Fuente: https://toggl.com/programming-princess

Mis favoritos son Lisp y PHP, los ha clavado! :D

Sí, has leído bien el título. TetrOS es una versión del juego de Tetris que cabe perfectamente en el sector de arranque de tu disco.

El sector de arranque tiene un tamaño reservado de 512 bytes, y TetrOS sólo ocupa 446 bytes, el tamaño exacto del gestor de arranque del registro de arranque principal (Master Boot Record o MBR). Con lo que podríamos instalar TetrOS en el sector de arranque de nuestro disco duro y no necesitaríamos ni siquiera tener un sistema operativa, de ahí el nombre TetrOS (Tetris Operating System).

No es por muchos conocido, pero la editorial O’Reilly tiene una gran selección de libros gratuitos disponibles para descarga sobre varias materias. A continuación os dejo una de lista agrupada por tema:

• Programming

  • Ten Steps to Linux Survival - PDF, ePub, Mobi
  • Open by Design - PDF, ePub, Mobi
  • Getting Started with InnerSource - PDF, ePub, Mobi
  • Microservices AntiPatterns and Pitfalls - PDF, ePub, Mobi
  • Microservices vs. Service-Oriented Architecture - PDF, ePub, Mobi
  • Software Architecture Patterns - PDF, ePub, Mobi
  • Migrating to Cloud-Native Application Architectures - PDF, ePub, Mobi
  • Reactive Microservices Architecture: Design Principles for Distributed Systems - PDF, ePub, Mobi
  • An Engineering Managers Guide to Design Patterns - PDF, ePub, Mobi
  • Azure for Developers - PDF, ePub, Mobi

• Business

  • The Secrets Behind Great One-on-One Meetings - PDF, ePub, Mobi
  • Designing Culture: Behavioral Strategy for the Workplace - PDF, ePub, Mobi
  • The New Manager Mindset - PDF, ePub, Mobi
  • Introduction to OKRs - PDF, ePub, Mobi
  • Serving Workers in the Gig Economy: Emerging Resources for the On-Demand Workforce - PDF, ePub, Mobi
  • Build to Lead: How Lego Bricks Can Make You a Better Leader - PDF, ePub, Mobi
  • Your Critical First 10 Days as a Leader - PDF, ePub, Mobi
  • Three Critical Shifts in Thinking for the Evolving Leader - PDF, ePub, Mobi
  • Startup Essentials - PDF, ePub, Mobi
  • What’s the Future of Work? - PDF, ePub, Mobi

• Data

  • 2016 Data Science Salary Survey - PDF, ePub, Mobi
  • Embedding Analytics in Modern Applications - PDF, ePub, Mobi
  • Data Science in the Cloud with Microsoft Azure Machine Learning and Python - PDF, ePub, Mobi
  • Self-Service Analytics - PDF, ePub, Mobi
  • Going Pro in Data Science - PDF, ePub, Mobi
  • Evaluating Machine Learning Models - PDF, ePub, Mobi
  • What is Data Science? - PDF, ePub, Mobi
  • What Are Conversational Bots? - PDF, ePub, Mobi
  • The New Artificial Intelligence Market - PDF, ePub, Mobi
  • AI and Medicine - PDF, ePub, Mobi
  • What is Artificial Intelligence? - PDF, ePub, Mobi
  • The Future of Machine Intelligence - PDF, ePub, Mobi
  • Data, Technology, and the Future of Play - PDF, ePub, Mobi
  • Data and Democracy: How Political Data Science Is Shaping the 2016 Elections - PDF, ePub, Mobi
  • Advancing Procurement Analytics - PDF, ePub, Mobi
  • The Big Data Market - PDF, ePub, Mobi
  • Analyzing Data in the Internet of Things - PDF, ePub, Mobi
  • The Business of Genomic Data - PDF, ePub, Mobi
  • Getting Analytics Right - PDF, ePub, Mobi
  • Data Science, Banking, and Fintech - PDF, ePub, Mobi
  • Architecting for Access: Simplifying Analytics on Big Data Infrastructure - PDF, ePub, Mobi
  • Hadoop and Spark Performance for the Enterprise - PDF, ePub, Mobi
  • In Search of Database Nirvana - PDF, ePub, Mobi
  • Making Sense of Stream Processing - PDF, ePub, Mobi
  • Architecting Data Lakes - PDF, ePub, Mobi
  • Hadoop: What You Need to Know - PDF, ePub, Mobi
  • Fast Data: Smart and at Scale - PDF, ePub, Mobi
  • Migrating Big Data Analytics into the Cloud - PDF, ePub, Mobi

