87
87
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 87
favorite 0
comment 0
Over the last year, synchronized and coordinated attacks against critical infrastructure have taken center stage. Remote cyber intrusions at three Ukrainian regional electric power distribution companies in December 2015 left approximately 225,000 customers without power. Malware, like BlackEnergy, is being specially developed to target supervisory control and data acquisition (SCADA) systems. Specifically, adversaries are focusing their efforts on obtaining access to the human-machine...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
38
38
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 38
favorite 0
comment 0
Get mirandized for an encrypted world. This talk will cover the legal doctrines and statues our government is perverting to compel individuals into decrypting their data, or conscript technology companies into subverting the security of their own products. We’ll survey the arguments being advanced by prosecutors, the resulting case law, and the ethical dilemmas facing technology companies. The session will cover the rights and civil liberties we’ve already lost, and review the current...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
26
26
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
It's recently become easier and less expensive to create malicious GSM Base Transceiver Station (BTS) devices, capable of intercepting and recording phone and sms traffic. Detection methods haven't evolved to be as fast and easy to implement. Wireless situational awareness has a number of challenges. Categorically, these challenges are usually classified under Time, Money, or a lot of both. Provisioning sensors takes time, and the fast stuff usually isn’t cheap. Iterative improvements...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
88
88
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 88
favorite 0
comment 0
Many industries, provide consumers with data about the quality, content, and cost of ownership of products, but the software industry leaves consumers with very little data to act upon. In fact when it comes to how secure or weak a product is from a security perspective, there is no meaningful consumer facing data. There has long been a call for the establishment of an independent organization to address this need. Last year, Mudge (from DARPA, Google, and L0pht fame) announced that after...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
111
111
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 111
favorite 0
comment 0
If you’re interested in vulnerability research for fun or profit, or if you’re a beginner and you’re not sure how to progress, it can be difficult to sift through the firehose of technical information that’s out there. Plus there are all sorts of non-technical things that established researchers seem to just know. There are many different things to learn, but nobody really talks about the different paths you can take on your journey. We will provide an overview of key concepts in...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
28
28
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 28
favorite 0
comment 0
On Friday morning, August 5th, DARPA will announce the prize winners and recognize the parties responsible for building and competing in the Cyber Grand Challenge (CGC), the world's first all-machine hacking tournament, which was completed August 4th. Seven high performance computers will have completed an all-machine Capture the Flag contest, reverse engineering unknown binary software, authoring new IDS signatures, probing the security of opponent software, and re-mixing defended services...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
24
24
Oct 23, 2017
10/17
by
DEFCONConference
movies
eye 24
favorite 0
comment 0
On April 24, 2015, Apple launched themselves into the wearables category with the introduction of Apple Watch. This June, at Apple's Worldwide Developer Conference, Apple announced that their watch is not only the #1 selling smartwatch worldwide by far, but also announced the introduction of new capabilities that will come with the release of watchOS 4. Like other devices, Apple Watch contains highly sensitive user data such as email and text messages, contacts, GPS and more, and like other...
Topics: Youtube, video, Science & Technology, DEF CON, DEF CON 25, DEFCON, DC25, DC-25, hack, hacker,...
