Presentaciones de DEF CON 24

Una vez más una de las conferencias sobre seguridad informática ha llegado a su fin: DEF CON 24. Por ahora, se han puesto disponible las diapositivas y algún material extra de las presentaciones que se pudieron presenciar. Amro-Abdelgawad-Extras/ Jonathan-Brossard-Extras/ Lucas-Lundgren-Extras/ Mike-Rich-Extras/ Regilero-Extras/ Robert-Olson-Extras/ Seymour-Tully-Extras/ SixVolts-and-Haystack-Extras/ Wesley-McGrew-Extras/ 3alarmlampscoot-DIY-Nukeproofing.pdf Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf Allan-Cecil-dwangoAC-Tasbot-The-Perfectionist.pdf Amro-Abdelgawad-The-Remote-Metamorphic-Engine.pdf Anch-So-you-want-to-be-a-pentester-DC101.pdf Anto-Joseph-Fuzzing-Android-Devices.pdf Arnaud-Soullie-Workshop-Pentesting-ICS-101.pdf Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection-Writeup.pdf Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection.pdf Benjamin-Holland-Developing-Managed-Code-Rootkits-For-Java-Runtime.pdf Bertin-Bervis-James-Jara-Exploiting-And-Attacking-Seismological-Networks-Remotely.pdf Bigezy-Saci-Pinworm-MITM-for-Metadata.pdf Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle.pdf Brad-Woodberg-Malware-Command-And-Control-Channels-A-Journey-Into-Darkness.pdf Bryant-Zadegan-Ryan-Lester-Abusing-Bleeding-Edge-Web-Standards-For-Appsec-Glory.pdf Chapman-Stone-Toxic-Proxies-Bypassing-HTTPS-and-VPNs.pdf Chris-Rock-How-to-overthrow-a-Government-Kuwait-Coup-WP.pdf Chris-Rock-How-to-overthrow-a-Government.pdf Clarence-Chio-Machine-Duping-101.pdf Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools-WP.pdf Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools.pdf Demay-Lebrun-Canspy-A-Platorm-For-Auditing-Can-Devices.pdf Dr-Phil-Polstra-Mouse-Jigglers.
Leer más

Material de Black Hat USA 2016

Para pasar las tardes de verano, ya tenemos disponible la mayoría del material presentado en Black Hat USA 2016: $hell on Earth: From Browser to System Compromise us-16-Molinyawe-Shell-On-Earth-From-Browser-To-System-Compromise.pdf 1000 Ways to Die in Mobile OAuth us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth.pdf us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth-wp.pdf A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf A Lightbulb Worm? us-16-OFlynn-A-Lightbulb-Worm.pdf us-16-OFlynn-A-Lightbulb-Worm-wp.pdf Abusing Bleeding Edge Web Standards for AppSec Glory us-16-Zadegan-Abusing-Bleeding-Edge-Web-Standards-For-AppSec-Glory.pdf Access Keys Will Kill You Before You Kill the Password us-16-Simon-Access-Keys-Will-Kill-You-Before-You-Kill-The-Password.
Leer más

Vídeos de Black Hat Europe 2015

Después de las diapositivas, ya se han puesto disponible los vídeos de Black Hat Europe 2015: Keynote: What Got Us Here Wont Get Us There Bypassing Self-Encrypting Drives (SED) in Enterprise Environments Breaking Access Controls with Blekey Cybersecurity for Oil and Gas Industries: How Hackers Can Manipulate Oil Stocks Panel: What You Need To Know About The Changing Regulatory Landscape In Information Security Attacking The XNU Kernel In El Capitain Automating Linux Malware Analysis Using Limon Sandbox Even The Lastpass Will Be Stolen, Deal With It!
Leer más

