Skip to main content
Internet Archive's 25th Anniversary Logo

DEFCON 25

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.


rss RSS

249
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 25
movies

eye 3,810

favorite 1

comment 0

In theme with this year's DEF CON this presentation goes through a 20 year history of exploiting massively multiplayer online role-playing games (MMORPGs). The presentation technically analyzes some of the virtual economy-devastating, low-hanging-fruit exploits that are common in nearly every MMORPG released to date. The presenter, Manfred (@_EBFE), goes over his adventures in hacking online games starting with 1997's Ultima Online and subsequent games such as Dark Age of Camelot, Anarchy...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 39

favorite 0

comment 0

operating system (and set of application programs) built on the digital molecules DNA and RNA. The genome has thousands of publicly documented, unpatchable security vulnerabilities, previously called "genetic diseases." Because emerging DNA/RNA technologies, including CRISPR-Cas9 and especially those arising from the Cancer Moonshot program, will create straightforward methods to digitally reprogram the genome in free-living humans, malicious exploitation of genomic vulnerabilities...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 34

favorite 0

comment 0

What if you could super-charge your web hacking? Not through pure automation (since it can miss so much) but through powerful alerts created from real threat intelligence? What if you had a Burp plugin that did this for you? What if that plugin not only told you where to look for vulns but also gave you curated resources for additional exploitation and methodology? What if you could organize your web hacking methodology inside of your tools? Well, now you do! HUNT is a new Burp Suite extension...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 27

favorite 0

comment 0

Whether you do wide scope pentesting or bounty hunting, domain discovery is the 1st method of expanding your scope. Join Jason as he walks you through his tool chain for discovery including; subdomain scraping, bruteforce, ASN discovery, permutation scanning, automation, and more… Source: https://www.youtube.com/watch?v=NUsJpquFq0Q Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 37

favorite 0

comment 0

802.11ac networks present a significant challenge for scalable packet sniffing and analysis. With projected speeds in the Gigabit range, USB Wi-Fi card based solutions are now obsolete! In this workshop, we will look at how to build a custom monitoring solution for 802.11ac using off the shelf access points and open source software. Our "Hacker Gadget" will address 802.11ac monitoring challenges such as channel bonding, DFS channels, spatial streams and high throughput data rates. We...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 33

favorite 0

comment 0

It can be argued that the DAO hack of June 2016 was the moment smart contracts entered mainstream awareness in the InfoSec community. Was the hope of taking blockchain from mere cryptocurrency platform to one that can perform amazing Turing-complete functions doomed? We've learned quite a lot from that attack against contract code, and Ethereum marches on. Smart contracts are a key part of the applications being created by the Enterprise Ethereum Alliance, Quorum, and smaller projects in...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 21

favorite 0

comment 0

Ever stuttered when someone asked you "So, what *is* cryptography, anyway?" We're all in infosec but explaining crypto easily and memorably to people without making it too complicated or insulting their intelligence is nontrivial. Keeping it simple is never stupid, and we all need more converts to understanding that crypto isn't magic, it's just a bit of math and trust. Source: https://www.youtube.com/watch?v=gUhqA2PRtw0 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

In this talk, we will scan the local area for bluetooth packets with the help of the Ubertooth one, intercept them, and extrapolate as much information as possible, such as tracing mac addresses to find the device type, or brute-forcing encrypted packets to unveil the information you thought to be, “secure.” We will also scan the local area for vulnerable wireless networks using weak encryption methods. Finally, we'll watch hours of anime anywhere with the mobility of a Raspberry Pi for...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 22

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=ImgaEqOQlSQ Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