52
52
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 52
favorite 0
comment 0
Network telescopes are collections of unused but BGP-announced IP addresses. They collect the pollution of the Internet: scanning, misconfigurations, backscatter from DoS attacks, bugs, etc. For example, several historical studies used network telescopes to examine worm outbreaks. In this talk I will discuss phenomena that have recently induced many sources to send traffic to network telescopes. By examining this pollution we find a wealth of security-related data. Specifically, I’ll touch on...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
35
35
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 35
favorite 0
comment 0
Rogue access points provide attackers with powerful capabilities, but in 2016 modern privacy protections such as HTTPS Everywhere, free TLS certificates and HSTS are de-facto standards. Surely our encrypted traffic is now safe on the local coffee shop network? If not, my VPN will definitely protect me… right? In this talk we’ll reveal how recent improvements in online security and privacy can be undermined by decades old design flaws in obscure specifications. These design weakness can be...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
29
29
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 29
favorite 0
comment 0
When the machines rise up and take away our freedom to communicate we're going to need a way out. Exfiltration of data across trust boundaries will be our only means of communication. How do we do that when the infrastructure we built to defend ourselves is the very boundary we must defeat? We use the same pathways we used to, but bend the rules to meet our needs. Whether its breaking protocol, attaching payloads, or pirating the airwaves we'll find a way. We'll cover using a custom server...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
42
42
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 42
favorite 0
comment 0
There has been much buzz about car hacking, but what about the larger heavy-duty brother, the big rig? Heavy trucks are increasingly networked, connected and susceptible to attack. Networks inside trucks frequently use Internet connected devices even on safety-critical networks where access to brakes and engine control is possible. Unfortunately, tools for doing analysis on heavy trucks are expensive and proprietary. Six_Volts and Haystack have put together a set of tools that include open...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
20
20
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 20
favorite 0
comment 0
A number of toolsets have been around for a while which propose methods for identifying vulnerabilities in kernels, in particular POSIX kernels. However, none of these identified a method for generic fuzzing across Windows and POSIX kernels and have not been updated for some time. This presentation will outline the research which has occurred in order to find exploitable bugs across both Windows and POSIX kernels, focusing on fuzzing system calls and library calls in the Windows environment....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
73
73
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 73
favorite 0
comment 0
You want to phish your company or your client. You’ve never done this for work before, you’ve got a week to do it, and you figure that’s plenty of time. Then someone objects to the pretext at the last minute. Or spam filters block everything. Or you decide to send slowly, to avoid detection, but the third recipient alerts the entire company. Or you can only find 5 target addresses. We’ve all been there on our first professional phishing exercise. What should be as easy as building a two...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
65
65
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 65
favorite 0
comment 0
Is the Internet going to live up to its promise as the greatest force for individual freedom that the world has ever known? Or is the hope for a global community of creative intellectual interaction lost…for now? In last year’s Black Hat keynote—entitled “Lifecycle of a Revolution”—noted privacy and civil liberties advocate Jennifer Granick told the story of the Internet utopians, people who believed that Internet technology could greatly enhance creative and intellectual freedom....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
18
18
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 18
favorite 0
comment 0
At DEF CON 16 in 2008, we released the original BSODomizer (www.bsodomizer.com), an open source VGA pranking tool and introductory hacking platform for the multicore Propeller micro-controller. Hours of productivity were replaced with rage and frustration as unwitting computer users were confronted with fake Blue Screens of Death and revolting ASCII art. But, the world has changed. The machines have risen in capability. HDMI is the graphical transmission protocol of choice and hacking with...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
34
34
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 34
favorite 0
comment 0
Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
28
28
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 28
favorite 0
comment 0
First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends. Wait, no, not really. It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
28
28
Oct 5, 2017
10/17
by
DEFCONConference
movies
eye 28
favorite 0
comment 0
Vulnerability Assessment is, by some, regarded as one of the least “sexy” capabilities in information security. However, it is the presenter’s view that it is also a key component of any successful infosec program, and one that is often overlooked. Doing so serves an injustice to the organization and results in many missed opportunities to help ensure success in protecting critical information assets. The presenter will explore how Vulnerability Assessment can be leveraged “Beyond the...
Topics: Youtube, video, Science & Technology, Vulnerability Assessment (Competitive Space), DEF CON...
14
14
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 14
favorite 0
comment 0
With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin’s innocent attempt to fix an issue,...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
18
18
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 18
favorite 0
comment 0
As a defender, have you ever been asked ‘do they win?’ How about ‘what products or capabilities should I buy to even the odds?’ Mapping the functionality to a standard list of desired capabilities only gets you so far. And, many vendors require an organization to pay for a framework, or for access to a framework, to enable tactical and strategic campaigns. Wouldn’t it be great to have an open source way to pick strategies? So what do you do? Build out your own defensive campaigns...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
86
86
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 86
favorite 0
comment 0
