Skip to main content

Hack In The Box Security Conference



rss RSS

402
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 2,978

favorite 0

comment 0

IoT connected devices are being released at a staggering rate. According to Gartner it’s speculated that by the end of 2018, there will be 11.2 billion IoT devices currently connected at any given time. A large part of that connected ecosystem includes wireless speaker systems created by some of the largest manufacturers around the globe Looking closer at Sonos and Bose wireless speaker systems, this research looks to find flaws in these common household devices. This research analyzes the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, stephen hilt, trend...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 3,204

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=yAW49z4vHns Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies

eye 10

favorite 0

comment 0

Over the years, ring-0 vulnerabilities in mobile devices have become increasingly difficult to find and exploit. Attackers and defenders alike must find new attack vectors, as well as develop tools to expedite the research process and increase coverage. One significant challenge is a more confining sandbox. While vendors usually put less emphasis on the security of mechanisms which are not operable from within the sandbox, sandboxing applications appropriately is not always that easy. This talk...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, adam donenfeld, ios,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 31

favorite 0

comment 0

Most of today’s buildings use a variety of intelligent building systems to manage a wide variety of equipment. Companies such as Siemens, ABB, and Schneider Electric have introduced their own intelligent building products. At present, the communication protocols mainly used in the intelligent building industry are the KNX protocol for the industrial field and the ZigBee protocol for the household field. KNX is a standardized OSI-based network communications protocol for home and building...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hacking, intelligent...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 40

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Since the first iPhone in 2007, the baseband that Apple uses for cellular communications has evolved in terms of both...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 23

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: With the astonishing rate of new and modified malware samples being released daily, automation of analysis is needed to classify and cluster together similar samples, exclude basic and uninteresting variations, and focus costly manual analysis work on novel and interesting features (e.g., added or remove pieces of code with a given semantic). We will discuss the challenges in analyzing large...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hackers, hacking,...
Hack In The Box Security Conference
movies

eye 37

favorite 0

comment 0

Critical mobile applications often implement complex security features in order to protect their data and functionalities. Periodical challenge-response checks aimed at verifying the signature of the application files and preventing requests sent outside the mobile application (that stops for example the web application scanners), encryption of the body of the POST requests and responses with a combination of symmetrical and asymmetrical encryption, custom encryption functions used to encrypt...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Piergiovanni Cipolloni,...
Hack In The Box Security Conference
movies

eye 33

favorite 0

comment 0

In the past few years, data only kernel exploitation has been on the rise, since 2011 abusing and attacking Desktop heap objects, to gain a higher exploit primitives, was seen in many exploits. Moving forward to 2015 the focus has changed to GDI subsystem, and the discovery of the GDI Bitmaps objects, abuse, as well as in 2017 the GDI Palettes object abuse technique was released at DefCon 25, all of these techniques aim to, gain arbitrary/relative kernel memory read/write, to further the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, commsec, amsterdam,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 44

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: The backbones of our digital lives, the ISPs and Telecom operators, have never been secure. Their "closed garden" security model has always been a fallacy and the reality on the ground paints a much bleaker picture. Why are they constantly getting hacked, and sometimes discovering it many years later or not at all? This presentation will give a broad perspective on the security of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, telco, hackers, hacking,...
Hack In The Box Security Conference
movies

eye 33

favorite 0

comment 0

Every modern computer system based on Intel architecture has Intel Management Engine (ME) – a built-in subsystem with a wide array of powerful capabilities (such as full access to operating memory, out-of-band access to a network interface, running independently of CPU even when it is in a shutdown state, etc.). On the one hand, these capabilities allow Intel to implement many features and technologies based on Intel ME. On the other hand, it makes Intel ME a tempting target for an attacker....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, maksim malyutin, dmitriy...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 28

favorite 0

comment 0

In this talk I will be discussing the tactics used by APTs and Nation State threat actors. Starting with the basics of who is responsible for attacks we will move swiftly on to the top 2% of attacks which can be classed as APTs: State Sponsored Hackers, Organised Crime and Intelligence Services. I will briefly cover the history of industrial espionage starting with the theft of Lockheed Martin’s jet designs and the subsequent suspiciously similar MIG which was produced in 1998. Moving on I...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec, apt
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 27