Material de DeepSec 2015

Por si no tenéis material bastante para leer, aquí tenéis las diapositivas presentadas en DeepSec 2015: Agile_Security_The_Good,_TheBad,(and_Mostly)_TheUgly-_Daniel_Liber.pdf Bridging_the_Air-Gap_Data_Exfiltration_fromAir-Gap Networks_-_Yisroel_Mirsky.pdf Can_societiesmanage the_SIGINTmonster-_Duncan_Campbell.pdf Chw00t_How_To_Break Out_from_Various_ChrootSolutions-_Bucsay_Balazs.pdf Continuous_Intrusion_Why_CI_Tools_Are_an_Attacker’s_BestFriends-_Nikhil_Mittal.pdf Cyber_Cyber_Cyber_Warfare_Mistakes_of_theDoDs-_Raoul Chiesa.pdf Deactivating_Endpoint_Protection_Software_in_anUnauthorized Manner_-_Matthias_Deeg.pdf Extending_aLegacy Platform_Providing_a_Minimalistic,_SecureSingle-Sign-On-Library-_Bernhard_Goeschelberger,_Sebastian_Goettfert.pdf File_Format_Fuzzing_inAndroid-Alexandru_Blanda.pdf German_Privacy_Law_And_ITSecurity-_Stefan_Schumacher.pdf Hacking Cookies in Modern Web Applications_andBrowsers-_Dawid_Czagan.pdf How_To_Break_XMLEncryption-Automatically-_Juraj_Somorovsky.pdf LegalResponses AgainstCyber Incidents_-_Oscar_Serrano.pdf Not_so_SmartOn Smart_TVApps-_Marcus_Niemietz.pdf <a href=“https://deepsec.net/docs/Slides/2015/OSINT_Barncat_Mining_Malware_for_Intelligence_atScale-_John_Bambenek.pdf”>OSINT_Barncat___Mining_Malware_for_Intelligence_atScale-_John_Bambenek.pdf Revisiting_SOHO_RouterAttacks-_Jose_Antonio _Rodriguez_Garcia,_Ivan _Sanz_de_Castro,_Álvaro_Folgado_Rueda.pdf Yes,_Now_YOUCan Patch_That_VulnerabilityToo!-_Mitja_Kolsek.pdf ZigBee_SmartHomes_A_Hackers_OpenHouse-_Tobias_Zillner,_Florian_Eichelberger.pdf
Leer más

Presentaciones de Black Hat Europe 2015

Ya podemos acceder al material de la edición de este año de Black Hat celebrada en Amsterdam. What Got Us Here Wont Get Us There eu-15-Meer-What-Got-Us-Here-Wont-Get-Us-There.pdf (In-)Security of Backend-As-A-Service eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service.pdf eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service-wp.pdf A Peek Under the Blue Coat eu-15-Rigo-A-Peek-Under-The-Blue-Coat.pdf All Your Root Checks Belong to Us: The Sad State of Root Detection AndroBugs Framework: An Android Application Security Vulnerability Scanner eu-15-Lin-Androbugs-Framework-An-Android-Application-Security-Vulnerability-Scanner.pdf Attacking the XNU Kernel in El Capitain eu-15-Todesco-Attacking-The-XNU-Kernal-In-El-Capitain.
Leer más

Presentaciones de Ruxcon 2013

Ya tenemos disponibles las presentaciones (diapositivas) de Ruxcon 2103, conferencia sobre seguridad informática celebrada anualmente en Melbourne, Australia. Amateur Satellite Intelligence: Watching North Korea Payment Applications Handle Lots of Money. No, Really: Lots Of It. Visualization For Reverse Engineering and Forensics Electronic Voting Security, Privacy and Verifiability Cracking and Analyzing Apple iCloud Protocols: iCloud Backups, Find My iPhone, Document Storage Buried by time, dust and BeEF Under the Hood Of Your Password Generator Malware, Sandboxing and You: How Enterprise Malware and 0day Detection is About To Fail (Again) VoIP Wars: Return of the SIP BIOS Chronomancy: Fixing the Static Root of Trust for Measurement The BYOD PEAP Show: Mobile Devices Bare Auth Bypassing Content-Security-Policy Deus Ex Concolica - Explorations in end-to-end automated binary exploitation Top of the Pops: How to top the charts with zero melodic talent and a few friendly computers AntiTraintDroid - Escaping Taint Analysis on Android for Fun and Profit Introspy : Security Profiling for Blackbox iOS and Android Inside Story Of Internet Banking: Reversing The Secrets Of Banking Malware Edward Snowden: It’s Complicated Roll the Dice and Take Your Chances Cracking, CUDA and the Cloud – Cracking Passwords Has Never Been So Simple, Fast and Cheap
Leer más

