Presentaciones y vídeos de BruCON 0x07 - 2015

Ya se encuentran disponibles las presentaciones y los vídeos de BruCON 0x07 (2015). Creating REAL Threat Intelligence ... with Evernote - L. Grecs (slides) Unified DNS View to Track Threats - Dhia Mahjoub & Thomas Mathew Desired state: compromised - Ryan Kazanciyan & Matt Hastings (slides) Shims For The Win - Willi Ballenthin & Jon Tomczak (slides) Hacking as Practice for Transplanetary Life in the 21st Century - Richard Thieme CVE-Search - Alexandre Dulaunoy & Pieter-Jan Moreels (slides) OSXCollector: Automated forensic evidence collection & analysis for OS X - Kuba Sendor (slides) Keynote - Looking Forward - Finding the right balance for INFOSEC - David Kennedy (slides) Advanced WiFi Attacks using Commodity Hardware - Mathy Vanhoef (slides) The .
Leer más

Material de LinuxCon Europe 2015

Ya podemos descargarnos las diapositivas (PDFs) de las presentaciones de la LinuxCon Europe 2015 celebrada a principios de este mes de octubre. IoTivity Core Framework: Features & Opportunities IoT Meets Security Creating IoT Demos with IoTivity Container mechanics in rkt and Linux TC: Traffic Control Measuring and reducing crosstalk between virtual machines Introduction to GPUs and the Free Software Graphics Stack At-Scale Datacenters and the Demand for New Storage Architectures Reducing Latency for Linux Transport Maximum Performance: How to get it and how to avoid pitfalls Linux Performance Profiling and Monitoring Introducing the Industrial IIO subsystem - the home of sensor drivers Deadline scheduler in the audio domain Secure server Network Analysis: People and Open Source Communities Challenges in Distributed SDN Portable Linux Lab - a novel approach to teaching programming in schools BitRot detection in GlusterFS How to Thoroughly Insult and Offend People in Your Open Source Communities, or “Your #$%@ $%@&ing Sucks and I $%@&ing Hate It"
Leer más

Vídeos de GrrCON 2015

Una vez más desde la web de IronGeek podemos ver los vídeos que se han publicado de la edición de este año de GrrCON, conferencia anual sobre seguridad celebrada en Michigan los pasados 9 y 10 de octubre. Subject matter to be determined by the number of federal agents present in the audience Chris Roberts Breaking in Bad (I,m The One Who Doesn,t Knock) Jayson Street Process The Salvation of Incident Response - Charles Herring But Can They Hack?
Leer más

Vídeos de Black Hat USA 2015

Y después del material, ya podemos acceder también a los vídeos de las presentaciones de Black Hat USA 2015: ZigBee Exploited The Good, The Bad, And The Ugly WSUSpect Compromising The Windows Enterprise Via Windows Update Writing Bad @$$ Malware For OS X Winning The Online Banking War Why Security Data Science Matters & How It's Different Pitfalls And Promises Of Why Security Data Science Matters & How It's Different Pitfalls And Promises Of When IoT Attacks Hacking A Linux Powered Rifle Web Timing Attacks Made Practical Using Static Binary Analysis To Find Vulnerabilities And Backdoors In Firmware Unicorn Next Generation CPU Emulator Framework Understanding The Attack Surface & Attack Resilience Of Project Spartan's New E Understanding And Managing Entropy Usage TrustKit Code Injection On IOS 8 For The Greater Good ThunderStrike 2 Sith Strike THIS IS DeepERENT Tracking App Behaviors With Nothing Changed Phone These're Not Your Grand Daddy's CPU Performance Counters CPU Hardware Performa The Tactical Application Security Program Getting Stuff Done The NSA Playset A Year Of Toys And Tools The Node js Highway Attacks Are At Full Throttle The Memory Sinkhole Unleashing An X86 Design Flaw Allowing Universal Privilege The Little Pump Gauge That Could Attacks Against Gas Pump Monitoring Systems The Lifecycle Of A Revolution The Kali Linux Dojo Workshop #2 Kali USB Setups With Persistent Stores & LUKS N The Kali Linux Dojo Workshop #1 Rolling Your Own Generating Custom Kali Linux 2 The Battle For Free Speech On The Internet The Applications Of Deep Learning On Traffic Identification Taxonomic Modeling Of Security Threats In Software Defined Networking Targeted Takedowns Minimizing Collateral Damage Using Passive DNS Taking Event Correlation With You Take A Hacker To Work Day How Federal Prosecutors Use The CFAA Switches Get Stitches Subverting Satellite Receivers For Botnet And Profit Stranger Danger!
Leer más

