• Facebook
• Twitter
• Reddit
• LinkedIn

La 27 edición de la conferencia sobre seguridad USENIX 2018 se acaba de celebrar en Baltimore, MD esta pasada semana. Lo que característica a esta conferencia es que es una conferencia sobre seguridad desde ámbito académico.

El número de presentaciones es bastante amplio y ya podemos acceder tanto a la investigación académica, así, como las diapositivas de la mayoría de dichas presentaciones:

• Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? Keynote

• James Mickens, Harvard University

• Fear the Reaper: Characterization and Fast Detection of Card Skimmers

  • Scaife PDF

• BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid

  • Soltan PDF

• Skill Squatting Attacks on Amazon Alexa

  • Kumar PDF

• CommanderSong: A Systematic Approach for Practical Adversarial Voice Recognition

  • Yuan PDF

• ACES: Automatic Compartments for Embedded Systems

  • Clements PDF

• IMIX: In-Process Memory Isolation EXtension

  • Frassetto PDF

• HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security

  • Eckert PDF

• Guarder: A Tunable Secure Allocator

  • Silvestro PDF

• Fp-Scanner: The Privacy Implications of Browser Fingerprint Inconsistencies

  • Vastel PDF

• Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies

  • Franken PDF
  • View the slides

• Effective Detection of Multimedia Protocol Tunneling using Machine Learning

  • Barradas PDF
  • View the slides

• Quack: Scalable Remote Measurement of Application-Layer Censorship

  • VanderSloot PDF

• Better managed than memorized? Studying the Impact of Managers on Password Strength and Reuse

  • Lyastani PDF
  • View the slides

• Forgetting of Passwords: Ecological Theory and Data

  • Gao PDF

• The Rewards and Costs of Stronger Passwords in a University: Linking Password Lifetime to Strength

  • Becker PDF

• Rethinking Access Control and Authentication for the Home Internet of Things (IoT)

  • He PDF
  • View the slides

• ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem

  • Tian PDF

• Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems

  • Talebi PDF

• Inception: System-Wide Security Testing of Real-World Embedded Systems Software

  • Corteggiani PDF
  • View the slides

• Acquisitional Rule-based Engine for Discovering Internet-of-Thing Devices

  • Feng PDF

• Privacy for Tigers

• Ross Anderson, Cambridge University

• Cybersecurity: Is It about Business or Technology?

• Donna Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology

• A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning

  • Davis PDF

• Freezing the Web: A Study of ReDoS Vulnerabilities in JavaScript-based Web Servers

  • Staicu PDF

• NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications

  • Alhuzali PDF
  • View the slides

• Rampart: Protecting Web Applications from CPU-Exhaustion Denial-of-Service Attacks

  • Meng PDF

• How Do Tor Users Interact With Onion Services?

  • Winter PDF

• Towards Predicting Efficient and Anonymous Tor Circuits

  • Barton PDF

• BurnBox: Self-Revocable Encryption in a World Of Compelled Access

  • Tyagi PDF

• An Empirical Analysis of Anonymity in Zcash

  • Kappos PDF

• Rethinking Architectures and Abstraction for a World Where Security Improvements Matter More than Performance Gains

• Paul Kocher

• Solving the Next Billion-People Privacy Problem

• Monica Lam, Stanford University

• Unveiling and Quantifying Facebook Exploitation of Sensitive Personal Data for Advertising Purposes

  • Cabanas PDF
  • View the slides

• Analysis of Privacy Protections in Fitness Tracking Social Networks -or- You can run, but can you hide?

  • Hassan PDF

• AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning

  • Jia PDF
  • View the slides

• Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning

  • Harkous PDF

• Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels

  • Poddebniak PDF

• The Dangers of Key Reuse: Practical Attacks on IPsec IKE

  • Felsch PDF
  • View the slides

• One&Done: A Single-Decryption EM-Based Attack on OpenSSL’s Constant-Time Blinded RSA

  • Alam PDF
  • View the slides

• DATA – Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries

  • Weiser PDF

• Analogy Cyber Security—From 0101 to Mixed Signals

• Wenyuan Xu, Zhejiang University

• Chipmunk or Pepe? Using Acoustical Analysis to Detect Voice-Channel Fraud at Scale

• Vijay Balasubramaniyan, CEO and Founder, Pindrop

• The Battle for New York: A Case Study of Applied Digital Threat Modeling at the Enterprise Level

  • Stevens PDF

• SAQL: A Stream-based Query System for Real-Time Abnormal System Behavior Detection

