Skip to main content

Hacking and InfoSec stuff



rss RSS

1,122
RESULTS


More right-solid

Show sorted alphabetically

More right-solid

Show sorted alphabetically

More right-solid
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Hacking and InfoSec stuff
movies

eye 81

favorite 1

comment 0

This is a complete static analysis of the Shadow Hammer Stage 1 Setup.exe. The Ghidra project is available either as a shared project in the rManganese repository on the ghidra-server.org Ghidra server (see https://www.youtube.com/watch?v=ka4vGxLmr4w on how to use this repository) or as a download from https [://] anonfile [.] com [/] 57Uan9ifne [/] ShadowHammer_2019_04_24_gar (WARNING: This is real malware!). Materials used in the video: - Scripts: https://github.com/0x6d696368/ghidra_scripts...
Topics: Youtube, video, Education, 0x6d696368, Ghidra, malware analysis, ShadowHammer, shadow hammer,...
Hacking and InfoSec stuff
movies

eye 33

favorite 0

comment 0

For many CSOCs, there was a simpler time. A time when their security event collection and monitoring problems could, in theory, be solved by buying, installing, and optimizing one product. Today, life is not so simple. The SIEM marketspace started with many startups, consolidated to a handful of leaders, and has diversified again. Acquiring and operating an analytic platform for large and mature CSOCs is a major investment of time, money and effort. The best approach to common...
Topics: Youtube, video, Science & Technology, shmoocon 2018, shmoocon, hacking, CSOC, SIEM
Hacking and InfoSec stuff
movies

eye 36

favorite 0

comment 0

Many people have a plan to make it through the robopocalypse (robot apocalypse), but in this talk we put these plans to the test. We start our discussion with a quick overview of physical and social abilities of current robots, mainly as a way to inform the people that haven’t taken the time to think what their life might be like if robots were to take over. We follow this by doing live demos of robot physical and social engineering attacks, and some of the defenses that we have employed to...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, robopocalypse, robots
Hacking and InfoSec stuff
movies

eye 41

favorite 0

comment 0

The Controller Area Network (CAN) bus has been mandated in all cars sold in the United States since 2008. But CAN is terrible in many unique and disturbing ways. CAN has served as a convenient punching bag for automotive security researches for a plethora of reasons, but all of the available analysis tools share a shortcoming. They invariably use a microcontroller with a built-in CAN peripheral that automatically takes care of the low-level (ISO layer 1 and 2) communication details, and ensures...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, CAN bus
Hacking and InfoSec stuff
movies

eye 17

favorite 0

comment 0

With GDPR coming into effect on May 25, 2018, any organization handling EU citizen’s personal data should be prepared to comply with stricter privacy regulations or be ready to pay up to four percent of their global annual revenue in fines or €20,000,000. This is a substantial penalty for non-compliant companies, and does not focus just on companies based in Europe — it’s for ALL companies globally who do business in the EU. With just months remaining, the clock is ticking on companies...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, GDPR
A former CISO, a future CISO, and a hacker walk into a bar… a profound realization over cocktails: no kid dreams of being a CISO – nor should they. So we hatched a plan – send a Terminator unit back to the 90s and eliminate the role we know today, to save all humanity. We suck at robots and hot tub time machines are creepy so we settled on a Firetalk. As global spending on infosec is projected to eclipse $1 Trillion in the next 5 years, the failure rate will be near 100%. After 20+ years...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, firetalks
Hacking and InfoSec stuff
movies

eye 22

favorite 0

comment 0

For many years many of us “infosec” professionals have been working late into the midnight hours and enjoying certain libations as celebration of our wins and losses alike. In order to ensure everyone has the best possible options at their disposal, we are taking a journey together (a very, very fast one) to the north parts of the United Kingdom, and the near center of France. It’s not just Whiskey and Sparkling Wine, it’s Scotch and Bubbles (really Champagne)! Come join me on this...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, firetalks
Hacking and InfoSec stuff
by 0xdade
movies

eye 30

favorite 0

comment 0

Subtitle: A Cipher in Arlington National Cemetery Elonka Dunin, known for her website on the World’s Most Famous Unsolved Codes, discovered a cipher on one of the tombstones in Arlington National Cemetery. Not just any tombstone, it’s that of William and Elizebeth Friedman, two giants in the fields of cryptanalysis. In fact, William Friedman created the terms of cryptanalysis, and also of “index of coincidence”. Elizebeth, who had taught William about cryptography in the first place,...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, friedman tombstone
Hacking and InfoSec stuff
movies

