Presentaciones de CanSecWest 2016

• April 14, 2016
• tuxotron

Ya se ha publicado el material de las presentaciones dadas en CanSecWest 2016, celebrada en Vancouver, Canadá: Csw2016 freingruber bypassing_application_whitelisting Csw2016 chen grassi-he-apple_graphics_is_compromised Csw2016 song li-smart_wars Csw2016 tang virtualization_device emulator testing technology Csw2016 macaulay eh_trace-rop_hooks Csw2016 d antoine_automatic_exploitgeneration Csw2016 gawlik bypassing_differentdefenseschemes Csw2016 wang docker_escapetechnology Csw2016 gong pwn_a_nexus_device_with_a_single_vulnerability Csw2016 wheeler barksdale-gruskovnjak-execute_mypacket Csw2016 economou nissim-getting_physical Csw2016 chaykin having_funwithsecuremessengers_and_androidwear Csw2016 julien moinard-hardsploit Csw2016 evron sysman_apt_reports_and_opsec_evolution Csw2016 li xu-bad_winmail_and_emailsecurityoutlook_final Csw2016 nicolas joly-0_days_exploits_and_bug_bounties
Leer más

Material de Black Hat Asia 2016

• April 2, 2016
• tuxotron

Una de las conferencias sobre seguridad referente a nivel mundial, Black Hat, ya ha publicado el material de la edición Asia 2016. Devaluing Attack: Disincentivizing Threats Against the Next Billion Devices A New CVE-2015-0057 Exploit Technology asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology.pdf asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology-wp.pdf Android Commercial Spyware Disease and Medication asia-16-Saad-Android-Commercial-Spyware-Disease-And-Medication.pdf asia-16-Saad-Android-Commercial-Spyware-Disease-And-Medication-wp.pdf Automated Detection of Firefox Extension-Reuse Vulnerabilities Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces-wp.pdf Break Out of the Truman Show: Active Detection and Escape of Dynamic Binary Instrumentation asia-16-Sun-Break-Out-Of-The-Truman-Show-Active-Detection-And-Escape-Of-Dynamic-Binary-Instrumentation.
Leer más

Presentaciones de Troopers 16

• April 2, 2016
• tuxotron

Troopers, otra conocida conferencia sobre seguridad con sede en Alemania, ha publicado la mayoría de las presentaciones de la edición de este año (Troopers 16), celebrada el pasado mes de marzo. Opening Keynote Hiding your White-Box Designs is Not Enough Mind The Gap - Exploit Free Whitelisting Evasion Tactics Patch me if you can Attacking Next-Generation Firewalls Towards a LangSec-aware SDLC Preventing vulnerabilities in HANA-based deployments QNX: 99 Problems but a Microkernel ain't one!
Leer más

Vídeos de Black Hat Europe 2015

• March 9, 2016
• tuxotron

Después de las diapositivas, ya se han puesto disponible los vídeos de Black Hat Europe 2015: Keynote: What Got Us Here Wont Get Us There Bypassing Self-Encrypting Drives (SED) in Enterprise Environments Breaking Access Controls with Blekey Cybersecurity for Oil and Gas Industries: How Hackers Can Manipulate Oil Stocks Panel: What You Need To Know About The Changing Regulatory Landscape In Information Security Attacking The XNU Kernel In El Capitain Automating Linux Malware Analysis Using Limon Sandbox Even The Lastpass Will Be Stolen, Deal With It!
Leer más

Material de DeepSec 2015

• December 16, 2015
• tuxotron

Por si no tenéis material bastante para leer, aquí tenéis las diapositivas presentadas en DeepSec 2015: Agile_Security_The_Good,_The_Bad,_(and_Mostly)_The_Ugly_-_Daniel_Liber.pdf Bridging_the_Air-Gap_Data_Exfiltration_from_Air-Gap_ Networks_-_Yisroel_Mirsky.pdf Can_societies_manage_ the_SIGINT_monster_-_Duncan_Campbell.pdf Chw00t_How_To_Break Out_from_Various_Chroot_Solutions_-_Bucsay_Balazs.pdf Continuous_Intrusion_Why_CI_Tools_Are_an_Attacker's_Best_Friends_-_Nikhil_Mittal.pdf Cyber_Cyber_Cyber_Warfare___Mistakes_of_the_DoDs_-_Raoul Chiesa.pdf Deactivating_Endpoint_Protection_Software_in_an_Unauthorized_ Manner_-_Matthias_Deeg.pdf Extending_a_Legacy_ Platform_Providing_a_Minimalistic,_Secure_Single-Sign-On-Library_-_Bernhard_Goeschelberger,_Sebastian_Goettfert.pdf File_Format_Fuzzing_in_Android_-Alexandru_Blanda.pdf German_Privacy_Law_And_IT_Security_-_Stefan_Schumacher.pdf Hacking Cookies in Modern Web Applications_and_Browsers_-_Dawid_Czagan.pdf How_To_Break_XML_Encryption_-_Automatically_-_Juraj_Somorovsky.pdf Legal_Responses_ Against_Cyber_ Incidents_-_Oscar_Serrano.pdf Not_so_Smart_On_ Smart_TV_Apps_-_Marcus_Niemietz.pdf OSINT_Barncat___Mining_Malware_for_Intelligence_at_Scale_-_John_Bambenek.pdf Revisiting_SOHO_Router_Attacks_-_Jose_Antonio _Rodriguez_Garcia,_Ivan _Sanz_de_Castro,_Álvaro_Folgado_Rueda.pdf Yes,_Now_YOU_Can_ Patch_That_Vulnerability_Too!_-_Mitja_Kolsek.pdf ZigBee_SmartHomes_A_Hackers_Open_House_-_Tobias_Zillner,_Florian_Eichelberger.pdf
Leer más

