63
63
Aug 19, 2019
08/19
Aug 19, 2019
by
Hak5
movies
eye 63
favorite 0
comment 0
Salvador shows us how his device, the Hunter Cat, can help with finding ATM skimmers. Follow Salvador here: https://twitter.com/Netxing http://hunter.electroniccats.com/ -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → https://www.hakshop.com Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us → http://www.twitter.com/hak5 Threat Wire RSS...
Topics: Youtube, video, Science & Technology, hak5, hack, technology, darren kitchen, shannon morse,...
Incorporating natural elements, complex fabrication techniques, and components rarely seen by the outside world, the DEF CON 27 Badge brings our community together through Technology's Promise. Join DEF CON's original electronic badge designer Joe Grand on a behind-the-scenes journey of this year's development process and the challenges, risks, and adventures he faced along the way. Joe Grand (Kingpin) Joe Grand, also known as Kingpin, is a computer engineer, hardware hacker, DEF CON badge...
Topics: Youtube, video, Science & Technology, DEF, CON, DEFCON, DEF CON 27, DC27, DEF CON 2019, hacker,...
40
40
Aug 16, 2019
08/19
Aug 16, 2019
by
Hak5
movies
eye 40
favorite 0
comment 0
El Kentaro joins us at DEF CON 27 to share his new hardware hacks. https://twitter.com/elkentaro https://www.instagram.com/elkentaro/ https://medium.com/@elkentaro https://www.twitch.tv/elkentaro -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Our Site → https://www.hak5.org Shop → https://www.hakshop.com Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1 Support → https://www.patreon.com/threatwire Contact Us →...
Topics: Youtube, video, Science & Technology, hak5, hack, technology, darren kitchen, shannon morse,...
63
63
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 63
favorite 0
comment 0
There is a rising trend within Threat actors to find newer, more effective and stealthy ways to attack and gain persistence in a network. One way to achieve this is by abusing legitimate software such as Windows Management Instrumentation and PowerShell. This is the case for Living Off the Land and Fileless threats. By using these techniques, attackers can distribute their malicious code bypassing software whitelisting and avoid antivirus detection. A method to detect these threats is by...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
52
52
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 52
favorite 0
comment 0
Golang is a pretty nifty language, and it's remarkably well suited for car hacking. SocketCAN provides a great framework for interacting with CAN devices, so why not use it from Go? We'll present an open source Go library for making SocketCAN easy, and show how to work with raw CAN and ISOTP data. Attendees will get all the info they need to start hacking CAN buses with Go. Source: https://www.youtube.com/watch?v=PlOj0Mt-2NM Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
33
33
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 33
favorite 0
comment 0
The Controller Area Network (CAN) bus has been mandated in all cars sold in the United States since 2008. But CAN is terrible in many unique and disturbing ways. CAN has served as a convenient punching bag for automotive security researches for a plethora of reasons, but all of the available analysis tools share a shortcoming. They invariably use a microcontroller with a built-in CAN peripheral that automatically takes care of the low-level (ISO layer 1 and 2) communication details, and ensures...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
28
28
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 28
favorite 0
comment 0
Getting started in car hacking can be a daunting and expensive hobby. In this talk I am going to walk you through what you need to buy (and what you can likely skip). I will also be releasing a quick start guide and a script to help new car hackers build a "Car Hacking" system. Source: https://www.youtube.com/watch?v=YFMqGyWyWCo Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
OpenXC builds its firmware -- for both the open and proprietary builds -- using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational excersise) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How strings lead reverse engineers to interesting code via backwards...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
25
25
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 25
favorite 0
comment 0
Industrial espionage is the practice of secretly gathering information about competing corporation or business interest, with the objective of placing one’s own organization at a strategic or financial advantage. A common practice to achieve this advantage is to elicit information from unwitting individuals through what today is called social engineering (SE). We all hear the term SE so often that we become desensitized to it, thereby INCREASING the effectiveness of it against ourselves and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
36
36
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 36
favorite 0
comment 0
Automation has been the forefront of almost every tool or talk in the recent years. The DFIR industry has been moving rapidly towards automating everything! With some great work being done in the area of integrating workflows and various toolsets to make things easier for analysts, automation has really taken off. While that sounds like a worthwhile solution to help SOC analysts weed out the run of the mill adware/PUPs or phishing expeditions, can we really automate a response to the more...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
18
18
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 18
favorite 0
comment 0
Have you wondered whether developers can play any significant role in the security world? Come hear from a diehard programmer and hacker who loves to break and loves to build, and learn how a regular programmer can make major contributions to security from the trenches. This presentation will dive into the intersection between development and security. You will learn about the SDL -- Secure Development Lifecycle, and why in the world a hacker would care about processes and procedures. You will...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
35
35
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 35
favorite 0
comment 0
The security operations aspect of your Information Security risk management program is where the “rubber meets the road” — the tools and people you have to implement the process and procedures you put together to find the badness and put out the fires. How has the concept of security operations evolved, and where are we headed? There is plenty of buzzword bingo: UBA, UEBA, machine learning and artificial intelligence, network abnormality detection, the marketing conversations of evolving...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
51
51