favorite 0

comment 0

Perf has been added into Linux kernel since 2.6.3x to provide a framework for all things performance analysis. It covers hardware level (CPU/PMU, Performance Monitoring Unit) features and software features (software counters, trace points) as well. Among the supported perf measurable event list, there is a small set of common hardware events monikers which get mapped onto an actual events provided by the CPU, if they exists, otherwise the event cannot be used. So there is no surprise CPU...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, perf,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 14

favorite 0

comment 0

CTF contests are designed to serve as an educational exercise to give participants experience in securing machines, as well as conducting and reacting to the sort of attacks found in the real world. Reverse-engineering, network sniffing, protocol analysis, system administration, programming, and cryptanalysis are all skills which are generally refined and tested through CTFs. Facebook has recently launched a new open-source Capture the Flag platform, a standalone CTF site that can be used by...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
Hack In The Box Security Conference
movies

eye 25

favorite 0

comment 0

In a world where governments are demanding exceptional (and unprecedented) access to systems under the guise of national security and the looming specter of terrorism, recent events have resurfaced the conflict between privacy and security. While some believe this to be a new battle of the Internet age, it’s just a continuation of the unending crypto war between technologists and law enforcement. Mr Adams will give a brief overview of the recent FBI vs. Apple debate, how companies with large...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, keynote
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 21

favorite 0

comment 0

Presentation Title Hacking Androids for Profit Presentation Abstract We will reveal new threats to Android Apps, and discuss known and unknown weaknesses in the Android OS and Android Market. This presentation will offer insight into the inner working of Android apps and the risks any user faces when installing and using apps from the marketplace. We will reveal previously undisclosed vulnerabilities in vendor apps installed on millions of US mobile phones and techniques to evade all available...
Topics: Youtube, video, Science & Technology, Hacking, Androids, for, Profit, Riley, Hassell
Hack In The Box Security Conference
movies

eye 14

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=EO0DxgZhz_g Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 50

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Performing security analysis of iOS applications is a tedious task -- there is no source code and there is no true emulation available. Moreover, communication is usually signed or encrypted by the application, leaving the standard tampering and injection attacks worthless. Needless to say, time spent on testing such applications increases substantially due to the fact that not every...
Topics: Youtube, video, Science & Technology, ipod, Netherlands, tampering, inalyzer, injection,...
Hack In The Box Security Conference
movies

eye 55

favorite 0

comment 0

Attacks targeting connected cars have already been presented in several conferences, as well as different tools to spy on CAN buses. However, there have been only a few attempts to create “something similar” to a useful backdoor for the CAN bus. Moreover, some of those proofs of concept were built upon Bluetooth technology, limiting the attack range and therefore tampering its effects. Now we are happy to say, “those things are old”! We have successfully developed a hardware backdoor...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, sheila ayelan berta,...
Hack In The Box Security Conference
movies

eye 49

favorite 0

comment 0

PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Since cookies store sensitive data (session ID, CSRF token, etc.) they are interesting from attacker’s point of view. As it turns out, quite many web applications (including sensitive ones like bitcoin platforms) have cookie related vulnerabilities that lead for example to user impersonation, remote cookie tampering, XSS and more. Developers tend to forget that multi-factor authentication will not help when...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 26

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=ao-DcP6jvvs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies

eye 29

favorite 0

comment 0

Since it’s introduction at WWDC in 2014 Swift has progressed significantly as a language and has seen increased adoption by iOS and OSX developers. Despite this, information pertaining to reverse engineering Swift applications is sparse and not openly discussed. This talk will dive into the Swift language and explore reverse engineering Swift apps from a security perspective. Topics that will be covered include quick intro to Swift from a pen testers perspective, various methods for obtaining...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, swift, apple,...
Hack In The Box Security Conference
movies

