• Facebook
• Twitter
• Reddit
• LinkedIn

A través de la magnífica web de Irongeek, podemos ver todos los vídeos de las charlas dadas (tracks 1 y 2 y algunas de la 3) en la DerbyCon 3.0.

La lista de los vídeos publicados es:

• Scanning Darkly – HD Moore (keynote)
• Kinetic Pwnage: Obliterating the Line Between Computers and the Physical World – Ed Skoudis (keynote)
• Look Ma – No Exploits! – The Recon-ng Framework – Tim “LaNMaSteR53? Tomes
• Cognitive Injection: Reprogramming the Situation-Oriented Human OS – Andy Ellis
• It's Only a Game: Learning Security through Gaming – Bruce Potter
• Practical Exploitation Using A Malicious Service Set Identifier (SSID) – Deral Heiland
• IOCAware – Actively Collect Compromise Indicators and Test Your Entire Enterprise – Matt Jezorek and Dennis Kuntz
• Ooops – Now What? :: The Stolen Data Impact Model (SDIM) – Brent Huston
• JTAGulator: Assisted discovery of on-chip debug interfaces – Joe Grand
• Cash is King: Who’s Wearing Your Crown? – Tom Eston and Spencer McIntyre
• Anti-Forensics: Memory or something – I forget. – int0x80
• Seeing red in your future? – Ian Iamit
• Security Sucks – and You’re Wearing a Nursing Bra – Paul Asadoorian
• TMI: How to attack SharePoint servers and tools to make it easier – Kevin Johnson and James Jardine
• Windows Attacks: AT is the new black – Rob Fuller and Chris Gates
• The High Risk of Low Risk Applications – conrad reynolds
• How Good is Your Phish – @sonofshirt
• It’s Okay to Touch Yourself – Ben Ten (Ben0xA)
• Identifying Evil: An introduction to Reverse Engineering Malware and other software – Bart ‘d4ncind4n’ Hopper
• Collaborative Penetration Testing With Lair – Tom Steele and Dan Kottmann
• How Im going to own your organization in just a few days. – RazorEQX
• Malware Automation – Christopher Elisan
• Pass-The-Hash 2: The Admin’s Revenge – Skip Duckwall and Chris Campbell
• What’s common in Oracle and Samsung? They tried to think differently about crypto. – L·szlÛ TÛth – Ferenc Spala
• The Cavalry Is Us: Protecting the public good and our profession – Josh Corman
• Burning the Enterprise with BYOD – Georgia Weidman
• Love letters to Frank Abagnale (How do I pwn thee let me count the ways) – Jayson E. Street
• Getting the goods with smbexec – Eric Milam(brav0hax) and Martin Bos (purehate)
• The Message and The Messenger – James Arlen
• Shattering the Glass: Crafting Post Exploitation Tools with PowerShell – Matt Johnson
• 50 Shades of RED: Stories from the "Playroom" – Chris Nickerson
• Cheat Codez: Level UP Your SE Game – Eric Smith
• Beyond Information Warfare “You Ain’t Seen Nothing Yet” – Winn Schwartau
• My Experiments with truth: a different route to bug-hunting – Devesh Bhatt
• Stop Fighting Anti-Virus – Integgroll
• The Art and Science of Hacking Any Organization – Tyler Wrightson
• Living Off the Land: A Minimalist’s Guide to Windows Post-Exploitation – Christopher Campbell & Matthew Graeber
• Cracking Corporate Passwords – Exploiting Password Policy Weaknesses – Minga / Rick Redman
• How the Grid Will Be Hacked – Josh Axelrod and Matt Davis
• Ownage From Userland: Process Puppeteering – Nick Cano
• help for the helpdesk – Mick Douglas
• ) UNION SELECT `This_Talk` AS (‘New Exploitation and Obfuscation Techniquesí)%00 – Roberto Salgado
• Weaponizing your Coffee Pot – Daniel Buentello
• Exploiting_the_Zeroth_Hour(); Developing your Advanced Persistent Threat to Pwn the Network – SOLOMON SONYA and NICK KULESZA
• Practical OSINT – Shane MacDougall (NOTE THAT THIS IS AN ADULT ONLY TALK – 18+ or older)
• Phishing Like The Pros – Luis “Connection” Santana
• Stop making excuses; it’s time to own your HIV (High Impact Vulnerabilities) – Jack D. Nichelson
• Raspberry Pi – Media Centers – and AppleTV – David Schuetz
• Uncloaking IP Addresses on IRC – Derek Callaway

• Facebook
• Twitter
• Reddit
• LinkedIn

Ya hemos hablado aquí varias veces de las clases ofrecidas por OpenSecurityTraining. En esta ocasión nos hacemos eco de la actualización de la clase a la Introducción de la Ingeniería Inversa del Software, que ha sido renovada con material nuevo: Dealing with DLLs, Other Languages y Basic RE algorithms.

Los nuevos vídeos son los siguientes:

• Day 1 Part 1 (5:25) - What is RE and What Can it Tell Me?
• Day 1 Part 2 (30:03) - Refresher
• Day 1 Part 3 (34:57) - Know Your Tools
• Day 1 Part 4 (2:24) - The basic RE algorithm
• Day 1 Part 5 (7:14) - Applying the RE Algorithm to the Bomb Lab
• Day 1 Part 6 (22:29) - Lab Outline
• Day 1 Part 7 (6:33) - Creating the Bomb Lab Answers File
• Day 1 Part 8 (6:41) - Phase 2 Introduction
• Day 1 Part 9 (28:23) - Phase 2 Walkthrough
• Day 1 Part 10 (6:54) - Phase 3 Introduction
• Day 1 Part 11 (22:21) - Phase 3 Walkthrough
• Day 1 Part 12 (8:57) - Phase 4 Introduction
• Day 1 Part 13 (14:08) - Phase 3 Introduction
• Day 1 Part 14 (32:40) - Debugging
• Day 1 Part 15 (3:32) - Day 1 review
• Day 2 Part 1 (15:12) - Day 1 review 2
• Day 2 Part 2 (11:21) - Phase 5 Introduction
• Day 2 Part 3 (22:14) - Phase 5 Walkthrough
• Day 2 Part 4 (20:50) - Phase 6 Introduction
• Day 2 Part 5 (27:47) - Phase 6 Introduction 2
• Day 2 Part 6 (19:25) - Phase 6 Walkthrough
• Day 2 Part 7 (38:31) - Phase 6 Walkthrough 2
• Day 2 Part 8 (12:15) - Analyzing C++
• Day 2 Part 9 (7:39) - Next Class, Other Languages, & Day 2 Review

Introduction To Reverse Engineering Software

• Facebook
• Twitter
• Reddit
• LinkedIn

(click para ampliar, y aquí una noticia que tiene que ver con la viñeta de Pesqui)

Nos vemos en “La Pira de Hades”.