capable of intercepting and recording phone and sms traffic. Detection methods haven't evolved to be as fast and easy to implement. Wireless situational awareness has a number of challenges. Categorically, these challenges are usually classified under Time, Money, or a lot of both. Provisioning sensors takes time, and the fast stuff usually isn’t cheap. Iterative improvements...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
DEFCON 24
Nov 13, 2016 DEFCONConference
movies

eye 75

favorite 0

comment 0

Common hotspot software like Chilispot and Sputnik allow anyone to set up a restricted WiFi router or Ethernet network with a captive portal, asking for money, advertising, or personal information in exchange for access to the Internet. In this talk I take a look at how these and similar restrictive networks work, how they identify and restrict users, and how with a little preparation we can reach the Internet regardless of what barriers they throw up. Bio: Grant Bugher has been hacking and...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...