• IoT

  • Ambient Computing - PDF, ePub, Mobi
  • Governing the IoT - PDF, ePub, Mobi
  • Opportunities and Challenges in the IoT - PDF, ePub, Mobi
  • Creating Functional Teams for the IoT - PDF, ePub, Mobi
  • Building a Hardware Business - PDF, ePub, Mobi
  • When Hardware Meets Software - PDF, ePub, Mobi
  • What Is the Internet of Things? - PDF, ePub, Mobi
  • Software Above the Level of a Single Device: The Implications - PDF, ePub, Mobi
  • Software & Hardware Collide - PDF, ePub, Mobi
  • Hardware by the Numbers: Startups - PDF, ePub, Mobi
  • Innovation - PDF, ePub, Mobi
  • Pitching Your IoT Project: How to Get Executive Buy-In - PDF, ePub, Mobi
  • User Experience Design for the Internet of Things - PDF, ePub, Mobi
  • The Internet as Material - PDF, ePub, Mobi
  • Designing for the Internet of Things - PDF, ePub, Mobi
  • Ambient Computing - PDF, ePub, Mobi
  • Smart Energy - PDF, ePub, Mobi
  • Smart Cities, Smarter Citizens - PDF, ePub, Mobi
  • Evaluating and Choosing an IoT Platform - PDF, ePub, Mobi
  • Evolving Infrastructures of the Industrial IoT - PDF, ePub, Mobi
  • Life: Sustainable, Programmable, Bottom-Up Manufacturing - PDF, ePub, Mobi
  • 3D Printing Primer - PDF, ePub, Mobi
  • Predictive Maintenance - PDF, ePub, Mobi
  • Industrial Internet - PDF, ePub, Mobi

• Security

  • Cracking Security Misconceptions: Untangling Common Myths About Modern Information Security - PDF, ePub, Mobi
  • Patrolling the Dark Net: What You Don't Know Will Hurt You - PDF, ePub, Mobi
  • DevOpsSec: Securing Software through Continuous Delivery - PDF, ePub, Mobi
  • Not All Data Is Created Equal: Balancing Risk and Reward in a Data-Driven Economy - PDF, ePub, Mobi
  • Who Are the Bad Guys and What Do They Want? - PDF, ePub, Mobi
  • Docker Security - PDF, ePub, Mobi
  • The Security Data Lake - PDF, ePub, Mobi

• Web

  • Python Web Frameworks - PDF, ePub, Mobi
  • Modern SVG: A Curated Collection of Chapters from the O’Reilly SVG Library - PDF, ePub, Mobi
  • The Little Book of HTML/CSS Coding Guidelines - PDF, ePub, Mobi
  • Upgrading to PHP 7 - PDF, ePub, Mobi
  • Static Site Generators - PDF, ePub, Mobi
  • Transforms in CSS - PDF, ePub, Mobi
  • Getting Started with the Web - PDF, ePub, Mobi
  • Modern JavaScript - PDF, ePub, Mobi
  • Designing Great Web APIs - PDF, ePub, Mobi
  • The Little Book of HTML/CSS Frameworks - PDF, ePub, Mobi
  • Next.JS: A Manager's Guide - PDF, ePub, Mobi

• WebOps

  • Effective Performance Engineering - PDF, ePub, Mobi
  • Optimizing Cloud Migration - PDF, ePub, Mobi
  • Web Performance Warrior - PDF, ePub, Mobi
  • Web Page Size, Speed, and Performance - PDF, ePub, Mobi
  • HTTP/2: A New Excerpt from High Performance Browser Networking - PDF, ePub, Mobi
  • Compliance at Speed - PDF, ePub, Mobi
  • Mobile App Analytics - PDF, ePub, Mobi
  • Monitoring Distributed Systems: Case Studies from Google's SRE Teams - PDF, ePub, Mobi
  • Release Engineering: How Google Builds and Delivers Software - PDF, ePub, Mobi
  • Beyond the Twelve-Factor App - PDF, ePub, Mobi
  • Docker in the Cloud - PDF, ePub, Mobi
  • Network Automation with Ansible - PDF, ePub, Mobi
  • Are Your Networks Ready for the IoT? - PDF, ePub, Mobi
  • Docker Networking and Service Discovery - PDF, ePub, Mobi
  • Immutable Infrastructure - PDF, ePub, Mobi
  • Continuous Delivery with Windows and .NET - PDF, ePub, Mobi
  • Docker Security - PDF, ePub, Mobi
  • Kubernetes: Scheduling the Future at Cloud Scale - PDF, ePub, Mobi
  • Modern Web Operations - PDF, ePub, Mobi
  • Field Guide to the Distributed Development Stack - PDF, ePub, Mobi
  • 5 Unsung Tools of DevOps - PDF, ePub, Mobi
  • Lightweight Systems for Realtime Monitoring - PDF, ePub, Mobi
  • Anomaly Detection for Monitoring: A Statistical Approach to Time Series Anomaly Detection - PDF, ePub, Mobi
  • Are Your Networks Ready for the IoT? - PDF, ePub, Mobi
  • Network Automation with Ansible - PDF, ePub, Mobi
  • DevOpsSec: Securing Software through Continuous Delivery - PDF, ePub, Mobi
  • DevOps for Finance - PDF, ePub, Mobi
  • Building an Optimized Business - PDF, ePub, Mobi
  • Everything Is Distributed - PDF, ePub, Mobi
  • DevOps in Practice - PDF, ePub, Mobi
  • The Human Side of Postmortems - PDF, ePub, Mobi
  • Learning from First Responders: When Your Systems Have to Work - PDF, ePub, Mobi
  • DevOps Hiring - PDF, ePub, Mobi
  • Antifragile Systems and Teams - PDF, ePub, Mobi