The International, a recent esports tournament, had a 20 million dollar prize pool with over five million people tuned in to the final match. The high stakes environment at tournaments creates an incentive for players to cheat for a competitive advantage. Cheaters are always finding new ways to modify software, from attempting to sneak executables in on flash drives, to using cheats stored in Steam's online workshop which bypasses IP restrictions. This presentation describes how one can...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 20

favorite 0

comment 0

High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community. Individuals in the high functioning autistic community are often overlooked for job positions due to their social...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 24

favorite 0

comment 0

Everything is impossible until it isn't. Every undertaking, defined by the hard limitations at the edges of our possible achievement. Lossless electrical conductivity, human travel beyond the sound 'barrier', running a four-minute mile...each, seen as some unassailable foe until, one-by-one, these milestones were not just approached and then attained, but very often surpassed. With time, these limits transition from the superlative, to the standard, and what once was thought of as impossible,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 61

favorite 0

comment 0

When you learned that military and law enforcement agencies had trained screaming eagles to pluck drones from the sky, did you too find yourself asking: "I wonder if I could throw these eagles off my tail, maybe by deploying delicious bacon countermeasures?" Well you'd be wise to question just how effective these emerging, first generation "drone defense" solutions really are, and which amount to little more than "snake oil". There is no such thing as "best...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 14

favorite 0

comment 0

Want to incorporate hybrid security assessments into your testing methodology? What does going above and beyond look like for these types of assessments? How do you provide the best value with the resources and scope provided? What do some of these toolkits encompass? If you’re interested in what skills are needed for a Red-Teamer, or taking your red teaming assessments to the next level, here’s the basic info to get you started. We’ll discuss items of importance, methodology, gear,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 30

favorite 0

comment 0

Digital Forensics and Incident Response (DFIR) for IT systems has been around quite a while, but what about Industrial Control Systems (ICS)? This talk will explore the basics of DFIR for embedded devices used in critical infrastructure such as Programmable Logic Controllers (PLCs), Remote Terminal Units (RTUs), and controllers. If these are compromised or even have a misoperation, we will show what files, firmware, memory dumps, physical conditions, and other data can be analyzed in embedded...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 13

favorite 0

comment 0

As an amatuer radio operator, I enjoy building mobile implementations for ARES (Amatuer Radio Emergency Service), and for events. During this presentation, I will detail out several years worth of experimentation, research, and showcase my final build w/ modifications and demonstrate the build. Source: https://www.youtube.com/watch?v=CoQsYhFSjtg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 54

favorite 0

comment 0

In this talk Gus and Evan will discuss the recent Hot Lotto fraud scandal and how one MUSL employee, Eddie Tipton, was able to rig several state lotteries and win $17 million (or perhaps more). Gus' firm is actively supporting the prosecution in this case. Evan was responsible for identifying and analyzing how Eddie was able to rig the RNG. Details on the rigged RNG and other details from the case will be presented publicly for the first time during this talk. For historical context other...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
by DEFCONConference
movies

eye 34

favorite 0

comment 0

Do you love DEF CON? Do you hate having to wait for it all year? Well, thanks to DEF CON groups, you're able to carry the spirit of DEF CON with you year round, and with local people, transcending borders, languages, and anything else that may separate us! In this talk, you'll hear from DEF CON's founder, Dark Tangent, who is also moderating the panel. Jayson E. Street, the Ambassador of DEF CON groups will also discuss updates about the program and share information from his global travel to...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 35

favorite 0

comment 0

There are more cloud service providers offering serverless or Function-as-a-service platforms for quickly deploying and scaling applications without the need for dedicated server instances and the overhead of system administration. This technical talk will cover the basic concepts of microservices and FaaS, and how to use them to scale time consuming offensive security testing tasks. Attacks that were previously considered impractical due to time and resource constraints can now be considered...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 38

favorite 0

comment 0

The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=heKMPMahF2E Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 46

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=5FMSedKwekE Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 60

favorite 0

comment 0

Modern computing platforms offer more freedom than ever before. The rise of Free and Open Source Software has led to more secure and heavily scrutinized cryptographic solutions. However, below the surface of open source operating systems, strictly closed source firmware along with device driver blobs and closed system architecture prevent users from examining, understanding, and trusting the systems where they run their private computations. Embedded technologies like Intel Management Engine...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

