Presentaciones de DEF CON 24

Una vez más una de las conferencias sobre seguridad informática ha llegado a su fin: DEF CON 24. Por ahora, se han puesto disponible las diapositivas y algún material extra de las presentaciones que se pudieron presenciar. Amro-Abdelgawad-Extras/ Jonathan-Brossard-Extras/ Lucas-Lundgren-Extras/ Mike-Rich-Extras/ Regilero-Extras/ Robert-Olson-Extras/ Seymour-Tully-Extras/ SixVolts-and-Haystack-Extras/ Wesley-McGrew-Extras/ 3alarmlampscoot-DIY-Nukeproofing.pdf Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf Allan-Cecil-dwangoAC-Tasbot-The-Perfectionist.pdf Amro-Abdelgawad-The-Remote-Metamorphic-Engine.pdf Anch-So-you-want-to-be-a-pentester-DC101.pdf Anto-Joseph-Fuzzing-Android-Devices.pdf Arnaud-Soullie-Workshop-Pentesting-ICS-101.pdf Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection-Writeup.pdf Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection.pdf Benjamin-Holland-Developing-Managed-Code-Rootkits-For-Java-Runtime.pdf Bertin-Bervis-James-Jara-Exploiting-And-Attacking-Seismological-Networks-Remotely.pdf Bigezy-Saci-Pinworm-MITM-for-Metadata.pdf Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle.pdf Brad-Woodberg-Malware-Command-And-Control-Channels-A-Journey-Into-Darkness.pdf Bryant-Zadegan-Ryan-Lester-Abusing-Bleeding-Edge-Web-Standards-For-Appsec-Glory.pdf Chapman-Stone-Toxic-Proxies-Bypassing-HTTPS-and-VPNs.pdf Chris-Rock-How-to-overthrow-a-Government-Kuwait-Coup-WP.pdf Chris-Rock-How-to-overthrow-a-Government.pdf Clarence-Chio-Machine-Duping-101.pdf Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools-WP.pdf Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools.pdf Demay-Lebrun-Canspy-A-Platorm-For-Auditing-Can-Devices.pdf Dr-Phil-Polstra-Mouse-Jigglers.
Leer más

Material de Black Hat USA 2016

Para pasar las tardes de verano, ya tenemos disponible la mayoría del material presentado en Black Hat USA 2016: $hell on Earth: From Browser to System Compromise us-16-Molinyawe-Shell-On-Earth-From-Browser-To-System-Compromise.pdf 1000 Ways to Die in Mobile OAuth us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth.pdf us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth-wp.pdf A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf A Lightbulb Worm? us-16-OFlynn-A-Lightbulb-Worm.pdf us-16-OFlynn-A-Lightbulb-Worm-wp.pdf Abusing Bleeding Edge Web Standards for AppSec Glory us-16-Zadegan-Abusing-Bleeding-Edge-Web-Standards-For-AppSec-Glory.pdf Access Keys Will Kill You Before You Kill the Password us-16-Simon-Access-Keys-Will-Kill-You-Before-You-Kill-The-Password.
Leer más

Material de Hack In The Box Amsterdam 2016

Aquí os dejo para el fin de semana el material publicado de la Hack In The Box 2016 celebrada en Amsterdam: CLOSING KEYNOTE - Sophia D Antoine - Hardware Side Channels in Virtualized Environments.pdf D1 COMMSEC - Elisabeth de Leeuw - Unformation in the Era of Hyper Connectivity.pdf D1 COMMSEC - Marc Newlin - Applying Regulatory Data to IoT RF Reverse Engineering.pdf D1 COMMSEC - Martin Knobloch - Don’t Feed the Hippos.
Leer más

Presentaciones de CanSecWest 2016

Ya se ha publicado el material de las presentaciones dadas en CanSecWest 2016, celebrada en Vancouver, Canadá: Csw2016 freingruber bypassing_application_whitelisting Csw2016 chen grassi-he-apple_graphics_is_compromised Csw2016 song li-smart_wars Csw2016 tang virtualization_device emulator testing technology Csw2016 macaulay eh_trace-rop_hooks Csw2016 d antoine_automatic_exploitgeneration Csw2016 gawlik bypassing_differentdefenseschemes Csw2016 wang docker_escapetechnology Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket Csw2016 economou nissim-getting_physical Csw2016 chaykin having_funwithsecuremessengers_and_androidwear Csw2016 julien moinard-hardsploit Csw2016 evron sysman_apt_reports_and_opsec_evolution Csw2016 li xu-bad_winmail_and_emailsecurityoutlook_final Csw2016 nicolas joly-0_days_exploits_and_bug_bounties
Leer más

Material de Black Hat Asia 2016

Una de las conferencias sobre seguridad referente a nivel mundial, Black Hat, ya ha publicado el material de la edición Asia 2016. Devaluing Attack: Disincentivizing Threats Against the Next Billion Devices A New CVE-2015-0057 Exploit Technology asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology.pdf asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology-wp.pdf Android Commercial Spyware Disease and Medication asia-16-Saad-Android-Commercial-Spyware-Disease-And-Medication.pdf asia-16-Saad-Android-Commercial-Spyware-Disease-And-Medication-wp.pdf Automated Detection of Firefox Extension-Reuse Vulnerabilities Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces-wp.pdf Break Out of the Truman Show: Active Detection and Escape of Dynamic Binary Instrumentation asia-16-Sun-Break-Out-Of-The-Truman-Show-Active-Detection-And-Escape-Of-Dynamic-Binary-Instrumentation.
Leer más