Société Générale y Groupe BPCE, dos bancos franceses empiezan a emitir tarjetas de crédito con tecnología “Motion Code” (PDF).

Esta tecnología es una vuelta de tuerca a la lucha contra el fraude online. Básicamente lo que hace es generar cada hora un Código de Seguridad nuevo, también llamado Verificación de Datos de Tarjeta, Número de Verificación de Tarjeta, Valor de Verificación de Tarjeta (CVV). Éste código es uno de los datos requeridos para transacciones online, por lo que si alguien te roba los datos de tu tarjeta, tendría un plazo de 1 hora como máximo para efectuar algún tipo de transacción online, lo que sería muy como común.

Ya tenemos disponibles los vídeos (faltan algunos) de una de las conferencias que más ha crecido en los últimos años: Derbycon. La edición de este año 2016 acaba de terminar y nos ha dejado un gran número de charlas interesantes:

• Key Note - Jeffrey Snover, Lee Holmes
• Carlos Perez - Thinking Purple
• Ed Skoudis - Internet of Things, Voice Control, AI, and Office Automation: BUILDING YOUR VERY OWN J.A.R.V.I.S.
• David Maloney, James Lee, Brent Cook, Tod Beardsley, Lance Sanchez - Metasploit Townhall
• Parker Schmitt - Data Obfuscation: How to hide data and payloads to make them "not exist"
• Jason Smith - Go with the Flow
• Devon Greene - Abusing RTF: Evasion, Exploitation and Counter Measures
• Mubix "Rob" Fuller - Writing malware while the blue team is staring at you
• Christopher Hadnagy - Mind Reading for Fun and Profit using DISC
• JDuck - Stagefright: An Android Exploitation Case Study
• Arian J Evans & James Pleger - Top 10 2015-2016 compromise patterns observed & how to use non-traditional Internet datasets to detect & avoid them
• Aaron Lafferty - Information Security Proposed Solutions Series - 1. Talent
• Alfredo Ramirez - DNSSUX
• Tyler Halfpop , Jacob Soo - Macs Get Sick Too
• Joe Desimone - Hunting for Exploit Kits
• Stephen Breen, Chris Mallz - Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM
• Nick Cano - +1,000,000 -0: Cloning a Game Using Game Hacking and Terabytes of Data
• Wartortell and Aaron Bayles - Nose Breathing 101: A Guide to Infosec Interviewing
• William McLaughlin - Android Patchwork
• Will Schroeder, Matt Nelson - A Year in the Empire
• Kevin Johnson and Jason Gillam - Next Gen Web Pen Testing: Handling modern applications in a penetration test
• Ken Johnson, Chris Gates - DevOops Redux
• Ryan Voloch and Peter Giannoutsos - To Catch a Penetration Tester: Top SIEM Use Cases
• Spencer McIntyre - Is that a penguin in my Windows?
• Brent White && Tim Roberts - Real World Attacks VS Check-box Security
• Ben0xA - PowerShell Secrets and Tactics
• Michael Allen - Beyond The ?Cript: Practical iOS Reverse Engineering
• Jayson E. Street - .... and bad mistakes I've made a few.....
• Matthew Dunwoody, Nick Carr - No Easy Breach: Challenges and Lessons from an Epic Investigation
• Natalie Vanatta - ARRR Maties! A map to the legal hack-back
• Michael Wharton, Project MVP - Hacking and Protecting SharePoint
• Marcello Salvati - CrackMapExec - Owning Active Directory by using Active Directory
• Rockie Brockway & Adam Hogan - Adaptation of the Security Sub-Culture
• Zach Grace, Brian Genz - Better Network Defense Through Threat Injection and Hunting
• nyxgeek - Hacking Lync (or, 'The Weakest Lync')
• Kevin Gennuso - Responder for Purple Teams
• Ken Toler - Metaprogramming in Ruby and doing it wrong.
• Paul Coggin - Exploiting First Hop Protocols to Own the Network
• Nick Landers - Outlook and Exchange for the Bad Guys
• Valerie Thomas and Harry Regan - It's Never So Bad That It Can't Get Worse
• Nathan Clark - AWSh*t. Pay-as-you-go Mobile Penetration Testing
• Nancy Snoke - Evolving your Office's Security Culture
• Michael Schearer - Confronting Obesity in Infosec
• Mark Mager - Defeating The Latest Advances in Script Obfuscation
• Michael Gough - From Commodity to Advanced (APT) malware, are automated malware analysis sandboxes as useful as your own basic manual analysis?
• Tim MalcomVetter - Breaking Credit Card Tokenization Without Cryptanalysis
• Bill V – Privileged Access Workstations (PAWs)
• Scott Lyons and Joshua Marpet - Business Developement: The best non-four letter dirty word in infosec.
• Scot Berner, Jason Lang - Tool Drop 2.0 - Free As In Pizza
• Joseph Tegg - We're a Shooting Gallery, Now What?
• Doug Burns - Malicious Office Doc Analysis for EVERYONE!
• Sean Metcalf & Will Schroeder - Attacking EvilCorp: Anatomy of a Corporate Hack
• Matt Graeber, Jared Atkinson - Living Off the Land 2: A Minimalist's Guide to Windows Defense
• Kyle Wilhoit - Point of Sale Voyuer- Threat Actor Attribution Through POS Honeypots