  • Gao PDF

• Practical Accountability of Secret Processes

  • Frankle PDF

• DIZK: A Distributed Zero Knowledge Proof System

  • Wu PDF

• NetHide: Secure and Practical Network Topology Obfuscation

  • Meier PDF

• Towards a Secure Zero-rating Framework with Three Parties

  • Liu PDF

• MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation

  • Pailoor PDF

• QSYM : A Practical Concolic Execution Engine Tailored for Hybrid Fuzzing

  • Yun PDF

• Automatic Heap Layout Manipulation for Exploitation

  • Heelan PDF

• FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities

  • Wu PDF

• The Secure Socket API: TLS as an Operating System Service

  • O’Neill PDF

• Return Of Bleichenbacher’s Oracle Threat (ROBOT)

  • Bock PDF

• Bamboozling Certificate Authorities with BGP

  • Birge-Lee PDF

• The Broken Shield: Measuring Revocation Effectiveness in the Windows Code-Signing PKI

  • Kim PDF

• Debloating Software through Piece-Wise Compilation and Loading

  • Quach PDF

• Precise and Accurate Patch Presence Test for Binaries

  • Zhang PDF

• From Patching Delays to Infection Symptoms: Using Risk Profiles for an Early Discovery of Vulnerabilities Exploited in the Wild

  • Xiao PDF

• Understanding the Reproducibility of Crowd-reported Security Vulnerabilities

  • Mu PDF

• Malicious Management Unit: Why Stopping Cache Attacks in Software is Harder Than You Think

  • Van Schaik PDF

• Translation Leak-aside Buffer: Defeating Cache Side-channel Protections with TLB Attacks

  • Gras PDF

• Meltdown: Reading Kernel Memory from User Space

  • Lipp PDF

• Foreshadow: Extracting the Keys to the Intel SGX Kingdom with Transient Out-of-Order Execution

  • Van Bulck PDF

• Plug and Prey? Measuring the Commoditization of Cybercrime via Online Anonymous Markets

  • van Wegberg PDF

• Reading Thieves’ Cant: Automatically Identifying and Understanding Dark Jargons from Cybercrime Marketplaces

  • Yuan PDF

• Schrödinger’s RAT: Profiling the Stakeholders in the Remote Access Trojan Ecosystem

  • Rezaeirad PDF

• The aftermath of a crypto-ransomware attack at a large academic institution

  • Zhang-Kennedy PDF

• From Spam to Speech: Policing the Next Generation of “Unwanted Traffic”

• The Law and Economics of Bug Bounties

• Amit Elazari Bar On, Doctoral Candidate, Berkeley Law, Center for Long-Term Cybersecurity Grantee

• We Still Don’t Have Secure Cross-Domain Requests: an Empirical Study of CORS

  • Chen PDF

• End-to-End Measurements of Email Spoofing Attacks

  • Hu PDF

• Who Is Answering My Queries: Understanding and Characterizing Interception of the DNS Resolution Path

  • Liu PDF

• End-Users Get Maneuvered: Empirical Analysis of Redirection Hijacking in Content Delivery Networks

  • Hao PDF

• SAD THUG: Structural Anomaly Detection for Transmissions of High-value Information Using Graphics

  • Chapman PDF

• FANCI : Feature-based Automated NXDomain Classification and Intelligence

  • Scguppen PDF

• An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

  • Zhang PDF

• Fast and Service-preserving Recovery from Malware Infections Using CRIU

  • Webster PDF

• The Second Crypto War—What’s Different Now

• Susan Landau, Bridge Professor of Cyber Security and Policy, Tufts University

• Medical Device Cybersecurity through the FDA Lens

• Suzanne B. Schwartz, US Food and Drug Administration

• The Guard’s Dilemma: Efficient Code-Reuse Attacks Against Intel SGX

  • Biondo PDF

• A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping

  • Han PDF

• Tackling runtime-based obfuscation in Android with TIRO

  • Wong PDF

• Discovering Flaws in Security-Focused Static Analysis Tools for Android using Systematic Mutation

  • Bonett PDF

• With Great Training Comes Great Vulnerability: Practical Attacks against Transfer Learning

  • Wang PDF

• When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks

  • Suciu

• teEther: Gnawing at Ethereum to Automatically Exploit Smart Contracts

  • Krupp PDF

• Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts

  • Breidenbach PDF

• Arbitrum: Scalable, private smart contracts

  • Kalodner PDF

• Erays: Reverse Engineering Ethereum’s Opaque Smart Contracts

  • Zhou PDF

• DelegaTEE: Brokered Delegation Using Trusted Execution Environments

  • Matetic PDF

• Simple Password-Hardened Encryption Services

  • Lai PDF

• Security Namespace: Making Linux Security Frameworks Available to Containers

  • Sun PDF

• Shielding Software From Privileged Side-Channel Attacks

  • Dong PDF

• Vetting Single Sign-On SDK Implementations via Symbolic Reasoning

  • Yang PDF

• O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web

  • Ghasemisharif PDF

• WPSE: Fortifying Web Protocols via Browser-Side Security Monitoring

  • Calzavara PDF

• Man-in-the-Machine: Exploiting Ill-Secured Communication Inside the Computer

  • Bui PDF

• All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems

  • Zeng PDF

• Injected and Delivered: Fabricating Implicit Control over Actuation Systems by Spoofing Inertial Sensors