Andrew 'r0d3nt' Strutt as an amateur radio operator, has hosted the only DEFCON POCSAG Pager Network, with single cell ranges of over 50 miles. This presentation will detail the legalities, hardware and software requirements to host the infrastructure and foxhunt contest. This will be the 5th year hosting the pager network. Source: https://www.youtube.com/watch?v=TeJptg1vKY8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 23

favorite 0

comment 0

The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=uIj7wkAoJ6Y Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

Teleradiology is an $8 billion dollar a year industry and we are going to disrupt it. Medical records are critical infrastructure, and with an increasing emphasis on real-time interpretations of medical imagery to improve healthcare outcomes in emergency situations, it is imperative the systems that enable medical collaboration are secure and reliable. Here we present an Ethereum-based application that allows anyone who needs help interpreting an image to reach out to a radiologist anywhere in...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 16

favorite 0

comment 0

The FTC recently conducted a challenge competition aimed at facilitating security updates to home IoT devices. We'll share what we've learned from the challenge, and we hope to announce the winner. We will also give an update on efforts the FTC has taken in the past year to help protect consumers including efforts on Smart TVs and more. Source: https://www.youtube.com/watch?v=VeiVYob-ioM Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 30

favorite 0

comment 0

We all love honeypots! This talk focuses on creating fully functional wi-fi honeypots for under $5 using the ESP8266. Our honeypot will host fake networks and simultaneously connect to a backhaul network to talk to its "handler" over MQTT to establish a remote Source: https://www.youtube.com/watch?v=pA4MuhebEwA Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 7

favorite 0

comment 0

Tinder. The Final Frontier. Pick gorgeous (or not so gorgeous) members of your desired sex with the tip of your finger, at the comfort of your sofa, your bed, and let’s admit it - your toilet seat. Research shows that there are 50 million active users on Tinder, who check their accounts 11 times per day and spend an average of 90 minutes per day on the app. Even celebrities, it seems… Source: https://www.youtube.com/watch?v=d5eV36wR5Ew Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 13

favorite 0

comment 0

You are on the inside of the perimeter. And maybe you want to exfiltrate data, download a tool, or execute commands on your command and control server (C2). Problem is - the first leg of connectivity to your C2 is denied. Your DNS and ICMP traffic is being monitored. Access to your cloud drives is restricted. You've implemented domain fronting for your C2 only to discover it is ranked low by the content proxy, which is only allowing access to a handful of business related websites on the...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 19

favorite 0

comment 0

When Google announced an intent to revoke trust from certificates issued by Symantec, this set off alarm bells all over the certificate authority industry. But that was March. What actually happened? Rendition Infosec has periodically tracked the SSL certificates on the Alexa top 1 million sites. In this talk, we’ll review that data set and examine what, if any, changes the Google announcement regarding Symantec certs had on certificate renewal/reissuance. We’ll also offer realistic...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

This presentation will walk audience through and explain recently developed Kismet features that greatly benefit multiple radio cards setup. Support for multiple devices allows smarter splitting across them, including separate discovery and tracking activities, as well as dedicating certain radios to targeted bands and channels ranges. Coming Kismet release (currently under development, slated to be released shortly) has new and very flexible configuration options targeting utilization of...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 26

favorite 1

comment 0

Source: https://www.youtube.com/watch?v=eun-2BMo6qY Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 18

favorite 0

comment 0

The typical security professional is largely unfamiliar with the Windows named pipes interface, or considers it to be an internal-only communication interface. As a result, open RPC (135) or SMB (445) ports are typically considered potentially entry points in "infrastructure" penetration tests. However, named pipes can in fact be used as an application-level entry vector for well known attacks such as buffer overflow, denial of service or even code injection attacks and XML bombs,...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 18

favorite 0

comment 0

Secure multiparty computation is about jointly computing a function while keeping each parties inputs secret. This comes off as an esoteric area of cryptography, but the goal of this talk is to introduce you to the core concepts through a history of the topic. I will conclude by demoing an implementation of an example protocol I implemented. Source: https://www.youtube.com/watch?v=AfWRDgOBMQU Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 63