• Jeremy Mio, David Lauer, Mike Woolard - The Art of War, Attacking the Organization and Raising the Defense
• Justin Herman & Anna-Jeannine Herman - The 1337 Gods of Geek Mythology
• Josh Huff - Open Source Intelligence - What I learned by being an OSINT creeper
• Jay Beale - Phishing without Failure and Frustration
• Larry Pesce - I don't give one IoTA: Introducing the Internet of Things Attack Methodology.
• Anti-Forensics AF int0x80 (of Dual Core)
• Deral Heiland, Matthew Kienow - Managed to Mangled: Exploitation of Enterprise Network Management Systems
• Joey Maresca - Finding Your Balance
• EvilMog - Hashcat State of the Union
• egypt - New Shiny in Metasploit Framework
• Hacking with Ham Radios: What I have learned in 25 years of being a ham.
• John Strand - Penetration Testing Trends
• Ellen Hartstack and Matthew Sullivan - Garbage in, garbage out
• Casey Smith - Establishing A Foothold With JavaScript
• Jesika McEvoy - Overcoming Imposter Syndrome (even if you're totally faking it)
• FuzzyNop - Embrace the Bogeyman: Tactical Fear Mongering for Those Who Penetrate
• Eric Conrad - Introducing DeepBlueCLI, a PowerShell module for hunt teaming via Windows event logs
• Dr. Jared DeMott & Mr. Josh Stroschein - Using Binary Ninja for Modern Malware Analysis
• Scott M - Fuzzing basics...how to break software
• Craig Bowser - Security v. Ops: Bridging the Gap
• Chris "Lopi" Spehn - From Gaming to Hacking The Planet
• Jason Blanchard - How to Social Engineer your way into your dream job!
• Lee Holmes - Attackers Hunt Sysadmins - It's time to fight back
• Adam Compton, Austin Lane - Scripting Myself Out of a Job - Automating the Penetration Test with APT2
• Branden Miller - Hacking for Homeschoolers: STEM projects for under $20
• Scott Sutherland - SQL Server Hacking on Scale using PowerShell
• Brian Marks, Andrea Sancho Silgado - Dive into DSL: Digital Response Analysis with Elasticsearch
• David Schwartzberg and Chris Sistrunk - Make STEHM Great Again
• Charles L. Yost - Python 3: It's Time
• Philip Martin - DNS in Enterprise IR: Collection, Analysis and Response
• Drew Branch - Need More Sleep? REST Could Help
• Bill Gardner - Making Our Profession More Professional
• Abe Miller - How are tickets paid for?
• Bill Sempf - Breaking Android Apps for Fun and Profit
• Amanda Berlin & Lee Brotherston - So You've Inherited a Security Department, Now What?
• Brandon Young - Reverse engineering all the malware... and why you should stop.
• Nathan Magniez - Body Hacking 101 (or a Healthy Lifestyle for Security Pros)
• Jimmy Byrd - Security Automation in your Continuous Integration Pipeline
• Chad M. Dewey - Cruise Ship Security OR Hacking the High Seas
• Karl Fosaaen - Attacking ADFS Endpoints with PowerShell
• Stephen Hilt - The 90's called, they want their technology back
• Lee Neely - Web Security for Dummies
• Kirk Hayes - I Love myBFF (Brute Force Framework)
• Cameron Craig, Keith Conway - Nobody gets fired by choosing IBM... but maybe they should.
• Mirovengi - Shackles, Shims, and Shivs - Understanding Bypass Techniques
• Jared Haight - Introducing PowerShell into your Arsenal with PS>Attack
• James Jardine - Recharging Penetration Testing to Maximize Value
• hypervista - Poetically Opaque (or other John Updike Quotes)
• David Boyd - Hack Yourself: Building A Pentesting Lab
• Ronnie Flathers - Abusing Linux Trust Relationships: Authentication Back Alleys and Forgotten Features
• Salvador Mendoza - Samsung Pay: Tokenized Numbers, Flaws and Issues
• Andrew Krug & Alex McCormack - Hardening AWS Environments and Automating Incident Response
• Andrew Plunkett - Yara Rule QA: Can't I Write Code to do This for Me?
• Anthony Kasza - Java RATS: Not even your Macs are safe
• Beau Bullock, Derek Banks, Joff Thyer - The Advanced Persistent Pentester (All Your Networks Are Belong 2 Us)
• Russell Butturini - Fire Away! Sinking the Next Gen Firewall
• Daniel Bohannon - Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e`Tec`T 'Th'+'em'
• Dav Wilson - Mobile Device Forensics
• Casey Cammilleri & Hans Lakhan - Hashview, a new tool aimed to improve your password cracking endeavors.
• Brian Fehrman - Hardware Hacking the Easyware Way
• Matthew Lichtenberger - PacketKO - Data Exfiltration Via Port Knocking
• Jamie Murdock - Ransomware: An overview
• Ben Stillman - MariaDB: Lock it down like a chastity belt
• Aaron Guzman - IoT Defenses - Software, Hardware, Wireless and Cloud
• Adam Cammack & Brent Cook - Static PIE: How and Why
• Braden Hollembaek, Adam Pond - Finding a Weak Link: Attacking Windows OEM Kernel Drivers
• Dan Bougere - The Beginner's Guide to ICS: How to Never Sleep Soundly Again