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 51
favorite 0
comment 0
The Automotive Exploitation Sandbox is a hands-on educational tool designed to provide stakeholders with little to no previous exposure to automotive security a hands-on experience with real hardware following a basic attack chain against a typical automotive development board. The attack chain provides instructions for the user to remotely exploit, escalate privilege, exfiltrate data, and modify memory using synthetic vulnerabilities placed on a remote test platform running an OS and hardware...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
The presentation will cover security implications of GPS and positioning attacks. We will discuss real world attacks and incidents. We will touch upon increased reliance on positioning data in accident reconstruction and assistive driving technologies. Source: https://www.youtube.com/watch?v=i3S9wiHF8c0 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
65
65
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 65
favorite 0
comment 0
The security of automobiles accesses control system is a topic often discussed. Today's vehicles rely on key-fob control modules, to ensure the vehicle is accessible to authorized users only. While most traditional automobile key-fob systems have been shown to be insecure in the past, here comes a game changer. Instead of the regular key-fob system, some car owners will be able to access their vehicle by having their smartphone authenticate as a digital car key. In this talk, we will reveal the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
41
41
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 41
favorite 0
comment 0
There exist several approaches to misbehavior detection in V2X networks in research literature, many of them not necessarily taking automotive restrictions into account. Only few approaches do and there is only one approach that has been tested in actual vehicles as far as I know. And that approach has it challenges - although it is an important first step towards implementation. I will present how this (and one or two other) approach works and how it can be tricked. Although misbehavior...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
25
25
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 25
favorite 0
comment 0
In the current cyber landscape several vulnerabilities are discovered every day. The volume of information and multiple sources to consume this information create interesting challenges for any security team. In the recent months several organizations have been prey of bad actors, exposing private data of millions of users, many times from month old vulnerabilities. Vulnerability management is often disregarded, improperly staffed and rarely discuss in the infosec community, yet is one of the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
58
58
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 58
favorite 0
comment 0
Unified Diagnostic Services (UDS) provides a powerful interface into vehicle diagnostics. OEMs use these services to update firmware, manipulate calibration data, send and receive information from vehicle ECUs, and now more recently for over the air updates. This talk pulls back the curtain on automotive bootloaders and how poor security design or implementation choices can be used by attackers to exfiltrate firmware or even gain persistent code execution. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
180
180
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 180
favorite 0
comment 0
Cloud Security is a magical world of as-a-service miracles. Just spin up your intrusion-detection- as-a-service, SOC-as-a-service, incident-response-as-a-service, and start feeding it security- intelligence-as-a-service. Come hear from this CISO-as-a-service unwrap the onion of cloud access security brokers (CASB), cloud workload protection platforms (CWPP), microsegmentation, cloud security posture management (CSPM), software-defined perimeters (SDP), and bunch of other cloud related topics....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
27
27
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 27
favorite 0
comment 0
Nowadays any recent car up to 5 years old comes with something called “Infotainment”, this is that IPad-looking screen that allows you to use the GPS Navigation, select your favorite music from your IPod, make or receive calls while speaking through the Car’s speakers, or even ask the Car to read a SMS message for you, that along with the latest self-driving technologies popping up everywhere cannot longer be handled by a microcontroller, it requires an embedded OS to support all those...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
28
28
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 28
favorite 0
comment 0
Logs, right? Do you run an expensive SIEM? If not, this talk is for you. An effective process for managing logs and security events with built-in and open-source tools will be detailed. I'll share reports and tickets from our organization and describe how we analyze them to improve IT operations, situational awareness, security posture, and pass audits. Source: https://www.youtube.com/watch?v=3yYD3CYiwx4 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
37
37
Oct 31, 2018
10/18
Oct 31, 2018
by
DEFCONConference
movies
eye 37
favorite 0
comment 0
Traditionally SOCs look outward from their network perimeters, missing the adversaries already operating in their networks. As SOCs improve their capabilities by turning inwards, where should they start? What techniques should they be worried about? What tools will help them? Without knowing what your adversaries can do and what your current capabilities are, it’s hard to make improvements. This talk will describe how to use the MITRE ATT&CK framework as a “scorecard” within the SOC...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
39
39
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 39
favorite 0
comment 0
In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or does not rise to the challenge. As malware authors and distributors share code and prepackaged tool kits, the corporate sponsored research community is dominated by solutions aimed at profit as opposed to augmenting capabilities available to the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
37
37
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 37
favorite 0
comment 0
Public keys are everywhere, after all, they are public. These keys are waiting to be reaped by those who know their real value. Hidden behind this public face lurks some potentially dangerous issues which could lead to a compromise of data and privacy. Leveraging hundreds of minion devices, we built a public key reaping machine (which we are open sourcing) and operated it on a global scale. Collected keys are tested for vulnerabilities such as the recent ROCA vulnerability or factorization...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
