Ya tenemos disponibles los vídeos (faltan algunos) de una de las conferencias que más ha crecido en los últimos años: Derbycon. La edición de este año 2016 acaba de terminar y nos ha dejado un gran número de charlas interesantes:

• Key Note - Jeffrey Snover, Lee Holmes
• Carlos Perez - Thinking Purple
• Ed Skoudis - Internet of Things, Voice Control, AI, and Office Automation: BUILDING YOUR VERY OWN J.A.R.V.I.S.
• David Maloney, James Lee, Brent Cook, Tod Beardsley, Lance Sanchez - Metasploit Townhall
• Parker Schmitt - Data Obfuscation: How to hide data and payloads to make them "not exist"
• Jason Smith - Go with the Flow
• Devon Greene - Abusing RTF: Evasion, Exploitation and Counter Measures
• Mubix "Rob" Fuller - Writing malware while the blue team is staring at you
• Christopher Hadnagy - Mind Reading for Fun and Profit using DISC
• JDuck - Stagefright: An Android Exploitation Case Study
• Arian J Evans & James Pleger - Top 10 2015-2016 compromise patterns observed & how to use non-traditional Internet datasets to detect & avoid them
• Aaron Lafferty - Information Security Proposed Solutions Series - 1. Talent
• Alfredo Ramirez - DNSSUX
• Tyler Halfpop , Jacob Soo - Macs Get Sick Too
• Joe Desimone - Hunting for Exploit Kits
• Stephen Breen, Chris Mallz - Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM
• Nick Cano - +1,000,000 -0: Cloning a Game Using Game Hacking and Terabytes of Data
• Wartortell and Aaron Bayles - Nose Breathing 101: A Guide to Infosec Interviewing
• William McLaughlin - Android Patchwork
• Will Schroeder, Matt Nelson - A Year in the Empire
• Kevin Johnson and Jason Gillam - Next Gen Web Pen Testing: Handling modern applications in a penetration test
• Ken Johnson, Chris Gates - DevOops Redux
• Ryan Voloch and Peter Giannoutsos - To Catch a Penetration Tester: Top SIEM Use Cases
• Spencer McIntyre - Is that a penguin in my Windows?
• Brent White && Tim Roberts - Real World Attacks VS Check-box Security
• Ben0xA - PowerShell Secrets and Tactics
• Michael Allen - Beyond The ?Cript: Practical iOS Reverse Engineering
• Jayson E. Street - .... and bad mistakes I've made a few.....
• Matthew Dunwoody, Nick Carr - No Easy Breach: Challenges and Lessons from an Epic Investigation
• Natalie Vanatta - ARRR Maties! A map to the legal hack-back
• Michael Wharton, Project MVP - Hacking and Protecting SharePoint
• Marcello Salvati - CrackMapExec - Owning Active Directory by using Active Directory
• Rockie Brockway & Adam Hogan - Adaptation of the Security Sub-Culture
• Zach Grace, Brian Genz - Better Network Defense Through Threat Injection and Hunting
• nyxgeek - Hacking Lync (or, 'The Weakest Lync')
• Kevin Gennuso - Responder for Purple Teams
• Ken Toler - Metaprogramming in Ruby and doing it wrong.
• Paul Coggin - Exploiting First Hop Protocols to Own the Network
• Nick Landers - Outlook and Exchange for the Bad Guys
• Valerie Thomas and Harry Regan - It's Never So Bad That It Can't Get Worse
• Nathan Clark - AWSh*t. Pay-as-you-go Mobile Penetration Testing
• Nancy Snoke - Evolving your Office's Security Culture
• Michael Schearer - Confronting Obesity in Infosec
• Mark Mager - Defeating The Latest Advances in Script Obfuscation
• Michael Gough - From Commodity to Advanced (APT) malware, are automated malware analysis sandboxes as useful as your own basic manual analysis?
• Tim MalcomVetter - Breaking Credit Card Tokenization Without Cryptanalysis
• Bill V – Privileged Access Workstations (PAWs)
• Scott Lyons and Joshua Marpet - Business Developement: The best non-four letter dirty word in infosec.
• Scot Berner, Jason Lang - Tool Drop 2.0 - Free As In Pizza
• Joseph Tegg - We're a Shooting Gallery, Now What?
• Doug Burns - Malicious Office Doc Analysis for EVERYONE!
• Sean Metcalf & Will Schroeder - Attacking EvilCorp: Anatomy of a Corporate Hack
• Matt Graeber, Jared Atkinson - Living Off the Land 2: A Minimalist's Guide to Windows Defense
• Kyle Wilhoit - Point of Sale Voyuer- Threat Actor Attribution Through POS Honeypots
• Jeremy Mio, David Lauer, Mike Woolard - The Art of War, Attacking the Organization and Raising the Defense
• Justin Herman & Anna-Jeannine Herman - The 1337 Gods of Geek Mythology
• Josh Huff - Open Source Intelligence - What I learned by being an OSINT creeper
• Jay Beale - Phishing without Failure and Frustration