Material de la Ekoparty 2013

Ya podemos descargarnos y ver las presentaciones de la Ekoparty 2013. Conferencia sobre seguridad informática de primer nivel. Ekoparty se organiza cada año en Buenos Aires, Argentina. Droid Rage: Android exploitation on steroids - Pablo Solé - PDF - VideoModification to the Android operating system´s resource control - Joaquín Rinaudo - ZIP - VideoCompromising industrial facilities from 40 miles away - Carlos Mario Penagos - PDF - PDF - VideoAtacando IPv6 con Evil FOCA - Chema Alonso - PPT - VideoString allocations in Internet Explorer - Chris Valasek - PPT - VideoCompilador ROP - Christian Heitman - PDF - VideoBIOS Chronomancy - Corey Kallenberg - PPT - VideoDefeating Signed BIOS Enforcement - Corey Kallenberg - PPT - VideoERP Security: how hackers can open the box and take the jewels - Jordan Santasieri - PDF - VideoShoulder surfing 2.
Leer más

Presentaciones de la HITBSECCONF Malaysia 2013

Las presentaciones de la Hack In The Box Security Conference (HITBSECCONF) 2013 celebrada en Malasia han sido publicadas. Las lista de las diapositivas es la siguiente: D1 KEYNOTE - Andy Ellis - Cognitive Injection.pdf D1T1 - Collin Mulliner - Android DDI - Dynamic Dalvik Instrumentation of Android Applications.pdf D1T1 - Dominic Chell and Shaun Colley - Practical Attacks Against Encrypted VoIP Communications.pdf D1T1 - Gianni Gnesa - Hacking Corporations Using Unconventional Chained Exploits.
Leer más

Presentaciones en modo texto con Vim

Esto es sólo apto para retro-geeks :). Si tienes que hacer una presentación muy geek y/o sobre algún tema retro, esto te va a gustar. Vimdeck es una utilidad que se acopla con Vim para generar presentaciones en modo texto. Recalcar que no es un plugin para Vim. Vimdeck está escrito en Ruby y lo puedes instalar a través de gem: gem install vimdeck Esta herramienta espera un fichero escrito en formato Markdown y a partir de éste genera una serie de ficheros, concretamente uno por cada diapositiva.
Leer más

Presentaciones de DEF CON 21

Ya estás disponibles las presentaciones (diapositivas y algún material extra) de la DEF CON 21. Todavía no están todas, pero aquí tenéis la lista de las disponibles en estos momentos: Business logic flaws in mobile operators services - PDF White Paper Fear the Evil FOCA: IPv6 attacks in Internet connections - PDF Suicide Risk Assessment and Intervention Tactics - PDF Extras Combatting Mac OSX/iOS Malware with Data Visualization - PDF White Paper MITM All The IPv6 Things - PDF PowerPwning: Post-Exploiting By Overpowering PowerShell - PDF Extras Transcending Cloud Limitations by Obtaining Inner Piece - PDF Extras Data Evaporation from SSDs - PDF Evil DoS Attacks and Strong Defenses - PDF RFID Hacking: Live Free or RFID Hard - PDF Extras OTP, It won’t save you from free rides!
Leer más