eye 25

favorite 0

comment 0

With security as one of its design fundamentals, Microsoft Edge browser is one of the most secure browsers around. How difficult is it to find remote code execution exploits in the Edge browser? To answer this question we spent time researching various attack surfaces in the Edge browser and came away with an answer – go in through the ChakraCore engine. ChakraCore is the core of Microsoft’s next generation Javascript Engine that powers Microsoft Edge. Since it is open sourced, we can...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Long Liu, linan hao,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 34

favorite 0

comment 0

PRESS RELEASE Company: Hack In The Box / HITBSecConf Date of Issue: 10th April 2013 Release Summary: Members of the @Evad3rs will hold a press conference at the fourth annual Hack In The Box Security Conference on the 11th of April at the Okura Hotel, Amsterdam. The press conference will focus on their renowned evasi0n jailbreak and will also be streamed live. URL: http://conference.hitb.org/hitbsecconf2013ams/evad3rs-press-conference/ Evad3rs Press Conference at HITBSecConf2013 -- Amsterdam...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, press conference, press...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 20

favorite 0

comment 0

KEYNOTE MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ KEYNOTE ABSTRACT: Reading the headlines today, we see that security issues frequently involve employees, their accounts, and their machines. And yet many security professionals view their employees as a lost cause. Between bad passwords, phishing, and lost machines, these users seem to present unbounded risk. And managing that risk often creates tensions between business needs and security needs. In this keynote I'll...
Topics: Youtube, video, Science & Technology, bob lord, twitter, phishing, experimental results, hitb,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 37

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Amazon Web Services has emerged as one of the fastest growing companies in the past five years, and is increasingly...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 41

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Unified Extensible Firmware Interface or UEFI, is the result of a common effort from several manufacturers and industry stakeholders based on an initiative from Intel. It is a new software component or 'middleware' interposed between the hardware and the operating system designed to replace the traditional aka old BIOS. This presentation is a study of the overall architecture of UEFI from a...
Topics: Youtube, video, Science & Technology, esx, kaczmarek, hitbsecconf, sebastien kaczmarek,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 28

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: The online threat landscape does not stand still. One of the best ways to understand the threats is to understand the attackers and their motives. Mikko Hypponen divides the attackers into three main groups: Criminals, Hactivists and Nation-states. What makes them tick? More importantly, where are they going? ABOUT MIKKO HYPPONEN Mikko Hypponen is the Chief Research Officer for F-Secure. He...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, f-secure, behind enemy...
Hack In The Box Security Conference
movies

eye 33

favorite 0

comment 0

There is no doubt that mobile contactless payments has grown exponentially and Host Card Emulation – the possibility to emulate payment cards on a mobile device, without dependency on special Secure Element hardware, has also significantly boosted the number of applications. HCE support for Android is usually delivered as an external, certified “black-box” library to compile in your application. Obviously vendors promise “highest level of security” – including: card data...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Slawomir Jasek, android,...
Hack In The Box Security Conference
movies

eye 28

favorite 0

comment 0

In 2005 an incredible story called the ‘Athens Affair’ exposed an advanced telco hack obviously carried out by a state actor. The sophistication of the attack came as a huge surprise in a pre-Snowden world. To this day the case was never solved, even though it involved phone tapping of government officials and resulted in the suspicious death of a key witness. Whoever did this was never heard from again. Until now. During a routine security audit of a mobile network operator, suspicious...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, emmanuel gadaix, emx,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 23

favorite 0

comment 0

In 2017, personal data of millions of Malaysians was found breached online. Local authorities were silent, and so too the ISPs who owned the data. I launched a site, sayakenahack.com, that allowed users to check if they were victims. The site made front page news, only to be blocked by the government on noon the same day. The session starts with the Chronology of the breach, beginning with the report from Lowyat.net about a user trying to sell personal data on their forums. It follows on with...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, keith rozario, hitbgsec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 22