• Larry Pesce - I don't give one IoTA: Introducing the Internet of Things Attack Methodology.
• Anti-Forensics AF int0x80 (of Dual Core)
• Deral Heiland, Matthew Kienow - Managed to Mangled: Exploitation of Enterprise Network Management Systems
• Joey Maresca - Finding Your Balance
• EvilMog - Hashcat State of the Union
• egypt - New Shiny in Metasploit Framework
• Hacking with Ham Radios: What I have learned in 25 years of being a ham.
• John Strand - Penetration Testing Trends
• Ellen Hartstack and Matthew Sullivan - Garbage in, garbage out
• Casey Smith - Establishing A Foothold With JavaScript
• Jesika McEvoy - Overcoming Imposter Syndrome (even if you're totally faking it)
• FuzzyNop - Embrace the Bogeyman: Tactical Fear Mongering for Those Who Penetrate
• Eric Conrad - Introducing DeepBlueCLI, a PowerShell module for hunt teaming via Windows event logs
• Dr. Jared DeMott & Mr. Josh Stroschein - Using Binary Ninja for Modern Malware Analysis
• Scott M - Fuzzing basics...how to break software
• Craig Bowser - Security v. Ops: Bridging the Gap
• Chris "Lopi" Spehn - From Gaming to Hacking The Planet
• Jason Blanchard - How to Social Engineer your way into your dream job!
• Lee Holmes - Attackers Hunt Sysadmins - It's time to fight back
• Adam Compton, Austin Lane - Scripting Myself Out of a Job - Automating the Penetration Test with APT2
• Branden Miller - Hacking for Homeschoolers: STEM projects for under $20
• Scott Sutherland - SQL Server Hacking on Scale using PowerShell
• Brian Marks, Andrea Sancho Silgado - Dive into DSL: Digital Response Analysis with Elasticsearch
• David Schwartzberg and Chris Sistrunk - Make STEHM Great Again
• Charles L. Yost - Python 3: It's Time
• Philip Martin - DNS in Enterprise IR: Collection, Analysis and Response
• Drew Branch - Need More Sleep? REST Could Help
• Bill Gardner - Making Our Profession More Professional
• Abe Miller - How are tickets paid for?
• Bill Sempf - Breaking Android Apps for Fun and Profit
• Amanda Berlin & Lee Brotherston - So You've Inherited a Security Department, Now What?
• Brandon Young - Reverse engineering all the malware... and why you should stop.
• Nathan Magniez - Body Hacking 101 (or a Healthy Lifestyle for Security Pros)
• Jimmy Byrd - Security Automation in your Continuous Integration Pipeline
• Chad M. Dewey - Cruise Ship Security OR Hacking the High Seas
• Karl Fosaaen - Attacking ADFS Endpoints with PowerShell
• Stephen Hilt - The 90's called, they want their technology back
• Lee Neely - Web Security for Dummies
• Kirk Hayes - I Love myBFF (Brute Force Framework)
• Cameron Craig, Keith Conway - Nobody gets fired by choosing IBM... but maybe they should.
• Mirovengi - Shackles, Shims, and Shivs - Understanding Bypass Techniques
• Jared Haight - Introducing PowerShell into your Arsenal with PS>Attack
• James Jardine - Recharging Penetration Testing to Maximize Value
• hypervista - Poetically Opaque (or other John Updike Quotes)
• David Boyd - Hack Yourself: Building A Pentesting Lab
• Ronnie Flathers - Abusing Linux Trust Relationships: Authentication Back Alleys and Forgotten Features
• Salvador Mendoza - Samsung Pay: Tokenized Numbers, Flaws and Issues
• Andrew Krug & Alex McCormack - Hardening AWS Environments and Automating Incident Response
• Andrew Plunkett - Yara Rule QA: Can't I Write Code to do This for Me?
• Anthony Kasza - Java RATS: Not even your Macs are safe
• Beau Bullock, Derek Banks, Joff Thyer - The Advanced Persistent Pentester (All Your Networks Are Belong 2 Us)
• Russell Butturini - Fire Away! Sinking the Next Gen Firewall
• Daniel Bohannon - Invoke-Obfuscation: PowerShell obFUsk8tion Techniques & How To (Try To) D""e`Tec`T 'Th'+'em'
• Dav Wilson - Mobile Device Forensics
• Casey Cammilleri & Hans Lakhan - Hashview, a new tool aimed to improve your password cracking endeavors.
• Brian Fehrman - Hardware Hacking the Easyware Way
• Matthew Lichtenberger - PacketKO - Data Exfiltration Via Port Knocking
• Jamie Murdock - Ransomware: An overview
• Ben Stillman - MariaDB: Lock it down like a chastity belt
• Aaron Guzman - IoT Defenses - Software, Hardware, Wireless and Cloud
• Adam Cammack & Brent Cook - Static PIE: How and Why
• Braden Hollembaek, Adam Pond - Finding a Weak Link: Attacking Windows OEM Kernel Drivers
• Dan Bougere - The Beginner's Guide to ICS: How to Never Sleep Soundly Again