El congreso RootedValencia se celebrará los días 9 y 10 de Septiembre. El viernes día 9 tendrá lugar un training llamado "RB16-1 Hacking ético" (pulsa aquí para más información) y durante el sábado día 10 se celebrarán conferencias desde las 10am hasta las 8pm. Nosotros estaremos por allí el sábado para saludar a viejos y nuevos amigos, disfrutar de las conferencias y además tomar algunas cervezas ;)

Lugar: ADEIT - Fundación Universidad - Plaza Virgen de la Paz, 3, 46001 Valencia (España)

Los que seáis asiduos a participar en CTFs ya probablemente conozcáis el proyecto Pwntools.

Éste es un conjunto de utilidades, librerías o framework pensado para hacerte la vida más fácil a la hora de escribir tus exploits o soluciones en los dichos CTFs. Está escrito en Python y provee de una gran cantidad de módulos específicos para cada tarea:

• pwnlib.adb — Android Debug Bridge
• pwnlib.asm — Assembler functions
• pwnlib.atexception — Callbacks on unhandled exception
• pwnlib.atexit — Replacement for atexit
• pwnlib.constants — Easy access to header file constants
• pwnlib.context — Setting runtime variables
• pwnlib.dynelf — Resolving remote functions using leaks
• pwnlib.encoders — Encoding Shellcode
• pwnlib.elf — Working with ELF binaries
• pwnlib.exception — Pwnlib exceptions
• pwnlib.fmtstr — Format string bug exploitation tools
• pwnlib.gdb — Working with GDB
• pwnlib.log — Logging stuff
• pwnlib.memleak — Helper class for leaking memory
• pwnlib.replacements — Replacements for various functions
• pwnlib.rop — Return Oriented Programming
• pwnlib.rop.rop — Return Oriented Programming
• pwnlib.rop.srop — Sigreturn Oriented Programming
• pwnlib.runner — Running Shellcode
• pwnlib.shellcraft — Shellcode generation
• pwnlib.shellcraft.amd64 — Shellcode for AMD64
• pwnlib.shellcraft.arm — Shellcode for ARM
• pwnlib.shellcraft.common — Shellcode common to all architecture
• pwnlib.shellcraft.i386 — Shellcode for Intel 80386
• pwnlib.regsort — Register sorting
• pwnlib.shellcraft.thumb — Shellcode for Thumb Mode
• pwnlib.term — Terminal handling
• pwnlib.timeout — Timeout handling
• pwnlib.tubes — Talking to the World!
• pwnlib.tubes.process — Processes
• pwnlib.tubes.serialtube — Serial Ports
• pwnlib.tubes.sock — Sockets
• pwnlib.tubes.ssh — SSH
• pwnlib.ui — Functions for user interaction
• pwnlib.useragents — A database of useragent strings
• pwnlib.util.crc — Calculating CRC-sums
• pwnlib.util.cyclic — Generation of unique sequences
• pwnlib.util.fiddling — Utilities bit fiddling
• pwnlib.util.hashes — Hashing functions
• pwnlib.util.iters — Extension of standard module itertools
• pwnlib.util.lists — Operations on lists
• pwnlib.util.misc — We could not fit it any other place
• pwnlib.util.net — Networking interfaces
• pwnlib.util.packing — Packing and unpacking of strings
• pwnlib.util.proc — Working with /proc/
• pwnlib.util.safeeval — Safe evaluation of python code
• pwnlib.util.web — Utilities for working with the WWW