favorite 0

comment 0

Privacy is fairly cut and dry when it’s US verses THEM, but what if it’s ME verses YOU within US? What are YOUR Privacy Rights, in the context of OUR relationship? Am I your non-trusting girlfriend? Am I your controlling boyfriend? Am I your snooping wife? Am I your abusive husband? How do YOU protect your privacy from ME? I will be providing tips, techniques, and resources to enable someone (anyone – even YOU) to protect their Privacy in a relationship, perhaps even one with ME....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 21

favorite 0

comment 0

Currently, all known IoT botnets harvest zombies through telnet with hardcoded or weak credentials. Once this bubble bursts, the next step will be exploiting other, more evolved vulnerabilities that can provide control over a large number of devices. In this talk, we'll take a glimpse into that future showing our research on a RCE vulnerability that affects more than 175k devices worldwide Source: https://www.youtube.com/watch?v=UpxNkBvejf8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 26

favorite 0

comment 0

In 2015, BBC sponsored Micro:Bit was launched and offered to one million students in the United Kingdom to teach them how to code. This device is affordable and have a lot of features and can be programmed in Python rather than C++ like the Arduino. When we discovered this initiative in 2016, we quickly thought it was possible to turn this tiny device into some kind of super-duper portable wireless attack tool, as it is based on a well-known 2.4GHz RF chip produced by Nordic Semiconductor. It...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON 25, DEFCON2017, DC25, DEF CON...
DEFCON 25
movies

eye 27

favorite 0

comment 0

In recent months it seems like not a week passes where you do not encounter a headline that states that a healthcare organization has been held for ransom or in some other way involved in a breach. Healthcare has been a sector that has routinely been described as being lax with the implementation and enforcement of information security controls and the challenges faced by healthcare organizations are growing as attackers begin to look past EHR and PACS systems and target the medical devices...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 23

favorite 0

comment 0

Data breaches have become all too common. Major security incidents typically occur at least once a month. With the rise of both security incidents and full data breaches, blue teams are often left scrambling to put out fires and defend themselves without enough information. This is something that can be changed with the right tools. Tools now available allow blue teams to weaponize data and use it to their advantage. This talk reviews frameworks for clean, consistent data collection and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 19

favorite 0

comment 0

It’s no secret that trying to change corporate culture is hard. This is primarily due to the fact that large corporations are complex systems and fundamentally averse to change. This reluctance is rooted in a systematic misalignment of shared vision, shared values, and shared culture within the organization. This talk defines a new method of business transformation by illustrating how to effectively influence corporate cultures towards collective action. To achieve that end, we outline an...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 60

favorite 0

comment 0

On April 16 2016, an army of bots stormed upon Wix servers, creating new accounts and publishing shady websites in mass. The attack was carried by a malicious Chrome extension, installed on tens of thousands of devices, sending HTTP requests simultaneously. This "Extension Bot" has used Wix websites platform and Facebook messaging service, to distribute itself among users. Two months later, same attackers strike again. This time they used infectious notifications, popping up on...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 16

favorite 0

comment 0

In September 2016 the House Committee on oversight finally released their report. Four years after the original breach, we are still asking how the f*#! did this happen. This talk with go over the key findings of the report and the impact on those who were effected. Source: https://www.youtube.com/watch?v=uXB4AiQw98s Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 24

favorite 0

comment 0

Get out your rollerblades, plug in your camo keyboard, and fire up your BLT drive. It's 25 years later and we're still hacking the planet. The Exploitee.rs are back with new 0day, new exploits and more fun. Celebrating a quarter century of DEF CON the best way we know how: hacking everything! Our presentation will showcase vulnerabilities discovered during our research into thousands of dollars of IoT gear performed exclusively for DEF CON. We will be releasing all the vulnerabilities during...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 54