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Whether you are a consultant or a software engineer, you have probably realized by now that we're not really making a lot of progress on server-side web security. Consultants benefit from the resulting job security and developers want to focus on building awesome technology without spending a lot of time and energy building reusable security solutions, which are hard. Come and hear about the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, google, kydyraliev, web...
Hack In The Box Security Conference
movies

eye 20

favorite 0

comment 0

Securing vehicles is a complex challenge. Their increased connectivity leave them to a wide attack surface. The diversity in the technologies used also requires to develop different security assessment techniques. From an attacker’s point of view, one difficulty is the manufacturer-specific nature of the technologies used. The automotive industry is a complex ecosystem, composed of different OEMs and suppliers, at different levels of the production chain. This variety of actors lead to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, keisuke hirata, autosec,...
Hack In The Box Security Conference
movies

eye 85

favorite 0

comment 0

Many of today’s cars have upgraded from the old RKE (remote keyless entry) keyfob to PKE (passive keyless entry) system making it more convenient for end users. A car equipped with the PKE system allows the driver to unlock the car by being in proximity of the vehicle or by touching the handle of the door while in possession of the keyfob. In addition, PKE equipped vehicles can be started and driven without the driver inserting the key into the keyhole manually. (For a better understanding of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jun li, qing yang,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 22

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: IPv6 is creeping slowly into the ISP and telco network, so it is final time to present on new security issues in IPv6 as well as showing the professionals how to audit and hacking it. All accompanied with GPL tools to do the deeds: the new thc-ipv6 package. rewritten, expanded, enhanced. ABOUT VAN HAUSER Marc "van Hauser" Heuse is performing security research since 1993, having...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ipv6, thc, van hauser,...
Hack In The Box Security Conference
movies

eye 41

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: "Doesn't matter what you see, Or into it what you read, You can do it your own way, If it's done just how I say..." -- Eye Of The Beholder, Metallica Low cost IP surveillance cameras are becoming increasingly popular among households and small businesses. As of January 2013 Shodan (www.shodanhq.com) shows close to 100000 cameras active all over the world. Despite the fact that there...
Topics: Youtube, video, Science & Technology, backdoor, hitb2013ams, web application, firmware hacking,...
Hack In The Box Security Conference
movies

eye 37

favorite 0

comment 0

From the ’60s and ’70s, the hacker community started to design tools and procedures in order to take advantage of telephone networks (such as blue boxes, phreaking, etc.). These old school hacking techniques are coming back with the commercialization of cheap open hardware which establish new threats. In this talk, we are going to contextualize some phreaking practices and introduce new threats including a way to modify the behaviour of GSM (Global System for Mobile Communications) antennas...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Jorge Cuadrado Saez,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 38

favorite 0

comment 0

Security features and improvements introduced in Windows and other Microsoft products over period of time have made it more difficult and costly to exploit software vulnerabilities. The various mitigation technologies that have been created as a result have played a key role in helping to keep people safe online and defend against state of the art in software exploitation. In this presentation, I will walk through new data driven approach used by Microsoft to tackle software security and some...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, commsec,...
Hack In The Box Security Conference
movies

eye 20

favorite 0

comment 0

Presentation Title Chip & PIN is Definitely Broken: Protocol and Physical Analysis of EMV POS Devices Presentation Abstract The EMV global standard for electronic payments is widely used for inter-operation between chip equipped credit/debit cards, Point of Sales devices and ATMs. Following the trail of the serious vulnerabilities published by Murdoch and Drimer's team at Cambridge University regarding the usage of stolen cards, we explore the feasibility of skimming and cloning in the...
Topics: Youtube, video, Science & Technology, Chip, PIN, is, Broken, Protocol, and, Physical, Analysis,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 36

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Heard of the Shodan Computer Search Engine? This young project scans the Internet IPv4 space, collects banners from exposed systems' services, and places them in a searchable database. The impact of Shodan over the past few years is significant, with multiple DHS ICS-CERT advisories on exposed systems, several hacker conference talks, and valuable integration into other tools like Metasploit....
Topics: Youtube, video, Science & Technology, gas pumps, tv station, computer search engine, shodan,...
Hack In The Box Security Conference
movies