eye 74

favorite 0

comment 0

Note: Audio is missing until the third minute in this video. This is from the source. Sorry for the inconvenience. As desktop and server security keeps raising the baseline for successful exploitation, IOT devices are still stuck in the 1990’s, despite their ubiquity in every home network. This, coupled with the trend of “monitor your devices from anywhere!”, is creating a time-bomb situation, in which millions of households are left vulnerable, regardless of any network security posture....
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, iot rce, disney
Hacking and InfoSec stuff
movies

eye 99

favorite 0

comment 0

Less than three years after the Equation Group was discovered backdooring hard drive firmware, courses on how to create such backdoored firmware are available to the public. New exploits in BIOS/UEFI that enable bypassing OS and Hypervisor protections have become commonplace. Once compromised, remediation is virtually impossible; malicious firmware is perfectly positioned to block the very updates that would remove it. Truly defending against these threats requires a different...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, securing hardware
Hacking and InfoSec stuff
movies

eye 83

favorite 0

comment 0

Four players, one moderator, two topics, and a bunch of unknowns. A few weeks ago we armed our players with two topics and asked them to research both sides. At the start of the hour they will draw a card out of a hat, letting them know which topic and which side of the argument they will be representing. Meant to be fun? Yes. But also a somewhat serious and (hopefully) educated look into some hot subjects of infosec debate. The Players: Wendy Nather, Jack Daniel, Jack Gavigan, Elizabeth...
Topics: Youtube, video, Science & Technology, shmoocon, hacking, shmoocon 2018, cryptocurrency, iot...
Hacking and InfoSec stuff
by 0xdade
movies

eye 29

favorite 0

comment 0

For thirteen years, we’ve chosen to stand up and share all the ins and outs and inner workings of the con. Why stop now? Join us to get the break down of budget, an insight to the CFP process, a breakdown of the hours it takes to put on a con like ShmooCon, and anything thing else you might want to talk about. This is an informative, fast paced, and generally fun session as Bruce dances on stage, and Heidi tries to hide from the mic. Seriously though–if you ever wanted to know How, When, or...
Topics: Youtube, video, Science & Technology, shmoocon, hacking, shmoocon 2018, 0wnthecon
Hacking and InfoSec stuff
by 0xdade
movies

eye 53

favorite 2

comment 0

Git is a widely-used Version Control System for software development projects. Because of the way Git works, “deleted” secrets don’t disappear from the filesystem. That means when a developer commits encryption keys, production passwords, or other secrets to the repository, removing them in a later commit won’t scrub them from the history. They live on in compressed plaintext on every developers’ machine, unless the history is rewritten. Grawler is a command line utility written in...
Topics: Youtube, video, Science & Technology, shmoocon, hacking, shmoocon 2018, AWS, Git hacking,...
Hacking and InfoSec stuff
by 0xdade
movies

eye 44

favorite 0

comment 0

Donna F. Dodson is the Chief Cybersecurity Advisor for the National Institute of Standards and Technology (NIST). She is also the Director of NIST’s National Cybersecurity Center of Excellence (NCCoE). Donna oversees ITL’s cyber security program to conduct research, development and outreach necessary to provide standards, guidelines, tools, metrics and practices to protect the information and communication infrastructure. In addition, Donna guides ITL programs to support both national and...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, keynote
Hacking and InfoSec stuff
movies

eye 46

favorite 0

comment 0

The information security community has long suffered from a lack of effective and affordable tools and techniques for locating radio devices. Many methods are available, but most of them require multiple radio receivers and/or physical motion of one or more antennas. Pseudo-doppler is an old technique that implements Direction Finding (DF) by rapidly switching between multiple fixed antennas connected to a single radio receiver. We have taken a modern approach to the implementation of...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, pseudo-doppler, SDR
Hacking and InfoSec stuff
by 0xdade
movies

eye 23

favorite 0

comment 0

https://creativecommons.org/licenses/by-nc-sa/4.0/ Source: https://www.youtube.com/watch?v=Djv2R2muHCg Uploader: 0xdade
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking
Hacking and InfoSec stuff
by 0xdade
movies