La instalación es muy sencilla:

$ apt-get install python2.7 python2.7-dev python-pip
$ pip install --upgrade pwntools

Aunque Pwntools está desarrollado en sobre Ubuntu, debería de funcionar sin problemas en otras distribuciones Linux e incluso Mac OS X.

Para que te hagas una idea de como usar este framework, aquí tienes un repositorio con algunas soluciones a varios retos usando el mismo. El código fuente del proyecto se encuentra en Github y su documentación aquí.

Otra de las conferencias referentes sobre seguridad, USENIX Security 2016, ha publicado el material presentado:

• Flip Feng Shui: Hammering a Needle in the Software Stack - PDF
• One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation - PDF - Slides
• PIkit: A New Kernel-Independent Processor-Interconnect Rootkit - PDF - Slides
• Verifying Constant-Time Implementations - PDF
• Secure, Precise, and Fast Floating-Point Operations on x86 Processors - PDF - Slides
• überSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor - PDF
• Undermining Information Hiding (and What to Do about It) - PDF
• Poking Holes in Information Hiding - PDF
• What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses - PDF - Slides
• zxcvbn: Low-Budget Password Strength Estimation - PDF - Slides
• Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks - PDF - Slides
• An Empirical Study of Textual Key-Fingerprint Representations - PDF
• Off-Path TCP Exploits: Global Rate Limit Considered Dangerous - PDF
• Website-Targeted False Content Injection by Network Operators - PDF
• The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO - PDF - Slides
• A Comprehensive Measurement Study of Domain Generating Malware - PDF
• Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing - PDF - Slides
• Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution - PDF - Slides
• Egalitarian Computing - PDF
• Post-quantum Key Exchange—A New Hope - PDF
• Automatically Detecting Error Handling Bugs Using Error Specifications - PDF
• APISan: Sanitizing API Usages through Semantic Cross-Checking - PDF
• On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities - PDF
• Defending against Malicious Peripherals with Cinch - PDF - Slides
• Making USB Great Again with USBFILTER - PDF - Slides
• Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks - PDF
• Request and Conquer: Exposing Cross-Origin Resource Size - PDF
• Trusted Browsers for Uncertain Times - PDF
• Tracing Information Flows Between Ad Exchanges Using Retargeted Ads - PDF - Slides
• Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos - PDF - Slides
• Hidden Voice Commands - PDF - Slides
• FlowFence: Practical Data Protection for Emerging IoT Application Frameworks - PDF
• ARMageddon: Cache Attacks on Mobile Devices - PDF - Slides
• DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks - PDF - Slides
• An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries - PDF - Slides
• Stealing Machine Learning Models via Prediction APIs - PDF - Slides
• Oblivious Multi-Party Machine Learning on Trusted Processors - PDF
• Thoth: Comprehensive Policy Compliance in Data Retrieval Systems - PDF - Slides
• Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage - PDF
• Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys - PDF
• DROWN: Breaking TLS Using SSLv2 - PDF - Slides
• All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption - PDF - Slides
• Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software - PDF
• Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services - PDF - Slides
• UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware - PDF - Slides
• Towards Measuring and Mitigating Social Engineering Software Download Attacks - PDF - Slides
• Specification Mining for Intrusion Detection in Networked Control Systems - PDF - Slides
• Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants - PDF - Slides
• Authenticated Network Time Synchronization - PDF
• fTPM: A Software-Only Implementation of a TPM Chip - PDF
• Sanctum: Minimal Hardware Extensions for Strong Software Isolation - PDF - Slides
• Ariadne: A Minimal Approach to State Continuity - PDF
• The Million-Key Question—Investigating the Origins of RSA Public Keys - PDF - Slides
• Fingerprinting Electronic Control Units for Vehicle Intrusion Detection - PDF - Slides
• Lock It and Still Lose It —on the (In)Security of Automotive Remote Keyless Entry Systems - PDF
• OblivP2P: An Oblivious Peer-to-Peer Content Sharing System - PDF
• AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels - PDF
• You Are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors - PDF
• Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 - PDF
• Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification - PDF - Slides
• You've Got Vulnerability: Exploring Effective Vulnerability Notifications - PDF
• Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud - PDF
• ZKBoo: Faster Zero-Knowledge for Boolean Circuits - PDF
• The Cut-and-Choose Game and Its Application to Cryptographic Protocols - PDF - Slides
• On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis - PDF - Slides
• Practical DIFC Enforcement on Android - PDF - Slides
• Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images - PDF
• Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis - PDF
• Identifying and Characterizing Sybils in the Tor Network - PDF - Slides
• k-fingerprinting: A Robust Scalable Website Fingerprinting Technique - PDF
• Protecting Privacy of BLE Device Users - PDF - Slides
• Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles - PDF - Slides