El congreso RootedValencia se celebrará los días 9 y 10 de Septiembre. El viernes día 9 tendrá lugar un training llamado "RB16-1 Hacking ético" (pulsa aquí para más información) y durante el sábado día 10 se celebrarán conferencias desde las 10am hasta las 8pm. Nosotros estaremos por allí el sábado para saludar a viejos y nuevos amigos, disfrutar de las conferencias y además tomar algunas cervezas ;)

Lugar: ADEIT - Fundación Universidad - Plaza Virgen de la Paz, 3, 46001 Valencia (España)

Los que seáis asiduos a participar en CTFs ya probablemente conozcáis el proyecto Pwntools.

Éste es un conjunto de utilidades, librerías o framework pensado para hacerte la vida más fácil a la hora de escribir tus exploits o soluciones en los dichos CTFs. Está escrito en Python y provee de una gran cantidad de módulos específicos para cada tarea:

• pwnlib.adb — Android Debug Bridge
• pwnlib.asm — Assembler functions
• pwnlib.atexception — Callbacks on unhandled exception
• pwnlib.atexit — Replacement for atexit
• pwnlib.constants — Easy access to header file constants
• pwnlib.context — Setting runtime variables
• pwnlib.dynelf — Resolving remote functions using leaks
• pwnlib.encoders — Encoding Shellcode
• pwnlib.elf — Working with ELF binaries
• pwnlib.exception — Pwnlib exceptions
• pwnlib.fmtstr — Format string bug exploitation tools
• pwnlib.gdb — Working with GDB
• pwnlib.log — Logging stuff
• pwnlib.memleak — Helper class for leaking memory
• pwnlib.replacements — Replacements for various functions
• pwnlib.rop — Return Oriented Programming
• pwnlib.rop.rop — Return Oriented Programming
• pwnlib.rop.srop — Sigreturn Oriented Programming
• pwnlib.runner — Running Shellcode
• pwnlib.shellcraft — Shellcode generation
• pwnlib.shellcraft.amd64 — Shellcode for AMD64
• pwnlib.shellcraft.arm — Shellcode for ARM
• pwnlib.shellcraft.common — Shellcode common to all architecture
• pwnlib.shellcraft.i386 — Shellcode for Intel 80386
• pwnlib.regsort — Register sorting
• pwnlib.shellcraft.thumb — Shellcode for Thumb Mode
• pwnlib.term — Terminal handling
• pwnlib.timeout — Timeout handling
• pwnlib.tubes — Talking to the World!
• pwnlib.tubes.process — Processes
• pwnlib.tubes.serialtube — Serial Ports
• pwnlib.tubes.sock — Sockets
• pwnlib.tubes.ssh — SSH
• pwnlib.ui — Functions for user interaction
• pwnlib.useragents — A database of useragent strings
• pwnlib.util.crc — Calculating CRC-sums
• pwnlib.util.cyclic — Generation of unique sequences
• pwnlib.util.fiddling — Utilities bit fiddling
• pwnlib.util.hashes — Hashing functions
• pwnlib.util.iters — Extension of standard module itertools
• pwnlib.util.lists — Operations on lists
• pwnlib.util.misc — We could not fit it any other place
• pwnlib.util.net — Networking interfaces
• pwnlib.util.packing — Packing and unpacking of strings
• pwnlib.util.proc — Working with /proc/
• pwnlib.util.safeeval — Safe evaluation of python code
• pwnlib.util.web — Utilities for working with the WWW

La instalación es muy sencilla:

$ apt-get install python2.7 python2.7-dev python-pip
$ pip install --upgrade pwntools

Aunque Pwntools está desarrollado en sobre Ubuntu, debería de funcionar sin problemas en otras distribuciones Linux e incluso Mac OS X.

Para que te hagas una idea de como usar este framework, aquí tienes un repositorio con algunas soluciones a varios retos usando el mismo. El código fuente del proyecto se encuentra en Github y su documentación aquí.

Otra de las conferencias referentes sobre seguridad, USENIX Security 2016, ha publicado el material presentado:

• Flip Feng Shui: Hammering a Needle in the Software Stack - PDF
• One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation - PDF - Slides
• PIkit: A New Kernel-Independent Processor-Interconnect Rootkit - PDF - Slides
• Verifying Constant-Time Implementations - PDF
• Secure, Precise, and Fast Floating-Point Operations on x86 Processors - PDF - Slides
• überSpark: Enforcing Verifiable Object Abstractions for Automated Compositional Security Analysis of a Hypervisor - PDF
• Undermining Information Hiding (and What to Do about It) - PDF
• Poking Holes in Information Hiding - PDF
• What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses - PDF - Slides
• zxcvbn: Low-Budget Password Strength Estimation - PDF - Slides
• Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks - PDF - Slides
• An Empirical Study of Textual Key-Fingerprint Representations - PDF
• Off-Path TCP Exploits: Global Rate Limit Considered Dangerous - PDF