eye 52

favorite 0

comment 0

Note: The audio cuts out at 5:42 and doesn't pick up again until 10:32. It's like this in the source material. Sorry for the inconvenience. We don’t need a Cyber Moonshot; we’ve got enough already. Computing technology is enabling multiple concurrent revolutions, in biotechnology, manufacturing, robotics, AI, and literal rocket engineering. These are our Moonshots, fueled by governments, companies, and tinkerers, powering the growth engine of the global economy and reshaping society. Our...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, firetalks
Researching embedded devices is not always straightforward, as such devices often vastly differ from one another. Such research is difficult to repeat and results are not easily comparable because it is difficult to conceive a standard approach for analysis. This document proposes an initial research methodology for vulnerability analysis that can be applied to any embedded device. This methodology looks beyond preliminary research findings, such as open ports and running services, and takes a...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, embedded device, trommel
You’re arrested and your phone is held up to your face to be unlocked by the arresting officer, then sent to a forensics lab. Dystopian future or one where FaceID collides with weak self-incrimination protections for biometrics? This talk will explain how your 4th and 5th Amendment rights interact with advances in biometric technology. Along the way it will offer design suggestions for creators of mobile devices and tips to end users. Wendy Knox Everette (@wendyck) is a hacker lawyer who...
Topics: Youtube, video, Science & Technology, shmoocon, hacking, shmoocon 2018, civil rights
Hacking and InfoSec stuff
movies

eye 16

favorite 1

comment 0

https://creativecommons.org/licenses/by-nc-sa/4.0/ Source: https://www.youtube.com/watch?v=VOUqD8H2ZSs Uploader: 0xdade
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking
Hacking and InfoSec stuff
movies

eye 35

favorite 0

comment 0

Complete title: Everything You Wanted to Know About Creating an Insider Threat Program (But Were Afraid To Ask) Oh no! You just got tasked with creating THE Insider Threat Program for your organization! Where do you start? How do you start? This is the quickie speed brief I gave an old mentor at Starbucks recently. Tess Schrodinger (@TessSchrodinger) is a jack of all trades and a master of some. She has spoken at a variety of security conferences on such topics as counter-intelligence, insider...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, firetalks
Hacking and InfoSec stuff
movies

eye 39

favorite 0

comment 0

This talk is an encapsulation of implemented solutions for achieving common requirements when constructing software designed to perform long term covert intelligence gathering. It is a “grab bag” of “tips and tricks” developed and or abstracted from previous works by the presenter in a variety of intelligence gathering operations, none of which will be specifically disclosed. Full source code (almost all of it written in Golang) will be provided for tactic snippets, as well as several...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, vyrus, malware
Hacking and InfoSec stuff
movies

eye 40

favorite 0

comment 0

Subtitle: Forensic Manipulation of Fitness App Data. Hard core athletes and wannabes alike use the Strava app to track their runs, bikes, swims, and more. Most athletes compete, nay, fight to the death for the top “leaderboard” spot on a given segment of a run. Want to be the fastest down the Mall? Want to outpace professional marathon runners in the Marine Corp Marathon? Without ever tying your shoe laces? Let me show you the hacker’s way up the leaderboard. By examining and manipulating...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, strava, fitness apps
Hacking and InfoSec stuff
movies

eye 26

favorite 0

comment 0

Complete Title: Time Signature Based Matching for Data Fusion and Coordination Detection in Cyber Relevant Logs The ability to detect automated behavior within cyber relevant log data is a useful tool for the network defender, as malicious activity executed by scripts or bots is likely to leave behind identifiable traces in logs. This paper presents a methodology for detecting certain types of automated activity within logs based on matching observed temporal patterns. This methodology is...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, data fusion,...
Hacking and InfoSec stuff
movies

eye 36

favorite 0

comment 0

Higher education institutions have started heavily investing in cybersecurity education programs for STEM (Science, Technology, Engineering, and Mathematics) disciplines. These programs offer standard courses, such as network security, forensics, penetration testing, intrusion detection and recovery. To offer a holistic experience, these programs also include courses on business systems lifecycle, data analytics, auditing, investigation, and cyberlaw. Little, however, is being done to...
Topics: Youtube, video, Science & Technology, shmoocon, hacking, shmoocon 2018, cybersecurity education
Hacking and InfoSec stuff
by 0xdade
movies

eye 44

favorite 0

comment 0

A (slightly irreverent) look at the most important laws, cases, regulations, and legally relevant (or, in some cases, irrelevant) cybersecurity issues during the most recent year–and maybe a little farther back if the item is particularly outrageous. Just the basic topic and fundamental principles are highlighted–most original legal texts are so complex–who would read them all the way through? Prior to moving to Texas, Professor Steve Black (@legalh4ck3r) taught at BYU, UNH, LSU, Syracuse...
Topics: Youtube, video, Science & Technology, hacking, shmoocon, shmoocon 2018, cyberlaw
JA3 is an open source SSL/TLS client fingerprinting tool developed by John Althouse, Josh Atkins, and Jeff Atkinson. Since it’s release a few months ago in a blog post, it has gained wide adoption across the industry and we’ve seen conference talks highlighting it’s features. However, there’s been some confusion on it’s capabilities and how best to utilize it. So, then, it’s about time we do a talk on JA3 and what it can really do. In this talk we will show the benefits of SSL...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, JA3, ssl
Hacking and InfoSec stuff
movies