favorite 0

comment 0

Cross-site Scripting (XSS) is the most widespread plague of the web but is usually restricted to a simple popup window with the infamous vector. In this short talk we will see what can be done with XSS as an attacker or pentester and the impact of it for an application, its users and even the underlying system. Many sorts of black javascript magic will be seen, ranging from simple virtual defacement to create panic with a joke to straightforward and deadly RCE (Remote Command Execution) attacks...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 17

favorite 0

comment 0

The current consensus within the security industry is that high-assurance systems cannot tolerate the presence of compromised hardware components. In this talk, we challenge this perception and demonstrate how trusted, high-assurance hardware can be built from untrusted and potentially malicious components. The majority of IC vendors outsource the fabrication of their designs to facilities overseas, and rely on post-fabrication tests to weed out deficient chips. However, such tests are not...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 34

favorite 0

comment 0

The security of your bitcoins rests entirely in the security of your private key. Bitcoin hardware wallets help protect against software-based attacks to recover or misuse your key. However, hardware attacks on these wallets are not as well studied. In 2015, Jochen Hoenicke was able to extract the private key from a TREZOR using a simple power analysis technique. While that vulnerability was patched, he suggested the Microcontroller on the TREZOR, which is also the same on the KeepKey, may be...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 32

favorite 0

comment 0

In October of 2016, a teenage hacker triggered DTDoS attacks against 9-1-1 centers across the United States with five lines of code and a tweet. This talk provides an in-depth look at the attack, and reviews and critiques the latest academic works on TDoS attacks directed at 9-1-1 systems. It then discusses potential mitigation strategies for legacy TDM and future all-IP access networks, as well as disaggregated "over-the-top" originating services and the devices on which both the...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 39

favorite 0

comment 0

Everything you know about your environment mediated by your senses. Likely, you can see in a range of colors, hear a car horn honking, and feel the roughness of sandpaper, but light exists in bands too narrow or wide to be processed by your eyes, some sounds are too high or low to be recognized by your ears, and magnetic fields pulse around you all day. Most of us hardly notice. Dr. Paul Bach-y-Rita’s research in the 60’s eventually lead to The BrainPort which lets a user see through an...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 32

favorite 0

comment 0

In this talk, we'll be exploring how wireless communication works. We'll capture digital data live (with Software-Defined Radio), and see how the actual bits are transmitted. From here, we'll see how to view, listen to, manipulate, and replay wireless signals. We'll also look at interrupting wireless communication, and finally, we'll even generate new radio waves from scratch (which can be useful for fuzzing and brute force attacks). I'll also be demoing some brand new tools I've written to...
Topics: Youtube, video, Science & Technology, defcon, def con, computer security, defcon 2017, defcon...
DEFCON 25
movies

eye 77

favorite 0

comment 0

At Cloudflare we deal with DDoS attacks every day. Over the years, we've gained a lot of experience in defending from all different kinds of threats. We have found that the largest attacks that cause the internet infrastructure to burn are only possible due to IP spoofing. In this talk we'll discuss what we learned about the L3 (Layer 3 OSI stack) IP spoofing. We'll explain why L3 attacks are even possible in today's internet and what direct and reflected L3 attacks look like. We'll describe...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 22

favorite 1

comment 0

The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=EzSVIaykTs0 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 41

favorite 0

comment 0

Much of next-gen AV relies on machine learning to generalize to never-before-seen malware. Less well appreciated, however, is that machine learning can be susceptible to attack by, ironically, other machine learning models. In this talk, we demonstrate an AI agent trained through reinforcement learning to modify malware to evade machine learning malware detection. Reinforcement learning has produced game-changing AI's that top human level performance in the game of Go and a myriad of hacked...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 18

favorite 0

comment 0

You know the ins and outs of pivoting through your target's domains. You've had the KRBTGT hash for months and laid everything bare. Or have you? More targets today have some or all of their infrastructure in the cloud. Do you know how to follow once the path leads there? Red teams and penetration testers need to think beyond the traditional network boundaries and follow the data and services they are after. This talk will focus on how to take domain access and leverage internal access as a...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 26