Fuente: http://www.brendangregg.com/Perf/linux_perf_tools_full.png

También tienes una versión SVG.

Una vez más una de las conferencias sobre seguridad informática ha llegado a su fin: DEF CON 24. Por ahora, se han puesto disponible las diapositivas y algún material extra de las presentaciones que se pudieron presenciar.

• Amro-Abdelgawad-Extras/
• Jonathan-Brossard-Extras/
• Lucas-Lundgren-Extras/
• Mike-Rich-Extras/
• Regilero-Extras/
• Robert-Olson-Extras/
• Seymour-Tully-Extras/
• SixVolts-and-Haystack-Extras/
• Wesley-McGrew-Extras/
• 3alarmlampscoot-DIY-Nukeproofing.pdf
• Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf
• Allan-Cecil-dwangoAC-Tasbot-The-Perfectionist.pdf
• Amro-Abdelgawad-The-Remote-Metamorphic-Engine.pdf
• Anch-So-you-want-to-be-a-pentester-DC101.pdf
• Anto-Joseph-Fuzzing-Android-Devices.pdf
• Arnaud-Soullie-Workshop-Pentesting-ICS-101.pdf
• Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection-Writeup.pdf
• Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection.pdf
• Benjamin-Holland-Developing-Managed-Code-Rootkits-For-Java-Runtime.pdf
• Bertin-Bervis-James-Jara-Exploiting-And-Attacking-Seismological-Networks-Remotely.pdf
• Bigezy-Saci-Pinworm-MITM-for-Metadata.pdf
• Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle.pdf
• Brad-Woodberg-Malware-Command-And-Control-Channels-A-Journey-Into-Darkness.pdf
• Bryant-Zadegan-Ryan-Lester-Abusing-Bleeding-Edge-Web-Standards-For-Appsec-Glory.pdf
• Chapman-Stone-Toxic-Proxies-Bypassing-HTTPS-and-VPNs.pdf
• Chris-Rock-How-to-overthrow-a-Government-Kuwait-Coup-WP.pdf
• Chris-Rock-How-to-overthrow-a-Government.pdf
• Clarence-Chio-Machine-Duping-101.pdf
• Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools-WP.pdf
• Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools.pdf
• Demay-Lebrun-Canspy-A-Platorm-For-Auditing-Can-Devices.pdf
• Dr-Phil-Polstra-Mouse-Jigglers.pdf
• Drake-Christey-Vulnerabilities-101.pdf
• Eagle-Sk3Wldbg-Emulating-with-Ida.pdf
• Eric-Escobar-Rogue-Cell-Towers.pdf
• Evan-Booth-Jjittery-Macgyver.pdf
• Fasel-Jacobs-I-fight-for-the-users.pdf
• Fitzpatrick-and-Grand-101-Ways-To-Brick-Your-Hardware.pdf
• Forgety-Kreilein-Ng9-1-1-The-Next-Gene-Of-Emergency-Ph0Nage.pdf
• Fred-Bret-Mounet-All-Your-Solar-Panels-Are-Belong-To-Me.pdf
• Gorenc-Sands-Hacker-Machine-Interface.pdf
• Granolocks-Zero-Chaos-Bluehydra-Realtime-Blutetooth-Detection.pdf
• Grant-Bugher-Captive-Portals.pdf
• Guevara-Noubir-Amirali-Sanatinia-Honey-Onions-Exposing-Snooping-Tor-Hsdir-Relays-WP.pdf
• Guevara-Noubir-Amirali-Sanatinia-Honey-Onions-Exposing-Snooping-Tor-Hsdir-Relays.pdf
• Hendrik-Schmidt-Brian-Butter-Attacking-BaseStations.pdf
• Huber-Rasthofer-Smartphone-Antivirus-And-Security-Applications-Under-Fire.pdf
• Hunter-Scott-Rt2Win-The-Luckiest-Guy-On-Twitter.pdf
• Int0X80-Anti-Forensics-AF.pdf
• Jay-Beale-Larry-Pesce-Phishing-without-Frustration.pdf
• Jennifer-Granick-Slouching-Towards-Utopia.pdf
• Jkambic-Cunning-With-Cng-Soliciting-Secrets-From-Schannel-WP.pdf