eye 63

favorite 0

comment 0

With the demise of dtrace on macOS, and Apple’s push to rid the kernel of 3rd-party kexts, another option is needed to perform effective auditing on macOS. Lucky for us, OpenBSM fits the bill. Though quite powerful, this auditing mechanism is rather poorly documented and suffered from a variety of kernel vulnerabilities. In this talk, we’ll begin with an introductory overview of OpenBSM’s goals, capabilities, and components before going ‘behind-the-scenes’ to take a closer look at...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, openbsm, macos
Hacking and InfoSec stuff
movies

eye 25

favorite 0

comment 0

Revisiting past CVEs can be a useful tool for finding patterns, to increase our critical thinking, gain knowledge in techniques that have been previously used, and to increase our skills to eventually be able to contribute to the wider security community. In addition, when a known exploit currently exists for a CVE, and our experiments yield different results from the known exploit, we must practice our critical thinking skills to determine the discrepancies, and to determine if any unstated...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, CVEs
Domain generation algorithm (DGA) malware makes callouts to unique web addresses to avoid detection by static rules engines. To counter this type of malware, we created an ensemble model that analyzes domains and evaluates if they were generated by a machine and thus potentially malicious. The ensemble consists of two deep learning models – a convolutional neural network and a long short-term memory network, both which were built using Keras and Tensorflow. These deep networks are flexible...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, malware detection
Hacking and InfoSec stuff
by 0xdade
movies

eye 31

favorite 0

comment 0

The command line hexadecimal editor, disassembler and debugger radare2 can be an invaluable reverse engineering tool. Even users of IDA Pro can find use in radare2 when it comes to odd file formats and getting a second opinion from a different disassembly engine. The biggest barrier to easy adoption of radare2 is the funky command sequences it employs. What if we threw a chatbot on top of it, so folks could type in detailed questions about a binary and get reasonable answers? What if we put a...
Topics: Youtube, video, Science & Technology, radare2, shmoocon, shmoocon 2018, hacking
Hacking and InfoSec stuff
by 0xdade
movies

eye 39

favorite 0

comment 0

Subtitle: A Tool to Crawl the Graph of SSL Certificate Alternate Names using Certificate Transparency SSL Certificates and Certificate Authorities are the backbone of how secure communication works online for most secure protocols these days. This has worked well for quite some time, but fails when you can no longer trust the Certificate Authorities as we have seen when they are breached or misbehave. Certificate Transparency was created as a way to allow anyone to publicly audit the behavior...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, certgraph
Hacking and InfoSec stuff
movies

eye 28

favorite 0

comment 0

Patching – it’s complicated! As much as we like to point fingers of blame and malign the processes in place, the fact is that one size does not fit all when security updates get issued. What’s the definition of insanity: doing the same thing over and over. Organizations at every level seem to be struggling with staying on top of patching, but it feels more like a necessary evil rather than a best practice. We’re damned if we do and damned if we don’t. We need to go beyond just finding...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, firetalks
Systems that hide their firmware–often deep in readout-protected flash or hidden in encrypted ROM chips–have long stymied reverse engineers, who often have to resort to inventive methods to understand closed systems. To help reduce the effort needed to get a foothold into a new system, we present GlitchKit–an open source hardware and firmware solution that significantly simplifies the process of fault-injecting your way into a new system–and of fault-injecting firmware secrets out! This...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, glitchkit
Hacking and InfoSec stuff
movies

eye 56

favorite 1

comment 0

Subtitle: Using Analytics to Find Bot Submissions in the FCC Net Neutrality Submissions The FCC is trying to ram through anti-net neutrality legislation and are using the submissions from their call for comments. There were more than 22 million comments submitted in approximately three months dealing with net neutrality, many supporting an anti-net neutrality stance, but something is rotten in the state of the US. Other researchers have posited that there are bots and false submissions, but...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, net neutrality,...
Hacking and InfoSec stuff
by 0xdade
movies

eye 23

favorite 0

comment 0

Subtitle: Testing EDR Capabilities As organizations deploy EDR (Endpoint Detection & Response) solutions, it becomes imperative that these solutions are tested. The efficacy of these products depends on their correct configuration and deployment. In order to conduct these tests, we have developed a free Open Source framework called the Atomic Red Team. Designed to provide teams with small discrete tests. We want these test to be vendor agnostic, and representative of actual adversary...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, EDR, endpoint detection...
Hacking and InfoSec stuff
movies