  • Tu PDF

• Modelling and Analysis of a Hierarchy of Distance Bounding Attacks

  • Chothia PDF

• Off-Path TCP Exploit: How Wireless Routers Can Jeopardize Your Secrets

  • Chen PDF

• Formal Security Analysis of Neural Networks using Symbolic Intervals

  • Wang PDF

• Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring

  • Adi PDF

• A4NT: Author Attribute Anonymity by Adversarial Training of Neural Machine Translation

  • Shetty PDF

• GAZELLE: A Low Latency Framework for Secure Neural Network Inference

  • Juvekar PDF

• FlowCog: Context-aware Semantics Extraction and Analysis of Information Flow Leaks in Android Apps

  • Pan PDF

• Sensitive Information Tracking in Commodity IoT

  • Celik PDF

• Enabling Refinable Cross-Host Attack Investigation with Efficient Data Flow Tagging and Tracking

  • Ji PDF

• Dependence-Preserving Data Compaction for Scalable Forensic Analysis

  • Hossain PDF

• Facebook
• Twitter
• Reddit
• LinkedIn

Karateka fue un juego publicado en 1984 originalmente para Apple II. Más tarde el juego fue portado a muchos otros sistemas de la época como Commodore 64, Amstrad CPC, MSX, etc, así como a sistemas más modernos. Fue escrito por Jordan Mechner, creador también del mega popular Prince of Persia, Karateka era un juego donde el jugador tenía que luchar (Karate) contra sus enemigos para rescatar a la princesa Mariko del castillo de Akuma. Presta atención al detalle de el jugador, y digo esto porque esta es la miga de esta entrada, el juego era de un sólo jugador.

A Charles Mangin hace un par años le llamó la antención la idea de una versión de Karateka con dos jugadores. Y tal y cómo ha publicado, dicha idea, la ha hecho realidad.

Lo impresionante de esto, no es que éste haya reescrito el juego, sino que ha creado un parche de tan sólo 42 bytes para convertir el juego en multijugador.

La imagen parcheada del juego la puedes descargar desde aquí (es la versión original para Apple II).

Los controles son los siguientes:

PLAYER 1 CONTROLS:

• Q,A,Z puñetazo
• W,S,X patada
• C,V moverse/correr
• SPACE cambia a posición de combate

PLAYER 2 CONTROLS:

• N patada
• M puñetazo
• < moverse a la izquierda

Estas son las direcciones de memoria a cambiar:

$6C11: D0 1C C5 21 D0 18 A9 00 85 29 A9 D7 -> AD 00 C0 C9 CD D0 02 A9 D7 8D 10 C0 (M to punch, clears strobe)
$6C20: 20 95 6C C5 D7 B0 08 20 71 6C A9 C5 -> AD 00 C0 C9 CE D0 02 A9 C5 8D 10 C0  (N to kick, clears strobe)
$6B9B: A6 33 E0 0C 90 03 4C 52 6C E0 07 B0 02 -> AD 00 C0 EA EA EA C9 AC D0 03 4C 52 6C  (<  to move player 2)

$6EA9: 8D 10 C0 -> EA EA EA (keep from clearing keyboard strobe)

$6e8e: 88 -> C3 (C to move left instead of ctrl-H/left arrow)
$6e98: 95 -> D6 (V to move right instead of ctrl-U/right arrow)

$b9a8: A5 C4 D0 00 -> A9 01 85 C4 (default to keyboard control, ignores joystick)

Si quieres más detalles sobre el parche, no dudes en visitar en enlace original.

¡Esto es Hacking en su más puro estado!

• Facebook
• Twitter
• Reddit
• LinkedIn

Aquí tenéis el material disponible de la DEF CON 26:

• Alexei Bulazel
  • Alexei-Bulazel-Reverse-Engineering-Windows-Defender-Demo-Videos
    • Alexei-Bulazel-demo-1-mpclient.mp4
    • Alexei-Bulazel-demo-2-outputdebugstringa.mp4
    • Alexei-Bulazel-demo-3-file-system.mp4
    • Alexei-Bulazel-demo-4-proclist.mp4
    • Alexei-Bulazel-demo-5-apicall.mp4
    • Alexei-Bulazel-demo-6-fuzz.mp4
  • Alexei-Bulazel-Reverse-Engineering-Windows-Defender.pdf
• Alfonso Garcia and Alejo Murillo
  • DEFCON-26-Alfonso-Garcia-and-Alejo-Murillo-Demo-Videos
    • playback_tls_1.mp4
    • playback_tls_2.mp4
    • playback_tls_3.mp4
  • Alfonso-Garcia-and-Alejo-Murillo-Playback-a-TLS-story-Updated.pdf
• Andrea Marcelli
  • Andrea-Marcelli-Demo-Video.mp4
  • Andrea-Marcelli-Looking-for-the-perfect-signature-automatic-YARA-rules.pdf
• Bai Zheng and Chai Wang
  • Bai-Zheng-Chai-Wang-You-May-Have-Paid-more-than-You-Imagine.pdf
• Christopher Domas
  • Christopher-Domas-GOD-MODE- UNLOCKED-hardware-backdoors-in-x86-CPUs.pdf
  • Christopher-Domas-The-Ring-0-Facade.pdf
• DEFCON-26-Damien-Cauquil-Updated
  • DEFCON-26-Damien-Cauquil-Extras
  • DEFCON-26-Damien-Cauquil-Secure-Your-BLE-Devices-Demo-Videos
    • demo-hush.mp4
    • demo-jamming-final.mp4
    • demo-sniff-active.mp4
    • demo-sniff-connreq.mp4
    • volvo-fail.gif
    • volvo-fail.mp4
  • Damien-Cauquil-Secure-Your-BLE-Devices-Updated.pdf
• Damien Cauquil
  • DEFCON-26-Damien-Cauquil-Extras
  • DEFCON-26-Damien-Cauquil-Secure-Your-BLE-Devices-Demo-Videos
    • demo-hush.mp4
    • demo-jamming-final.mp4
    • demo-sniff-active.mp4
    • demo-sniff-connreq.mp4
    • volvo-fail.gif
    • volvo-fail.mp4
  • Damien-Cauquil-Secure-Your-BLE-Devices.pdf
• Dan Crowley - Mauro Paredes - Jen Savage - Updated
  • Crowley-Paredes-Savage-Outsmarting-the-Smart-City-Demo-Video.mp4
  • Crowley-Paredes-Savage-Outsmarting-the-Smart-City-Updated.pdf
• Daniel Zolnikov
  • Daniel-Zolnikov-Politics-and-the-Surveillence-State.pdf
• David Melendez
  • David-Melendez-Project-Interceptor-Demo-Video.mp4
  • David-Melendez-Project-Interceptor-WP.pdf
  • David-Melendez-Project-Interceptor.pdf
• Dongsung Kim and Hyoung Kee Choi
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Demo-Video.mp4
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You.pdf
• Dongsung Kim and Hyoung Kee Choi - Updated
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Demo-Video.mp4
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf
• Douglas Mckee
  • DEFCON-26-Douglas-McKee-Demo-Videos
    • 30To180-2.mp4
    • 80To180-2.mp4
    • Emulation.mp4
    • FlatlineDemo2.mp4
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals.pdf
• Douglas Mckee - Updated
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals-updated.pdf
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals-updated.pptx
• Eric Sesterhenn
  • DEFCON-26-Eric-Sesterhenn-Demo-Videos
    • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You-PoC1.mp4
    • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You-PoC2.mp4
  • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You.pdf
• Feng Xiao - Jianwei Huang - Peng Liu
  • Xiao-Huang-Liu-Hacking-the-Brain-Custom-Attack-SDN-Controller.pdf
  • Huang-Liu-Hacking-the-Brain-Custom-Attack-SDN-Controller-Demo-Video.mp4
• Gabriel Ryan
  • DEFCON-26-Gabriel-Ryan-Demo-Videos
    • Gabriel-Ryan-bait-n-switch.mp4
    • Gabriel-Ryan-bypass-mab.mp4
    • Gabriel-Ryan-classic-8021x-bypass-with-interaction (1920 x 1080).mp4
    • Gabriel-Ryan-classic-8021x-bypass-with-interaction.mp4
    • Gabriel-Ryan-eap-md5-forced-reauth-full.mp4
    • Gabriel-Ryan-rogue-gateway-final (1920 x 1080).mp4
    • Gabriel-Ryan-rogue-gateway-final.mp4
    • Gabriel-Ryan-ryan-gabriel-ryan-bait-n-switch (1920 x 1080).mp4
    • Gabriel-Ryanforged-eapol-start.mp4
