18
18
Jul 8, 2019
07/19
by
Hak5
movies
eye 18
favorite 0
comment 0
Glytch joins us to talk about updates to Project Cuckoo and his thoughts on drone piloting as a penetration tester. Glytch on Twitter: https://twitter.com/glytchtech Glytch on Youtube: http://youtube.com/glytch -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆ Shop → http://www.hakshop.com Subscribe → http://www.youtube.com/hak5 RSS Feeds → https://www.hak5.org/subscribe Support → http://www.patreon.com/threatwire Amazon Associates →...
Topics: Youtube, video, Science & Technology, hak5, hack, technology, darren kitchen, shannon morse,...
29
29
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 29
favorite 0
comment 0
First of all, it's math. Not meth. So everybody be cool, I'm not gonna touch your central nervous system stimulant substances. Now that this is established, I can start telling my story. And this story, like all good stories, begins where it ends. Wait, no, not really. It begins at a birthday party where the sister of a friend asked if I could help her with MATLAB. No matter how horrible memories I had about MATLAB, I just couldn't say no. So the next day, there was I, sitting in my room,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
34
34
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 34
favorite 0
comment 0
Two years ago Richard Thieme spoke on “Playing Through the Pain: The Impact of Dark Knowledge on Security and Intelligence Professionals” for Def Con 24. He relied on dozens of experiences provided by colleagues over a quarter-century, colleagues from NSA, CIA, corporate, and military. Responses to the presentation have often been emotional and have corroborated his thesis. The real impact of this work on people over the long term has to be mitigated by counter-measures and strategies so...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
31
31
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 31
favorite 0
comment 0
The classic spy movie hacking sequence: The spy inserts a magic smartcard provided by the agency technicians into the enemy's computer, ...the screen unlocks... What we all laughed about is possible! Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards. A fuzzing...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
The 3DS was one of Nintendo's first serious attempts at security, featuring a cool microkernel based OS and actual exploit mitigations. That didn't stop it from getting hacked pretty hard, making it possible for people to write their own homebrew software for the console. But Nintendo isn't one to back off from a fight and, as a result, has put significant effort into not only fixing vulnerabilities but also introducing new security features targeted specifically at killing exploit techniques...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
34
34
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 34
favorite 0
comment 0
Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
34
34
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 34
favorite 0
comment 0
The mitigations for Spectre highlighted a weak link in the patching process for many users: firmware (un)availability. While updated microcode was made publicly available for many processors, end-users are unable to directly consume it. Instead, platform and operating system vendors need to distribute firmware and kernel patches which include the new microcode. Inconsistent support from those vendors has left millions of users without a way to consume these critical security updates, until now....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
24
24
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 24
favorite 0
comment 0
We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
56
56
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 56
favorite 0
comment 0
Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, and other signal processing in addition to the application processor. Have you ever been curious about how your phone actually makes calls and texts on a low level? Or maybe you want to learn more about the internals of the baseband but have no clue where to start. We will dive into the internals of a qualcomm baseband, tracing it's evolution over the years until its...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
30
30
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 30
favorite 0
comment 0
Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, security...
32
32
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 32
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=N5_dNdp8SNc Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
21
21
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 21
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=HCK0yeGQI-U Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
33
33
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 33
favorite 0
comment 0
The arbiters of defense wield many static analysis tools; disassemblers, PE viewers, and anti-viruses are among them. When you peer into their minds, these tools reveal their perilous implementations of PE file parsing. They assume PE files come as-is, but the Windows Loader actually applies many mutations (some at the command of the PE itself) before execution ever begins. This talk is about bending that loader to one's whim with the Relocations Table as a command spell. It will demonstrate...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
22
22
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 22
favorite 0
comment 0
Ten years ago, DEF CON 101 was founded by HighWiz as a way to introduce n00bs to DEF CON. The idea was to help attendees get the best experience out of DEF CON (and also tell them how to survive the weekend!). The DEF CON 101 panel has been a way for people who have participated in making DEF CON what it is today to share those experiences and, hopefully, inspire attendees to expand their horizons. DEF CON offers so much more than just talks and the DEF CON 101 panel is the perfect place to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
122
122
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 122
favorite 1
comment 0
Learn about the elements that go into a computerized light display and how you outfit your own house with dazzling blinking lights set to music. Components of the show are individually explained and live demonstrations of the technology are on display. Come get inspired to computerize your own holiday cheer! Source: https://www.youtube.com/watch?v=x64mrVwuuqs Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
30
30
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 30
favorite 0
comment 0
When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks. The ESI language consists of a small set of instructions represented by XML tags, served by...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
45
45
Sep 14, 2018
09/18
by
DEFCONConference
movies
eye 45
favorite 0
comment 0
Unless you've been living under a rock for the past 30 years or so, you probably know what a fax machine is. For decades, fax machines were used worldwide as the main way of electronic document delivery. But this happened in the 1980s. Humanity has since developed far more advanced ways to send digital content, and fax machines are all in the past, right? After all, they should now be nothing more than a glorified museum item. Who on earth is still using fax machines? The answer, to our great...