eye 68

favorite 0

comment 0

Subtitle: Listening in, gathering data and watching for less than $100 It’s 2018 and many people are still using unencrypted wireless communications in critical systems. We will review how to build a robust and open signals intelligence (SIGINT) platform. As a proof of concept we show the platform capturing publicly accessible radio bands and some basic analysis of that data. The talk will focus on how we demodulate, decode and analyze data across many chunks of the spectrum using a Raspberry...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, SIGINT
Hacking and InfoSec stuff
movies

eye 39

favorite 0

comment 0

Note: This video is evidently only the last 18 minutes or so of the talk - this is how Shmoocon uploaded it to the Internet Archive. Sorry for the inconvenience. With the rise in leaks of our personal information, most of us are well-educated about the dos and don’ts of protecting our personal data. However, we don’t always realize that the “innocuous” data that we allow companies to collect can still be used to gather valuable insight into our daily lives. I will discuss how I used...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, google
Hacking and InfoSec stuff
movies

eye 41

favorite 0

comment 0

The elite hacker is a myth we’ve given power to because breaches continue to happen. A zero breach mentality does not work. Learn how an attacker actually thinks and how they always can turn your enterprise defense into swiss-cheese. It’s only kinda your fault because all those pretty products you bought are all failing you the same way. Bryson Bort (@brysonbort) is the Founder and CEO of SCYTHE and Chairman of GRIMM. Prior to launching SCYTHE and GRIMM, Bryson led an elite research &...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, firetalks
Hacking and InfoSec stuff
movies

eye 51

favorite 0

comment 0

Subtitle: A Decade of Evasive Malware Attack and Defense In this presentation we take a look at over a decade of research into the cat-and-mouse game of evasive malware vs. automated malware analysis systems. While the challenge of evasive malware is well known, few have ever comprehensively looked at the problem. We survey almost two hundred scholarly works, industry presentations, and studies of malware in the wild over the past decade to understand how we got to where we are today, and where...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, malware
Hacking and InfoSec stuff
movies

eye 56

favorite 0

comment 0

American Fuzzy Lop (AFL) revolutionized fuzzing. It’s easily the best thing out there for quickly performing cutting-edge automated vulnerability analysis on command line applications. But what about the situations where accessing the logic you want to fuzz via command line isn’t so simple? For example, maybe you want to fuzz a parsing function from an embedded system that receives input via an analog RF front-end. Sometimes you can write a test harness, but what if you could just emulate...
Topics: Youtube, video, Science & Technology, shmoocon, hacking, shmoocon 2018, afl-unicorn
Hacking and InfoSec stuff
movies

eye 63

favorite 0

comment 0

Sean Gallagher, Steve Ragan, and Paul Wagenseil Infosec researchers, experts, and hackers in general have a…fraught relationship with media, ranging from exploitive to adversarial. Recent episodes, including the doxxing of Marcus Hutchins by UK media and sensational coverage of his arrest, don’t help, nor do broadcast media reports that are often factually incorrect or even damaging to the security of those who take the reports as gospel. And researchers looking to get out word to the...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, guide to the media
Hacking and InfoSec stuff
movies

eye 33

favorite 0

comment 0

Sarah Zatko, Tim Carstens, Parker Thompson, Peiter “Mudge” Zatko, and Patrick Stach Software vendors like to claim that their software is secure, but the effort and techniques applied to this end vary significantly across the industry. From an end-user’s perspective, how do you identify those vendors who are effective at securing their software? From a vendor’s perspective, how do you identify those techniques which are effective at improving security? Where are the longitudinal studies...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, CITL
Hacking and InfoSec stuff
movies

eye 25

favorite 0

comment 0

Dan Bourke Honeytokens are really useful. AWS tokens are also really useful, for you and your attackers. Together, they fight crime. Well, they let you know a crime is happening, which is similar, I guess. I’ll talk about SPACECRAB which lets you deploy a lot of AWS honey tokens with relatively little effort, and also what I learned from posting AWS keys on the internet repeatedly. I can’t tell you what I learned in this abstract because I haven’t done it yet. Stay tuned. Dan Bourke is a...
Topics: Youtube, video, Science & Technology, shmoocon, hacking, shmoocon 2018, AWS, SPACECRAB
Hacking and InfoSec stuff
movies

