Vídeos DEF CON 26

DEF CON 26 Aquí os dejo los vídeos que se han publicado de DEF CON 26). Ya tenéis entretenimiento para el fin de semana que se avecina. Recuerda que también tienes el material disponible. Rob Joyce - NSA Talks Cybersecurity Eyal Itkin, Yaniv Balmas - What the Fax?! Josh Mitchell - Ridealong Adventures: Critical Issues with Police Body Cameras Svea, Suggy, Till - Inside the Fake Science Factory Ladar Levison, hon1nbo - Booby Trapping Boxes 0x200b - Detecting Blue Team Research Through Targeted Ads Si, Agent X - Wagging the Tail:Covert Passive Surveillance Alexei Bulazel - Reverse Engineering Windows Defenders Emulator Alfonso Alguacil and Murillo Moya - Playback a TLS 1 point 3 story Bui and Rao - Last mile authentication problem Exploiting the missing link Champion and Law - Building the Hacker Tracker Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86 Christopher Domas - The Ring 0 Facade Awakening the Processors Inner Demons Damien virtualabs Cauquil - You had better secure your BLE devices Douglas McKee - 80 to 0 in Under 5 Seconds Daniel Crowley and Panel - Outsmarting the Smart City delta zero and Azeem Aqil - Your Voice is My Passport Daniel Zolnikov - A Politicians Successful Efforts to Fight Surveillance Dr Holtmanns and Singh - 4G Who is Paying Your Cellular Phone Bill Video Dr Rasthofer and Panel - Worrisome Security Issues in Tracker Apps Dr Matthews and Panel - A DEF CON Guide to Adversarial Testing of Software Elinor Mills and Panel - The L0pht Testimony 20 Years Later and Other Things Foster and Ayrey - Dealing with Residual Certificates for Pre-owned Domains Franklin and Franklin - Defending the 2018 Midterm Elections from Foreign Adversaries Gabriel Ryan - Bypassing Port Security In 2018 Defeating MacSEC and 802 1x 2010 George Tarnovsky - You Can Run but You Cant Hide Reverse Engineering Using X-Ray Greenstadt and Dr Caliskan - De-anonymizing Programmers from Source Code Guang Gong - Pwning theToughest Target, the Largest Bug Bounty in the History of ASR HuiYu and Qian - Breaking Smart Speakers We are Listening to You Ian Haken - Automated Discovery of Deserialization Gadget Chains Izycki and Colli - Digital Leviathan A Comprehensive List of Nation State Big Brothers Jeanette Manfra - Securing our Nations Election Infrastructure Joe Rozner - Synfuzz Building a Grammar Based Retargetable Test Generation Framework Johnson and Stavrou - Vulnerable Out of the Box - Evaluation of Android Carrier Devices Josep Pi Rodriguez - WingOS: How to Own Millions of Devices .
Leer más

Presentaciones DerbyCon 8.0

DerbyCon 8.0 Desde la página de IronGeek podéis ver los vídeos de todas (casi) las presentaciones de DerbyCon 8.0. Aquí tenéis la lista de los mismos: Opening How to influence security technology in kiwi underpants Benjamin Delpy Panel Discussion - At a Glance: Information Security Ed Skoudis, John Strand, Lesley Carhart. Moderated by: Dave Kennedy Red Teaming gaps and musings Samuel Sayen A Process is No One: Hunting for Token Manipulation Jared Atkinson, Robby Winchester Fuzz your smartphone from 4G base station side Tso-Jen Liu Clippy for the Dark Web: Looks Like You’re Trying to Buy Some Dank Kush, Can I Help You With That?
Leer más

Presentaciones Usenix 2018

USENIX 2018 La 27 edición de la conferencia sobre seguridad USENIX 2018 se acaba de celebrar en Baltimore, MD esta pasada semana. Lo que característica a esta conferencia es que es una conferencia sobre seguridad desde ámbito académico. El número de presentaciones es bastante amplio y ya podemos acceder tanto a la investigación académica, así, como las diapositivas de la mayoría de dichas presentaciones: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?
Leer más