Topics: Youtube, video, Science & Technology, DEF, CON, DEFCON, DEF CON 26, DC26, hacker, hacking,...
27
27
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 27
favorite 0
comment 0
Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
40
40
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 40
favorite 0
comment 0
In the past two years, smart speakers have become the most popular IoT device, Amazon_ Google and Apple have introduced their own smart speaker products. Most of these smart speakers have natural language recognition, chat, music playback, IoT device control, shopping, and so on. Manufacturers use artificial intelligence technology to make smart speakers have similar human capabilities in the chat conversation. However, with the smart speakers coming into more and more homes, and the function...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
29
29
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 29
favorite 0
comment 0
Orwell's concept of 1984 has more to do with government misuse of technology than technology itself. New technology allows for more opportunity, but unchecked, it allows for complete government control. Representative Daniel Zolnikov is the nation's leading politician regarding privacy and surveillance and has enacted numerous laws safeguarding fourth amendment rights regarding digital communications and technology. Daniel will walk you down the road of how political misuse of technology can...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
61
61
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 61
favorite 0
comment 0
Phone-based mobile money is becoming the dominant paradigm for financial services in the developing world processing more than a billion dollars per day for over 690 million users. For example, mPesa has an annual cash flow of over thirty billion USD, equivalent to nearly half of Kenya's GDP. Numerous other products exist inside of nearly every other market, including GCash in the Philippines and easyPaisa in Pakistan. As a part of this growth, competitors have appeared who leverage ThinSIMS,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
35
35
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 35
favorite 0
comment 0
Commercial Android emulators such as NOX, BlueStacks and Leidian are very popular at the moment and most games can run on these emulators fast and soundly. The bad news for game vendors is that these emulators are usually shipped with root permission in the first place. On the other hand, cheating tools developers are happy because they can easily distribute their tools to abusers without requiring the abusers to have a physical rooted device, nor do they need to perform laborious tuning for...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
30
30
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 30
favorite 0
comment 0
Existing techniques for bypassing wired port security are limited to attacking 802.1x-2004, which does not provide encryption or the ability to perform authentication on a packet-by-packet basis [1][2][3][4]. The development of 802.1x-2010 mitigates these issues by using MacSEC to provide Layer 2 encryption and packet integrity check to the protocol [5]. Since MacSEC encrypts data on a hop-by-hop basis, it successfully protects against the bridge-based attacks pioneered by the likes of Steve...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
18
18
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 18
favorite 0
comment 0
Containerization, such as that provided by Docker, is becoming very popular among developers of large-scale applications. The good news: this is likely to make your life easier as an attacker. While exploitation and manipulation of traditional monolithic applications might require specialized experience and training in the target languages and execution environment, applications made up of services distributed among multiple containers can be effectively explored and exploited "from...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
38
38
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 38
favorite 0
comment 0
While you may not always be aware of them or even have heard of them, Crestron devices are everywhere. They can be found in universities, modern office buildings, sports arenas, and even high-end Las Vegas hotel rooms. If an environment has a lot of audio/video infrastructure, needs to interconnect or automate different IoT and building systems, or just wants the shades to close when the TV is turned on, chances are high that a Crestron device is controlling things from behind the scenes. And...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
35
35
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 35
favorite 0
comment 0
When my implant gets discovered how will I know? Did the implant stop responding for some benign reason or is the IR team responding? With any luck they'll upload the sample somewhere public so I can find it, but what if I can find out if they start looking for specific bread crumbles in public data sources? At some point without any internal data all blue teams turn to OSINT which puts their searches within view of the advertising industry. In this talk I will detail how I was able to use...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
18
18
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 18
favorite 0
comment 0
2018 is the 20th anniversary of the hacker think-tank L0pht Heavy Industries testimony before the US Senate Homeland Security & Governmental Affairs Committee on the topic of weak computer security in government. The testimony made national news when the group announced they could take down the Internet in 30 minutes. It was also the first-time hackers using handles appeared before a US Legislative body. Members of the L0pht have grown from their hacker roots to become distinguished leaders...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
38
38
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 38
favorite 0
comment 0
In today's digital world the mouse, not the pen is arguably mightier than the sword. Via a single click, countless security mechanisms may be completely bypassed. Run untrusted app? click ...allowed. Authorize keychain access? click ...allowed. Load 3rd-party kernel extension? click ...allowed. Authorize outgoing network connection? click ...allowed. Luckily security-conscious users will (hopefully) heed such warning dialogues—stopping malicious code in its tracks. But what if such clicks can...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