  • Gabriel-Ryan-Owning-the-LAN-in-2018-WP.pdf
  • Gabriel-Ryan-Owning-the-LAN-in-2018.pdf
• Joe Rozner
  • Joe-Rozner-Demo-Video.mp4
  • Joe-Rozner-RE-Targetable-Grammer-Based-Test-Case-Generation-Synfuzz.pdf
• John Seymour and Azeem Aqil
  • DEFCON-26-John-Seymour-and-Azeem-Aqil-Demo-Videos
    • 07-01.mp4
    • 10-01-trimmed.mp4
    • 13-01.mp4
    • 16-01.wav
    • 16-02.wav
    • 16-03.wav
    • 21-01.wav
    • 21-02.wav
  • John-Seymour-and-Azeem-Aqil-Your-Voice-is-My-Passport.pdf
• Josep Rodriguez
  • Josep-Rodriguez-Breaking-Extreme-Networks-WingOS.pdf
  • Josep-Rodriguez-Breaking-Extreme-Networks-WingOS-Demo-Video.mp4
• L0pht Panel
  • L0pht-Testimony-20-years-later.pdf
• Leigh Anne Galloway and Tim Yunusov
  • DEFCON-26-Galloway-and-Yunusov-Demo-Videos
    • Galloway-and-Yunusov-RCE.mp4
    • Galloway-and-Yunusov-arbitrary-code.mp4
    • Galloway-and-Yunusov-modifying-amount.mp4
  • Galloway-and-Yunusov-For-the-love-of-money-Findingexploiting-vulns-in-mobile-pos-terminals.pdf
• Louis Dion Marcil
  • DEFCON-26-Louis-Dion-Marcil-Demo-Videos
    • demo1.mp4
    • demo2.mp4
  • Louis-Dion-Marcil-Edge-Side-Include-Injection.pdf
• Martin Vigo
  • DEFCON-26-Martin-Vigo-Demo-Videos
    • demo-bruteforcing-v1.mp4
    • demo-paypal-v1.mp4
    • demo-whatsapp-v1.mp4
  • Martin-Vigo-Compromising-Online-Cracking-Voicemail-Systems.pdf
• Michael West and Collin Campbell
  • Micheal-West-Colin-Campbell-barcOwned-Popping-shells-with-your-cereal box.pdf
  • Micheal-West-Colin-Campbell-barcOwned-Popping-shells-with-your-cereal box.pptx
• Mickey Shkatov and Jesse Micheal
  • DEFCON-26-Mickey-Shkatov-and-Jesse-Micheal-Demo-Videos
    • EvilMaid-BennyHill-Defcon-Video1.mp4
    • exploit-popcalc-text-Defcon-Video2.MP4
    • exploit-popcalc-win10-Defcon-Video3.MP4
    • exploit-shell-Defcon-Video4.MP4
    • exploit-smileyloop.MP4
  • Mickey-Shkatov-and-Jesse-Micheal-UEFI-Exploitation-For-The-Masses.pdf
• Morgan Gangwere
  • DEFCON-26-Morgan-Gangwere-Its-assembler-jim-Demo-Videos
    • demo-1-rootfs.mp4
    • demo-2-tapdrive.mp4
    • demo-3-containers.mp4
    • demo-4-afl.mp4
  • Morgan-Gangwere-Its-assembler-jim-Notes.pdf
  • Morgan-Gangwere-Its-assembler-jim.pdf
• Nafeez
  • Nafeez-Compression-Oracle-attacks-on-VPN-Networks-openvpn3-voracle.gif
  • Nafeez-Compression-Oracle-attacks-on-VPN-Networks.pdf
• Nick Cano
  • DEFCON-26-Nick-Cano-Demo-Videos
    • demo-1-tools.mp4
    • demo-2-launch.mp4
    • demo-3-scan.mp4
    • demo-4-win10.mp4
  • Nick-Cano-Relocation-Bonus-Attacking-the-Win-Loader.pdf
• Patrick Wardle
  • Patrick-Wardle-Fire-and-Ice.pdf
  • Patrick-Wardle-The-Mouse-Is-Mightier-Synthetic0Reality.pdf
• Ruo Ando
  • Ruo-Ando-Asura-Demo-Video.MP4
  • Ruo-Ando-Asura-PCAP-File-Analyzer-for-Anomaly-Packet-Detection-Multithreading-WP.pdf
  • Ruo-Ando-Asura-PCAP-File-Analyzer-for-Anomaly-Packet-Detection-Multithreading.pdf
• Ryan Johnson and Angelos Stavrou
  • DEFCON-26-Johnson-and-Stavrou-Demo-Videos
    • commexec.mp4
    • maliciousApp.mp4
    • zte-zmax-champ-brick.mp4
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP.pdf
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices.pdf
• Ryan Johnson and Angelos Stavrou - Updated
  • DEFCON-26-Johnson-and-Stavrou-Demo-Videos-Updated
    • commExec.mp4
    • factory_reset.mp4
    • lock_user_out.mp4
    • maliciousApp.mp4
    • modem_and_logcat_logs_zte.mp4
    • take_screenshot.mp4
    • zte_zmax_champ_brick.mp4
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-Updated.pdf
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf
• Sanat Sharma
  • Sanat-Sharma-House-of-Roman-Demo-Video.mp4
  • Sanat-Sharma-House-of-Roman.pdf
• Sheila A Berta and Sergio De Los Santos
  • DEFCON-26-Sheila-A-Berta-and-Sergio-De-Los-Santos-Demo-Video
    • freetool.mp4