Material DEF CON 26

DEF CON 26 Aquí tenéis el material disponible de la DEF CON 26: Alexei Bulazel Alexei-Bulazel-Reverse-Engineering-Windows-Defender-Demo-Videos Alexei-Bulazel-demo-1-mpclient.mp4 Alexei-Bulazel-demo-2-outputdebugstringa.mp4 Alexei-Bulazel-demo-3-file-system.mp4 Alexei-Bulazel-demo-4-proclist.mp4 Alexei-Bulazel-demo-5-apicall.mp4 Alexei-Bulazel-demo-6-fuzz.mp4 Alexei-Bulazel-Reverse-Engineering-Windows-Defender.pdf Alfonso Garcia and Alejo Murillo DEFCON-26-Alfonso-Garcia-and-Alejo-Murillo-Demo-Videos playback_tls_1.mp4 playback_tls_2.mp4 playback_tls_3.mp4 Alfonso-Garcia-and-Alejo-Murillo-Playback-a-TLS-story-Updated.pdf Andrea Marcelli Andrea-Marcelli-Demo-Video.mp4 Andrea-Marcelli-Looking-for-the-perfect-signature-automatic-YARA-rules.pdf Bai Zheng and Chai Wang Bai-Zheng-Chai-Wang-You-May-Have-Paid-more-than-You-Imagine.pdf Christopher Domas Christopher-Domas-GOD-MODE- UNLOCKED-hardware-backdoors-in-x86-CPUs.pdf Christopher-Domas-The-Ring-0-Facade.pdf DEFCON-26-Damien-Cauquil-Updated DEFCON-26-Damien-Cauquil-Extras DEFCON-26-Damien-Cauquil-Secure-Your-BLE-Devices-Demo-Videos demo-hush.mp4 demo-jamming-final.mp4 demo-sniff-active.
Leer más

Presentaciones Black Hat USA 2018

Black Hat USA 2018 Aquí tenéis la list de las presentaciones de Black Hat USA de este año, con enlace a las diapositivas y documentos que se han hecho públicos: Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes Finding Xori: Malware Analysis Triage with Automated Disassembly Download Presentation Slides Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection Download Presentation Slides Software Attacks on Hardware Wallets Download Presentation Slides Download White Paper Dissecting Non-Malicious Artifacts: One IP at a Time Download Presentation Slides Detecting Credential Compromise in AWS Download Presentation Slides Download White Paper How I Learned to Stop Worrying and Love the SBOM Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking Download Presentation Slides Download White Paper Measuring the Speed of the Red Queen’s Race; Adaption and Evasion in Malware Download Presentation Slides Download White Paper Holding on for Tonight: Addiction in InfoSec Download Presentation Slides TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever Download Presentation Slides Download White Paper Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops Download Presentation Slides From Bot to Robot: How Abilities and Law Change with Physicality Download Presentation Slides Download White Paper Miasm: Reverse Engineering Framework Download Presentation Slides New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers Download Presentation Slides Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools Download Presentation Slides KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths Download Presentation Slides A Dive in to Hyper-V Architecture & Vulnerabilities Download Presentation Slides No Royal Road … Notes on Dangerous Game There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently Download Presentation Slides Compression Oracle Attacks on VPN Networks Download Presentation Slides CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers Download Presentation Slides Download White Paper Remotely Attacking System Firmware Reversing a Japanese Wireless SD Card - From Zero to Code Execution Download Presentation Slides Deep Dive into an ICS Firewall, Looking for the Fire Hole Legal Landmines: How Law and Policy are Rapidly Shaping Information Security Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering Download Presentation Slides From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it Download Presentation Slides An Attacker Looks at Docker: Approaching Multi-Container Applications Download Presentation Slides Download White Paper The Unbearable Lightness of BMC’s Download Presentation Slides Download White Paper Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community Download Presentation Slides WireGuard: Next Generation Secure Network Tunnel Download Presentation Slides Download White Paper Threat Modeling in 2018: Attacks, Impacts and Other Updates Download Presentation Slides Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology Download Presentation Slides Download White Paper Don’t @ Me: Hunting Twitter Bots at Scale Download Presentation Slides Download White Paper A Brief History of Mitigation: The Path to EL1 in iOS 11 [] () ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
Leer más

Presentaciones De Black Hat Asia 2018

Black Hat Asia 2018 Ya están disponibles la mayoría de las presentaciones de Black Hat Asi 2018 celebrada el pasado 20-23 de marzo: A Short Course in Cyber Warfare National Cyber-Aggression and Private-Sector Internet Infrastructure A Deal with the Devil: Breaking Smart Contracts Wong-Hemmel-A-Deal-with-the-Devil-Breaking-Smart-Contracts.pdf A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages! Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages_update_Thursday.pdf AES Wireless Keyboard – Template Attack for Eavesdropping Kim-AES-Wireless-Keyboard-Template-Attack-for-Eavesdropping.
Leer más