Since these last few years our world has been getting smarter and smarter. We may ask ourselves: what does smart mean? It is the possibility of building systems which are nodes of a more complex network, digitally connected to the internet and to the final users. Our cities are becoming one of those networks and over time more and more elements are getting connected to such network: from traffic lights to information signs, from traffic and surveillance cameras to transport systems. This last...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
86
86
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 86
favorite 1
comment 0
Ever dreamed of cleaning up at poker, but afraid that you are not good enough to do it on your own? Fear not! The chinese underground got you covered with high-tech concealed cheating devices that automatically read marked cards and whisper them in your ear through an ear-piece. Seems too good to be true? Well those James Bond devices are the real deal: we were able to get our hands onto one of those pricey gadget and they really work. They even come with additional gizmos, like a camera hidden...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
15
15
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 15
favorite 0
comment 0
Samsung announced many layers of security to its Pay app. Without storing or sharing any type of user’s credit card information, Samsung Pay is trying to become one of the securest approaches offering functionality and simplicity for its customers. This app is a complex mechanism which has some limitations relating security. Using random tokenize numbers and implementing Magnetic Secure Transmission (MST) technology, which do not guarantee that every token generated with Samsung Pay would be...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
31
31
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 31
favorite 0
comment 0
Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
62
62
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 62
favorite 0
comment 0
Much of the time and attention dedicated to modern network security focuses on detecting the contemporary vulnerabilities and exploits which power the breaches that make the headlines. With almost all of the emphasis is placed around the endless cycle of new entry points, we are often overlooking what is perhaps one of the most profoundly interesting aspects of modern network breaches; the post-exploit communication of a compromised system to the attacker—known as command and control. Once...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
84
84
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 84
favorite 0
comment 0
LTE is a more advanced mobile network but not absolutely secure. Recently there already some papers those exposed the vulnerabilities of LTE network. In this presentation, we will introduce one method which jointly exploits the vulnerabilities in tracking area update procedure, attach procedure, and RRC redirection procedure, and finally can force a targeted LTE cellphone to downgrade into a malicious GSM network, then consequently can eavesdrop its data traffic or even voice call. This attack...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
118
118
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 118
favorite 0
comment 0
The CAN bus is really mainstream, and every now and then there are new tools coming out to deal with it. Everyone wants to control vehicles and already knows that you can make the horn honk by replaying that frame you captured. But is this all that there is on this topic? Reversing OEM and third party tools, capturing firmware update files on the fly, and hijacking Security Sessions on a bus are just a few examples of things that can be done as well. For this and more, we will introduce to you...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
88
88
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 88
favorite 0
comment 0
Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and bonnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content. We present a recurrent neural network that learns to...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
92
92
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 92
favorite 0
comment 0
Managed Code Rootlets (MCRs) are terrifying post-exploitation attacks that open the doors for cementing and expanding a foothold in a target network. While the concept isn’t new, practical tools for developing MCRs don’t currently exist. Ere Metula released ReFrameworker in 2010 with the ability to inject attack modules into the C# runtime, paving the way for MCRs, but the tool requires the attacker to have knowledge of intermediate languages, does not support other runtimes, and is no...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
24
24
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 24
favorite 0
comment 0
The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit techniques...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
41
41
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 41
favorite 0
comment 0
Many Bluetooth Low Energy (BLE) enabled deadbolts and padlocks have hit the market recently. These devices promise convenience and security through smartphone control. We investigated sixteen of these products from multiple vendors and discovered wireless vulnerabilities in most of them. Using a $50 antenna, we successfully picked vulnerable locks from over 400 meters away. In this presentation we introduce open source tools to crack each of the vulnerable BLE locks. Furthermore, after...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
70
70
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 70
favorite 0
comment 0
In the past few years, several tools have been released allowing hobbyists to connect to CAN buses found in cars. This is welcomed as the CAN protocol is becoming the backbone for embedded computers found in smart cars. Its use is now even spreading outside the car through the OBD-II connector: usage-based policies from insurance companies, air-pollution control from law enforcement or engine diagnostics from smartphones for instance. Nonetheless, these tools will do no more than what...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
26
26
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the agency technicians into the enemy's computer, ...the screen unlocks... What we all laughed about is possible! Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards. A fuzzing...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
20
20
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 20
favorite 0
comment 0
Security products should make our computers more secure, not less. Little Snitch is the de facto personal firewall for OS X that aims to secure a Mac by blocking unauthorized network traffic. Unfortunately bypassing this firewall's network monitoring mechanisms is trivial...and worse yet, the firewall's kernel core was found to contain an exploitable ring-0 heap-overflow. #fail Though briefly touching on generic firewall bypass techniques, this talk will largely focus on the kernel-mode...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
37
37
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 37
favorite 0
comment 0
