Vídeos de la OWASP AppSec Europe 2013
- August 28, 2013
- tuxotron
- AbrahamAranguren-IntroducingOWASPOWTF5x5_720p.mp4
- AchimHoffmannOferShezaf-WAFEC-contentandhistoryofanunbiasedprojectchallenge_720p.mp4
- BastianBraunJoachimPoseggaChristianV.Pollak-ADoormanforYourHome-Control-FlowIntegrityMeansinWebFrameworks_720p.mp4
- ColinWatsonDennisGroves-OWASPAppSensorInTheoryInPracticeandInPrint_720p.mp4
- DanCornell-DoYouHaveaScanneroraScanningProgram_720p.mp4
- DieterGollmann-ClosingNoteAccessControloftheWeb-TheWebofAccessControl_720p.mp4
- DirkWetter-ClosingCeremony_720p.mp4
- EduardoVela-Matryoshka_720p.mp4
- ErlendOftedal-RESTfulsecurity_720p.mp4
- FredDonovan-Q-BoxandH-BoxRaspberryPIfortheInfrastructureandHacker_720p.mp4
- JrgSchwenk-KeynoteCryptographyinWebSecurityStupidBrokenandmaybeWorking_720p.mp4
- KonstantinosPapapanagiotouSpyrosGasteratos-OWASPHackademicapracticalenvironmentforteachingapplicationsecurity_720p.mp4
- LucaViganLucaCompagna-TheSPaCIoSToolproperty-drivenandvulnerability-drivensecuritytestingforWeb-basedapplicationscenarios_720p.mp4
- MarcoBalduzziVincenzoCiangagliniRobertMcArdle-HTTPS-BasedClusteringforAssistedCybercrimeInvestigations_720p.mp4
- MarioHeiderich-TheinnerHTMLApocalypse-HowmXSSattackschangeeverythingwebelievedtoknowsofar_720p.mp4
- MicheleOrr-RootingyourinternalsInter-ProtocolExploitationcustomshellcodeandBeEF_720p.mp4
- MiltonSmith-MakingtheFutureSecurewithJava_720p.mp4
- NickNikiforakis-WebFingerprintingHowWhoandWhy_720p.mp4
- NicolasGrgoire-BurpPro-Real-lifetipsandtricks_720p.mp4
- PaulStone-PrecisionTiming-AttackingbrowserprivacywithSVGandCSS_720p.mp4
- PhilippeDeRyckLievenDesmetFrankPiessensWouterJoosen-ImprovingtheSecurityofSessionManagementinWebApplications_720p.mp4
- RetoIschi-AnAlternativeApproachforReal-LifeSQLiDetection_720p.mp4
- RobertoSuggiLiverani-AugmentedRealityinyourWebProxy_720p.mp4
- SahbaKazerooni-NewOWASPASVS2013_720p.mp4
- SaschaFahlMarianHarbachMatthewSmith-MalloDroidHuntingDownBrokenSSLinAndroidApps_720p.mp4
- SaschaFahlMatthewSmithHenningPerlMichaelBrenner-QualitativeComparisonofSSLValidationAlternatives_720p.mp4
- SimonBennetts-OWASPZAPInnovations_720p.mp4
- TalBeEry-APerfectCRIMEOnlytimewilltell_720p.mp4
- ThomasHerleaNelisBouckJohanPeeters-RecipesforenablingHTTPS_720p.mp4
- YvanBoilyMinion-MakingSecurityToolsaccessibleforDevelopers_720p.mp4
- AngelaSasse-KeynoteBustingTheMythofDancingPigsAngelasTop10listofreasonswhyusersbypasssecuritymeasures_720p.mp4
- BenStock-EradicatingDNSRebindingwiththeExtendedSame-OriginPolicy_720p.mp4
- DavidRoss-InsaneintheIFRAME--Thecaseforclient-sideHTMLsanitization_720p.mp4
- DirkWetter-Welcomenoteandamanualfortheconferenceandeverythingelse_720p.mp4
- ErlendOftedal-SecuringamodernJavaScriptbasedsinglepagewebapplication_720p.mp4
- FlorianStahlJohannesStroeher-SecurityTestingGuidelinesformobileApps_720p.mp4
- FrederikBraun-OriginPolicyEnforcementinModernBrowsers_720p.mp4
- JimManico-OWASPTop10ProactiveControls_720p.mp4
- KrzysztofKotowicz-Iminurbrowserpwningyourstuff-AttackingwithGoogleChromeextensions_720p.mp4
- NickNikiforakisLievenDesmetStevenVanAcker-SandboxingJavascript_720p.mp4
- OWASPBoard-OWASPIntroduction_720p.mp4
- SebastianLekiesBenStock-ClickjackingProtectionUnderNon-trivialCircumstances_720p.mp4
- StefanoDiPaola-JavascriptlibrariesinsecurityAshowcaseofrecklessusesandunwittingmisuses_720p.mp4
- TarasIvashchenko-ContentSecurityPolicy-thepanaceaforXSSorplacebo_720p.mp4
- ThomasRoessler-KeynoteSecureallthethingsfictionfromtheWebsimmediatefuture_720p.mp4
- TobiasGondrom-OWASP-CISOGuideandCISOreport2013formanagers_720p.mp4
Ya tenemos disponibles los vídeos de otra magnífica conferencia sobre seguridad informática: OWASP AppSec Europe 2013. Ésta se celebró en Hamburgo durante el pasado 20-23 de agosto. La lista de los vídeos es la siguiente:
La CMU publica el material de su clase Secure Software Systems
- August 28, 2013
- tuxotron
- Introduction [pdf]
- System model: Source code to execution [pdf]
- Attacks: Buffer overflows, format-string vulnerabilities, and other attacks [pdf]
- Basic building blocks: separation, memory protection [pdf]
- Basic building blocks: VMs, Java sandboxing [pdf]
- Isolation and confinement in Android [pdf]
- Control-flow integrity [pdf]
- Run-time enforcement: enforceable properties [pdf]
- Web attacks [pdf]
- Web defenses: Native client, app isolation [pdf]
- Crypto overview [pdf]; software security architectures: Trusted Computing
- Software security architectures: Trusted Computing + policy
- Static analysis: C programs
- Static analysis: web applications
- Static analysis: malware
- Dynamic analysis
- Software model checking
- Software model checking
- Software model checking
- Building verifiable systems: seL4, browsers
- Language-based security: type systems
- Language-based security: typed assembly language
- Language-based security: noninterference
- Dynamic taint analysis
- Language-based security: security-typed languages
- Usability in software security
- Usable Security: Passwords (Part 1)
- Usable Security: Passwords (Part 2)
- Wrap-up
La facultad de Ingeniería Eléctrica e Informática de la Universidad Carnegie Mellon, ha publicado el material de una de sus clases, llamada Secure Software Systems. Las diapositivas de la clase son las siguientes:
Presentaciones de DEF CON 21
- August 28, 2013
- tuxotron
- Business logic flaws in mobile operators services - PDF White Paper
- Fear the Evil FOCA: IPv6 attacks in Internet connections - PDF
- Suicide Risk Assessment and Intervention Tactics - PDF Extras
- Combatting Mac OSX/iOS Malware with Data Visualization - PDF White Paper
- MITM All The IPv6 Things - PDF
- PowerPwning: Post-Exploiting By Overpowering PowerShell - PDF Extras
- Transcending Cloud Limitations by Obtaining Inner Piece - PDF Extras
- Data Evaporation from SSDs - PDF
- Evil DoS Attacks and Strong Defenses - PDF
- RFID Hacking: Live Free or RFID Hard - PDF Extras
- OTP, It won't save you from free rides! - PDF White Paper Extras
- Conducting massive attacks with open source distributed computing - PDF
- Offensive Forensics: CSI for the Bad Guy - PDF Extras
- Utilizing Popular Websites for Malicious Purposes Using RDI - PDF
- Abusing NoSQL Databases - PDF
- Legal Aspects of Full Spectrum Computer Network (Active) Defense - PDF
- Blucat: Netcat For Bluetooth - Extras
- Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices - PDF White Paper Extras
- Stepping P3wns: Adventures in full spectrum embedded exploitation (and defense!) - PDF
- Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions - PDF White Paper
- How to Disclose or Sell an Exploit Without Getting in Trouble - PDF
- I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell - PDF
- Privacy In DSRC Connected Vehicles - PDF
- Pwn'ing You(r) Cyber Offenders - PDF
- Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO) - PDF White Paper Extras
- Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot - PDF
- gitDigger: Creating useful wordlists from public GitHub repositories - PDF
- 10000 Yen into the Sea - PDF Extras
- Defeating SEAndroid - PDF
- The Politics of Privacy and Technology: Fighting an Uphill Battle - PDF
- Java Every-Days: Exploiting Software Running on 3 Billion Devices - PDF White Paper
- JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces - PDF Extras
- Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust - PDF
- So You Think Your Domain Controller is Secure? - PDF
- Phantom Network Surveillance UAV / Drone - PDF
- The Bluetooth Device Database - PDF Extras
- Dude, WTF in my car? - PDF