eye 97

favorite 0

comment 0

Subtitle: Adventures in Curating HackerTwitter’s Institutional Knowledge Our community is defined by our dedication to sharing process, resources, and knowledge freely with each other—yet, we lack a coherent strategy for keeping the firehose of information organized adequately for hackers and hacklings alike. The Sisyphean task of keeping up with the day’s developments plagues the busy professional, but Twitter’s algorithms rarely suit our purposes. Hackers (of all people!) ought to be...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, 1337list
Hacking and InfoSec stuff
movies

eye 31

favorite 0

comment 0

While reverse engineering, an annoying malware sample broke my Hex-Ray’s decompiler – the “cheat code” of IDA Pro. In this talk, I’ll walk you through my exploration of the bug that causes HexRays to fail, hunting for the malware’s source, and finding the exact source code and compiler which was used to create the sample. I’ll wrap up by showing techniques that you can use make analysis of future malware samples like this one easier. Jon Erickson (@2130706433) is a Senior Staff...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, firetalks
Hacking and InfoSec stuff
movies

eye 36

favorite 1

comment 0

Co-authors: Joe Hall, Margaret MacAlpine, and Harri Hursti (Sorry, the title was too long to include all of you!) Modern electronic voting systems were introduced in the US at large scale after the passage of the 2002 Help America Vote Act. Almost from the moment they appeared, serious questions have been raised about the security and integrity of these systems. This talk will review the architecture of current E-voting systems, the security risks and attack surfaces inherent in these designs,...
Topics: Youtube, video, Science & Technology, shmoocon, shmoocon 2018, hacking, electronic voting
Hacking and InfoSec stuff
by 13Cubed
movies

eye 121

favorite 0

comment 0

An introduction to Hashcat, a cross-platform CPU and GPU password “recovery” tool. We will start with a basic overview of the minimum required arguments necessary to use Hashcat, and then walk through a series of exercises to recover (crack) NT hashes, starting with a dictionary/wordlist attack, a rule-based variation of that attack, a brute-force attack, and lastly, a combinator attack. The resources used in the video are listed below, in order of appearance. Wordlists (RockYou, et al.):...
Topics: Youtube, video, Science & Technology, Hashcat, oclHashcat, cudaHashcat, crack password, crack...
Hacking and InfoSec stuff
by 13Cubed
movies

eye 117

favorite 0

comment 0

As a continuation of the "Introduction to Malware Analysis" series, this episode covers another tool that will help us extract embedded content from within a PDF. We’ll first run the tool against evil.pdf from the last episode, and we’ll find that it can easily extract the embedded Word document that we were able to manually extract using pdf-parser. Then, we’ll run the tool against another sample PDF that contains embedded images. You may be surprised by the results. *** If you...
Topics: Youtube, video, Science & Technology, forensics, digital forensics, DFIR, malware analysis,...
Hacking and InfoSec stuff
by 13Cubed
movies

eye 45

favorite 0

comment 0

The previous episode of “Introduction to Hashcat” proved to be quite popular, so my colleague Mike Peterson and I decided to create part two. In this episode, we’re going to perform a brief introduction of one of the new features available in Hashcat 4.0, cover an optional flag you may find especially useful, and lastly, look at the PRINCE attack and a variation of that attack dubbed PRINCEPTION. If you haven’t yet watched Introduction to Hashcat, it is recommended you do so prior to...
Topics: Youtube, video, Science & Technology, Hashcat, crack password, crack passwords, crack...
Hacking and InfoSec stuff
movies

eye 21

favorite 0

comment 0

All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist Source: https://www.youtube.com/watch?v=e07VRxJ01Fs Uploader: Adrian Crenshaw
Topics: Youtube, video, Science & Technology, hacking, security, derbycon
Hacking and InfoSec stuff
movies

eye 28

favorite 0

comment 0

Followup to Video #1, dealing with SSL and HTML challenges. Source: https://www.youtube.com/watch?v=UieLTllLPlQ Uploader: Alec Muffett
Topics: Youtube, video, Science & Technology, tor
Hacking and InfoSec stuff
movies

eye 22

favorite 0

comment 0

How to easily deploy 24 Tor daemons and 120 NGINX daemons to support your website. Video notes/sample code at: /redirect?v=HNJaMNVCb-U&event=video_description&redir_token=IHVIGkCzHxEsRUZoPi2M-AHPBmx8MTUwOTIyMjQ4MkAxNTA5MTM2MDgy&q=https%3A%2F%2Fgist.github.com%2Falecmuffett%2F31881067c8d07aadd17581a1262cf7cd Source: https://www.youtube.com/watch?v=HNJaMNVCb-U Uploader: Alec Muffett
Topics: Youtube, video, Science & Technology
Hacking and InfoSec stuff
by Alec Muffett
movies