Vídeos Del Chaos Communication Congress 34

Chaos Communication Congress 34 Nada mejor que empezar el año con material de primera calidad. El Chaos Communication Congress, como de costumbre a celebrado su cita con el hacking mundial entre el 27 y el 30 de diciembre. Si tienes algo de tiempo libre hasta después de los reyes, aquí tienes dónde entretenerte. Antipatterns und Missverständnisse in der Softwareentwicklung Dude, you broke the Future! Eröffnung: tuwat Die Lauschprogramme der Geheimdienste Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit Social Bots, Fake News und Filterblasen QualityLand Methodisch inkorrekt!
Leer más

Vídeos DEF CON 25

DEF CON 25 Aunque no son todos los vídeos de la DEF CON 25, ya hay bastantes disponibles. Aquí tenéis una lista organizada en varias secciones: Main Track 1 Cheng - The spear to break the security wall of S7CommPlus Christopher Domas - Breaking the x86 Instruction Set Damien Cauquil - Weaponizing the BBC Micro Bit Dennis Maldonado - Real time RFID Cloning in the Field Daniel Bohannon, Lee Holmes - Revoke Obfuscation: PowerShell Obfuscation Duncan Woodbury, Nicholas Haltmeyer - Linux Stack Based V2X Framework Dor Azouri - BITSInject Dimitry Snezhkov - Abusing Webhooks for Command and Control Gerald Steere, Sean Metcalf - Hacking the Cloud Gabriel Ryan - The Black Art of Wireless Post Exploitation Hanno Bõck - Abusing Certificate Transparency Logs Gil Cohen - Call the plumber: You have a leak in your named pipe Hyrum Anderson - Evading next gen AV using AI Itzik Kotler, Amit Klein - The Adventures of AV and the Leaky Sandbox Ilja van Sprundel - Are all BSDs are created equally?
Leer más

Vídeos De Usenix 17

USENIX 17 Además del material de USENIX 17, ya están disponibles también los vídeos de las charlas. Aquí tenéis la lista completa: Opening Remarks and Awards When Your Threat Model Is “Everything”: Defensive Security in Modern Newsrooms How Double-Fetch Situations turn into Double-Fetch Vulnerabilities… Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts Ninja: Towards Transparent Tracing and Debugging on ARM Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX On the effectiveness of mitigations against floating-point timing channels Constant-Time Callees with Variable-Time Callers Neural Nets Can Learn Function Type Signatures From Binaries CAn’t Touch This… Efficient Protection of Path-Sensitive Control Security Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Venerable Variadic Vulnerabilities Vanquished Towards Practical Tools for Side Channel Aware Software Engineering… Strong and Efficient Cache Side-Channel Protection… CacheD: Identifying Cache-Based Timing Channels in Production Software An Ant in a World of Grasshoppers From Problems to Patterns to Practice… BinSim: Trace-based Semantic Binary Diffing… PlatPal: Detecting Malicious Documents with Platform Diversity Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART Global Measurement of DNS Manipulation Characterizing the Nature and Dynamics of Tor Exit Blocking DeTor: Provably Avoiding Geographic Regions in Tor SmartAuth: User-Centered Authorization for the Internet of Things AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices Identifier Binding Attacks and Defenses in Software-Defined Networks HELP: Helper-Enabled In-Band Device Pairing… Attacking the Brain: Races in the SDN Control Plane Detecting Credential Spearphishing in Enterprise Settings SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data When the Weakest Link is Strong… Hacking in Darkness: Return-oriented Programming against Secure Enclaves vTZ: Virtualizing ARM TrustZone Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing AuthentiCall: Efficient Identity and Content Authentication for Phone Calls Picking Up My Tab… TrustBase: An Architecture to Repair and Strengthen… Transcend: Detecting Concept Drift in Malware Classification Models Syntia: Synthesizing the Semantics of Obfuscated Code Predicting the Resilience of Obfuscated Code… Differential Privacy: From Theory to Deployment OSS-Fuzz - Google’s continuous fuzzing service for open source software Extension Breakdown… CCSP: Controlled Relaxation of Content Security Policies… Same-Origin Policy: Evaluation in Modern Browsers Locally Differentially Private Protocols for Frequency Estimation BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model Computer Security, Privacy, and DNA Sequencing… BootStomp: On the Security of Bootloaders in Mobile Devices Seeing Through The Same Lens… Oscar: A Practical Page-Permissions-Based Scheme… PDF Mirage: Content Masking Attack Against Information-Based Online Services Loophole: Timing Attacks on Shared Event Loops in Chrome Game of Registrars… Speeding up detection of SHA-1 collision attacks… Phoenix: Rebirth of a Cryptographic Password-Hardening Service Vale: Verifying High-Performance Cryptographic Assembly Code Exploring User Perceptions of Discrimination in Online Targeted Advertising Measuring the Insecurity of Mobile Deep Links of Android How the Web Tangled Itself Towards Efficient Heap Overflow Discovery DR.
Leer más