- Resting on Your Laurels will get you Pwned: Effectively Code Reviewing REST Applications to avoid getting powned - PDF
- Torturing Open Government Systems for Fun, Profit and Time Travel - PDF
- The Secret Life of SIM Cards - PDF
- Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock - PDF Extras
- GoPro or GTFO: A Tale of Reversing an Embedded System - PDF
- A Thorny Piece Of Malware (And Me): The Nastiness of SEH, VFTables & Multi-Threading - PDF Extras
- Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices - PDF White Paper Extras
- Getting The Goods With smbexec - PDF
- PowerPreter: Post Exploitation Like a Boss - PDF Extras
- Kill 'em All — DDoS Protection Total Annihilation! - PDF White Paper Extras
- Please Insert Inject More Coins - PDF
- Stalking a City for Fun and Frivolity - PDF
- Fast Forensics Using Simple Statistics and Cool Tools - PDF Extras
- VoIP Wars: Return of the SIP - PDF Extras
- Exploiting Music Streaming with JavaScript - PDF Extras
- ACL Steganography - Permissions to Hide Your Porn - PDF Extras
- Doing Bad Things to 'Good' Security Appliances - PDF
- Let's screw with nmap - PDF Extras
- Defending Networks with Incomplete Information: A Machine Learning Approach - PDF White Paper
- We are Legion: Pentesting with an Army of Low-power Low-cost Devices - PDF Extras
- The Road Less Surreptitiously Traveled - PDF Extras
- Hacker Law School - PDF1 PDF2 PDF3 PDF4
- Defense by numbers: Making problems for script kiddies and scanner monkeys - PDF
- Forensic Fails - Shift + Delete won't help you here - PDF
- The dawn of Web 3.0: website mapping and vulnerability scanning in 3D, just like you saw in the movies - PDF
- Building an Android IDS on Network Level - PDF
- Safety of the Tor network: a look at network diversity, relay operators, and malicious relays - PDF
- How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers - PDF
- Examining the Bitsquatting Attack Surface - White Paper
- Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks - PDF
- Making Of The DEF CON Documentary - PDF
- All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio - PDF
- A Password is Not Enough: Why disk encryption is broken and how we might fix it - PDF
- EMET 4.0 PKI Mitigation - PDF
- BYO-Disaster and Why Corporate Wireless Security Still Sucks - PDF
- Evolving Exploits Through Genetic Algorithms - PDF
- How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles - PDF White Paper Extras
- Collaborative Penetration Testing With Lair - PDF
- DNS May Be Hazardous to Your Health - PDF
- Predicting Susceptibility to Social Bots on Twitter - PDF
- EDS: Exploitation Detection System - PDF White Paper
- The Government and UFOs: A Historical Analysis by Richard Thieme - PDF Extras
- BoutiqueKit: Playing WarGames with expensive rootkits and malware - PDF
- C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood - PDF
- Insecurity - A Failure of Imagination - PDF
- HTTP Time Bandit - PDF
- BYOD PEAP Show - PDF
- Android WebLogin: Google's Skeleton Key - PDF Extras
- Hacking Driverless Vehicles - PDF
Ya estás disponibles las presentaciones (diapositivas y algún material extra) de la DEF CON 21. Todavía no están todas, pero aquí tenéis la lista de las disponibles en estos momentos:
Libros
Buscar
Entradas Recientes
- Posts
- Reemplazando la bateria del AirTag
- OpenExpo Europe décima edición, 18 de mayo: El Epicentro de la Innovación y la Transformación Digital
- Docker Init
- Kubernetes para profesionales
- Agenda: OpenExpo Europe 2022 llega el 30 de junio en formato presencial
- Libro 'Manual de la Resilencia', de Alejandro Corletti, toda una referencia para la gestión de la seguridad en nuestros sistemas
- Mujeres hackers en ElevenPaths Radio
- Creando certificados X.509 caducados
- Generador de imágenes Docker para infosec