As introduced in our former series of talks ‘LTE vs. Darwin‘ there are quite a few of holes in the LTE specs. Now, having our own Macro BaseStation (an eNodeB) on the desk, we will demonstrate practical approaches to and attacks on real life devices. More and more devices are using mobile radio networks such as GSM, UMTS and LTE and there has already been quite a bit of research on (in)securities on the radio part, but only few people have had a look behind the scenes. Luckily, we had the...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
19
19
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 19
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=HCK0yeGQI-U Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
117
117
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 117
favorite 1
comment 0
Learn about the elements that go into a computerized light display and how you outfit your own house with dazzling blinking lights set to music. Components of the show are individually explained and live demonstrations of the technology are on display. Come get inspired to computerize your own holiday cheer! Source: https://www.youtube.com/watch?v=x64mrVwuuqs Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
20
20
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 20
favorite 0
comment 0
Ten years ago, DEF CON 101 was founded by HighWiz as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
30
30
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 30
favorite 0
comment 0
The arbiters of defense wield many static analysis tools; disassemblers, PE viewers, and anti-viruses are among them. When you peer into their minds, these tools reveal their perilous implementations of PE file parsing. They assume PE files come as-is, but the Windows Loader actually applies many mutations (some at the command of the PE itself) before execution ever begins. This talk is about bending that loader to one's whim with the Relocations Table as a command spell. It will demonstrate...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
30
30
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 30
favorite 0
comment 0
Two years ago Richard Thieme spoke on “Playing Through the Pain: The Impact of Dark Knowledge on Security and Intelligence Professionals” for Def Con 24. He relied on dozens of experiences provided by colleagues over a quarter-century, colleagues from NSA, CIA, corporate, and military. Responses to the presentation have often been emotional and have corroborated his thesis. The real impact of this work on people over the long term has to be mitigated by counter-measures and strategies so...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
54
54
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 54
favorite 0
comment 0
Active Directory domain privilege escalation is a critical component of most penetration tests and red team assessments, but standard methodology dictates a manual and often tedious process – gather credentials, analyze new systems we now have admin rights on, pivot, and repeat until we reach our objective. Then — and only then — we can look back and see the path we took in its entirety. But that may not be the only, nor shortest path we could have taken. By combining our concept of...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
29
29
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 29
favorite 0
comment 0
When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks. The ESI language consists of a small set of instructions represented by XML tags, served by...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
Incorporating natural elements, complex fabrication techniques, and components rarely seen by the outside world, the DEF CON 27 Badge brings our community together through Technology's Promise. Join DEF CON's original electronic badge designer Joe Grand on a behind-the-scenes journey of this year's development process and the challenges, risks, and adventures he faced along the way. Joe Grand (Kingpin) Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, DEF CON badge...
Topics: Youtube, video, Science & Technology, DEF, CON, DEFCON, DEF CON 27, DC27, DEF CON 2019, hacker,...
23
23
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 23
favorite 0
comment 0
We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
13
13
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 13
favorite 0
comment 0
With the rise of the Internet of Things, the line between the physical and the digital is growing ever more hazy. Devices that once only existed in the tangible world are now accessible by anyone with a network connection. Even physical security systems, a significant part of any large organization’s overall security posture, are being given network interfaces to make management and access more convenient. But that convenience also significantly increases the risk of attack, and hacks that...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
31
31
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 31
favorite 0
comment 0
The mitigations for Spectre highlighted a weak link in the patching process for many users: firmware (un)availability. While updated microcode was made publicly available for many processors, end-users are unable to directly consume it. Instead, platform and operating system vendors need to distribute firmware and kernel patches which include the new microcode. Inconsistent support from those vendors has left millions of users without a way to consume these critical security updates, until now....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
Strong end-to-end encryption is legal in the United States today, thanks to our victory in what’s come to be known as the Crypto Wars of the 1990s. But in the wake of Paris and San Bernardino, there is increasing pressure from law enforcement and policy makers, both here and abroad, to mandate so-called backdoors in encryption products. In this presentation, I will discuss in brief the history of the first Crypto Wars, and the state of the law coming into 2016. I will then discuss what...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
38
38
Oct 3, 2017
10/17
by
DEFCONConference
movies
eye 38
favorite 0
comment 0
Electronic locks are becoming increasingly common on consumer-grade safes, particularly those used to secure guns. This talk explores vulnerabilities of several UL-listed Type 1 "High Security" electronic safe locks. Using side-channel attacks, we recover the owner-configured keycodes on two models of these locks from outside of locked safes without any damage to the locks or safes. Discussion includes power-line analysis, timing attacks, and lockout-defeat strategies on embedded...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, Hacking, Hacker Conference, Computer...
61
61
Sep 4, 2018
09/18
by
DEFCONConference
movies
eye 61
favorite 0
comment 0
The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security. This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats. Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face. The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 26, DEFCON26, DC26, hacker, hacking,...