• Website-Targeted False Content Injection by Network Operators - PDF
• The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO - PDF - Slides
• A Comprehensive Measurement Study of Domain Generating Malware - PDF
• Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing - PDF - Slides
• Faster Malicious 2-Party Secure Computation with Online/Offline Dual Execution - PDF - Slides
• Egalitarian Computing - PDF
• Post-quantum Key Exchange—A New Hope - PDF
• Automatically Detecting Error Handling Bugs Using Error Specifications - PDF
• APISan: Sanitizing API Usages through Semantic Cross-Checking - PDF
• On Omitting Commits and Committing Omissions: Preventing Git Metadata Tampering That (Re)introduces Software Vulnerabilities - PDF
• Defending against Malicious Peripherals with Cinch - PDF - Slides
• Making USB Great Again with USBFILTER - PDF - Slides
• Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks - PDF
• Request and Conquer: Exposing Cross-Origin Resource Size - PDF
• Trusted Browsers for Uncertain Times - PDF
• Tracing Information Flows Between Ad Exchanges Using Retargeted Ads - PDF - Slides
• Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos - PDF - Slides
• Hidden Voice Commands - PDF - Slides
• FlowFence: Practical Data Protection for Emerging IoT Application Frameworks - PDF
• ARMageddon: Cache Attacks on Mobile Devices - PDF - Slides
• DRAMA: Exploiting DRAM Addressing for Cross-CPU Attacks - PDF - Slides
• An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries - PDF - Slides
• Stealing Machine Learning Models via Prediction APIs - PDF - Slides
• Oblivious Multi-Party Machine Learning on Trusted Processors - PDF
• Thoth: Comprehensive Policy Compliance in Data Retrieval Systems - PDF - Slides
• Dancing on the Lip of the Volcano: Chosen Ciphertext Attacks on Apple iMessage - PDF
• Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys - PDF
• DROWN: Breaking TLS Using SSLv2 - PDF - Slides
• All Your Queries Are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption - PDF - Slides
• Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software - PDF
• Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services - PDF - Slides
• UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware - PDF - Slides
• Towards Measuring and Mitigating Social Engineering Software Download Attacks - PDF - Slides
• Specification Mining for Intrusion Detection in Networked Control Systems - PDF - Slides
• Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants - PDF - Slides
• Authenticated Network Time Synchronization - PDF
• fTPM: A Software-Only Implementation of a TPM Chip - PDF
• Sanctum: Minimal Hardware Extensions for Strong Software Isolation - PDF - Slides
• Ariadne: A Minimal Approach to State Continuity - PDF
• The Million-Key Question—Investigating the Origins of RSA Public Keys - PDF - Slides
• Fingerprinting Electronic Control Units for Vehicle Intrusion Detection - PDF - Slides
• Lock It and Still Lose It —on the (In)Security of Automotive Remote Keyless Entry Systems - PDF
• OblivP2P: An Oblivious Peer-to-Peer Content Sharing System - PDF
• AuthLoop: End-to-End Cryptographic Authentication for Telephony over Voice Channels - PDF
• You Are Who You Know and How You Behave: Attribute Inference Attacks via Users' Social Friends and Behaviors - PDF
• Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 - PDF
• Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification - PDF - Slides
• You've Got Vulnerability: Exploring Effective Vulnerability Notifications - PDF
• Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud - PDF
• ZKBoo: Faster Zero-Knowledge for Boolean Circuits - PDF
• The Cut-and-Choose Game and Its Application to Cryptographic Protocols - PDF - Slides
• On Demystifying the Android Application Framework: Re-Visiting Android Permission Specification Analysis - PDF - Slides
• Practical DIFC Enforcement on Android - PDF - Slides
• Screen after Previous Screens: Spatial-Temporal Recreation of Android App Displays from Memory Images - PDF
• Harvesting Inconsistent Security Configurations in Custom Android ROMs via Differential Analysis - PDF
• Identifying and Characterizing Sybils in the Tor Network - PDF - Slides
• k-fingerprinting: A Robust Scalable Website Fingerprinting Technique - PDF
• Protecting Privacy of BLE Device Users - PDF - Slides
• Privacy in Epigenetics: Temporal Linkability of MicroRNA Expression Profiles - PDF - Slides