favorite 0

comment 0

Closing Ceremonies Source: https://www.youtube.com/watch?v=Ly7uurZ2d9A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 29

favorite 0

comment 0

rustls is a new open-source TLS stack written in rust. This talk covers past TLS standard and implementation errors, and how those are avoided in rustls's design. Source: https://www.youtube.com/watch?v=SsHLEuiyPI8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 26

favorite 0

comment 0

2016 was the year of Java deserialization apocalypse. Although Java Deserialization attacks were known for years, the publication of the Apache Commons Collection Remote Code Execution (RCE from now on) gadget finally brought this forgotten vulnerability to the spotlight and motivated the community to start finding and fixing these issues. One of the most suggested solutions for avoiding Java deserialization issues was to move away from Java Deserialization altogether and use safer formats such...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 15

favorite 0

comment 0

Wireless technologies are seeing increased use on the plant floor to enable pervasive monitoring and control of processes. Off-the-shelf security tools focus on assessing the security properties of commercial and consumer protocols such as 802.11 and Bluetooth. Several new standards have emerged for use in industrial environments. In this talk, Blake will offer an introduction to Software Defined Radio (SDR) tools and their application in industrial security assessments. We will review two...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

Building rapport is essential in life, and critical in Social Engineering. A lesson learned while tending bar on the Las Vegas Strip taught me something that everyone has in common: Everybody is from somewhere. Find out how to use this idea on engagements and in everyday life. Source: https://www.youtube.com/watch?v=e_TQTDrRyWI Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 23

favorite 0

comment 0

In a world filled with danger emanating from all sorts of digital channels, having a proxy (or two) that you create, control, manage and direct is not just useful, but a requirement. Instead of worrying about an ineffectual government or an incomprehensible privacy policy, it’s possible that fake identities are a way to take ownership of the problem. Fake identities in the hands of the individual, are the way to swing the pendulum of privacy back to the people. The presentation will present...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 18

favorite 0

comment 0

Denial of service. It requires a low level of resources and knowledge, it is very easy to deploy, it is very common and it is remarkable how effective it is overall. PEIMA is a brand new method of client side malicious activity detection based on mathematical laws, usually used in finance, text retrieval and social media analysis, that is fast, accurate, and capable of determining when denial of service attacks start and stop without flagging legitimate heavy interest in your server...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 41

favorite 0

comment 0

We've built a $200 open source robot that cracks combination safes using a mixture of measuring techniques and set testing to reduce crack times to under an hour. By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, 'set testing' is a new method we created to decrease the time between combination...
Topics: Youtube, video, Science & Technology, defcon, def con, dc25, dc-25, def con 25, hack, Hackers,...
DEFCON 25
movies

eye 28

favorite 0

comment 0

The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=-aJUUdKRy_k Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies

eye 21

favorite 0

comment 0

NFC (Near Field Communication) technology is widely used in security, bank, payment and personal information exchange fields now, which is highly well-developed. Corresponding, the attacking methods against NFC are also emerged in endlessly. To solve this problem, we built a hardware tool which we called "UniProxy". This tool contains two self-modified high frequency card readers and two radio transmitters, which is a master-slave way. The master part can help people easily and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 22

favorite 0

comment 0

Attackers, administrators and many legitimate products rely on PowerShell for their core functionality. However, its power has made it increasingly attractive for attackers and commodity malware authors alike. How do you separate the good from the bad? A/V signatures applied to command line arguments work sometimes. AMSI-based (Anti-malware Scan Interface) detection performs significantly better. But obfuscation and evasion techniques like Invoke-Obfuscation can and do bypass both approaches....
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DEFCON, Security...
DEFCON 25
movies

eye 23

favorite 0

comment 0

Ever wondered if there was such thing as a “hacker-friendly” member of Congress? We found some and convinced them to come to DEF CON so you can meet them too! In this first-of-its-kind DEF CON session, two of the most hacker-friendly Congress critters will join DEF CON for an engaging and interactive session with the security research community. Join the Atlantic Council’s Cyber Statecraft Initiative for a candid discussion with Representatives Will Hurd (R-TX) and James Langevin (D-RI)....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 25, DC25, DC-25, hack, hackers,...
DEFCON 25
movies