    • gmtruntime.mp4
  • Sheila-A-Berta-and-Sergio-De-Los-Santos-Tracking-Android-Malware-Developers.pdf
• Siegfried Rasthofer and Stephan Huber
  • Siegfried-Rasthofer-and-Stephan-Huber-Demo-Video
    • demovideo.mp4
    • greenalp-cast.mp4
  • Siegfried-Rasthofer-and-Stephan-Huber-All-Your-Family-Secrets-Belong-to-Us.pdf
• Siegfried Rasthofer and Stephan Huber - Updated
  • Siegfried-Rasthofer-and-Stephan-Huber-Demo-Video-Updated
    • demovideo_Version2.mp4
    • greenalpdemo_Version2.mp4
  • Siegfried-Rasthofer-and-Stephan-Huber-All-Your-Family-Secrets-Belong-to-Us-Updated.pdf
• Silke Holtmanns and Isha Singh
  • Holtmanns-Singh-4G-Who-is-Paying-your-cell-phone-bill.pdf
• Slava Makkaveev
  • DEFCON-26-Slava-Makkaveev-Demo-Videos
    • Slava-Makkaveev-MITD-Demo1-GoogleTranslate.mp4
    • Slava-Makkaveev-MITD-Demo2-LGAppManager.mp4
    • Slava-Makkaveev-MITD-Demo3-XiaomiBrowser.mp4
  • Slava-Makkaveev-Man-In-The-Disk.pdf
• Stark Riedesel and Parsia Hakimian
  • DEFCON-26-Stark-Riedesel-and-Parsia-Hakimian-Demo-Videos
    • 1-tineola-enum-demo.mp4
    • 2-tineola-invoke-TXes.mp4
    • 2-tineola-invoke-demo.mp4
    • 3-tineola-fuzzing-demo.mp4
    • 4-tineolacc-install.mp4
    • 5-tineola-nmap-scan.mp4
    • 6-tineola-direct-db-TXes.mp4
    • 6-tineola-direct-db-demo.mp4
  • Stark-Riedesel-and-Parsia-Hakimian-Tineola-Taking-Bite-Out-of-Enterprise-Blockchain.pdf
• Thanh Bui and Siddharth Rao
  • DEFCON-26-Thanh-Bui-and-Siddharth-Rao-Demo-Videos
    • 1password-demo.mp4
    • fido-demo.mp4
  • Thanh-Bui-and-Siddharth-Rao-Last-Mile-Auth-Problem-Exploiting-End-to-End.pdf
• The Tarquin
  • DEFCON-26-The-Tarquin-Demo-Videos
    • homograph-ocr.mp4
    • homographbomb.mp4
    • java-homograph.mp4
  • The-Tarquin-Weaponizing-Unicode-Homographs-Beyond-IDNs.pdf
• Thiago Alves
  • DEFCON-26-Thiago-Alves-Demo-Videos
    • first-attack.mp4
    • second-attack.mp4
    • third-attack.mp4
  • Thiago-Alves-Hacking-PLCs-and-Causing-Havoc-on-Critical-Infrastructures.pdf
• Torani - Buchwald - Nirenberg
  • Torani-Buchwald-Nirenberg-Reverse-Engineering-Hacker-Docu-Series-Sample-Scene.mp4
  • Torani-Buchwald-Nirenberg-Reverse-Engineering-Hacker-Docu-Series.pdf
• Truman Kain
  • Truman-Kain-Demo-Video.mp4
  • Truman-Kain-Dragnet-Social-Engineering-Sidekick.pdf
• Truman Kain - Updated
  • Truman-Kain-Demo-Video-Updated.mp4
  • Truman-Kain-Dragnet-Social-Engineering-Sidekick-Updated.pdf
• Vincent Tan
  • DEFCON-26-Vincent-Tan-Demo-Videos
    • Vincent-Tan-Hacking-BLE-Bicycle-Locks-Demo-Video-1.mp4
    • Vincent-Tan-Hacking-BLE-Bicycle-Locks-Demo-Video-2.mp4
  • Vincent-Tan-Hacking-BLE-Bicycle-Locks.pdf
• Wesley McGrew
  • Wesley-McGrew-An-Attacker-Looks-at-Docker-Demo-Video.mp4
  • Wesley-McGrew-An-Attacker-Looks-at-Docker-WP.pdf
  • Wesley-McGrew-An-Attacker-Looks-at-Docker.pdf
• William Martin
  • William-Martin-SMBetray-Backdooring-and-Breaking-Signiatures.pdf
  • William-Martin-SMBetray-Demo-Video.mp4
• Wu HuiYu and Qian Wenxiang
  • DEFCON-26-Wu-HuiYu-and-Qian-Wenxiang-Demo-Videos
    • MI-AI-SPEAKER-MIIO.mp4
    • MI-AI-SPEAKER-RCE.mp4
    • amazon-echo-2soldering.mp4
    • amazon-echo-desoldering.mp4
    • amazon-echo-exploit.mp4
    • breaking-smart-speaker-video-1.mp4
    • breaking-smart-speaker-video-2.mp4
    • breaking-smart-speaker-video-3.mp4
    • breaking-smart-speaker-video-4.mp4
  • Wu-HuiYu-and-Qian-Wenxiang-Breaking-Smart-Speakers.pdf
• Xiaolong Bai and Min Zheng
  • DEFCON-26-Xiaolong-Bai-and-Min-Zheng-Demo-Video
    • DemoOnPage13.mp4
    • DemoOnPage78.mp4
  • Xiaolong-Bai-and-Min-Zheng-One-Bite-And-All-Your-Dreams-Will-Come-True.pdf
• Zach Miller and Alex Kissinger
  • DEFCON-26-Zach-Miller-and-Alex-Kissinger-Demo-Videos
    • demo-1-command-file-exploit.mp4
    • demo-2-telnet-exploit.mp4