Fuente: http://www.brendangregg.com/Perf/linux_perf_tools_full.png

También tienes una versión SVG.

Una vez más una de las conferencias sobre seguridad informática ha llegado a su fin: DEF CON 24. Por ahora, se han puesto disponible las diapositivas y algún material extra de las presentaciones que se pudieron presenciar.

• Amro-Abdelgawad-Extras/
• Jonathan-Brossard-Extras/
• Lucas-Lundgren-Extras/
• Mike-Rich-Extras/
• Regilero-Extras/
• Robert-Olson-Extras/
• Seymour-Tully-Extras/
• SixVolts-and-Haystack-Extras/
• Wesley-McGrew-Extras/
• 3alarmlampscoot-DIY-Nukeproofing.pdf
• Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf
• Allan-Cecil-dwangoAC-Tasbot-The-Perfectionist.pdf
• Amro-Abdelgawad-The-Remote-Metamorphic-Engine.pdf
• Anch-So-you-want-to-be-a-pentester-DC101.pdf
• Anto-Joseph-Fuzzing-Android-Devices.pdf
• Arnaud-Soullie-Workshop-Pentesting-ICS-101.pdf
• Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection-Writeup.pdf
• Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection.pdf
• Benjamin-Holland-Developing-Managed-Code-Rootkits-For-Java-Runtime.pdf
• Bertin-Bervis-James-Jara-Exploiting-And-Attacking-Seismological-Networks-Remotely.pdf
• Bigezy-Saci-Pinworm-MITM-for-Metadata.pdf
• Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle.pdf
• Brad-Woodberg-Malware-Command-And-Control-Channels-A-Journey-Into-Darkness.pdf
• Bryant-Zadegan-Ryan-Lester-Abusing-Bleeding-Edge-Web-Standards-For-Appsec-Glory.pdf
• Chapman-Stone-Toxic-Proxies-Bypassing-HTTPS-and-VPNs.pdf
• Chris-Rock-How-to-overthrow-a-Government-Kuwait-Coup-WP.pdf
• Chris-Rock-How-to-overthrow-a-Government.pdf
• Clarence-Chio-Machine-Duping-101.pdf
• Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools-WP.pdf
• Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools.pdf
• Demay-Lebrun-Canspy-A-Platorm-For-Auditing-Can-Devices.pdf
• Dr-Phil-Polstra-Mouse-Jigglers.pdf
• Drake-Christey-Vulnerabilities-101.pdf
• Eagle-Sk3Wldbg-Emulating-with-Ida.pdf
• Eric-Escobar-Rogue-Cell-Towers.pdf
• Evan-Booth-Jjittery-Macgyver.pdf
• Fasel-Jacobs-I-fight-for-the-users.pdf
• Fitzpatrick-and-Grand-101-Ways-To-Brick-Your-Hardware.pdf
• Forgety-Kreilein-Ng9-1-1-The-Next-Gene-Of-Emergency-Ph0Nage.pdf
• Fred-Bret-Mounet-All-Your-Solar-Panels-Are-Belong-To-Me.pdf
• Gorenc-Sands-Hacker-Machine-Interface.pdf
• Granolocks-Zero-Chaos-Bluehydra-Realtime-Blutetooth-Detection.pdf
• Grant-Bugher-Captive-Portals.pdf
• Guevara-Noubir-Amirali-Sanatinia-Honey-Onions-Exposing-Snooping-Tor-Hsdir-Relays-WP.pdf
• Guevara-Noubir-Amirali-Sanatinia-Honey-Onions-Exposing-Snooping-Tor-Hsdir-Relays.pdf
• Hendrik-Schmidt-Brian-Butter-Attacking-BaseStations.pdf
• Huber-Rasthofer-Smartphone-Antivirus-And-Security-Applications-Under-Fire.pdf
• Hunter-Scott-Rt2Win-The-Luckiest-Guy-On-Twitter.pdf
• Int0X80-Anti-Forensics-AF.pdf
• Jay-Beale-Larry-Pesce-Phishing-without-Frustration.pdf
• Jennifer-Granick-Slouching-Towards-Utopia.pdf
• Jkambic-Cunning-With-Cng-Soliciting-Secrets-From-Schannel-WP.pdf
• Jkambic-Cunning-With-Cng-Soliciting-Secrets-From-Schannel.pdf
• Jmaxxz-Backdooring-the-Frontdoor-Bypass-Cert-Pinning.pdf
• Jmaxxz-Backdooring-the-Frontdoor-Extracting-Secrets-From-Log.pdf
• Jmaxxz-Backdooring-the-Frontdoor.pdf
• Joe-Grand-Zoz-BSODomizerHD.pdf
• Jonathan-Brossard-Intro-to-Witchcraft-Compiler.pdf
• Karyn-Benson-Examining-The-Internets-Pollution.pdf
• Klijnsma-Tentler-Stargate-Pivoting-Through-VNC.pdf
• Ladar-Levison-Compelled-Decryption.pdf
• Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles-WP.pdf
• Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles.pdf
• Lucas-Lundgren-Light-Weight Protocol-Critical-Implications.pdf
• Luke-Young-The-4TbS-Ddos-For-5-bucks.pdf
• Maldonado-Mcguffin-Sticky-Keys-To-The-Kingdom.pdf
• Marc-Newlin-MouseJack-Injecting-Keystrokes-Into-Wireless-Mice-WP.pdf
• Marc-Newlin-MouseJack-Injecting-Keystrokes-Into-Wireless-Mice.pdf
• Max-Bazaliy-A-Journey-Through-Exploit-Mitigation-Techniques-On-Ios.pdf
• Mcsweeny-Cranor-Research-On-The-Machines.pdf
• Mike-Rich-Use-Their-Machines-Against-Them-WP.pdf
• Mike-Rich-Use-Their-Machines-Against-Them.pdf
• Nick-Rosario-Weaponize-Your-Feature-Codes.pdf
• Panel-How-To-Make-A-DEFCON-Black-Badge.pdf
• Patrick-Wardle-99-Problems-Little-Snitch.pdf
• Plore-Side-Channel-Attacks-On-High-Security-Electronic-Safe-Locks.pdf
• Przemek-Jaroszewski-How-To-Get-Good-Seats-In-The-Security-Theater.pdf
• Radia-Perlman-Resilience-Despite-Malicious-Pariticpants.pdf
• Regilero-Hiding-Wookiees-In-Http.pdf
• Ricky-Lawshae-Lets-Get-Physical.pdf
• Robbins-Vazarkar-Schroeder-Six-Degrees-of-Domain-Admin.pdf
• Robert-Olson-Writing-Your-First-Exploit.pdf
• Rogan-Dawes-Dominic-White-Universal-Serial-aBUSe-Remote-Attacks.pdf
• Rose-Ramsey-Picking-Bluetooth-Low-Energy-Locks.pdf
• Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers-WP.pdf
• Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers.pdf
• Sean-Metcalf-Beyond-The-MCSE-Red-Teaming-Active-Directory.pdf
• Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf
• Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering.pdf
• Shane-Steiger-Maelstrom-Are-You-Playing-With-A-Full-Deck-V14-Back.pdf
• Shane-Steiger-Maelstrom-Rules-V10.pdf
• SixVolts-and-Haystack-Cheap-Tools-For-Hacking-Heavy-Trucks.pdf
• Tamas-Szakaly-Help-I-got-ANTS.pdf
• Thomas-Wilhelm-Hacking-Network-Protocols-Using-Kali.pdf
• Thomas-Wilhelm-Intrusion-Prevention-System-Evasion-Techniques.pdf
• Tim-Estell-Katea-Murray-NPRE-Eavesdropping-on-the-Machines-Literature-Survey.pdf
• Tim-Estell-Katea-Murray-NPRE-Eavesdropping-on-the-Machines.pdf
• Tom-Kopchak-SSD-Forensics-Research-WP.pdf
• Tom-Kopchak-Sentient-Storage.pdf
• Ulf-Frisk-Direct-Memory-Attack-the-Kernel.pdf
• Wesley-McGrew-Secure-Penetration-Testing-Operations-WP.pdf
• Wesley-McGrew-Secure-Penetration-Testing-Operations.pdf
• Willa-Riggins-Esoteric-Exfiltration.pdf
• Zhang-Shan-Forcing-Targeted-Lte-Cellphone-Into-Unsafe-Network.pdf
• Zhong-Lee-411-A-Framework-For-Managing-Security-Alerts.pdf
• the-bob-ross-fan-club-Propaganda-and-you.pdf

Para pasar las tardes de verano, ya tenemos disponible la mayoría del material presentado en Black Hat USA 2016:

• $hell on Earth: From Browser to System Compromise us-16-Molinyawe-Shell-On-Earth-From-Browser-To-System-Compromise.pdf
• 1000 Ways to Die in Mobile OAuth us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth.pdf us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth-wp.pdf
• A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
• A Lightbulb Worm? us-16-OFlynn-A-Lightbulb-Worm.pdf us-16-OFlynn-A-Lightbulb-Worm-wp.pdf
• Abusing Bleeding Edge Web Standards for AppSec Glory us-16-Zadegan-Abusing-Bleeding-Edge-Web-Standards-For-AppSec-Glory.pdf
• Access Keys Will Kill You Before You Kill the Password us-16-Simon-Access-Keys-Will-Kill-You-Before-You-Kill-The-Password.pdf
• Account Jumping Post Infection Persistency & Lateral Movement in AWS us-16-Amiga-Account-Jumping-Post-Infection-Persistency-And-Lateral-Movement-In-AWS.pdf us-16-Amiga-Account-Jumping-Post-Infection-Persistency-And-Lateral-Movement-In-AWS-wp.pdf
• Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits.pdf us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits-wp.pdf
• AirBnBeware: Short Term Rentals Long Term Pwnage us-16-Galloway-AirBnBeware-Short-Term-Rentals-Long-Term-Pwnage.pdf
• AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It us-16-Mittal-AMSI-How-Windows-10-Plans-To-Stop-Script-Based-Attacks-And-How-Well-It-Does-It.pdf
• An AI Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network us-16-Berlin-An-AI-Approach-To-Malware-Similarity-Analysis-Mapping-The-Malware-Genome-With-A-Deep-Neural-Network.pdf
• Analysis of the Attack Surface of Windows 10 Virtualization-Based Security us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security.pdf us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security-wp.pdf
• Applied Machine Learning for Data Exfil and Other Fun Topics us-16-Wolff-Applied-Machine-Learning-For-Data-Exfil-And-Other-Fun-Topics.pdf
• Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking? us-16-Yoon-Attacking-SDN-Infrastructure-Are-We-Ready-For-The-Next-Gen-Networking.pdf
• AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion us-16-Bulazel-AVLeak-Fingerprinting-Antivirus-Emulators-For-Advanced-Malware-Evasion.pdf
• Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions us-16-Tan-Bad-For-Enterprise-Attacking-BYOD-Enterprise-Mobile-Security-Solutions.pdf us-16-Tan-Bad-For-Enterprise-Attacking-BYOD-Enterprise-Mobile-Security-Solutions-wp.pdf us-16-Tan-Bad-For-Enterprise-Attacking-BYOD-Enterprise-Mobile-Security-Solutions-tool.zip
• badWPAD us-16-Goncharov-BadWpad.pdf us-16-Goncharov-BadWpad-wp.pdf
• Beyond the MCSE: Active Directory for the Security Professional us-16-Metcalf-Beyond-The-MCSE-Active-Directory-For-The-Security-Professional.pdf us-16-Metcalf-Beyond-The-MCSE-Active-Directory-For-The-Security-Professional-wp.pdf
• Blunting the Phisher's Spear: A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges us-16-Vishwanath-Blunting-The-Phishers-Spear-A-Risk-Based-Approach-For-Defining-User-Training-And-Awarding-Administrative-Privileges.pdf us-16-Vishwanath-Blunting-The-Phishers-Spear-A-Risk-Based-Approach-For-Defining-User-Training-And-Awarding-Administrative-Privileges-wp.pdf
• Breaking FIDO: Are Exploits in There? us-16-Chong-Breaking-FIDO-Are-Exploits-In-There.pdf
• Breaking Hardware-Enforced Security with Hypervisors us-16-Sharkey-Breaking-Hardware-Enforced-Security-With-Hypervisors.pdf
• Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX-wp.pdf
• Breaking Payment Points of Interaction (POI) us-16-Valtman-Breaking-Payment-Points-of-Interaction.pdf
• Brute-Forcing Lockdown Harddrive PIN Codes us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf
• Building Trust & Enabling Innovation for Voice Enabled IoT us-16-Terwoerds-Building-Trust-&-Enabling-Innovation-For-Voice-Enabled-IoT.pdf
• Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud us-16-Marzuoli-Call-Me-Gathering-Threat-Intelligence-On-Telephony-Scams-To-Detect-Fraud.pdf us-16-Marzuoli-Call-Me-Gathering-Threat-Intelligence-On-Telephony-Scams-To-Detect-Fraud-wp.pdf
• Can You Trust Me Now? An Exploration into the Mobile Threat Landscape us-16-Thomas-Can-You-Trust-Me-Now.pdf
• CANSPY: A Platform for Auditing CAN Devices us-16-Demay-CANSPY-A-Platorm-For-Auditing-CAN-Devices.pdf us-16-Demay-CANSPY-A-Platorm-For-Auditing-CAN-Devices-wp.pdf
• Captain Hook: Pirating AVs to Bypass Exploit Mitigations us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations.pdf us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations-wp.pdf
• Capturing 0day Exploits with PERFectly Placed Hardware Traps us-16-Pierce-Capturing-0days-With-PERFectly-Placed-Hardware-Traps.pdf us-16-Pierce-Capturing-0days-With-PERFectly-Placed-Hardware-Traps-wp.pdf
• Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf
• Crippling HTTPS with Unholy PAC us-16-Kotler-Crippling-HTTPS-With-Unholy-PAC.pdf
• Cunning with CNG: Soliciting Secrets from Schannel us-16-Kambic-Cunning-With-CNG-Soliciting-Secrets-From-SChannel.pdf us-16-Kambic-Cunning-With-CNG-Soliciting-Secrets-From-SChannel-wp.pdf
• Cyber War in Perspective: Analysis from the Crisis in Ukraine us-16-Geers-Cyber-War-In-Perspective-Analysis-From-The-Crisis-In-Ukraine.pdf us-16-Geers-Cyber-War-In-Perspective-Analysis-From-The-Crisis-In-Ukraine-wp.pdf
• Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization us-16-Zhang-Dangerous-Hare-Hanging-Attribute-References-Hazards-Due-To-Vendor-Customization.pdf
• Dark Side of the DNS Force us-16-Wu-Dark-Side-Of-The-DNS-Force.pdf
• Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace us-16-Healey-Defense-At-Hyperscale-Technologies-And-Policies-For-A-Defensible-Cyberspace.pdf us-16-Healey-Defense-At-Hyperscale-Technologies-And-Policies-For-A-Defensible-Cyberspace-wp.pdf