eye 26

favorite 0

comment 0

Every SOC is deluged by massive amounts of logs, suspect files, alerts and data that make it impossible to respond to everything. It is essential to find the signal in the noise to be able to best protect an organization. This talk will cover techniques to automate the processing of data mining malware to derive key indicators to find active threats against an enterprise. Techniques will be discussed covering how to tune the automation to avoid false positives and the many struggles we have had...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 23

favorite 0

comment 0

The presentation will describe the requirements and design methodology behind the bladeRF's newly released VHDL Automatic Gain Control. The talk will walk SDR beginners through the RF gain architecture of modern radios and explain why gain control is required. The talk will then use the bladeRF as an example, and show what it took to develop the AGC in VHDL. Source: https://www.youtube.com/watch?v=gAwbe-G1t-A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 20

favorite 0

comment 0

Biotech companies have historically been started by professors from prestigious institutions with millions of dollars of investment funding. Today, with the lowering cost of research and increasing amount of resources driven by Moore's law, robotics, software and efficiencies in bioproduction, anyone with an insight can start a biotech company for a fraction of the cost, be they PhD or biohacker. At IndieBio, the world's largest biotech accelerator started just under 3 years ago, we've funded...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 17

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=CKfm414YsjU Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 26

favorite 0

comment 0

As internet DDoS attacks get bigger and more elaborate, the importance of high performance network traffic filtering increases. Attacks of hundreds of millions of packets per second are now commonplace. In this session, we will introduce modern techniques for high speed network packet filtering on Linux. We will follow the evolution of the subject, starting with Iptables and userspace offload solutions (such as EF_VI and Netmap), discussing their use cases and their limitations. We will then...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 19

favorite 0

comment 0

Most people lock their doors at night, however if you walk into someone's home you likely won't find every piece of furniture bolted to the floor as well. We trust that if someone is inside our home they are supposed to be there. Unfortunately many developers treat local networks just the same, assuming all internal HTTP traffic is trusted, however this is not always the case. They incorrectly assume that their services will be protected by the same-origin policy in browsers, rather than...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 33

favorite 0

comment 0

How prepared is your incident response team for a worst case scenario? Waiting for a crisis to happen before training for a crisis is a losing approach. For things that must become muscle memory, instinctive, you must simulate the event and go through the motions. This talk is a deep-dive technical discussion on how you can build your own DFIR simulation. Best part -- almost all of this can be accomplished with open source tools and inexpensive equipment, but I'll also share tips and tricks on...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies

eye 97

favorite 0

comment 0

Former world chess champion Garry Kasparov has a unique place in history as the proverbial "man" in "man vs. machine" thanks to his iconic matches against the IBM supercomputer Deep Blue. Kasparov walked away from that watershed moment in artificial intelligence history with a passion for finding ways humans and intelligent machines could work together. In the spirit of "if you can't beat'em, join'em," Kasparov has explored that potential for the 20 years since his...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 25, DC25, DC-25, hackers,...
DEFCON 25
movies

eye 23

favorite 0

comment 0

Telegram is a popular instant messaging service, a self-described fast and secure solution. It introduces its own home-made cryptographic protocol MTProto instead of using already known solutions, which was criticised by a significant part of the cryptographic community. In this talk we will briefly introduce the protocol to provide context to the reader and then present two major findings we discovered as part of our security analysis performed in late 2016. First, the undocumented obfuscation...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 24

favorite 0

comment 0

Over past decade, electronic medical records (EMR's) and networked medical devices have become a healthcare norm. However, vendors and consumers alike have not paid sufficient attention to the security implications of EMR's and networked medical devices. In this talk, I will cover my experience [ethical] hacking and social engineering my way into healthcare networks. I will highlight security issues with healthcare networks and share real life stories. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...