    • demo-3-mlwar.mp4
  • Zach-Miller-and-Alex-Kissinger-Infecting-Embedded-Supply-Chain.pdf
• Zach Miller and Alex Kissinger - Updated
  • Zach Miller and Alex Kissinger - Extras
    • demo3_mlwar_v2.ogv
    • demo4_brute_force_and_dump_fw.mp4
  • Zach-Miller-and-Alex-Kissinger-Infecting-Embedded-Supply-Chain-Updated.pdf
• nevermoe
  • nevermoe-One-Step-Before-Game-Hackers-Andriod-Emulators-cheat-Demo-Video.mp4
  • nevermoe-One-Step-Before-Game-Hackers-Andriod-Emulators.pdf
• sghctoma
  • DEFCON-26-sghctoma-Demo-Videos
    • maple/
    • mathematica/
    • matlab/
  • sghctoma-all-your-math-are-belong-to-us.pdf
• singe
  • singe-Practical-and-Improved-Wifi-MitM-with-Mana-eap-relay-v1.mp4
  • singe-Practical-and-Improved-Wifi-MitM-with-Mana.pdf
• smea
  • DEFCON-26-smea-Jailbreaking-the-3DS-Demo-Videos
    • fuzz.mp4
    • hbmenu.mp4
    • mcopy.mp4
    • ninjhax.mp4
    • tubehax.mp4
  • smea-Jailbreaking-the-3DS.pdf
• Alex-Levinson-Overview-of-Genesis-Scripting-Engine.pdf
• Alexandre-Borges-Ring-02-Rootkits-bypassing-defenses-Updated.pdf
• Alexandre-Borges-Ring-02-Rootkits-bypassing-defenses.pdf
• Alfonso-Garcia-and-Alejo-Murillo-Playback-a-TLS-story.pdf
• Crowley-Paredes-Savage-Outsmarting-the-Smart-City.pdf
• Eckert-Sumner-Krause-Inside-the-Fake-Science-Factory.pdf
• Eduardo-Izycki-And-Rodrigo-Colli-Digital-Leviathan-Nation-State-Big-Brothers.pdf
• Egypt-One-Liners-to-Rule-Them-All.pdf
• Fireside-Panel-D0-N0-H4RM.pdf
• Fireside-Panel-Goerzen-and-Matthews-Beyond-The-Lulz-Updated.pdf
• Fireside-Panel-Goerzen-and-Matthews-Beyond-The-Lulz.pdf
• Foster-and-Ayrey-Lost-and-Found-Certs-residual-certs-for-pre-owned-domains.pdf
• Galloway-and-Yunusov-For-the-love-of-Money-Finding-And-Exploiting-Vulns-In-Mobile-POS-Updated.pdf
• Ian-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains.pdf
• Jianjun-Dai-Guang-Gong-Wenlin-Yang-Pwning-The-Toughest-Target-Updated.pdf
• Jianjun-Dai-Guang-Gong-Wenlin-Yang-Pwning-The-Toughest-Target.pdf
• Joe-Grand-Searching-for-the-Light-Adventures-w-Opticspy.pdf
• Josep-Rodriguez-Breaking-Extreme-Networks-WingOS-Updated.pdf
• Lawshae-Who-Controls-the-Controllers-Hacking-Crestron.pdf
• Maggie-Mayhem-Sex-Work-After-SESTA.pdf
• Maksim-Shudrak-Fuzzing-Malware-For-Fun-and-Profit.pdf
• Matt-King-Micro-Renovator-Bringing-Proc-Firmware-Up-To-Code.pdf
• Matt-Knight-and-Ryan-Speers-RF-Fuzzing-Tools-to-Expose-PHY-Layer-Vulns.pdf
• Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf
• Matt-Wixey-Betrayed-by-the-Keyboard.pdf
• Matthews-Adams-Greco-Youre-Just-Complaining-Because-Youre-Guilty.pdf
• Michael-Ossmann-and-Dominic-Spill-Revolting-Radios.pdf
• Min-Zheng-Xiaolong-Bai-Fasten-your-Seatbelts-Escaping-iOS-11-Sandbox.pdf
• Nils-Amiet-and-Yonal-Romailler-Reaping-and-breaking-keys-at-scale-when-crypto-meets-big-data.pdf
• Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-and-Pop-0days-Out.pdf
• Panel-DCGroups.pdf
• Paternotte-and-van-Ommeren-It-WISNt-Me-Attacking-Industrial-Wireless-Mesh.pdf
• Rachel-Greenstadt-and-Aylin-Caliskan-De-anonymizing-Programmers.pdf
• Richard-Thieme-The-Road-to-Resilience .pdf
• Rob-Joyce-Absurd-Xmas-Lights.pdf
• Rousseau-and-Seymour-Finding-Xori-Malware-Analysis-Triage-w-Auto-Disassembly.pdf
• Seamus-Burke-Journey-Into-Hexagon.pdf
• Sean-Metcalf-Exploiting-Administrator-Insecurities.pdf
• Shortxstack-and-Seth-Law-Building-the-Hacker-tracker.pdf
• Si-and-AgentX-Wagging-The-Tail.pdf
• Steven-Danneman-Your-Banks-Digital-Side-Door.pdf
• Yaniv-Balmas-What-The-FAX.pdf
• YawnBox-Emerald-Onion-Privacy-Infrastructure-Challenges-and-Opportunites.pdf
• Yu-Wang-Attacking-The-MacOS-Kernel-Graphics-Driver.pdf
• Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs-Updated.pdf
• Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs.pdf
• zerosum0x0-Eternal-Exploits.pdf