• Demystifying the Secure Enclave Processor us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf
• Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf us-16-Bai-Discovering-And-Exploiting-Novel-Security-Vulnerabilities-In-Apple-Zeroconf.pdf
• Does Dropping USB Drives in Parking Lots and Other Places Really Work? us-16-Bursztein-Does-Dropping-USB-Drives-In-Parking-Lots-And-Other-Places-Really-Work.pdf
• Drone Attacks on Industrial Wireless: A New Front in Cyber Security us-16-Melrose-Drone-Attacks-On-Industrial-Wireless-A-New-Front-In-Cyber-Security.pdf
• Dungeons Dragons and Security us-16-Romand-Latapie-Dungeons-Dragons-And-Security.pdf us-16-Romand-Latapie-Dungeons-Dragons-And-Security-wp.pdf
• Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness us-16-Benenson-Exploiting-Curiosity-And-Context-How-To-Make-People-Click-On-A-Dangerous-Link-Despite-Their-Security-Awareness.pdf
• GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool-wp.pdf
• GreatFET: Making GoodFET Great Again us-16-Ossmann-GreatFET-Making-GoodFET-Great-Again.pdf us-16-Ossmann-GreatFET-Making-GoodFET-Great-Again-wp.pdf
• Hacking Next-Gen ATMs: From Capture to Cashout us-16-Hecker-Hacking-Next-Gen-ATMs-From-Capture-To-Cashout.pdf
• Hackproofing Oracle eBusiness Suite us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-1.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-2.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-3.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-5.pdf
• Hardening AWS Environments and Automating Incident Response for AWS Compromises us-16-Krug-Hardening-AWS-Environments-And-Automating-Incident-Response-For-AWS-Compromises.pdf us-16-Krug-Hardening-AWS-Environments-And-Automating-Incident-Response-For-AWS-Compromises-wp.pdf
• HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows.pdf us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf
• Horse Pill: A New Type of Linux Rootkit us-16-Leibowitz-Horse-Pill-A-New-Type-Of-Linux-Rootkit.pdf
• HTTP Cookie Hijacking in the Wild: Security and Privacy Implications us-16-Sivakorn-HTTP-Cookie-Hijacking-In-The-Wild-Security-And-Privacy-Implications.pdf us-16-Sivakorn-HTTP-Cookie-Hijacking-In-The-Wild-Security-And-Privacy-Implications-wp.pdf
• HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things us-16-Pearce-HTTP2-&-QUIC-Teaching-Good-Protocols-To-Do-Bad-Things.pdf us-16-Pearce-HTTP2-&-QUIC-Teaching-Good-Protocols-To-Do-Bad-Things-code.zip
• I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache us-16-Marie-I-Came-to-Drop-Bombs-Auditing-The-Compression-Algorithm-Weapons-Cache.pdf
• Into The Core - In-Depth Exploration of Windows 10 IoT Core us-16-Sabanal-Into-The-Core-In-Depth-Exploration-Of-Windows-10-IoT-Core.pdf us-16-Sabanal-Into-The-Core-In-Depth-Exploration-Of-Windows-10-IoT-Core-wp.pdf
• Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI us-16-Bratus-Intra-Process-Memory-Protection-For-Applications-On-ARM-And-x86.pdf us-16-Bratus-Intra-Process-Memory-Protection-For-Applications-On-ARM-And-x86-wp.pdf
• Iran's Soft-War for Internet Dominance us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance.pdf us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf
• Language Properties of Phone Scammers: Cyberdefense at the Level of the Human us-16-Tabron-Language-Properties-Of-Phone-Scammers-Cyberdefense-At-The-Level-Of-The-Human.pdf
• Measuring Adversary Costs to Exploit Commercial Software: The Government-Bootstrapped Non-Profit C.I.T.L.
• Memory Forensics Using Virtual Machine Introspection for Cloud Computing us-16-Zillner-Memory-Forensics-Using-VMI-For-Cloud-Computing.pdf
• Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators us-16-Luo-Next-Generation-Of-Exploit-Kit-Detection-By-Building-Simulated-Obfuscator.pdf us-16-Luo-Next-Generation-Of-Exploit-Kit-Detection-By-Building-Simulated-Obfuscator-wp.pdf
• Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS us-16-Devlin-Nonce-Disrespecting-Adversaries-Practical-Forgery-Attacks-On-GCM-In-TLS.pdf us-16-Devlin-Nonce-Disrespecting-Adversaries-Practical-Forgery-Attacks-On-GCM-In-TLS-wp.pdf
• O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications us-16-Otsubo-O-checker-Detection-of-Malicious-Documents-through-Deviation-from-File-Format-Specifications.pdf us-16-Otsubo-O-checker-Detection-of-Malicious-Documents-through-Deviation-from-File-Format-Specifications-wp.pdf us-16-Otsubo-O-checker-Detection-of-Malicious-Documents-through-Deviation-from-File-Format-Specifications-tool.zip
• OSS Security Maturity: Time to Put On Your Big Boy Pants! us-16-Kouns-OSS-Security-Maturity-Time-To-Put-On-Your-Big-Boy-Pants.pdf
• Pangu 9 Internals us-16-Wang-Pangu-9-Internals.pdf
• PINdemonium: A DBI-Based Generic Unpacker for Windows Executable us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables.pdf us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables-wp.pdf
• PLC-Blaster: A Worm Living Solely in the PLC us-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC.pdf us-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC-wp.pdf
• Pwning Your Java Messaging with Deserialization Vulnerabilities us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities-wp.pdf us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities-jmet-src-0.1.0.tar.bz2
• Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy us-16-Ortisi-Recover-A-RSA-Private-Key-From-A-TLS-Session-With-Perfect-Forward-Secrecy.pdf us-16-Ortisi-Recover-A-RSA-Private-Key-From-A-TLS-Session-With-Perfect-Forward-Secrecy-wp.pdf us-16-Ortisi-Recover-A-RSA-Private-Key-From-A-TLS-Session-With-Perfect-Forward-Secrecy-tools.zip