Vídeos del Chaos Communication Camp 2015

Para cualquier profesional en el campo de la seguridad informática, el verano no es precisamente la temporada para desconectar, si no todo lo contrario, es la época del año en la que te tienes que poner las botas y absorber toda la información que puedas, sobre todo de las grandes conferencias sobre seguridad que acontecen alrededor del mundo. En este caso hablamos de Chaos Communication Camp, una conferencia veraniega organizada por miembros del CCC (Chaos Communication Club), que cómo sabemos, éste se celebra una de las mejores conferencias del mundo a finales de diciembre.
Leer más

Material de USENIX 24 y sus talleres: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS

La organización sobre computación avanzada USENIX, celebra su 24 simposio sobre seguridad. Dicho evento termina hoy, pero el contenido de las charlas ya se encuentran disponibles: Post-Mortem of a Zombie: Conficker Cleanup After Six Years - Paper Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World - Paper Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem - Paper Under-Constrained Symbolic Execution: Correctness Checking for Real Code - Paper TaintPipe: Pipelined Symbolic Taint Analysis - Paper Type Casting Verification: Stopping an Emerging Attack Vector - Paper All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS - Paper Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS - Paper Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Paper Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception - Paper Control-Flow Bending: On the Effectiveness of Control-Flow Integrity - Paper Automatic Generation of Data-Oriented Exploits - Paper Protocol State Fuzzing of TLS Implementations - Paper Verified Correctness and Security of OpenSSL HMAC - Paper Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation - Paper To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections - Paper De-anonymizing Programmers via Code Stylometry - Paper RAPTOR: Routing Attacks on Privacy in Tor - Paper Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services - Paper SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization - Paper Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer - Paper Trustworthy Whole-System Provenance for the Linux Kernel - Paper Securing Self-Virtualizing Ethernet Devices - Paper EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning - Paper Marionette: A Programmable Network Traffic Obfuscation System - Paper CONIKS: Bringing Key Transparency to End Users - Paper Investigating the Computer Security Practices and Needs of Journalists - Paper Constants Count: Practical Improvements to Oblivious RAM - Paper Raccoon: Closing Digital Side-Channels through Obfuscated Execution - Paper M2R: Enabling Stronger Privacy in MapReduce Computation - Paper Measuring Real-World Accuracies and Biases in Modeling Password Guessability - Paper Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound - Paper Android Permissions Remystified: A Field Study on Contextual Integrity - Paper Phasing: Private Set Intersection Using Permutation-based Hashing - Paper Faster Secure Computation through Automatic Parallelization - Paper The Pythia PRF Service - Paper EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services - Paper Trends and Lessons from Three Years Fighting Malicious Extensions - Paper Meerkat: Detecting Website Defacements through Image-based Object Recognition - Paper Recognizing Functions in Binaries with Neural Networks - Paper Reassembleable Disassembling - Paper How the ELF Ruined Christmas - Paper Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale - Paper You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps - Paper Boxify: Full-fledged App Sandboxing for Stock Android - Paper Cookies Lack Integrity: Real-World Implications - Paper The Unexpected Dangers of Dynamic JavaScript - Paper ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities - Paper Anatomization and Protection of Mobile Apps’ Location Privacy Threats - Paper LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors - Paper PowerSpy: Location Tracking Using Mobile Device Power Analysis - Paper In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services - Paper Bohatei: Flexible and Elastic DDoS Defense - Paper Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge - Paper GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - Paper Thermal Covert Channels on Multi-core Platforms - Paper Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors - Paper Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches - Paper A Placement Vulnerability Study in Multi-Tenant Public Clouds - Paper A Measurement Study on Co-residence Threat inside the Cloud - Paper Towards Discovering and Understanding Task Hijacking in Android - Paper Cashtags: Protecting the Input and Display of Sensitive Data - Paper SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps - Paper UIPicker: User-Input Privacy Identification in Mobile Applications - Paper Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents - Paper WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths - Paper Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits - Paper Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence - Paper A este evento le preceden una serie de talleres enfocados en temas más específicos, también dentro del ámbito de la seguridad informática: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS.
Leer más