eye 35

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=BrxJlp_3utk Uploader: Alec Muffett
Topics: Youtube, video, Science & Technology
Hacking and InfoSec stuff
by Alec Muffett
movies

eye 66

favorite 0

comment 0

A short introduction to how to use EOTK, the Enterprise Onion Toolkit. Software and documentation at https://github.com/alecmuffett/eotk See also the next video, "Rough Edges", at https://youtu.be/UieLTllLPlQ Source: https://www.youtube.com/watch?v=ti_VkVmE3J4 Uploader: Alec Muffett
Topics: Youtube, video, Science & Technology, tor, eotk, onion networking, privacy
Hacking and InfoSec stuff
by Ange Albertini
movies

eye 124

favorite 1

comment 0

Source: https://www.youtube.com/watch?v=nYZ72LvphBI Uploader: Ange Albertini
Topics: Youtube, video, Science & Technology, Portable Document Format (File Format), Software...
Hacking and InfoSec stuff
by Ange Albertini
movies

eye 25

favorite 0

comment 0

Presented at Recon 2013, June 2013 (static) slides @ http://www.slideshare.net/ange4771/just-keep-trying (animated) (600Mb) presentation @ https://mega.co.nz/#F!XRIiTJba!XCK-vDFStFcR8ZyoCsFR-w Source: https://www.youtube.com/watch?v=_PUZOe-S-vM Uploader: Ange Albertini
Topics: Youtube, video, Science & Technology
Hacking and InfoSec stuff
by Ange Albertini
movies

eye 13

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=bcxF6IYTCg0 Uploader: Ange Albertini
Topics: Youtube, video, Science & Technology, Cryptography (Software Genre)
Hacking and InfoSec stuff
by Ange Albertini
movies

eye 19

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=W9WnnMJ0RKg Uploader: Ange Albertini
Topics: Youtube, video, Science & Technology
presented by Ange Albertini on the 16th January 2013 at Ruhr-Universität Bochum's HackerPraktikum, Bochum, Germany HackPra @ http://www.nds.rub.de/teaching/hackpra/ slides @ http://code.google.com/p/corkami/wiki/HackPra?show=content 'wrong solution' puzzle solver http://code.google.com/p/corkami/source/browse/trunk/misc/crisscross.py?r=539 Source: https://www.youtube.com/watch?v=hg7A7YIEWbU Uploader: Ange Albertini
Topics: Youtube, video, Entertainment, puzzle, challenge, brainteaser, introduction
Hacking and InfoSec stuff
by Ange Albertini
movies

eye 20

favorite 0

comment 0

La cryptographie, c'est compliqué. D'ailleurs, je n'y comprends pas grand chose, mais ça ne m'empêche pas de m'amuser avec ! Après avoir expliqué les bases, je montrerais quelques astuces cryptographiques. présentation diffusée aux 15èmes Rencontres Mondiales du Logiciel Libre le 9 Juillet 2014. planches https://speakerdeck.com/ange/joue-a-la-crypto-french vidéo https://www.youtube.com/watch?v=iIesDpv9F4s exemples https://corkami.googlecode.com/svn/trunk/src/angecryption/rmll Pour...
Topics: Youtube, video, Science & Technology, cryptography, file format, TrueCrypt (Software)
Hacking and InfoSec stuff
by Ange Albertini
movies

eye 14

favorite 0

comment 0

Keynote at RMLLsec 2016 - July 4th slides: https://speakerdeck.com/ange/connecting-communities Source: https://www.youtube.com/watch?v=6DsJI1rcOZk Uploader: Ange Albertini
Topics: Youtube, video, Science & Technology
Hacking and InfoSec stuff
movies

eye 21

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=0xhC3n4CDrs Uploader: BSides Belfast
Topics: Youtube, video, Education
Hacking and InfoSec stuff
movies

eye 29

favorite 0

comment 0

Bitcoin Wednesday #22 Featuring Andreas Antonopoulos on 1 April 2015. The Bitcoin Expert gives a keynote about cryptocurrency, social and economic implications and future applications. After the keynote he does an extended Q&A session in which he answers questions asked of him by the Dutch government and the public at Bitcoin Wednesday. He also talks about the Bitcoin technology as well as his startup Third Key Solutions which was launched the day before. Source:...
Topics: Youtube, video, People & Blogs, Keynote, Q&A, Question And Answer, Bitcoin Wednesday, 1...
Hacking and InfoSec stuff
movies