También también podéis descargar todo este contenido desde este enlace o por torrent a través de este otro enlace.

Y si también os interesan los talleres, aquí tenéis la lista de los publicados:

• DEFCON-26-Workshop-Vinnie-Vanhoecke-and-Lorenzo-Bernardi-Playing-With-RFID
  • Workshop-Vinnie-Vanhoecke-and-Lorenzo-Bernardi-Playing-With-RFID-Theory.pdf
  • Workshop-Vinnie-Vanhoecke-and-Lorenzo-Bernardi-Playing-With-RFID.pdf
• DEFCON-26-Workshop-Wesley-McGrew-Penetration-Testing-in-Hostile-Environments
  • Workshop-Wesley-McGrew-Penetration-Testing-in-Hostile-Environments-Student-Preparation.pdf
  • Workshop-Wesley-McGrew-Penetration-Testing-in-Hostile-Environments-Whitepaper.pdf
• Workshop-Adam-Steed-and-James-Albany-Attacking-Active-Directory-and-Advanced-Methods-of-Defense-2018.pdf
• Workshop-Alexandrine-Torrents-and-Arnaud-Soullie-Pentesting-ICS-101.pdf
• Workshop-Arun-Magesh-Buzzing-Smart-Devices.pdf
• Workshop-Bryce-Kunz-and-Kevin-Lustic-Fuzzing-FTW.pdf
• Workshop-Dave-Porcello-and-Sean-Gallagher-Packet-Mining-for-Privacy-Leakage.pdf
• Workshop-David-Pearson-The-Truth-is-in-the-Network_-Reverse-Engineering-Application-Layer-Protocols-Via-PCAP.pdf
• Workshop-David-Turco-and-Jon-Overgaard-Christiansen-Wheres-My-Browser-Learn-Hacking-iOS-and-Android-WebViews.pdf
• Workshop-Eijah-Decentralized-Hacker-Net.pdf
• Workshop-Jakub-Botwicz-and-Wojciech-Rauner-Fuzzing-with-AFL-(American-Fuzzy-Lop).pdf
• Workshop-Joe-Grand-Build-Your-Own-Opticspy.pdf
• Workshop-Joe-Grand-Hardware-Hacking-Basics.pdf
• Workshop-Joshua-Pereyda-and-Timothy-Clemans-Advanced-Custom-Network-Protocol-Fuzzing.pdf
• Workshop-Louis-Nyfenegger-and-Luke-Jahnke-Finding-Needles-in-Haystacks.pdf
• Workshop-Louis-Nyfenegger-and-Luke-Jahnke-JWAT-Attacking-JSON-WEB-TOKENS.pdf
• Workshop-Matt-Cheung-Introduction-to-Cryptographic-Attacks.pdf
• Workshop-Mike-Guirao-Securing-Big-Data-in-Hadoop.pdf
• Workshop-Nick-Tait-Reverse-Engineering-with-OpenSCAD-and-3D-Printing.pdf
• Workshop-Sneha-Rajguru-ARM-eXploitation-101.pdf
• Workshop-Walter-Cuestas-and-Mauricio-Velazco-Lateral-Movement-101-2018-Update.pdf

Los cuales también tenéis la opción de baralos vía torrent o rar.

Y ya puestos, si también quieres descargarte la música, aquí tienes los enlaces: torrent y rar.