Vídeos DEF CON 26

DEF CON 26 Aquí os dejo los vídeos que se han publicado de DEF CON 26). Ya tenéis entretenimiento para el fin de semana que se avecina. Recuerda que también tienes el material disponible. Rob Joyce - NSA Talks Cybersecurity Eyal Itkin, Yaniv Balmas - What the Fax?! Josh Mitchell - Ridealong Adventures: Critical Issues with Police Body Cameras Svea, Suggy, Till - Inside the Fake Science Factory Ladar Levison, hon1nbo - Booby Trapping Boxes 0x200b - Detecting Blue Team Research Through Targeted Ads Si, Agent X - Wagging the Tail:Covert Passive Surveillance Alexei Bulazel - Reverse Engineering Windows Defenders Emulator Alfonso Alguacil and Murillo Moya - Playback a TLS 1 point 3 story Bui and Rao - Last mile authentication problem Exploiting the missing link Champion and Law - Building the Hacker Tracker Christopher Domas - GOD MODE UNLOCKED Hardware Backdoors in redacted x86 Christopher Domas - The Ring 0 Facade Awakening the Processors Inner Demons Damien virtualabs Cauquil - You had better secure your BLE devices Douglas McKee - 80 to 0 in Under 5 Seconds Daniel Crowley and Panel - Outsmarting the Smart City delta zero and Azeem Aqil - Your Voice is My Passport Daniel Zolnikov - A Politicians Successful Efforts to Fight Surveillance Dr Holtmanns and Singh - 4G Who is Paying Your Cellular Phone Bill Video Dr Rasthofer and Panel - Worrisome Security Issues in Tracker Apps Dr Matthews and Panel - A DEF CON Guide to Adversarial Testing of Software Elinor Mills and Panel - The L0pht Testimony 20 Years Later and Other Things Foster and Ayrey - Dealing with Residual Certificates for Pre-owned Domains Franklin and Franklin - Defending the 2018 Midterm Elections from Foreign Adversaries Gabriel Ryan - Bypassing Port Security In 2018 Defeating MacSEC and 802 1x 2010 George Tarnovsky - You Can Run but You Cant Hide Reverse Engineering Using X-Ray Greenstadt and Dr Caliskan - De-anonymizing Programmers from Source Code Guang Gong - Pwning theToughest Target, the Largest Bug Bounty in the History of ASR HuiYu and Qian - Breaking Smart Speakers We are Listening to You Ian Haken - Automated Discovery of Deserialization Gadget Chains Izycki and Colli - Digital Leviathan A Comprehensive List of Nation State Big Brothers Jeanette Manfra - Securing our Nations Election Infrastructure Joe Rozner - Synfuzz Building a Grammar Based Retargetable Test Generation Framework Johnson and Stavrou - Vulnerable Out of the Box - Evaluation of Android Carrier Devices Josep Pi Rodriguez - WingOS: How to Own Millions of Devices .
Leer más