eye 33

favorite 0

comment 0

Have you left your iPad unattended in a hotel room? Or perhaps, have seen an unattended iPad in locations like a coffee shop? All it takes is a brief moment of negligence for a third party to access them, and guess what, MILLIONS of people leave their iPads unattended everyday. iOS security features such as the passcode lock are typically sufficient to protect the data on the device from being retrieved or manipulated. However, near to nothing is known about the security risk of the accessories...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, stefan esser, apple,...
Hack In The Box Security Conference
movies

eye 25

favorite 0

comment 0

KVM-Qemu and Docker containers are important components of virtualization technology and are widely used by mainstream cloud vendors. KVM-Qemu is a full virtualization solution for Linux on x86 hardware which contains virtualization extensions (Intel VT or AMD-V) and devices emulated by QEMU in user components. Docker is an open-source and light-weight project that automates the development of applications inside software containers by providing an additional layer of abstraction and automation...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, qihoo360,...
Hack In The Box Security Conference
movies

eye 13

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ In the past, researchers who reported security-bugs feared that the companies affected wouldn't take this report in a...
Topics: Youtube, video, Science & Technology, google, bug bounty, hitb, hitb2012ams, hitbsecconf,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 33

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Behind every successful exploit is a good delivery mechanism. This talk combines my research in exploit writing, browser and PDF exploitation, web hacking and old school data representation techniques, bringing you a slew of creative and innovative tricks and techniques to send exploits successfully to the victim's doorstep. Never before has the fine art of packaging been more important when...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, exploit, exploit...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 23

favorite 0

comment 0

How do you identify the weakest links in your IoT network? How do we justify cost and benefits of security mitigation measures in a digital manufacturing plant? In this talk, we will share about our innovative approach to quantitatively measure the vulnerability and damage of the Confidentiality, Integrity and Availability (CIA) of data. Our work based on critical infrastructures is applicable to IoT and SCADA networks. Manufacturing enterprises will be able to fine tune their cyber security...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, SIMON ENG, lim eng woei,...
Hack In The Box Security Conference
movies

eye 30

favorite 0

comment 0

The Common Language Runtime (CLR), the virtual machine component of Microsoft’s .NET Framework, manages the execution of .NET programs, which runs the code and provides services that make the development process easier. Microsoft also integrated CLR for its products, E.g SQL Server, Office etc. We have studied CLR since last month. And we found these features could lead to several attack surface. In this talk, we first introduce managed execution environment and managed code under .NET...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Yu Hong, Shikang Xing,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 30

favorite 0

comment 0

Modern Intel CPUs allow using JTAG-like interface through USB 3.0, it available on numerous platforms. These make it possible to control a system totally, making the technology attractive not only for debugging and research. Starting with Skylake, Intel introduced Direct Connect Interface(DCI) technology, and you can find a rather superficial description of it in the docs. Exist two types of connection: using a specific device, the so-called Intel SVT Closed Chassis Adapter, or a common USB3...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, mark ermalov, maxim...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 22

favorite 1

comment 0

Source: https://www.youtube.com/watch?v=3cFCs6YkwMs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 30

favorite 0

comment 0

We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections. We propose a new exploit technique that brings a whole-new attack surface to bypass SSRF (Server Side Request Forgery) protections. This is a very general attack approach, in which we used in combination with our own fuzzing tool to discover many 0days in built-in libraries of very widely-used programming languages, including Python, PHP, Perl, Ruby, Java,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, orange tsai, ssrf,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 22

favorite 0

comment 0

Technology has transformed nearly every segment of our lives and will continue to dramatically impact the future. From transportation, to medicine, to communication, technology underpins every aspect of how we interact with the world, and with each other. However, every day we see examples of critical security failures impacting technology, and ultimately our lives. The fundamentals of security may be simple, but the implementation is far from it. There is a massive interconnection of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, michael coates, keynote,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 36

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Cuckoo Sandbox is an open source automated malware analysis system. It started as a Google Summer of Code 2010 project...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 26