117
117
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 117
favorite 1
comment 0
Learn about the elements that go into a computerized light display and how you outfit your own house with dazzling blinking lights set to music. Components of the show are individually explained and live demonstrations of the technology are on display. Come get inspired to computerize your own holiday cheer! Source: https://www.youtube.com/watch?v=x64mrVwuuqs Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
18
18
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 18
favorite 0
comment 0
In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing methodologies to RF and hardware systems has historically been challenging due to siloed tools and the limited capabilities of commodity RF chipsets. We created the TumbleRF fuzzing orchestration framework to address these shortfalls by defining core...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
19
19
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 19
favorite 0
comment 0
You buy a brand-new smartwatch. You receive emails and send messages, right on your wrist. How convenient, this mighty power! But great power always comes with great responsibility. Smartwatches hold precious information just like smartphones, so do they actually fulfill their responsibilities? In this talk, we will investigate if the Samsung Gear smartwatch series properly screens unauthorized access to user information. More specifically, we will focus on a communication channel between...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
20
20
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 20
favorite 0
comment 0
Ten years ago, DEF CON 101 was founded by HighWiz as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
24
24
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 24
favorite 0
comment 0
In the past, when hackers did malicious program code injection, they used to adopt RunPE, AtomBombing, cross-process creation threads, and other approaches. They could forge their own execution program as any critical system service. However with increasing process of anti-virus techniques, these sensitive approaches have been gradually proactively killed. Therefore, hackers began to aim at another place, namely memory-level weakness, due to the breakages of critical system service itself. This...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
30
30
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 30
favorite 0
comment 0
The arbiters of defense wield many static analysis tools; disassemblers, PE viewers, and anti-viruses are among them. When you peer into their minds, these tools reveal their perilous implementations of PE file parsing. They assume PE files come as-is, but the Windows Loader actually applies many mutations (some at the command of the PE itself) before execution ever begins. This talk is about bending that loader to one's whim with the Relocations Table as a command spell. It will demonstrate...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
21
21
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 21
favorite 0
comment 0
Apple's sandbox was introduced as "SeatBelt" in macOS 10.5 which provided the first full-fledged implementation of the MACF policy. After a successful trial on macOS, Apple applied sandbox mechanism to iOS 6. In its implementation, the policy hooked dozens of operations. The number of hooks has been growing steadily when new system calls or newly discovered threats appeared. In the beginning, Apple's sandbox used a black list approach which means Apple originally concentrated on the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
56
56
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 56
favorite 0
comment 0
There are many Software Defined Radios (SDRs) available, with a great deal of time and effort having gone in to their design. These are not those radios. We present four radios that we have designed using crude, novel, and sometimes ridiculous methods for transmitting and receiving signals. The arrival of SDR allowed more hackers than ever to experiment with radio protocols, but we're still using hardware built by other people. In the time honored hacker tradition of rolling our own tools,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
31
31
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 31
favorite 0
comment 0
Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment and most games can run on these emulators fast and soundly. The bad news for game vendors is that these emulators are usually shipped with root permission in the first place. On the other hand, cheating tools developers are happy because they can easily distribute their tools to abusers without requiring the abusers to have a physical rooted device, nor do they need to perform laborious tuning for...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
28
28
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 28
favorite 0
comment 0
First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends. Wait, no, not really. It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
58
58
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 58
favorite 0
comment 0
Phone-based mobile money is becoming the dominant paradigm for financial services in the developing world processing more than a billion dollars per day for over 690 million users. For example, mPesa has an annual cash flow of over thirty billion USD, equivalent to nearly half of Kenya's GDP. Numerous other products exist inside of nearly every other market, including GCash in the Philippines and easyPaisa in Pakistan. As a part of this growth, competitors have appeared who leverage ThinSIMS,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
14
14
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 14
favorite 0
comment 0
It seems each day that passes brings new technology and an increasing dependence upon it. The medical field is no exception; medical professionals rely upon technology to provide them with accurate information and base life-changing decisions on this data. In recent years there has been more attention paid to the security of medical devices; however, there has been little research done on the unique protocols used by these devices. In large, health care systems medical personnel take advantage...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
31
31
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 31
favorite 0
comment 0
The mitigations for Spectre highlighted a weak link in the patching process for many users: firmware (un)availability. While updated microcode was made publicly available for many processors, end-users are unable to directly consume it. Instead, platform and operating system vendors need to distribute firmware and kernel patches which include the new microcode. Inconsistent support from those vendors has left millions of users without a way to consume these critical security updates, until now....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