Vídeos De Usenix 17

USENIX 17 Además del material de USENIX 17, ya están disponibles también los vídeos de las charlas. Aquí tenéis la lista completa: Opening Remarks and Awards When Your Threat Model Is “Everything”: Defensive Security in Modern Newsrooms How Double-Fetch Situations turn into Double-Fetch Vulnerabilities… Postmortem Program Analysis with Hardware-Enhanced Post-Crash Artifacts Ninja: Towards Transparent Tracing and Debugging on ARM Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX On the effectiveness of mitigations against floating-point timing channels Constant-Time Callees with Variable-Time Callers Neural Nets Can Learn Function Type Signatures From Binaries CAn’t Touch This… Efficient Protection of Path-Sensitive Control Security Digtool: A Virtualization-Based Framework for Detecting Kernel Vulnerabilities kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels Venerable Variadic Vulnerabilities Vanquished Towards Practical Tools for Side Channel Aware Software Engineering… Strong and Efficient Cache Side-Channel Protection… CacheD: Identifying Cache-Based Timing Channels in Production Software An Ant in a World of Grasshoppers From Problems to Patterns to Practice… BinSim: Trace-based Semantic Binary Diffing… PlatPal: Detecting Malicious Documents with Platform Diversity Malton: Towards On-Device Non-Invasive Mobile Malware Analysis for ART Global Measurement of DNS Manipulation Characterizing the Nature and Dynamics of Tor Exit Blocking DeTor: Provably Avoiding Geographic Regions in Tor SmartAuth: User-Centered Authorization for the Internet of Things AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings 6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices Identifier Binding Attacks and Defenses in Software-Defined Networks HELP: Helper-Enabled In-Band Device Pairing… Attacking the Brain: Races in the SDN Control Plane Detecting Credential Spearphishing in Enterprise Settings SLEUTH: Real-time Attack Scenario Reconstruction from COTS Audit Data When the Weakest Link is Strong… Hacking in Darkness: Return-oriented Programming against Secure Enclaves vTZ: Virtualizing ARM TrustZone Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing AuthentiCall: Efficient Identity and Content Authentication for Phone Calls Picking Up My Tab… TrustBase: An Architecture to Repair and Strengthen… Transcend: Detecting Concept Drift in Malware Classification Models Syntia: Synthesizing the Semantics of Obfuscated Code Predicting the Resilience of Obfuscated Code… Differential Privacy: From Theory to Deployment OSS-Fuzz - Google’s continuous fuzzing service for open source software Extension Breakdown… CCSP: Controlled Relaxation of Content Security Policies… Same-Origin Policy: Evaluation in Modern Browsers Locally Differentially Private Protocols for Frequency Estimation BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model Computer Security, Privacy, and DNA Sequencing… BootStomp: On the Security of Bootloaders in Mobile Devices Seeing Through The Same Lens… Oscar: A Practical Page-Permissions-Based Scheme… PDF Mirage: Content Masking Attack Against Information-Based Online Services Loophole: Timing Attacks on Shared Event Loops in Chrome Game of Registrars… Speeding up detection of SHA-1 collision attacks… Phoenix: Rebirth of a Cryptographic Password-Hardening Service Vale: Verifying High-Performance Cryptographic Assembly Code Exploring User Perceptions of Discrimination in Online Targeted Advertising Measuring the Insecurity of Mobile Deep Links of Android How the Web Tangled Itself Towards Efficient Heap Overflow Discovery DR.
Leer más

Vídeos de Usenix Enigma 2017

Aquí tenéis los charlas (vídeos y algunas diapositivas) de la edición de este año de la conferencia Usenix Enigma: Human Computation with an Application to Passwords Moving Account Recovery beyond Email and the “Secret” Question Secrets at Scale: Automated Bootstrapping of Secrets & Identity in the Cloud Inside “MOAR TLS:” How We Think about Encouraging External HTTPS Adoption on the Web Ghost in the Machine: Challenges in Embedded Binary Security LLC Cache Attacks: Applicability and Countermeasures IoT, a Cybercriminal’s Paradise Hacking Sensors Test Driven Security in Continuous Integration As We May Code Leveraging the Power of Automated Reasoning in Security Analysis of Web Applications and Beyond Startups + Industry: How Everyone Can Win Behaviors and Patterns of Bulletproof and Anonymous Hosting Providers StreamAlert: A Serverless, Real-time Intrusion Detection Engine Neural and Behavioral Insights on Trust What Does the Brain Tell Us about Usable Security?
Leer más

Vídeos de RSA USA 2017

Si no tienes nada que hacer este fin de semana, aquí tienes lo vídeos de la conferencia RSA USA 2017. Hello False Flags! The Art of Deception in Targeted Attack Attribution The Blockchain Identity Crisis From Boot-to-Root: A Method for Successful Security Training CISO as Change Agent: Getting to Yes Deconstructing Identity Analytics for Higher Risk Awareness IoT: End of Shorter Days Workplace Violence and IT Sabotage: Two Sides of the Same Coin?
Leer más

