• Facebook
• Twitter
• Reddit
• LinkedIn

Ya están disponibles a través de Youtube los vídeos de la pasada edición de Defcon.

• Proliferation
• Torturing Open Government Systems for Fun, Profit and Time Travel
• Backdoors, Government Hacking and The Next Crypto Wars
• ACL Steganography - Permissions to Hide Your Porn
• Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
• Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot
• A Password is Not Enough: Why Disk Encryption is Broken and How We Might Fix It
• From Nukes to Cyber— Alternative Approaches for Proactive Defense and Mission Assurance
• The Politics of Privacy and Technology: Fighting an Uphill Battle
• Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine
• Privacy In DSRC Connected Vehicles
• Phantom Network Surveillance UAV / Drone
• Safety of Tor Network Look at Network Diversity, Relay Operators & Malicious Relays
• De-Anonymizing Alt.Anonymous. Messages
• The DEF CON 21 Badge
• The Growing Irrelevance of US Government Cybersecurity Intelligence Information
• The Dirty South - Getting Justified with Technology
• Prowling Peer-to-Peer Botnets After Dark
• Evil DoS Attacks and Strong Defenses
• Kill 'em All— DDoS Protection Total Annihilation!
• VoIP Wars: Return of the SIP
• Unexpected Stories - From a Hacker Who Made It Inside the Government
• Dude, WTF in my car?
• The Road Less Surreptitiously Traveled
• Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices
• RFID Hacking: Live Free or RFID Hard
• Stalking a City for Fun and Frivolity
• Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks
• BYO-Disaster and Why Corporate Wireless Security Still Sucks
• The Cavalry Isn't Coming: Starting the Revolution to Fsck it All!
• The Dark Arts of OSINT
• EMET 4.0 PKI Mitigation
• Stepping P3wns: Adventures in Full Spectrum Embedded Exploitation (and defense!)
• EDS: Exploitation Detection System
• Conducting Massive Attacks with Open Source Distributed Computing
• Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions
• Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell
• The Secret Life of SIM Cards
• DragonLady: An Investigation of SMS Fraud Operations in Russia
• Offensive Forensics: CSI for the Bad Guy
• Pwn'ing Your® Cyber Offenders
• MITM All The IPv6 Things
• HTTP Time Bandit
• How to use CSP to Stop XSS
• So You think Your Domain Controller is Secure?
• Getting The Goods With smbexec
• Abusing NoSQL Databases
• Examining the Bitsquatting Attack Surface
• Please Insert Inject More Coins
• Do-It-Yourself Cellular IDS
• BoutiqueKit: Playing WarGames with Expensive Rootkits and Malware
• Android WebLogin: Google's Skeleton Key
• Building an Android IDS on Network Level
• Defeating SEAndroid
• Doing Bad Things to "Good" Security Appliances
• Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)
• Data Evaporation from SSDs
• GoPro or GTFO: A Tale of Reversing an Embedded System
• JTAGulator: Assisted Discovery of On-Chip Debug Interfaces
• gitDigger: Creating useful wordlists from public GitHub repositories
• Made Open: Hacking Capitalism
• The Dawn of Web 3.0: Website Mapping and Vulnerability Scanning in 3D
• Combatting Mac OSX/iOS Malware with Data Visualization
• A Thorny Piece of Malware (And Me): The Nastiness of SHE, VFTables & Multi-Threading
• Transcending Cloud Limitations by Obtaining Inner Piece
• Utilizing Popular Websites for Malicious Purposes Using RDI
• Open Public Sensors, Trend Monitoring and Data Fusion
• Collaborative Penetration Testing With Lair
• PowerPwning: Post-Exploiting By Overpowering PowerShell
• Evolving Exploits Through Genetic Algorithms
• Adventures in Automotive Networks and Control Units
• Hacking Driverless Vehicles
• 10000 Yen into the Sea
• Business Logic Flaws In Mobile Operators Services
• Meet the VCs
• The ACLU Presents: NSA Surveillance and More
• The Government and UFOs: A Historical Analysis
• How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers
• Fear the Evil FOCA: IPv6 attacks in Internet Connections
• Legal Aspects of Full Spectrum Computer Network (Active) Defense
• We are Legion: Pentesting with an Army of Low-power Low-cost Devices
• Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices
• DC Awards
• PowerPreter: Post Exploitation Like a Boss
• DNS May Be Hazardous to Your Health
• Exploiting Music Streaming with JavaScript
• Java Every-Days: Exploiting Software Running on 3 Billion Devices
• HiveMind: Distributed File Storage Using JavaScript Bonets
• Defending Networks with Incomplete Information: A Machine Learning Approach
• Blucat: Netcat For Bluetooth
• BYOD PEAP Show
• Closing Ceremonies
• All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio
• Making Of The DEF CON Documentary
• Ask the EFF: The Year in Digital Civil Liberties
• Decapping Chips The Strike Easy Hard Way
• Insecurity - A Failure of Imagination
• Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock
• DEF CON Comedy Jam Part VI, Return of the Fail
• Hardware Hacking with Microcontrollers: A Panel Discussion
• An Open Letter The White Hat's Dilemma
• Suicide Risk Assessment and Intervention Tactics
• OTP, It won't save you from free rides!
• How to Disclose or Sell an Exploit Without Getting in Trouble
• Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
• Social Engineering: The Gentleman Thief
• This Presentation Will Self-Destruct in 45 Minutes
• Fast Forensics Using Simple Statistics and Cool Tools
• Forensic Fails - Shift + Delete Won't Help You Here
• C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood

• Facebook
• Twitter
• Reddit
• LinkedIn

Desde securityxploded.com podemos acceder al meterial de dos clases sobre ingeniería inversa y análisis de malware. La primera es de iniciación y la segunda sobre temas más avanzados.

En el material de las mismas podrás encontrar vídeos, diapositivas, referencias a libros, herramientas, etc. La clase de iniciación está completa y te puedes descargar todo el material desde aquí. En la avanzada, como podemos ver más abajo, faltan algunas de las sesiones, que supongo publicarán en un futuro. Mientras tantos hay material para entretenerse un rato.

Reverse Engineering & Malware Analysis Training

• Session 1 - RE & Malware Analysis Lab Setup Guide
• Session 2 - Introduction to Windows Internals
• Session 3 - Windows PE File Format Basics
• Session 4 - Assembly Programming Basics
• Session 5 - Reverse Engineering Basics and Tool Guide
• Session 6 - Practical Reversing I - Malware Analysis
• Session 7 - Practical Reversing II - Unpacking Malware
• Session 8 - Practical Reversing III - Malware Memory Forensics
• Session 9 - Practical Reversing IV - Advanced Malware Analysis
• Session 10 - Practical Reversing V - Exploit Development [basic]
• Session 11 - Practical Reversing VI - Exploit Development [advanced]
• Session 12 - Case Study: Rootkit Analysis
• Session 13 - Further Reading & Future Roadmap

• Session 1: Detection and Removal of Malwares
• Session 2: Botnet Analysis - Part 1
• Session 3: Botnet Analysis - Part 2
• Session 4: Anti-Analysis Techniques (Anti-debugging, Anti-VM etc.)
• Session 5: Reverse Engineering Automation (Scripts, plugins etc.)
• Session 6: Malware Sandbox Analysis
• Session 7: Malware Memory Forensics
• Session 8: Introduction to Android
• Session 9: Malware Analysis using PyMal
• Session 10: (Part 1) Reversing & Decrypting Communications of HeartBeat RAT
• Session 11: (Part 2) Dissecting the HeartBeat APT RAT Features
• Session 12: Mobile Malware Analysis

• Facebook
• Twitter
• Reddit
• LinkedIn

Perfecta para un día de invierno …

Ólafur Arnalds