64
64
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 64
favorite 0
comment 0
Why does my bank's website require my MFA token but Quicken sync does not? How is using Quicken or any personal financial software different from using my bank's website? How are they communicating with my bank? These questions ran through my head when balancing the family checkbook every month. Answering these questions led me to deeply explore the 20 year old Open Financial Exchange (OFX) protocol and the over 3000 North American banks that support it. They led me to the over 30 different...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
51
51
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 51
favorite 0
comment 0
When it comes to taking advantage of SMB connections, most tools available to penetration testers aim for system enumeration or for performing relay attacks to gain RCE. If signatures are required, or if the victims relayed are not local admins anywhere, that can put a real stint in leveraging SMB to gain any serious footholds in a network. Fortunately, the mentioned attacks are only the tip of the iceberg of the ways to gain RCE with insecure SMB connections – and there’s a new tool to...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
48
48
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 48
favorite 0
comment 0
Sniffing and attacking Bluetooth Low Energy devices has always been a real pain. Proprietary tools do the job but cannot be tuned to fit our offensive needs, while opensource tools work sometimes, but are not reliable and efficient. Even the recently released Man-in-the-Middle BLE attack tools have their limits, like their complexity and lack of features to analyze encrypted or short connections. Furthermore, as vendors do not seem inclined to improve the security of their devices by following...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
28
28
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 28
favorite 0
comment 0
In 2017 a malware framework dubbed TRITON (also referred to as TRISIS or HatMan) was discovered targeting a petrochemical plant in Saudi Arabia. TRITON was designed to compromise the Schneider Electric Triconex line of Safety Instrumented Systems (SIS), potentially in order to cause physical damage. TRITON is the most complex publicly known ICS attack framework to date and the first publicly known one to target safety controllers. While the functionality of the malware is understood, little is...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
28
28
Nov 1, 2018
11/18
by
DEFCONConference
movies
eye 28
favorite 0
comment 0
OpenXC builds its firmware -- for both the open and proprietary builds -- using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational excersise) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How strings lead reverse engineers to interesting code via backwards...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
61
61
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 61
favorite 1
comment 0
In the ever raging battle between malicious code and anti-malware tools, firewalls play an essential role. Many a malware has been generically thwarted thanks to the watchful eye of these products. However on macOS, firewalls are rather poorly understood. Apple's documentation surrounding it's network filter interfaces is rather lacking and all commercial macOS firewalls are closed source. This talk aims to take a peek behind the proverbial curtain revealing how to both create and 'destroy'...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
35
35
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 35
favorite 0
comment 0
In 2014, we released the mana rogue AP toolkit at DEF CON 22. This fixed KARMA attacks which no longer worked against modern devices, added new capabilities such as KARMA against some EAP networks and provided an easy to use toolkit for conducting MitM attacks once associated. Since then, several changes in wifi client devices, including MAC randomisation, significant use of the 5GHz spectrum and an increased variety of configurations has made these attacks harder to conduct. Just firing up a...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
32
32
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 32
favorite 0
comment 0
Fair elections are at the core of every democracy and are of paramount importance to our national security. The confidence in our electoral process is fundamental to ensuring that every vote- and therefore every voice- matters. In recent years, our Nation has become increasingly uneasy about the potential threats to our election infrastructure. The activities to undermine the confidence in the 2016 presidential election have been well documented and the United States (U.S.) Government has...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=PQXCTOKRrNQ Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
In the past, when hackers did malicious program code injection, they used to adopt RunPE, AtomBombing, cross-process creation threads, and other approaches. They could forge their own execution program as any critical system service. However with increasing process of anti-virus techniques, these sensitive approaches have been gradually proactively killed. Therefore, hackers began to aim at another place, namely memory-level weakness, due to the breakages of critical system service itself. This...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
20
20
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 20
favorite 0
comment 0
In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing methodologies to RF and hardware systems has historically been challenging due to siloed tools and the limited capabilities of commodity RF chipsets. We created the TumbleRF fuzzing orchestration framework to address these shortfalls by defining core...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
44
44
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 44
favorite 0
comment 0
Most of modern OS are using sandboxing in order to prevent malicious apps from affecting other apps or even harming the OS itself. Google is constantly reinforcing Android’s sandbox protection, introducing new features to prevent any kind of sandbox bypass. In this talk we want to shed new light on a less known attack surface which affects all Android devices and allows an attacker to hijack the communication between privileged apps and the disk, bypassing Android’s latest sandbox...