Material de DeepSec 2015

Por si no tenéis material bastante para leer, aquí tenéis las diapositivas presentadas en DeepSec 2015: Agile_Security_The_Good,_TheBad,(and_Mostly)_TheUgly-_Daniel_Liber.pdf Bridging_the_Air-Gap_Data_Exfiltration_fromAir-Gap Networks_-_Yisroel_Mirsky.pdf Can_societiesmanage the_SIGINTmonster-_Duncan_Campbell.pdf Chw00t_How_To_Break Out_from_Various_ChrootSolutions-_Bucsay_Balazs.pdf Continuous_Intrusion_Why_CI_Tools_Are_an_Attacker’s_BestFriends-_Nikhil_Mittal.pdf Cyber_Cyber_Cyber_Warfare_Mistakes_of_theDoDs-_Raoul Chiesa.pdf Deactivating_Endpoint_Protection_Software_in_anUnauthorized Manner_-_Matthias_Deeg.pdf Extending_aLegacy Platform_Providing_a_Minimalistic,_SecureSingle-Sign-On-Library-_Bernhard_Goeschelberger,_Sebastian_Goettfert.pdf File_Format_Fuzzing_inAndroid-Alexandru_Blanda.pdf German_Privacy_Law_And_ITSecurity-_Stefan_Schumacher.pdf Hacking Cookies in Modern Web Applications_andBrowsers-_Dawid_Czagan.pdf How_To_Break_XMLEncryption-Automatically-_Juraj_Somorovsky.pdf LegalResponses AgainstCyber Incidents_-_Oscar_Serrano.pdf Not_so_SmartOn Smart_TVApps-_Marcus_Niemietz.pdf <a href=“https://deepsec.net/docs/Slides/2015/OSINT_Barncat_Mining_Malware_for_Intelligence_atScale-_John_Bambenek.pdf”>OSINT_Barncat___Mining_Malware_for_Intelligence_atScale-_John_Bambenek.pdf Revisiting_SOHO_RouterAttacks-_Jose_Antonio _Rodriguez_Garcia,_Ivan _Sanz_de_Castro,_Álvaro_Folgado_Rueda.pdf Yes,_Now_YOUCan Patch_That_VulnerabilityToo!-_Mitja_Kolsek.pdf ZigBee_SmartHomes_A_Hackers_OpenHouse-_Tobias_Zillner,_Florian_Eichelberger.pdf
Leer más

Presentaciones y vídeos de DefCamp #6

Pues para que no nos aburramos durante las vacaciones, aquí tenéis material nuevo. En este caso de DefCamp #6. A new Hope - CTF stories & IoT Hacking - Slide - Video Game of Hacks: Play, Hack & Track - Slide - Video (In)Security of Embedded Devices’ Firmware – Fast and Furious at Large Scale - Slide - Video IoT Security - Slide - Video IoT Security - Slide - Video From Hype Hangover to Happy Hacking: Shaping the World through Shaping Actions - Slide - Video A new Hope - CTF stories & IoT Hacking - Slide - Video What’s in a name?
Leer más

Material de Zero Nights 2015, incluido los talleres

Ya está disponible el material de la conferencia Zero Nights 2015. No sólo las de las charlas, sino también de los talleres! “A praise for hackers” “Hacking Virtual Appliances” “Browser Fuzzing with a Twist (and a Shake)” “Warranty Void If Label Removed - Attacking MPLS Networks” “Big problems with big data - Hadoop interfaces security” “Mathematical theory of input validation vulnerabilities and attacks” «Cisco IOS shellcode – all-in-one» “Introducing Choronzon: an approach to knowedgebased evolutionary fuzzing” “Samsung SmartTV: how-to to creating insecure device in today’s world” “Did you get your token?
Leer más

Material de HITB Singapur 2015

Ha sido publicado el material de la Hack In The Box de Singapur de este año 2015: CLOSING NOTE - Dhillon Kannabhiran.pdf D1 - Alfonso De Gregorio - Extortion and Cooperation in the Zero%c2%ad-Day Market.pdf D1 - Chris Rouland - Understanding the IoT from DC to 10Ghz.pdf D1 - Dawid Czagan - Hacking Cookies in Modern Web Applications and Browsers.pdf D1 - Julien Lenoir - Implementing Your Own Generic Unpacker.
Leer más

Presentaciones y vídeos de BruCON 0x07 - 2015

Ya se encuentran disponibles las presentaciones y los vídeos de BruCON 0x07 (2015). Creating REAL Threat Intelligence … with Evernote - L. Grecs (slides) Unified DNS View to Track Threats - Dhia Mahjoub & Thomas Mathew Desired state: compromised - Ryan Kazanciyan & Matt Hastings (slides) Shims For The Win - Willi Ballenthin & Jon Tomczak (slides) Hacking as Practice for Transplanetary Life in the 21st Century - Richard Thieme CVE-Search - Alexandre Dulaunoy & Pieter-Jan Moreels (slides) OSXCollector: Automated forensic evidence collection & analysis for OS X - Kuba Sendor (slides) Keynote - Looking Forward - Finding the right balance for INFOSEC - David Kennedy (slides) Advanced WiFi Attacks using Commodity Hardware - Mathy Vanhoef (slides) The .
Leer más