51
51
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 51
favorite 0
comment 0
MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written by the Equation Group and dumped by the Shadow Brokers, have been used in the most damaging cyber attacks in computing history: WannaCry, NotPetya, Olympic Destroyer, and many others. Yet, how these complicated exploits work has not been made clear to most. This is due to the ETERNAL exploits taking advantage of...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
32
32
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 32
favorite 0
comment 0
Your computer is not yours. You may have shelled out thousands of dollars for it. It may be sitting right there on your desk. You may have carved your name deep into its side with a blowtorch and chisel. But it's still not yours. Some vendors are building secret processor registers into your system's hardware, only accessible by shadowy third parties with trusted keys. We as the end users are being intentionally locked out and left in the dark, unable to access the heart of our own processors,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
25
25
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 25
favorite 0
comment 0
In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
115
115
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 115
favorite 0
comment 0
We will present a sample scene and panel talk on our documentary series Reverse Engineering to the hacking community, which has been in the works for 4 years. We have dozens of interviews spanning the first 3 decades of computer hacking, ultimately there will be hundreds. It's a big story, but for the purposes of DEF CON, we've put together a 17 min. Scene covering the 80s WarGames/Legion of Doom-era of computer hacking in the US. We've spoken to great people, but there are other...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
53
53
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 53
favorite 0
comment 0
Many hackers like to contribute code, binaries, and exploits under pseudonyms, but how anonymous are these contributions really? In this talk, we will discuss our work on programmer de-anonymization from the standpoint of machine learning. We will show how abstract syntax trees contain stylistic fingerprints and how these can be used to potentially identify programmers from code and binaries. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found in...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
31
31
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 31
favorite 0
comment 0
Financial institutions, home automation products, and offices near universal cryptographic decoders have increasingly used voice fingerprinting as a method for authentication. Recent advances in machine learning and text-to-speech have shown that synthetic, high-quality audio of subjects can be generated using transcripted speech from the target. Are current techniques for audio generation enough to spoof voice authentication algorithms? We demonstrate, using freely available machine learning...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
35
35
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 35
favorite 0
comment 0
With the proliferation of Linux-based SoCs -- you've likely got one or two in your house, on your person or in your pocket -- it is often useful to look "under the hood" at what is running; Additionally, in-situ debugging may be unavailable due to read-only filesystems, memory is often limited, and other factors keep us from attacking a live device. This talk looks at attacking binaries outside their native environment using QEMU, the Quick Emulator, as well as techniques for...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
45
45
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 45
favorite 0
comment 0
Programmable Logic Controllers (PLCs) are devices used on a variety of industrial plants, from small factories to critical infrastructures like nuclear power plants, dams and wastewater systems. Although PLCs were made robust to sustain tough environments, little care was taken to raise defenses against potential cyber threats. As a consequence, threats started pouring in and causing havoc. During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
43
43
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 43
favorite 0
comment 0
Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections. Furthermore, as vendors do not seem inclined to improve the security of their devices by following...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
30
30
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 30
favorite 0
comment 0
Though many security mechanisms are deployed in Apple's macOS and iOS systems, some old-fashioned or poor-quality kernel code still leaves the door widely open to attackers. Especially, as kernel's critical components, device drivers are frequently exploited to attack Apple systems. In fact, bug hunting in Apple kernel drivers is not easy since they are mostly closed-source and heavily relying on object-oriented programming. In this talk, we will share our experience of analyzing and attacking...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
Orwell's concept of 1984 has more to do with government misuse of technology than technology itself. New technology allows for more opportunity, but unchecked, it allows for complete government control. Representative Daniel Zolnikov is the nation's leading politician regarding privacy and surveillance and has enacted numerous laws safeguarding fourth amendment rights regarding digital communications and technology. Daniel will walk you down the road of how political misuse of technology can...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
25
25
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 25
favorite 0
comment 0
Are you a malware developer for Android devices? We have very bad news for you: the Android-SDK packager (aapt) is leaking your time zone! We have found a bug inside this Android-SDK's component that relies in not properly setting the value of a variable used as an argument for localtime() function, when setting the "Last Modified" field for the Android App's files. Because of this, the time zone of anyone using the Android-SDK packager to generate their APKs is leaked. The curious...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 22, 2018
10/18
Oct 22, 2018
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the agency technicians into the enemy's computer, ...the screen unlocks... What we all laughed about is possible! Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards. A fuzzing...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