Material De Usenix Security 17, sesiones técnicas y talleres

Hace una semana se celebró en Canadá la conferencia “académica” sobre ciber seguridad Usenix junto a un puñado de talleres. Todo el material está disponible de forma gratuita para descarga de ambos eventos: Sesiones Técnicas y Talleres. Aquí tenéis la lista completa de las charlas y sus correspondientes enlaces: Sesiones técnicas de Usenix Security ‘17 When Your Threat Model Is “Everything”: Defensive Security in Modern Newsrooms Erinn Clark, Lead Security Architect, First Look Media/The Intercept How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel Paper Slides Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts Paper Ninja: Towards Transparent Tracing and Debugging on ARM Paper Slides Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX Paper On the effectiveness of mitigations against floating-point timing channels Paper Slides Constant-Time Callees with Variable-Time Callers Paper Slides Neural Nets Can Learn Function Type Signatures From Binaries Paper CAn’t Touch This: Software-only Mitigation against Rowhammer Attacks targeting Kernel Memory Paper Efficient Protection of Path-Sensitive Control Security Paper Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities Paper kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Paper Venerable Variadic Vulnerabilities Vanquished Paper Towards Practical Tools for Side Channel Aware Software Engineering: ‘Grey Box’ Modelling for Instruction Leakages Paper Slides Strong and Efficient Cache Side-Channel Protection using Hardware Transactional Memory Paper Slides CacheD: Identifying Cache-Based Timing Channels in Production Software Paper An Ant in a World of Grasshoppers Ellen Cram Kowalczyk, Microsoft From Problems to Patterns to Practice: Privacy and User Respect in a Complex World Lea Kissner, Google BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking Paper PlatPal: Detecting Malicious Documents with Platform Diversity Paper Slides Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART Paper Global Measurement of DNS Manipulation Paper Characterizing the Nature and Dynamics of Tor Exit Blocking Paper DeTor: Provably Avoiding Geographic Regions in Tor Paper SmartAuth: User-Centered Authorization for the Internet of Things Paper AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings Paper Slides 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices Paper Identifier Binding Attacks and Defenses in Software-Defined Networks Paper HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal Cancellation Paper Attacking the Brain: Races in the SDN Control Plane Paper Detecting Credential Spearphishing in Enterprise Settings Paper SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data Paper When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers Paper Slides Hacking in Darkness: Return-oriented Programming against Secure Enclaves Paper vTZ: Virtualizing ARM TrustZone Paper Slides Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Paper AuthentiCall: Efficient Identity and Content Authentication for Phone Calls Paper Picking Up My Tab: Understanding and Mitigating Synchronized Token Lifting and Spending in Mobile Payment Paper Slides TrustBase: An Architecture to Repair and Strengthen Certificate-based Authentication Paper Transcend: Detecting Concept Drift in Malware Classification Models Paper Syntia: Synthesizing the Semantics of Obfuscated Code Paper Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning Paper Differential Privacy: From Theory to Deployment Abhradeep Guha Thakurta, University of California, Santa Cruz OSS-Fuzz - Google’s continuous fuzzing service for open source software Slides Kostya Serebryany, Google Extension Breakdown: Security Analysis of Browsers Extension Resources Control Policies Paper CCSP: Controlled Relaxation of Content Security Policies by Runtime Policy Composition Paper Same-Origin Policy: Evaluation in Modern Browsers Paper Locally Differentially Private Protocols for Frequency Estimation Paper BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model Paper Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More Paper BootStomp: On the Security of Bootloaders in Mobile Devices Paper Slides Seeing Through The Same Lens: Introspecting Guest Address Space At Native Speed Paper Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers Paper PDF Mirage: Content Masking Attack Against Information-Based Online Services Paper Loophole: Timing Attacks on Shared Event Loops in Chrome Paper Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers Paper Speeding up detection of SHA-1 collision attacks using unavoidable attack conditions Paper Phoenix: Rebirth of a Cryptographic Password-Hardening Service Paper Vale: Verifying High-Performance Cryptographic Assembly Code Paper Exploring User Perceptions of Discrimination in Online Targeted Advertising Paper Measuring the Insecurity of Mobile Deep Links of Android Paper How the Web Tangled Itself: Uncovering the History of Client-Side Web (In)Security Paper Towards Efficient Heap Overflow Discovery Paper DR.
Leer más