Material de Zero Nights 2015, incluido los talleres

• December 7, 2015
• tuxotron

Ya está disponible el material de la conferencia Zero Nights 2015. No sólo las de las charlas, sino también de los talleres! “A praise for hackers” "Hacking Virtual Appliances" "Browser Fuzzing with a Twist (and a Shake)" "Warranty Void If Label Removed - Attacking MPLS Networks" “Big problems with big data - Hadoop interfaces security” “Mathematical theory of input validation vulnerabilities and attacks” «Cisco IOS shellcode – all-in-one» "Introducing Choronzon: an approach to knowedgebased evolutionary fuzzing"
Leer más

Presentaciones B-Sides Orlando 2015

• November 25, 2015
• tuxotron

Para los interesados en las charlas de B-Sides Orlando 2015, ya están disponibles en youtube. Aquí os dejo la lista: Closing Keynote - Day 1 - Dr Johannes Ullrich Judgement Day 2015-04-12 Tim Krabek-Getting Involved to Better the Future Michael Brown - The NIST Cybersecurity Framework is coming! Are you ready? Jonathan Echavarria-Hiding your attacks with misdirection like REDACTED Danny Chrastil - What I know about your Company Hacking LinkedIn Vikram Dhillon -Blockchain-as-a-service -BsidesOrlando 2015 Scott Arciszewski - Application Security Beyond Compliance Opening Keynote -Moses Hernandez Yo Dog!
Leer más

Presentaciones de Black Hat Europe 2015

• November 13, 2015
• tuxotron

Ya podemos acceder al material de la edición de este año de Black Hat celebrada en Amsterdam. What Got Us Here Wont Get Us There eu-15-Meer-What-Got-Us-Here-Wont-Get-Us-There.pdf (In-)Security of Backend-As-A-Service eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service.pdf eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service-wp.pdf A Peek Under the Blue Coat eu-15-Rigo-A-Peek-Under-The-Blue-Coat.pdf All Your Root Checks Belong to Us: The Sad State of Root Detection AndroBugs Framework: An Android Application Security Vulnerability Scanner eu-15-Lin-Androbugs-Framework-An-Android-Application-Security-Vulnerability-Scanner.pdf Attacking the XNU Kernel in El Capitain eu-15-Todesco-Attacking-The-XNU-Kernal-In-El-Capitain.pdf Authenticator Leakage through Backup Channels on Android eu-15-Bai-Authenticator-Leakage-Through-Backup-Channels-On-Android.
Leer más

Presentaciones de Ruxcon 2015

• November 6, 2015
• tuxotron

Aquí tenéis la lista de las presentaciones que se han publicados de Ruxcon 2015: DNS as a Defense Vector High Performance Fuzzing The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election MalwAirDrop: Compromising iDevices via AirDrop Broadcasting Your Attack: Security Testing DAB Radio In Cars Windows 10: 2 Steps Forward, 1 Step Back Practical Intel SMEP Bypass Techniques on Linux Advanced SOHO Router Exploitation Why Attacker's Toolsets Do What They Do SDN Security Window Driver Attack Surface: Some New Insights Abusing Adobe Reader¹s JavaScript APIs High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC VoIP Wars: Destroying Jar Jar Lync VENOM Fruit Salad, yummy yummy: An analysis of ApplePay A Peek Under The Blue Coat Automated Malware Analysis: A Behavioural Approach to Automated Unpacking Tasty Malware Analysis with T.
Leer más

Material de SecTor 2015

• November 4, 2015
• tuxotron

Ya está disponible el material (vídeos y diapositivas) de SecTor 2015. Maturing InfoSec: Lessons from Aviation on Information Sharing - Slides Automation is your Friend: Embracing SkyNet to Scale Cloud Security - Video Breaking Access Controls with BLEKey - Video Breaking and Fixing Python Applications - Video Slides Tools Complete Application Ownage via Multi-POST XSRF - Video Confessions of a Professional Cyber Stalker - Video Cymon - An Open Threat Intelligence System - Video Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing - Slides Hijacking Arbitrary .
Leer más