Vídeos de ekoparty 12 - 2016

Si no tienes nada planeado para este fin de semana, aquí tienes algo de distracción, los vídeos de las charlas de la pasada conferencia sobre seguridad informática celebrada en Buenos Aires, Argentina, Ekoparty 12. Tyler Curtis - Encryption out of LINE Juan Berner - Exploiting A/B Testing for Fun and Profit Nahuel Cayetano Riva - Getting fun with Frida Rodrigo Cetera y Javier Bassi - #KillTheHashes - El Gran Libro para Colorear Malware Ezequiel Fernandez y Sergio Viera - Multiple Vulnerabilities in SE PLC Joernchen - Let Me GitHub That For You (2016 Argentinian Edition) Martin Gendler - Juegos Online, Sociedad y Privacidad: un recorrido socio-histórico Sheila Berta y Claudio Caracciolo - Backdooring CAN Bus for Remote Car Hacking Nahuel Sánchez y Sergio Abraham - SAP HANA under the hood Enrique Nissim - I Know Where Your Page Lives: De-randomizing the Windows 10 Kernel Sebastian Garcia - Stratosphere IPS.
Leer más

Vídeos del Chaos Communication Congress (33c3)

Aunque el congreso sobre hacking/seguridad, Chaos Communication Congress todavía no ha terminado, los vídeos de las charlas que ya se han dado están disponibles. En los momentos de escribir estas líneas, estos son los vídeos disponibles: 33C3 Closing Ceremony Security Nightmares 0x11 Surveilling the surveillers 33C3 Infrastructure Review Virtual Secure Boot The Ultimate Game Boy Talk Privatisierung der Rechtsdurchsetzung Warum in die Ferne schweifen, wenn das Ausland liegt so nah?
Leer más

Vídeos de App Sec USA 2016

Ya están disponibles los vídeos de las presentaciones de App Sec USA 2016 Cleaning Your Applications’ Dirty Laundry with Scumblr - AppSecUSA 2016 Everything is Terrible: Three Perspectives on Building, Configuring, and Securing Software HTTPS & TLS in 2016: Security practices from the front lines - AppSecUSA 2016 Justin Collins - Practical Static Analysis for Continuous Application Security - AppSecUSA 2016 Using language-theoretics and runtime visibility to align AppSec with DevOps - AppSecUSA 2016 Manideep Konakandla - Breaking and Fixing your ‘Docker’ ized environments - AppSecUSA 2016 Chris Gates & Ken Johnson - DevOops: Redux - AppSecUSA 2016 Zane Lackey - Practical tips for web application security in the age of agile and DevOps Chenxi Wang - Protect Containerized Applications With System Call Profiling - AppSecUSA 2016 Scaling Security Assessment at the Speed of DevOps - AppSecUSA 2016 Yair Amit - The Ways Hackers Are Taking To Win The Mobile Malware Battle - AppSecUSA 2016 Your License for Bug Hunting Season - AppSecUSA 2016 When encryption is not enough: Attacking Wearable - AppSecUSA 2016 Jimmy Mesta - Containerizing your Security Operations Center - AppSecUSA 2016 Practical Tips For Running A Successful Bug Bounty Program - AppSecUSA 2016 Simon Thorpe - Why using SMS in the authentication chain is risky - AppSecUSA 2016 Marco Lancini - Needle: Finding Issues within iOS Applications - AppSecUSA 2016 Patterns of Authentication and Self-Announcement in IoT - AppSecUSA 2016 [AUDIO] Should there be an Underwriters Laboratories certification for software in IoT products?
Leer más