Material de Defcon 23

Y después de Black Hat, llega Defcon. Ya podemos acceder a las presentaciones de la edición 23 de la conferencia más grande sobre seguridad informática. 3alarmlampscooter 3alarmlampscooter-DIY-Nukeproofing.pdf Alessandro Di Federico Alessandro-Di-Federico-Leakless-How-The-ELF-ruined.pdf Amit Ashbel & Maty Siman Amit-Ashbel-Maty-Siman-Game-of-Hacks-Play-Hack-and.pdf AmmonRa ammonRA-How-to-hack-your-way-out-of-home-detention.pdf Andres Blanco & Andres Gazzoli Andres-Blanco-802.11-Massive-Monitoring.pdf Atlas Atlas-Fun-With-Symboliks.pdf Bart Kulach Bart-Kulach-Hack-the-Legacy-IBMi-revealed.pdf Brent White Brent-White-Hacking-Web-Apps-WP.pdf Brian Gorenc & Abdul Aziz Hariri & Jason Spelman Hariri-Spelman-Gorenc-Abusing-Adobe-Readers-JavaSc.pdf Bruce Potter Bruce-Potter-Hackers-Guide-to-Risk.pdf Chris Domas Chris-Domas-REpsych.pdf Chris Rock Chris-Rock-I-Will-Kill-You-How-to-Get-Away-with-Mu.
Leer más

Material de Black Hat USA 2015

Ya tenemos disponible la mayoría de las presentaciones de la Black Hat USA 2015. La lista es la siguiente: The Lifecycle of a Revolution us-15-Granick-The-Lifecycle-Of-A-Revolution.pdf Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection.pdf us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection-wp.pdf Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor.pdf us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-wp.pdf us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-WMIBackdoor.ps1 Abusing XSLT for Practical Attacks us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks.pdf us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks-wp.pdf Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card us-15-Thomas-Advanced-IC-Reverse-Engineering-Techniques-In-Depth-Analysis-Of-A-Modern-Smart-Card.
Leer más

Vídeos de la Infiltrate 2015

Ya está disponibles los vídeos de la Infiltrate 2015, conferencia sobre seguridad informática celebrada el pasado mes de abril en Miami, Florida. Los vídeos publicados son los siguientes: Alex Ionescu Insection: AWEsomely Exploiting Shared Memory Objects Ram Shankar & Sacha Faust Data Driven Offense Neil Archibald Modern Objective-C Exploitation James Forshaw A Link to the Past: Abusing Symbolic Links on Windows Rusty Wagner & Jordan Wiens Hacking Games in a Hacked Game Infiltrate2015 BJJ Open Mat - part 2 Infiltrate2015 BJJ Open Mat - Part 1 Braden Thomas Technical Keynote: Practical Attacks on DOCSIS Nathan Rittenhouse Problems in Symbolic Fuzzing Joaquim Espinhara & Rafael Silva MIMOSAWRITERROUTER - Abusing EPC on Cisco Router to collect data Patrick Wardle Writing Bad@ss OS X Malware Jacob Torrey HARES: Hardened Anti-Reverse Engineering System Ray Boisvert [keynote] Abyss or Turning Point: Strategy Skills and Tradecraft in the Age of 21st Century Warfare
Leer más

Presentaciones de REcon 2015

Ya están disponibles las presentaciones de la REcon 2015, una conferencia sobre seguridad que se celebra anualmente en Montreal, Canadá. La lista de presentaciones es la siguiente (de acuerdo con el programa, faltan algunas en estos momentos): 01-joan-calvet-marion-marschalek-paul-rascagneres-Totally-Spies 04-jeffrey-crowell-julien-voisin-Radare2-building-a-new-IDA 05-peter-hlavaty-jihui-lu-This-Time-Font-hunt-you-down-in-4-bytes 06-sophia-d-antoine-Exploiting-Out-of-Order-Execution 07-travis-goodspeed-sergey-bratus-Polyglots-and-Chimeras-in-Digital-Radio-Modes 09-yuriy-bulygin-oleksandr-bazhaniuk-Attacking-and-Defending-BIOS-in-2015 13-colin-o-flynn-Glitching-and-Side-Channel-Analysis-for-All 14-christopher-domas-The-movfuscator 16-yong-chuan-koh-Understaning-the-Microsoft-Office-Protected-View-Sandbox 17-nitay-artenstein-shift-reduce-Pandora-s-Cash-Box-The-Ghost-Under-Your-POS 18-andrew-zonenberg-From-Silicon-to-Compiler 20-steven-vittitoe-Reverse-Engineering-Windows-AFD-sys 21-j00ru-One-font-vulnerability-to-rule-them-all
Leer más