• Jkambic-Cunning-With-Cng-Soliciting-Secrets-From-Schannel.pdf
• Jmaxxz-Backdooring-the-Frontdoor-Bypass-Cert-Pinning.pdf
• Jmaxxz-Backdooring-the-Frontdoor-Extracting-Secrets-From-Log.pdf
• Jmaxxz-Backdooring-the-Frontdoor.pdf
• Joe-Grand-Zoz-BSODomizerHD.pdf
• Jonathan-Brossard-Intro-to-Witchcraft-Compiler.pdf
• Karyn-Benson-Examining-The-Internets-Pollution.pdf
• Klijnsma-Tentler-Stargate-Pivoting-Through-VNC.pdf
• Ladar-Levison-Compelled-Decryption.pdf
• Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles-WP.pdf
• Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles.pdf
• Lucas-Lundgren-Light-Weight Protocol-Critical-Implications.pdf
• Luke-Young-The-4TbS-Ddos-For-5-bucks.pdf
• Maldonado-Mcguffin-Sticky-Keys-To-The-Kingdom.pdf
• Marc-Newlin-MouseJack-Injecting-Keystrokes-Into-Wireless-Mice-WP.pdf
• Marc-Newlin-MouseJack-Injecting-Keystrokes-Into-Wireless-Mice.pdf
• Max-Bazaliy-A-Journey-Through-Exploit-Mitigation-Techniques-On-Ios.pdf
• Mcsweeny-Cranor-Research-On-The-Machines.pdf
• Mike-Rich-Use-Their-Machines-Against-Them-WP.pdf
• Mike-Rich-Use-Their-Machines-Against-Them.pdf
• Nick-Rosario-Weaponize-Your-Feature-Codes.pdf
• Panel-How-To-Make-A-DEFCON-Black-Badge.pdf
• Patrick-Wardle-99-Problems-Little-Snitch.pdf
• Plore-Side-Channel-Attacks-On-High-Security-Electronic-Safe-Locks.pdf
• Przemek-Jaroszewski-How-To-Get-Good-Seats-In-The-Security-Theater.pdf
• Radia-Perlman-Resilience-Despite-Malicious-Pariticpants.pdf
• Regilero-Hiding-Wookiees-In-Http.pdf
• Ricky-Lawshae-Lets-Get-Physical.pdf
• Robbins-Vazarkar-Schroeder-Six-Degrees-of-Domain-Admin.pdf
• Robert-Olson-Writing-Your-First-Exploit.pdf
• Rogan-Dawes-Dominic-White-Universal-Serial-aBUSe-Remote-Attacks.pdf
• Rose-Ramsey-Picking-Bluetooth-Low-Energy-Locks.pdf
• Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers-WP.pdf
• Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers.pdf
• Sean-Metcalf-Beyond-The-MCSE-Red-Teaming-Active-Directory.pdf
• Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf
• Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering.pdf
• Shane-Steiger-Maelstrom-Are-You-Playing-With-A-Full-Deck-V14-Back.pdf
• Shane-Steiger-Maelstrom-Rules-V10.pdf
• SixVolts-and-Haystack-Cheap-Tools-For-Hacking-Heavy-Trucks.pdf
• Tamas-Szakaly-Help-I-got-ANTS.pdf
• Thomas-Wilhelm-Hacking-Network-Protocols-Using-Kali.pdf
• Thomas-Wilhelm-Intrusion-Prevention-System-Evasion-Techniques.pdf
• Tim-Estell-Katea-Murray-NPRE-Eavesdropping-on-the-Machines-Literature-Survey.pdf
• Tim-Estell-Katea-Murray-NPRE-Eavesdropping-on-the-Machines.pdf
• Tom-Kopchak-SSD-Forensics-Research-WP.pdf
• Tom-Kopchak-Sentient-Storage.pdf
• Ulf-Frisk-Direct-Memory-Attack-the-Kernel.pdf
• Wesley-McGrew-Secure-Penetration-Testing-Operations-WP.pdf
• Wesley-McGrew-Secure-Penetration-Testing-Operations.pdf
• Willa-Riggins-Esoteric-Exfiltration.pdf
• Zhang-Shan-Forcing-Targeted-Lte-Cellphone-Into-Unsafe-Network.pdf
• Zhong-Lee-411-A-Framework-For-Managing-Security-Alerts.pdf
• the-bob-ross-fan-club-Propaganda-and-you.pdf