Vídeos de DEF CON 24

Junto con las presentaciones de DEF CON 24, ya también tenemos acceso a los vídeos: WIFI 204 Insteon, Inste off, Inste open WIFI 202 Evil ESP WIFI 201 WCTF Day 2 Kickoff WIFI 105 Introducing the HackMeRF WIFI 104 Handing Full Control of the Radio Spectrum Over to the Machines WIFI 103 How Do IBLE Hacking WIFI 102 Decoding LoRa Exploring Next Gen Wireless WIFI 101 Wireless Capture the Flag Inbrief Weaponizing Data Science for Social Engineering Automated E2E spear phishing on Twit weaponize your feature codes VLAN hopping, ARP poisoning & MITM Attacks in Virtualized Environments Use Their Machines Against Them Loading Code with a Copier Universal Serial aBUSe Remote physical access attacks toxic proxies bypassing HTTPS and VPNs to pwn your online identity The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engin the next gen of emergency ph0nage T1 Jeopardy 2 T1 Jeopardy 1 Stumping the Mobile Chipset sticky keys to the kingdom Stargate Pivoting Through VNC To Own Internal Networks so you think you want to be a pentester Slouching Towards Utopia The State of the Internet Dream Sk3wlDbg Emulating all well many of the things with Ida Six Degrees of Domain Admin Side channel attacks on high security electronic safe locks sentient storage do ssd’s have a mind of their own secure penetration testing operations SE 301 The Live SE Podcast SE 205 Advanced Social Engineering Techniques and The Rise of Cyber Scam Industrial SE 204 How to Un Work your job Revolutionism Radicals, and Engineering by Committee SE 203 SCAM CALL Call Dropped SE 202 Total Fail and Bad Mistakes I’ve Made a Few SE 201 Human Hacking You ARE the weakest link SE 105 You are being manipulated SE 104 US Interrogation Techniques and Social Engineering SE 103 7 Jedi Mind Tricks Influence Your Target without a Word SE 102 The Wizard of Oz Painting a reality through deception SE 101 Does Cultural differences become a barrier for social engineering Samsung Pay Tokenized Numbers, Flaws and Issues Robot Hacks Video Games How TASBot Exploits Consoles with Custom Controllers Retweet to win How 50 lines of Python made me the luckiest guy on Twitter Research on the Machines Help the FTC Protect Privacy & Security real time bluetooh device detection with blue hydra propaganda and you Project CITL Playing Through the Pain The Impact of Secrets and Dark Knowledge Platform Agnostic Kernel Fuzzing pin2pwn How to Root an Embedded Linux Box with a Sewing Needle Picking Bluetooth Low Energy Locks from a Quarter Mile Away phishing without failure and frustration PH 301 Packet Hacking Village, Block 5 PH 202 Packet Hacking Village, Block 4 PH 201 Packet Hacking Village, Block 3 PH 102 Packet Hacking Village, Block 2 PH 101 Packet Hacking Village, Block 1 network protocol reverse engineering Mr Robot Panel MouseJack Injecting Keystrokes into Wireless Mice mouse jiggler offense and defense malware command and control channels a journey into darkness Maelstrom are you plaing with a full deck Machine Duping Pwning deep learning systems LOCK 302 Sesame Style Pad Locks LOCK 203 Intro to LockpickingPower LOCK 202 Intro to LockpickingPower LOCK 201 Intro to LockpickingDuffley LOCK 104 Intro to Lock PickingFitzhugh LOCK 102 Locking Picking 101 LOCK 101 Locking Picking 101 Light Weight Protocol!
Leer más

Vídeos de Black Hat USA 2016

Ya también están disponibles de los vídeos de Black Hat USA 2016, así como el material presentado: Why This Internet Worked How We Could Lose It and the Role Hackers Play A Journey From JNDI/LDAP Manipulation to Remote Code Execution Dream Land The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud Applied Machine Learning for Data Exfil and Other Fun Topics Canspy: A Platform for Auditing Can Devices Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization Over the Edge: Silently Owning Windows 10's Secure Browser How to Make People Click on a Dangerous Link Despite Their Security Awareness Certificate Bypass: Hiding and Executing Malware From a Digitally Signed Executable Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network Drone Attacks on Industrial Wireless: A New Front in Cyber Security Hackproofing Oracle Ebusiness Suite Using Undocumented CPU Behavior to See Into Kernel Mode and Break Kaslr in the Process Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool Measuring Adversary Costs to Exploit Commercial Software Removing Roadblocks to Diversity HEIST: HTTP Encrypted Information Can Be Stolen Through TCP-Windows Memory Forensics Using Virtual Machine Introspection for Cloud Computing Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Towards a Holistic Approach in Building Intelligence to Fight Crimeware Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root The Remote Malicious Butler Did It!
Leer más