Topics: Youtube, video, Science & Technology, DEF, CON, Slava Makkaveev, DEF CON, DEFCON, DEF CON 26,...
29
29
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 29
favorite 0
comment 0
Typically, the activities of a malware attack occur on an execution timeline that generally consists of 3 segments—the vector, the stage, and the persistence. First, a vector, or method of exploitation is identified. This could be anything from logging in over a credentialed method like RDP or SSH and running a malicious payload directly, to exploiting a memory corruption vulnerability remotely. Second, that access is leveraged into running malicious code that prepares the victim for the...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
35
35
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 35
favorite 0
comment 0
Antidrone system industries have arised. Due to several, and even classic, vulnerabilities in communication systems now used by drones , anti-drone systems are able to take down those drone by means of well documented attacks. Drone/antidrone competition has already been set into the scene. This talk provides a new vision about drone protection against anti-drone systems, presenting "The Interceptor Project", a hand-sized nano drone based on single-core tiniest Linux Board: Vocore2....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
39
39
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 39
favorite 0
comment 0
Hack a lock and get free rides! (No free beer yet though...). This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't. Previous talks on...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
19
19
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 19
favorite 0
comment 0
In recent years, Google has made many great efforts in exploit mitigation and attack surface reduction to strengthen the security of android system. It is becoming more and more difficult to remotely compromise Android phones especially Google’s Pixel phone. The Pixel phone is protected by many layers of security. It was the only device that was not pwned in the 2017 Mobile Pwn2Own competition. But our team discovered a remote exploit chain—the first of its kind since the Android Security...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
44
44
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 44
favorite 0
comment 0
Defenders have been slowly adapting to the new reality: Any organization is a target. They bought boxes that blink and software that floods the SOC with alerts. None of this matters as much as how administration is performed: Pop an admin, own the system. Admins are being dragged into a new paradigm where they have to more securely administer the environment. What does this mean for the pentester or Red Teamer? Admins are gradually using better methods like two-factor and more secure...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
26
26
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 26
favorite 0
comment 0
Extreme network's embedded WingOS (Originally created by Motorola) is an operating system used in several wireless devices such as access points and controllers. This OS is being used in Motorola devices, Zebra devices and Extreme network's devices. This research started focusing in an access point widely used in many Aircrafts by several worldwide airlines but ended up in something bigger in terms of devices affected as this embedded operating system is not only used in AP's for Aircrafts but...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
36
36
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 36
favorite 0
comment 0
Cellular networks are connected with each other through a worldwide private, but not unaccessible network, called IPX network. Through this network user related information is exchanged for roaming purposes or for cross-network communication. This private network has been breached by criminals and nation states. Cellular networks are extremely complex and many attacks have been already been found e.g. DoS, location tracking, SMS interception, data interception. Many attacks have been seen in...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
104
104
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 104
favorite 0
comment 0
Surveillance had been a fact of life for sex workers wherever they have faced prohibition. Only two elements, communication and association, can differentiate between commercial and personal sex, criminal enforcement of prostitution laws have necessarily meant targeting the speech and affiliation of perceived sex workers. Enforcement of this nature is facilitated by profiling, institutional bias, and broad overreaching policies that fundamentally violate individual human rights. This has...
Topics: Youtube, video, Science & Technology, DEF, CON, def con, DEF CON, DEFCON, DEF CON 26, DC26,...
55
55
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 55
favorite 0
comment 0
We started our own transit Internet Service Provider (ISP) to safely route anonymized packets across the globe, and you can too. Emerald Onion is a Seattle-based 501(c)3 not-for-profit and we want to help other hacker collectives start their own. Getting your own Autonomous System Number (ASN), managing Internet Protocol (IP) scopes, using Border Gateway Protocol (BGP) in Internet Exchange Points (IXPs), dealing with abuse complaints or government requests for user data -- this is all stuff...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
63
63
Oct 24, 2018
10/18
by
DEFCONConference
movies
eye 63
favorite 0
comment 0
Most of us have knowledge of PCB construction. In the past reversing someone's design was an easy task due to the simplicity of the PCB design. Now with BGA's( Ball Grid Array's), manufacturers using several plane layers cover the entire PCB design and obscuring the details of the PCB from view. Thru the use of X-Ray, we are able to reverse engineer virtually anything. Slides will be presented show several PCB designs and how easy it was to reverse engineer the PCB. Also presenting videos of...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON, DEFCON, DEF CON 26, DC26, computer...