eye 15

favorite 0

comment 0

Intruders are attacking mobile networks from all possible angles, in part by leveraging multiple protocols in combined attacks. In this presentation, I will describe how an attacker can take advantage of vulnerabilities in different generations of signaling protocols... By: Sergey Puzankov Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#back-to-the-future-cross-protocol-attacks-in-the-era-of-g-18586 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 16

favorite 0

comment 0

Designing realistic ICS honeypot requires substantial time and resource investment, as well as in-depth knowledge not only of the technical aspects, but of industrial automation process... By: Charles Perine Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#faking-a-factory-creating-and-operating-a-realistic-honeypot-19362 Source: https://www.youtube.com/watch?v=4y7JJoZd0ic Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 20

favorite 0

comment 0

This talk shows the technical details of how we capture 0-day attack payloads automatically without knowing any vulnerability details beforehand. We will walk through real cases to show model performance and give results of 0-day monitoring... By: Xiaokun Huang & Yue Xu Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#win-the--day-racing-game-against-botnet-in-public-cloud-18400 Source: https://www.youtube.com/watch?v=pxL0vgIi_oI Uploader:...
Topics: Youtube, video, Travel & Events
Industrial Controllers are the basic building blocks for any automated factory. Our talk will demonstrate how an attacker can take over an entire factory by transmitting a single packet that will exploit one of the URGENT/11 vulnerabilities we've recently discovered.... By: Barak Hadad & Dor Zusman Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#from-an-urgent-vulnerability-to-a-full-take-down-of-a-factory-using-a-single-packet-18490 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 20

favorite 0

comment 0

To protect personal reputation, the company's brand, and the stability of the stock market against public opinion attacks, it's so necessary to track fake news. We propose a unified method for authorship analysis based on deep learning... By: Dou Goodman, Wang Wenhua & Lv Zhonghou Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#tracking-the-criminal-of-fake-news-based-on-a-unified-embedding-18388 Source:...
Topics: Youtube, video, Travel & Events
This talk is based on research that was recently conducted and resulted in serious security findings and 0-day vulnerabilities in Android-based smartphones. Our team found a way of manipulating specific actions and intents, making it possible for any application, without specific permissions, to control the camera app... By: Erez Yalon Full Abstract & Presentation Materials:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
by Black Hat
movies

eye 28

favorite 0

comment 0

Static binary injection is a technique to permanently insert external code to an executable file, in order to observe or modify target behavior at run-time. Unfortunately, good injection tools are seriously lacking... By: Minh Tuan Do Do & Anh Quynh Nguyen Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#redback-advanced-static-binary-injection-18660 Source: https://www.youtube.com/watch?v=F_lj7dXn2Do Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 14

favorite 0

comment 0

Join Black Hat Review Board members for an insightful conversation on the most pressing issues facing the InfoSec community... By: Mika Devonshire, Seungjoo Kim, Asuka Nakajima & Neil Wyler Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#locknote-conclusions-and-key-takeaways-from-day--21641 Source: https://www.youtube.com/watch?v=w4JSc58kcfg Uploader: Black Hat
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 41

favorite 0

comment 0

In this talk, we focus on the vulnerability of Wi-Fi drivers before password authentication, as well as the security issues caused by these Wi-Fi layer vulnerabilities... By: Ying Wan, Haikuo Xie & Ye Zhang Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#wifi-important-remote-attack-surface-threat-is-expanding-18784 Source: https://www.youtube.com/watch?v=ySUxQ8hktAw Uploader: Black Hat
Topics: Youtube, video, Travel & Events
The talk is about the journey of InfoSecGirls community which started in India with the goal of bringing more women into the cyber security workforce and integrating them with the larger community and is now reaching a global audience... By: Vandana Verma Sehgal Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#making-an-impact-from-india-to-the-rest-of-the-world-by-building-and-nurturing-women-infosec-community-18483 Source:...
Topics: Youtube, video, Travel & Events
Hacking and InfoSec stuff
movies

eye 17

favorite 0

comment 0

Instant apps have many advantages over normal apps, such as click-to-play and concise design, and they are becoming more and more popular. In this talk, we will dive into a common architecture of instant app framework, and demonstrate attack models for it... By: Hao Xing Full Abstract & Presentation Materials: https://www.blackhat.com/asia-20/briefings/schedule/#the-inside-story-there-are-apps-in-apps-and-here-is-how-to-break-them-18380 Source: https://www.youtube.com/watch?v=-UndfqVJMf8...
Topics: Youtube, video, Travel & Events