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ CXML and VXML languages are used to power IVR applications. IVR systems are often seen in Phone Banking , Call Center...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 28

favorite 0

comment 0

Long gone are the days of easy command shells through PowerShell. Defenders are catching more than ever, forcing red teamers to up their game in new and innovative ways. This presentation will explore several new OSINT sources, techniques, and tools developed to accelerate and assist in target asset discovery and profiling. We will discover how some new advances in EDR has changed the general landscape of more mature organisations, and how red team tactics and procedures have been modified to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, vincent yiu, killchain,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 38

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Come hear the history behind Megaupload, plus insight into Mega API and the 'new Mega' -- why, how and most importantly, when. ABOUT EMMANUEL GADAIX Emmanuel started working in the mobile telecommunications industry in the early 90′s while following an advanced late-night curriculum in in-band signalling. Distressed by the apparent death of phreaking due to the introduction of the SS7...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, legality, hackers,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 24

favorite 0

comment 0

One of the most insidious actions of malware is abusing the video and audio capabilities of an infected host to record an unknowing user. Macs of course, are not immune; malware such as OSX/Eleanor, OSX/Crisis, and others, all attempt to spy on OS X users. And as was recently shown by the author, more advanced malware could piggyback into legitimate webcam sessions in order to covertly record the local user. As there are no visible indications of this malicious activity (as the LED light is...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, patrick wardle, synack,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 34

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Cloud services such as Amazon's EC2 and IBM SmartCloud allow users to create and share virtual images (AMIs) with...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 23

favorite 0

comment 0

PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: In this talk we will trace the evolution of politically motivated targeted malware attacks in Asia and (diaspora groups related to Asia) over the past five years. We have been tracking targeted attack campaign attacks against human rights groups, independent media organizations, and political parties in communities related to Hong Kong, China, and the Tibetan diaspora. Through cluster analysis we identify a...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
movies

eye 35

favorite 0

comment 0

Blog Post: https://www.vantagepoint.sg/blog/73-does-security-by-obscurity-work Cloning a VASCO DIGIPASS instance using config file and device data. 1. The attack requires root access to the device 2. The version shown is a demo version of DIGIPASS available on the Play Store. According to the vendor, the production version contains additional security measures not included in the demo. For the full analysis and vendor response please read the paper. To prevent this kind of attack: 1. Always...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, banking tokens,...
Hack In The Box Security Conference
movies

eye 19

favorite 0

comment 0

PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Operators depend on their vendors to supply products and solutions that are secure. As all operators have experienced, “secure products” is almost always a vendor afterthought. This leads to operator risk that in some cases turn deadly. We will explore realistic expectations for “vendor security.” These expectations are based on 25 years of operator and vendor experience – with direct experience on...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 34

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Human societies run on trust. Every day, we all trust millions of people, organizations, and systems — and we do it so easily that we barely notice. But in any system of trust, there is an...
Topics: Youtube, video, Science & Technology, hitb2012ams, hitb, hitbsecconf, amsterdam, netherlands,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 24

favorite 0

comment 0

PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Security is a property of human outcomes, not technical systems. The security community understands how to think about the security of code and is learning how to think about the security of large systems, but has barely begun to start to think about how to improve security outcomes for humans. Security for humans affects the entire software development and deployment lifecycle, but it’s most strongly...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
movies

eye 36

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=Dn3jb2BBBCE Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 20

favorite 0

comment 0

Protection mechanisms running in the kernel-level (Ring 0) cannot completely prevent security threats such as rootkits and kernel exploits, because the threats can subvert the protections with the same privileges. Protections need to be provided with higher privileges. Creating Ring -1 is plausible using VT such as ARM TrustZone, Intel VT-x, and AMD AMD-v. The existing VT (Virtualization Technologies) has support to separate worlds in a host (secure world, ring -1) and a guest (normal world,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, seunghun han, shadow...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 41

favorite 0

comment 0

What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks have in common? Vulnerable wireless protocols. Exploitation of wireless devices is growing increasingly common, thanks to the proliferation of RF protocols driven by mobile and IoT. While non-Wi-Fi and non-Bluetooth RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. Join us as we walk through the fundamentals of radio exploitation. After...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, matt knight, marc...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 24

favorite 0

comment 0

When an end user reports some “strange looking file names”, which, after investigating, you discover include several hundreds of Gigabytes of encrypted data, you of course know you are going to have a bad day. Your AV solution has failed you, your firewall has failed you, and your SIEM has failed you. Basically every piece of security infrastructure you have put your trust (and money) into has left you out in the cold and you thank (deity of choice) that at least the nightly backup was...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 21

favorite 0

comment 0

Keynote 2 @ HITB2010 Malaysia presented by Paul Vixie on Taking Back the DNS Source: https://www.youtube.com/watch?v=k5DbNgEXDHo Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
movies

eye 28

favorite 0

comment 0

Our talk will focus on challenges of cyberattack investigation, explain why we have constantly emerging level of cybercrime worldwide and propose a solution to increase efficiency of future cyberattack investigators. Our presentation includes technical details and architecture of a tool that we use to conduct remote digital forensic analysis. Moreover, not only we reveal the internals of the tool, but will introduce a way to build your own tool for remote incident analysis. Our solution is an...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, wayne lee, vitaly...
Hack In The Box Security Conference
movies

eye 13

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=agSPx_p-KI8 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies

eye 17

favorite 0

comment 0

This talk will provide an in-depth treatment of satellite telephony networks from a security perspective. The overall system seems secure, but in reality, it cannot be expected to be fully reliable. We will briefly cover the satellite mobile system architecture, then discuss GMR (GEO-Mobile Radio) system elements, e.g. GSS (Gateway Station Subsystem), MES (Mobile Earth Station), AOC (Advanced Operation Center), and TCS (Traffic Control Subsystem) for GMR-1 systems and NCC (Network Control...
Topics: Youtube, video, Science & Technology, Satellite, Telephony, Security, What, is, and, Will,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 21

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Windows 7 introduced many new security mechanisms regarding the use of the front end allocator. In an attempt to...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies

eye 22

favorite 0

comment 0

Fake president scams are on the rise. Fraudsters use fake identities to impersonate leaders of a company and trick employees to transfer large sums of money to the fraudster. More often than not, the transferred money is deposited from the target bank accounts within minutes, and the victim organizations are left with the damage. This talk discusses the psychology behind fake president scams, guides through recent, prominent cases and proposes solutions both to prevent such scams and to...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, fraud,...
Hack In The Box Security Conference
movies

eye 13

favorite 0

comment 0

Web browser security is a hot and important research area. If a web browser is vulnerable, users can be affected by malware without their knowledge, or give the attacker control over their machines. In this presentation, we will introduce methods to find vulnerabilities in Javascript Engines for web browsers via fuzzing. We will talk about creating components for the fuzzer, and generating Javascript syntax efficiently. We will also reveal our own crash classification method and parallel...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Jeonghoon Shin, areum...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 25

favorite 0

comment 0

This presentation will tackle both red teaming methodologies and threat modeling for industrial control system and the presenter will showcase security-in-depth where “air-gap” is not possible to implement within the organization to battle against both insider and cyber threats’ using sophisticated tools, techniques, and procedures. Along with this, various industries best practices and compliance will be shared on this talk to ensure nothing will be miss-out in addressing the OT network...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, mike rebultan, ics,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 32

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Almost every recent higher class DSLR camera features multiple and complex access technologies. For example, CANON's new flagship features IP connectivity both wired via 802.3 and wireless via 802.11. All big vendors are pushing these features to the market and advertise them as realtime image transfer to the cloud. We have taken a look at the layer 2 and 3 implementations in the CamOS and...
Topics: Youtube, video, Science & Technology, Canon (company), daniel mende, Hitb2013ams, canon camera,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 36

favorite 0

comment 0

The past few years have seen a leap in fuzzing technology. The original paradigm established a decade ago resulted in two widely deployed approaches to fuzzing: sample based mutation and model based generation. Thanks to ever-increasing computational performance and better engineering, newer guided fuzzing approaches have proven to be supremely effective with a low cost of deployment. This talk will explore a few different approaches to guided fuzzing through dynamic analysis including code...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, fuzzing,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 23

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware. Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, bsdaemon, rodrigo rubira...