• Samsung Pay: Tokenized Numbers Flaws and Issues us-16-Mendoza-Samsung-Pay-Tokenized-Numbers-Flaws-And-Issues.pdf us-16-Mendoza-Samsung-Pay-Tokenized-Numbers-Flaws-And-Issues-wp.pdf
• Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools us-16-McGrew-Secure-Penetration-Testing-Operations-Demonstrated-Weaknesses-In-Learning-Material-And-Tools.pdf us-16-McGrew-Secure-Penetration-Testing-Operations-Demonstrated-Weaknesses-In-Learning-Material-And-Tools-wp.pdf us-16-McGrew-Secure-Penetration-Testing-Operations-Demonstrated-Weaknesses-In-Learning-Material-And-Tools-snagterpreter.py
• Security Through Design - Making Security Better by Designing for People us-16-Niemantsverdriet-Security-Through-Design-Making-Security-Better-By-Designing-For-People.pdf
• SGX Secure Enclaves in Practice: Security and Crypto Review us-16-Aumasson-SGX-Secure-Enclaves-In-Practice-Security-And-Crypto-Review.pdf us-16-Aumasson-SGX-Secure-Enclaves-In-Practice-Security-And-Crypto-Review-wp.pdf
• Side-Channel Attacks on Everyday Applications us-16-Hornby-Side-Channel-Attacks-On-Everyday-Applications.pdf us-16-Hornby-Side-Channel-Attacks-On-Everyday-Applications-wp.pdf
• Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root us-16-Chen-Subverting-Apple-Graphics-Practical-Approaches-To-Remotely-Gaining-Root.pdf us-16-Chen-Subverting-Apple-Graphics-Practical-Approaches-To-Remotely-Gaining-Root-wp.pdf
• TCP Injection Attacks in the Wild - A Large Scale Study us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study.pdf us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study-wp.pdf us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study-samples.zip
• The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android us-16-Kralevich-The-Art-Of-Defense-How-Vulnerabilities-Help-Shape-Security-Features-And-Mitigations-In-Android.pdf
• The Art of Reverse Engineering Flash Exploits us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits.pdf us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits-wp.pdf
• The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM us-16-Hund-The-Beast-Within-Evading-Dynamic-Malware-Analysis-Using-Micro.pdf
• The Remote Malicious Butler Did It! us-16-Beery-The-Remote-Malicious-Butler-Did-It.pdf us-16-Beery-The-Remote-Malicious-Butler-Did-It-wp.pdf
• The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack us-16-Lei-The-Risk-From-Power-Lines-How-To-Sniff-The-G3-And-Prime-Data-And-Detect-The-Interfere-Attack.pdf us-16-Lei-The-Risk-From-Power-Lines-How-To-Sniff-The-G3-And-Prime-Data-And-Detect-The-Interfere-Attack-wp.pdf
• The Tao of Hardware the Te of Implants us-16-FitzPatrick-The-Tao-Of-Hardware-The-Te-Of-Implants.pdf us-16-FitzPatrick-The-Tao-Of-Hardware-The-Te-Of-Implants-wp.pdf
• The Year in Flash us-16-Silvanovich-The-Year-In-Flash.pdf
• Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks us-16-Gelernter-Timing-Attacks-Have-Never-Been-So-Practical-Advanced-Cross-Site-Search-Attacks.pdf
• Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency us-16-Malone-Using-An-Expanded-Cyber-Kill-Chain-Model-To-Increase-Attack-Resiliency.pdf
• Using EMET to Disable EMET us-16-Alsaheel-Using-EMET-To-Disable-EMET.pdf
• Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process-wp.pdf
• Viral Video - Exploiting SSRF in Video Converters us-16-Ermishkin-Viral-Video-Exploiting-Ssrf-In-Video-Converters.pdf
• VOIP WARS: The Phreakers Awaken us-16-Ozavci-VoIP-Wars-The-Phreakers-Awaken.pdf us-16-Ozavci-VoIP-Wars-The-Phreakers-Awaken.rb
• Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter-wp.pdf us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter-tool.zip
• Web Application Firewalls: Analysis of Detection Logic us-16-Ivanov-Web-Application-Firewalls-Analysis-Of-Detection-Logic.pdf
• What's the DFIRence for ICS? us-16-Sistrunk-Triplett-Whats-The-DFIRence-For-ICS.pdf
• When Governments Attack: State Sponsored Malware Attacks Against Activists Lawyers and Journalists us-16-Quintin-When-Governments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists.pdf us-16-Quintin-When-Governments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists-wp.pdf
• When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement us-16-Granick-When-The-Cops-Come-A-Knocking-Handling-Technical-Assistance-Demands-From-Law-Enforcement.pdf
• Windows 10 Mitigation Improvements us-16-Weston-Windows-10-Mitigation-Improvements.pdf
• Windows 10 Segment Heap Internals us-16-Yason-Windows-10-Segment-Heap-Internals.pdf us-16-Yason-Windows-10-Segment-Heap-Internals-wp.pdf
• Xenpwn: Breaking Paravirtualized Devices us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices.pdf us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices-wp.pdf

En 1974 Atari era la empresa de moda en aquella época, sueño de cualquier geek. La compañía había crecido enormemente desde su fundación en 1972, “Pong” ya había creado toda una nueva industria y la famosa videoconsola Atari VCS 2600 no era más que un proyecto en desarrollo. El ambiente desenfadado y de espíritu libre de la compañía era el cultivo perfecto para atraer a todo tipo de personajes, sobre todo hippies y locos por la tecnología que estaba dando sus primeros pasos.

  (Click en la imagen para descargar la versión en inglés PDF)

URL del autor:

http://yurichev.com/

URL del libro:

http://beginners.re/

Perfecto para estas tardes de Verano …

Ayer terminó la conferencia organizada por el grupo de 2600, HOPE XI (Hackers On Planet Earth). La mayoría de los vídeos ya están disponibles.

Hubo tres pistas (tracks) en paralelo: (desde el mismo player puedes hacer cambiar los vídeos derecha/izquierda)

Lamarr:

Noether:

Friedman: