Fuente: http://www.brendangregg.com/Perf/linux_perf_tools_full.png

También tienes una versión SVG.

Una vez más una de las conferencias sobre seguridad informática ha llegado a su fin: DEF CON 24. Por ahora, se han puesto disponible las diapositivas y algún material extra de las presentaciones que se pudieron presenciar.

• Amro-Abdelgawad-Extras/
• Jonathan-Brossard-Extras/
• Lucas-Lundgren-Extras/
• Mike-Rich-Extras/
• Regilero-Extras/
• Robert-Olson-Extras/
• Seymour-Tully-Extras/
• SixVolts-and-Haystack-Extras/
• Wesley-McGrew-Extras/
• 3alarmlampscoot-DIY-Nukeproofing.pdf
• Adam-Donenfeld-Stumping-The-Mobile-Chipset.pdf
• Allan-Cecil-dwangoAC-Tasbot-The-Perfectionist.pdf
• Amro-Abdelgawad-The-Remote-Metamorphic-Engine.pdf
• Anch-So-you-want-to-be-a-pentester-DC101.pdf
• Anto-Joseph-Fuzzing-Android-Devices.pdf
• Arnaud-Soullie-Workshop-Pentesting-ICS-101.pdf
• Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection-Writeup.pdf
• Ashmastaflash-Sitch-Inexpensive-Coordinated-GSM-Anomaly-Detection.pdf
• Benjamin-Holland-Developing-Managed-Code-Rootkits-For-Java-Runtime.pdf
• Bertin-Bervis-James-Jara-Exploiting-And-Attacking-Seismological-Networks-Remotely.pdf
• Bigezy-Saci-Pinworm-MITM-for-Metadata.pdf
• Brad-Dixon-Pin2Pwn-How-to-Root-An-Embedded-Linux-Box-With-A-Sewing-Needle.pdf
• Brad-Woodberg-Malware-Command-And-Control-Channels-A-Journey-Into-Darkness.pdf
• Bryant-Zadegan-Ryan-Lester-Abusing-Bleeding-Edge-Web-Standards-For-Appsec-Glory.pdf
• Chapman-Stone-Toxic-Proxies-Bypassing-HTTPS-and-VPNs.pdf
• Chris-Rock-How-to-overthrow-a-Government-Kuwait-Coup-WP.pdf
• Chris-Rock-How-to-overthrow-a-Government.pdf
• Clarence-Chio-Machine-Duping-101.pdf
• Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools-WP.pdf
• Demay-Auditing-6LoWPAN-Networks-Using-Standard-Penetration-Testing-Tools.pdf
• Demay-Lebrun-Canspy-A-Platorm-For-Auditing-Can-Devices.pdf
• Dr-Phil-Polstra-Mouse-Jigglers.pdf
• Drake-Christey-Vulnerabilities-101.pdf
• Eagle-Sk3Wldbg-Emulating-with-Ida.pdf
• Eric-Escobar-Rogue-Cell-Towers.pdf
• Evan-Booth-Jjittery-Macgyver.pdf
• Fasel-Jacobs-I-fight-for-the-users.pdf
• Fitzpatrick-and-Grand-101-Ways-To-Brick-Your-Hardware.pdf
• Forgety-Kreilein-Ng9-1-1-The-Next-Gene-Of-Emergency-Ph0Nage.pdf
• Fred-Bret-Mounet-All-Your-Solar-Panels-Are-Belong-To-Me.pdf
• Gorenc-Sands-Hacker-Machine-Interface.pdf
• Granolocks-Zero-Chaos-Bluehydra-Realtime-Blutetooth-Detection.pdf
• Grant-Bugher-Captive-Portals.pdf
• Guevara-Noubir-Amirali-Sanatinia-Honey-Onions-Exposing-Snooping-Tor-Hsdir-Relays-WP.pdf
• Guevara-Noubir-Amirali-Sanatinia-Honey-Onions-Exposing-Snooping-Tor-Hsdir-Relays.pdf
• Hendrik-Schmidt-Brian-Butter-Attacking-BaseStations.pdf
• Huber-Rasthofer-Smartphone-Antivirus-And-Security-Applications-Under-Fire.pdf
• Hunter-Scott-Rt2Win-The-Luckiest-Guy-On-Twitter.pdf
• Int0X80-Anti-Forensics-AF.pdf
• Jay-Beale-Larry-Pesce-Phishing-without-Frustration.pdf
• Jennifer-Granick-Slouching-Towards-Utopia.pdf
• Jkambic-Cunning-With-Cng-Soliciting-Secrets-From-Schannel-WP.pdf
• Jkambic-Cunning-With-Cng-Soliciting-Secrets-From-Schannel.pdf
• Jmaxxz-Backdooring-the-Frontdoor-Bypass-Cert-Pinning.pdf
• Jmaxxz-Backdooring-the-Frontdoor-Extracting-Secrets-From-Log.pdf
• Jmaxxz-Backdooring-the-Frontdoor.pdf
• Joe-Grand-Zoz-BSODomizerHD.pdf
• Jonathan-Brossard-Intro-to-Witchcraft-Compiler.pdf
• Karyn-Benson-Examining-The-Internets-Pollution.pdf
• Klijnsma-Tentler-Stargate-Pivoting-Through-VNC.pdf
• Ladar-Levison-Compelled-Decryption.pdf
• Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles-WP.pdf
• Liu-Yan-Xu-Can-You-Trust-Autonomous-Vehicles.pdf
• Lucas-Lundgren-Light-Weight Protocol-Critical-Implications.pdf
• Luke-Young-The-4TbS-Ddos-For-5-bucks.pdf
• Maldonado-Mcguffin-Sticky-Keys-To-The-Kingdom.pdf
• Marc-Newlin-MouseJack-Injecting-Keystrokes-Into-Wireless-Mice-WP.pdf
• Marc-Newlin-MouseJack-Injecting-Keystrokes-Into-Wireless-Mice.pdf
• Max-Bazaliy-A-Journey-Through-Exploit-Mitigation-Techniques-On-Ios.pdf
• Mcsweeny-Cranor-Research-On-The-Machines.pdf
• Mike-Rich-Use-Their-Machines-Against-Them-WP.pdf
• Mike-Rich-Use-Their-Machines-Against-Them.pdf
• Nick-Rosario-Weaponize-Your-Feature-Codes.pdf
• Panel-How-To-Make-A-DEFCON-Black-Badge.pdf
• Patrick-Wardle-99-Problems-Little-Snitch.pdf
• Plore-Side-Channel-Attacks-On-High-Security-Electronic-Safe-Locks.pdf
• Przemek-Jaroszewski-How-To-Get-Good-Seats-In-The-Security-Theater.pdf
• Radia-Perlman-Resilience-Despite-Malicious-Pariticpants.pdf
• Regilero-Hiding-Wookiees-In-Http.pdf
• Ricky-Lawshae-Lets-Get-Physical.pdf
• Robbins-Vazarkar-Schroeder-Six-Degrees-of-Domain-Admin.pdf
• Robert-Olson-Writing-Your-First-Exploit.pdf
• Rogan-Dawes-Dominic-White-Universal-Serial-aBUSe-Remote-Attacks.pdf
• Rose-Ramsey-Picking-Bluetooth-Low-Energy-Locks.pdf
• Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers-WP.pdf
• Salvador-Mendoza-Samsung-Pay-Tokenized-Numbers.pdf
• Sean-Metcalf-Beyond-The-MCSE-Red-Teaming-Active-Directory.pdf
• Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-WP.pdf
• Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering.pdf
• Shane-Steiger-Maelstrom-Are-You-Playing-With-A-Full-Deck-V14-Back.pdf
• Shane-Steiger-Maelstrom-Rules-V10.pdf
• SixVolts-and-Haystack-Cheap-Tools-For-Hacking-Heavy-Trucks.pdf
• Tamas-Szakaly-Help-I-got-ANTS.pdf
• Thomas-Wilhelm-Hacking-Network-Protocols-Using-Kali.pdf
• Thomas-Wilhelm-Intrusion-Prevention-System-Evasion-Techniques.pdf
• Tim-Estell-Katea-Murray-NPRE-Eavesdropping-on-the-Machines-Literature-Survey.pdf
• Tim-Estell-Katea-Murray-NPRE-Eavesdropping-on-the-Machines.pdf
• Tom-Kopchak-SSD-Forensics-Research-WP.pdf
• Tom-Kopchak-Sentient-Storage.pdf
• Ulf-Frisk-Direct-Memory-Attack-the-Kernel.pdf
• Wesley-McGrew-Secure-Penetration-Testing-Operations-WP.pdf
• Wesley-McGrew-Secure-Penetration-Testing-Operations.pdf
• Willa-Riggins-Esoteric-Exfiltration.pdf
• Zhang-Shan-Forcing-Targeted-Lte-Cellphone-Into-Unsafe-Network.pdf
• Zhong-Lee-411-A-Framework-For-Managing-Security-Alerts.pdf
• the-bob-ross-fan-club-Propaganda-and-you.pdf

Para pasar las tardes de verano, ya tenemos disponible la mayoría del material presentado en Black Hat USA 2016:

• $hell on Earth: From Browser to System Compromise us-16-Molinyawe-Shell-On-Earth-From-Browser-To-System-Compromise.pdf
• 1000 Ways to Die in Mobile OAuth us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth.pdf us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth-wp.pdf
• A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
• A Lightbulb Worm? us-16-OFlynn-A-Lightbulb-Worm.pdf us-16-OFlynn-A-Lightbulb-Worm-wp.pdf
• Abusing Bleeding Edge Web Standards for AppSec Glory us-16-Zadegan-Abusing-Bleeding-Edge-Web-Standards-For-AppSec-Glory.pdf
• Access Keys Will Kill You Before You Kill the Password us-16-Simon-Access-Keys-Will-Kill-You-Before-You-Kill-The-Password.pdf
• Account Jumping Post Infection Persistency & Lateral Movement in AWS us-16-Amiga-Account-Jumping-Post-Infection-Persistency-And-Lateral-Movement-In-AWS.pdf us-16-Amiga-Account-Jumping-Post-Infection-Persistency-And-Lateral-Movement-In-AWS-wp.pdf
• Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits.pdf us-16-Zhang-Adaptive-Kernel-Live-Patching-An-Open-Collaborative-Effort-To-Ameliorate-Android-N-Day-Root-Exploits-wp.pdf
• AirBnBeware: Short Term Rentals Long Term Pwnage us-16-Galloway-AirBnBeware-Short-Term-Rentals-Long-Term-Pwnage.pdf
• AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It us-16-Mittal-AMSI-How-Windows-10-Plans-To-Stop-Script-Based-Attacks-And-How-Well-It-Does-It.pdf
• An AI Approach to Malware Similarity Analysis: Mapping the Malware Genome With a Deep Neural Network us-16-Berlin-An-AI-Approach-To-Malware-Similarity-Analysis-Mapping-The-Malware-Genome-With-A-Deep-Neural-Network.pdf
• Analysis of the Attack Surface of Windows 10 Virtualization-Based Security us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security.pdf us-16-Wojtczuk-Analysis-Of-The-Attack-Surface-Of-Windows-10-Virtualization-Based-Security-wp.pdf
• Applied Machine Learning for Data Exfil and Other Fun Topics us-16-Wolff-Applied-Machine-Learning-For-Data-Exfil-And-Other-Fun-Topics.pdf
• Attacking SDN Infrastructure: Are We Ready for the Next-Gen Networking? us-16-Yoon-Attacking-SDN-Infrastructure-Are-We-Ready-For-The-Next-Gen-Networking.pdf
• AVLeak: Fingerprinting Antivirus Emulators for Advanced Malware Evasion us-16-Bulazel-AVLeak-Fingerprinting-Antivirus-Emulators-For-Advanced-Malware-Evasion.pdf
• Bad for Enterprise: Attacking BYOD Enterprise Mobile Security Solutions us-16-Tan-Bad-For-Enterprise-Attacking-BYOD-Enterprise-Mobile-Security-Solutions.pdf us-16-Tan-Bad-For-Enterprise-Attacking-BYOD-Enterprise-Mobile-Security-Solutions-wp.pdf us-16-Tan-Bad-For-Enterprise-Attacking-BYOD-Enterprise-Mobile-Security-Solutions-tool.zip
• badWPAD us-16-Goncharov-BadWpad.pdf us-16-Goncharov-BadWpad-wp.pdf
• Beyond the MCSE: Active Directory for the Security Professional us-16-Metcalf-Beyond-The-MCSE-Active-Directory-For-The-Security-Professional.pdf us-16-Metcalf-Beyond-The-MCSE-Active-Directory-For-The-Security-Professional-wp.pdf
• Blunting the Phisher's Spear: A Risk-Based Approach for Defining User Training and Awarding Administrative Privileges us-16-Vishwanath-Blunting-The-Phishers-Spear-A-Risk-Based-Approach-For-Defining-User-Training-And-Awarding-Administrative-Privileges.pdf us-16-Vishwanath-Blunting-The-Phishers-Spear-A-Risk-Based-Approach-For-Defining-User-Training-And-Awarding-Administrative-Privileges-wp.pdf
• Breaking FIDO: Are Exploits in There? us-16-Chong-Breaking-FIDO-Are-Exploits-In-There.pdf
• Breaking Hardware-Enforced Security with Hypervisors us-16-Sharkey-Breaking-Hardware-Enforced-Security-With-Hypervisors.pdf
• Breaking Kernel Address Space Layout Randomization (KASLR) with Intel TSX us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX.pdf us-16-Jang-Breaking-Kernel-Address-Space-Layout-Randomization-KASLR-With-Intel-TSX-wp.pdf
• Breaking Payment Points of Interaction (POI) us-16-Valtman-Breaking-Payment-Points-of-Interaction.pdf
• Brute-Forcing Lockdown Harddrive PIN Codes us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf
• Building Trust & Enabling Innovation for Voice Enabled IoT us-16-Terwoerds-Building-Trust-&-Enabling-Innovation-For-Voice-Enabled-IoT.pdf
• Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud us-16-Marzuoli-Call-Me-Gathering-Threat-Intelligence-On-Telephony-Scams-To-Detect-Fraud.pdf us-16-Marzuoli-Call-Me-Gathering-Threat-Intelligence-On-Telephony-Scams-To-Detect-Fraud-wp.pdf
• Can You Trust Me Now? An Exploration into the Mobile Threat Landscape us-16-Thomas-Can-You-Trust-Me-Now.pdf
• CANSPY: A Platform for Auditing CAN Devices us-16-Demay-CANSPY-A-Platorm-For-Auditing-CAN-Devices.pdf us-16-Demay-CANSPY-A-Platorm-For-Auditing-CAN-Devices-wp.pdf
• Captain Hook: Pirating AVs to Bypass Exploit Mitigations us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations.pdf us-16-Yavo-Captain-Hook-Pirating-AVs-To-Bypass-Exploit-Mitigations-wp.pdf
• Capturing 0day Exploits with PERFectly Placed Hardware Traps us-16-Pierce-Capturing-0days-With-PERFectly-Placed-Hardware-Traps.pdf us-16-Pierce-Capturing-0days-With-PERFectly-Placed-Hardware-Traps-wp.pdf
• Certificate Bypass: Hiding and Executing Malware from a Digitally Signed Executable us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf
• Crippling HTTPS with Unholy PAC us-16-Kotler-Crippling-HTTPS-With-Unholy-PAC.pdf
• Cunning with CNG: Soliciting Secrets from Schannel us-16-Kambic-Cunning-With-CNG-Soliciting-Secrets-From-SChannel.pdf us-16-Kambic-Cunning-With-CNG-Soliciting-Secrets-From-SChannel-wp.pdf
• Cyber War in Perspective: Analysis from the Crisis in Ukraine us-16-Geers-Cyber-War-In-Perspective-Analysis-From-The-Crisis-In-Ukraine.pdf us-16-Geers-Cyber-War-In-Perspective-Analysis-From-The-Crisis-In-Ukraine-wp.pdf
• Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization us-16-Zhang-Dangerous-Hare-Hanging-Attribute-References-Hazards-Due-To-Vendor-Customization.pdf
• Dark Side of the DNS Force us-16-Wu-Dark-Side-Of-The-DNS-Force.pdf
• Defense at Hyperscale: Technologies and Policies for a Defensible Cyberspace us-16-Healey-Defense-At-Hyperscale-Technologies-And-Policies-For-A-Defensible-Cyberspace.pdf us-16-Healey-Defense-At-Hyperscale-Technologies-And-Policies-For-A-Defensible-Cyberspace-wp.pdf
• Demystifying the Secure Enclave Processor us-16-Mandt-Demystifying-The-Secure-Enclave-Processor.pdf
• Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf us-16-Bai-Discovering-And-Exploiting-Novel-Security-Vulnerabilities-In-Apple-Zeroconf.pdf
• Does Dropping USB Drives in Parking Lots and Other Places Really Work? us-16-Bursztein-Does-Dropping-USB-Drives-In-Parking-Lots-And-Other-Places-Really-Work.pdf
• Drone Attacks on Industrial Wireless: A New Front in Cyber Security us-16-Melrose-Drone-Attacks-On-Industrial-Wireless-A-New-Front-In-Cyber-Security.pdf
• Dungeons Dragons and Security us-16-Romand-Latapie-Dungeons-Dragons-And-Security.pdf us-16-Romand-Latapie-Dungeons-Dragons-And-Security-wp.pdf
• Exploiting Curiosity and Context: How to Make People Click on a Dangerous Link Despite Their Security Awareness us-16-Benenson-Exploiting-Curiosity-And-Context-How-To-Make-People-Click-On-A-Dangerous-Link-Despite-Their-Security-Awareness.pdf
• GATTacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool.pdf us-16-Jasek-GATTacking-Bluetooth-Smart-Devices-Introducing-a-New-BLE-Proxy-Tool-wp.pdf
• GreatFET: Making GoodFET Great Again us-16-Ossmann-GreatFET-Making-GoodFET-Great-Again.pdf us-16-Ossmann-GreatFET-Making-GoodFET-Great-Again-wp.pdf
• Hacking Next-Gen ATMs: From Capture to Cashout us-16-Hecker-Hacking-Next-Gen-ATMs-From-Capture-To-Cashout.pdf
• Hackproofing Oracle eBusiness Suite us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-1.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-2.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-3.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-4.pdf us-16-Litchfield-Hackproofing-Oracle-eBusiness-Suite-wp-5.pdf
• Hardening AWS Environments and Automating Incident Response for AWS Compromises us-16-Krug-Hardening-AWS-Environments-And-Automating-Incident-Response-For-AWS-Compromises.pdf us-16-Krug-Hardening-AWS-Environments-And-Automating-Incident-Response-For-AWS-Compromises-wp.pdf
• HEIST: HTTP Encrypted Information can be Stolen Through TCP-Windows us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows.pdf us-16-VanGoethem-HEIST-HTTP-Encrypted-Information-Can-Be-Stolen-Through-TCP-Windows-wp.pdf
• Horse Pill: A New Type of Linux Rootkit us-16-Leibowitz-Horse-Pill-A-New-Type-Of-Linux-Rootkit.pdf
• HTTP Cookie Hijacking in the Wild: Security and Privacy Implications us-16-Sivakorn-HTTP-Cookie-Hijacking-In-The-Wild-Security-And-Privacy-Implications.pdf us-16-Sivakorn-HTTP-Cookie-Hijacking-In-The-Wild-Security-And-Privacy-Implications-wp.pdf
• HTTP/2 & QUIC - Teaching Good Protocols To Do Bad Things us-16-Pearce-HTTP2-&-QUIC-Teaching-Good-Protocols-To-Do-Bad-Things.pdf us-16-Pearce-HTTP2-&-QUIC-Teaching-Good-Protocols-To-Do-Bad-Things-code.zip
• I Came to Drop Bombs: Auditing the Compression Algorithm Weapon Cache us-16-Marie-I-Came-to-Drop-Bombs-Auditing-The-Compression-Algorithm-Weapons-Cache.pdf
• Into The Core - In-Depth Exploration of Windows 10 IoT Core us-16-Sabanal-Into-The-Core-In-Depth-Exploration-Of-Windows-10-IoT-Core.pdf us-16-Sabanal-Into-The-Core-In-Depth-Exploration-Of-Windows-10-IoT-Core-wp.pdf
• Intra-Process Memory Protection for Applications on ARM and x86: Leveraging the ELF ABI us-16-Bratus-Intra-Process-Memory-Protection-For-Applications-On-ARM-And-x86.pdf us-16-Bratus-Intra-Process-Memory-Protection-For-Applications-On-ARM-And-x86-wp.pdf
• Iran's Soft-War for Internet Dominance us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance.pdf us-16-Guarnieri-Iran-And-The-Soft-War-For-Internet-Dominance-wp.pdf
• Language Properties of Phone Scammers: Cyberdefense at the Level of the Human us-16-Tabron-Language-Properties-Of-Phone-Scammers-Cyberdefense-At-The-Level-Of-The-Human.pdf
• Measuring Adversary Costs to Exploit Commercial Software: The Government-Bootstrapped Non-Profit C.I.T.L.
• Memory Forensics Using Virtual Machine Introspection for Cloud Computing us-16-Zillner-Memory-Forensics-Using-VMI-For-Cloud-Computing.pdf
• Next-Generation of Exploit Kit Detection by Building Simulated Obfuscators us-16-Luo-Next-Generation-Of-Exploit-Kit-Detection-By-Building-Simulated-Obfuscator.pdf us-16-Luo-Next-Generation-Of-Exploit-Kit-Detection-By-Building-Simulated-Obfuscator-wp.pdf
• Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS us-16-Devlin-Nonce-Disrespecting-Adversaries-Practical-Forgery-Attacks-On-GCM-In-TLS.pdf us-16-Devlin-Nonce-Disrespecting-Adversaries-Practical-Forgery-Attacks-On-GCM-In-TLS-wp.pdf
• O-checker: Detection of Malicious Documents Through Deviation from File Format Specifications us-16-Otsubo-O-checker-Detection-of-Malicious-Documents-through-Deviation-from-File-Format-Specifications.pdf us-16-Otsubo-O-checker-Detection-of-Malicious-Documents-through-Deviation-from-File-Format-Specifications-wp.pdf us-16-Otsubo-O-checker-Detection-of-Malicious-Documents-through-Deviation-from-File-Format-Specifications-tool.zip
• OSS Security Maturity: Time to Put On Your Big Boy Pants! us-16-Kouns-OSS-Security-Maturity-Time-To-Put-On-Your-Big-Boy-Pants.pdf
• Pangu 9 Internals us-16-Wang-Pangu-9-Internals.pdf
• PINdemonium: A DBI-Based Generic Unpacker for Windows Executable us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables.pdf us-16-Mariani-Pindemonium-A-Dbi-Based-Generic-Unpacker-For-Windows-Executables-wp.pdf
• PLC-Blaster: A Worm Living Solely in the PLC us-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC.pdf us-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC-wp.pdf
• Pwning Your Java Messaging with Deserialization Vulnerabilities us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities.pdf us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities-wp.pdf us-16-Kaiser-Pwning-Your-Java-Messaging-With-Deserialization-Vulnerabilities-jmet-src-0.1.0.tar.bz2
• Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy us-16-Ortisi-Recover-A-RSA-Private-Key-From-A-TLS-Session-With-Perfect-Forward-Secrecy.pdf us-16-Ortisi-Recover-A-RSA-Private-Key-From-A-TLS-Session-With-Perfect-Forward-Secrecy-wp.pdf us-16-Ortisi-Recover-A-RSA-Private-Key-From-A-TLS-Session-With-Perfect-Forward-Secrecy-tools.zip
• Samsung Pay: Tokenized Numbers Flaws and Issues us-16-Mendoza-Samsung-Pay-Tokenized-Numbers-Flaws-And-Issues.pdf us-16-Mendoza-Samsung-Pay-Tokenized-Numbers-Flaws-And-Issues-wp.pdf
• Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools us-16-McGrew-Secure-Penetration-Testing-Operations-Demonstrated-Weaknesses-In-Learning-Material-And-Tools.pdf us-16-McGrew-Secure-Penetration-Testing-Operations-Demonstrated-Weaknesses-In-Learning-Material-And-Tools-wp.pdf us-16-McGrew-Secure-Penetration-Testing-Operations-Demonstrated-Weaknesses-In-Learning-Material-And-Tools-snagterpreter.py
• Security Through Design - Making Security Better by Designing for People us-16-Niemantsverdriet-Security-Through-Design-Making-Security-Better-By-Designing-For-People.pdf
• SGX Secure Enclaves in Practice: Security and Crypto Review us-16-Aumasson-SGX-Secure-Enclaves-In-Practice-Security-And-Crypto-Review.pdf us-16-Aumasson-SGX-Secure-Enclaves-In-Practice-Security-And-Crypto-Review-wp.pdf
• Side-Channel Attacks on Everyday Applications us-16-Hornby-Side-Channel-Attacks-On-Everyday-Applications.pdf us-16-Hornby-Side-Channel-Attacks-On-Everyday-Applications-wp.pdf
• Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root us-16-Chen-Subverting-Apple-Graphics-Practical-Approaches-To-Remotely-Gaining-Root.pdf us-16-Chen-Subverting-Apple-Graphics-Practical-Approaches-To-Remotely-Gaining-Root-wp.pdf
• TCP Injection Attacks in the Wild - A Large Scale Study us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study.pdf us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study-wp.pdf us-16-Nakibly-TCP-Injection-Attacks-in-the-Wild-A-Large-Scale-Study-samples.zip
• The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android us-16-Kralevich-The-Art-Of-Defense-How-Vulnerabilities-Help-Shape-Security-Features-And-Mitigations-In-Android.pdf
• The Art of Reverse Engineering Flash Exploits us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits.pdf us-16-Oh-The-Art-of-Reverse-Engineering-Flash-Exploits-wp.pdf
• The Beast Within - Evading Dynamic Malware Analysis Using Microsoft COM us-16-Hund-The-Beast-Within-Evading-Dynamic-Malware-Analysis-Using-Micro.pdf
• The Remote Malicious Butler Did It! us-16-Beery-The-Remote-Malicious-Butler-Did-It.pdf us-16-Beery-The-Remote-Malicious-Butler-Did-It-wp.pdf
• The Risk from Power Lines: How to Sniff the G3 and Prime Data and Detect the Interfere Attack us-16-Lei-The-Risk-From-Power-Lines-How-To-Sniff-The-G3-And-Prime-Data-And-Detect-The-Interfere-Attack.pdf us-16-Lei-The-Risk-From-Power-Lines-How-To-Sniff-The-G3-And-Prime-Data-And-Detect-The-Interfere-Attack-wp.pdf
• The Tao of Hardware the Te of Implants us-16-FitzPatrick-The-Tao-Of-Hardware-The-Te-Of-Implants.pdf us-16-FitzPatrick-The-Tao-Of-Hardware-The-Te-Of-Implants-wp.pdf
• The Year in Flash us-16-Silvanovich-The-Year-In-Flash.pdf
• Timing Attacks Have Never Been So Practical: Advanced Cross-Site Search Attacks us-16-Gelernter-Timing-Attacks-Have-Never-Been-So-Practical-Advanced-Cross-Site-Search-Attacks.pdf
• Using an Expanded Cyber Kill Chain Model to Increase Attack Resiliency us-16-Malone-Using-An-Expanded-Cyber-Kill-Chain-Model-To-Increase-Attack-Resiliency.pdf
• Using EMET to Disable EMET us-16-Alsaheel-Using-EMET-To-Disable-EMET.pdf
• Using Undocumented CPU Behavior to See into Kernel Mode and Break KASLR in the Process us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process.pdf us-16-Fogh-Using-Undocumented-CPU-Behaviour-To-See-Into-Kernel-Mode-And-Break-KASLR-In-The-Process-wp.pdf
• Viral Video - Exploiting SSRF in Video Converters us-16-Ermishkin-Viral-Video-Exploiting-Ssrf-In-Video-Converters.pdf
• VOIP WARS: The Phreakers Awaken us-16-Ozavci-VoIP-Wars-The-Phreakers-Awaken.pdf us-16-Ozavci-VoIP-Wars-The-Phreakers-Awaken.rb
• Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing on Twitter us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter.pdf us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter-wp.pdf us-16-Seymour-Tully-Weaponizing-Data-Science-For-Social-Engineering-Automated-E2E-Spear-Phishing-On-Twitter-tool.zip
• Web Application Firewalls: Analysis of Detection Logic us-16-Ivanov-Web-Application-Firewalls-Analysis-Of-Detection-Logic.pdf
• What's the DFIRence for ICS? us-16-Sistrunk-Triplett-Whats-The-DFIRence-For-ICS.pdf
• When Governments Attack: State Sponsored Malware Attacks Against Activists Lawyers and Journalists us-16-Quintin-When-Governments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists.pdf us-16-Quintin-When-Governments-Attack-State-Sponsored-Malware-Attacks-Against-Activists-Lawyers-And-Journalists-wp.pdf
• When the Cops Come A-Knocking: Handling Technical Assistance Demands from Law Enforcement us-16-Granick-When-The-Cops-Come-A-Knocking-Handling-Technical-Assistance-Demands-From-Law-Enforcement.pdf
• Windows 10 Mitigation Improvements us-16-Weston-Windows-10-Mitigation-Improvements.pdf
• Windows 10 Segment Heap Internals us-16-Yason-Windows-10-Segment-Heap-Internals.pdf us-16-Yason-Windows-10-Segment-Heap-Internals-wp.pdf
• Xenpwn: Breaking Paravirtualized Devices us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices.pdf us-16-Wilhelm-Xenpwn-Breaking-Paravirtualized-Devices-wp.pdf

En 1974 Atari era la empresa de moda en aquella época, sueño de cualquier geek. La compañía había crecido enormemente desde su fundación en 1972, “Pong” ya había creado toda una nueva industria y la famosa videoconsola Atari VCS 2600 no era más que un proyecto en desarrollo. El ambiente desenfadado y de espíritu libre de la compañía era el cultivo perfecto para atraer a todo tipo de personajes, sobre todo hippies y locos por la tecnología que estaba dando sus primeros pasos.

  (Click en la imagen para descargar la versión en inglés PDF)

URL del autor:

http://yurichev.com/

URL del libro:

http://beginners.re/

Perfecto para estas tardes de Verano …

Ayer terminó la conferencia organizada por el grupo de 2600, HOPE XI (Hackers On Planet Earth). La mayoría de los vídeos ya están disponibles.

Hubo tres pistas (tracks) en paralelo: (desde el mismo player puedes hacer cambiar los vídeos derecha/izquierda)

Lamarr:

Noether:

Friedman:

Se han publicado los vídeos de las charlas de OWASP Europe 2016 celebrada en Roma. La lista de las charlas publicadas es la siguiente:

• Abhay Bhargav - SecDevOps: A View from the Trenches
• A. Brucker, S. Dashevskyi, F. Massacci - Using Third Party Components for building a
• Adam Muntner - Open Source Approaches to Security for Applications and Services at Mo
• Ajin Abraham - Automated Mobile Application Security Assessment with MobSF
• Amol Sarwate - 2016 State of Vulnerability Exploits
• Andreas Falk - Building secure cloud - native applications with spring boot and spring
• Arne Swinnen - The Tales of a Bug Bounty Hunter - 10 Interesting Vulnerabilities
• B. Stock, B. Kaiser, S. Lekies, S. Pfistner - From Facepalm to Brain Bender
• Chris Romeo - AppSec Awareness - A Blue Print for Security Culture Change
• C. Mainka, C. Spth, V. Mladenov - From DTD to XXE - An Evaluation of XML - Parsers
• C. Mainka, V. Mladenov, T. Wich - Systematically Breaking and Fixing OpenID Connect
• Christian Schneider, Alvaro Muoz - Surviving the Java serialization apocalypse
• Christian Wressnegger - Analyzing and Detecting Flash - based Malware
• Dan Cornell - The ABCs of Source-Assisted Web Application Penetration Testing
• Daniel Kefer, Rene Reuter - Addressing Security Requirements in Development Projects
• David Lindner, Jack Mannino - Dont Touch Me That Way
• David Rook - Leveling up your application security program
• Dinis Cruz - Using JIRA to manage Risks and Security Champions activities
• Dirk Wetter - Calm down HTTPS is not a VPN
• Felix Leder - Bug Hunting on the Dark Side
• Giancarlo Pellegrino - Compression Bombs Strike Back
• Glen ten Cate - OWASP Security Knowledge Framework - Making the web secure by design
• Grant McCracken, Shpend Kurtishaj - Running a bug bounty - what you need to know.
• Ikka Turunen - A chain of trust-How to implement a supply chain approach to build and
• Jacky Fox - Attracting and retaining women in Cyber Security
• Jakub Kaluzny - Big problems with big data - Hadoop interfaces security
• Johannes Dahse - Static Code Analysis of Complex PHP Application Vulnerabilities
• John Dickson - Making OpenSAMM More Effective in a DevOps World
• John Kozyrakis - Everything You Need to Know About Certificate Pinning But Are Too
• Jonathan Kuskos - The Top 10 Web Hacks of 2015
• J. Rose, R. Sulatycki - Grow up AppSec-A case study of maturity models and metrics
• Julia Knecht - SAASY SPLC
• Liesbeth Kempen - Idiot proof is not enough make it villain proof
• L. Compagna, A. Sudhodanan, A. Armando, R. Carbone - Attack Patterns for Black-Box Det
• Marisa Fagan - The Cool Factor - Securitys Secret Weapon
• Matthias Rohr - Practical Threat Modeling with Microsofts Threat Modeling Tool 2016
• Michele Spagnuolo, Lukas Weichselbaum - Making CSP great again
• Mike West - Keynote - Hardening the Web Platform
• Oliver Lavery - Framework Security - Have You Hugged A Developer Today
• Rob van der Veer - Grip on SSD - Dutch government standard for outsourcing secure
• Scott Davis - Scanning with swagger - Using the Open API specification to find first
• Sebastian Lekies - Securing AngularJS Applications
• Simone Onofri - Security Project Management - how to be Agile in
• Tobias Gondrom - OWASP CISO Survey Report Tactical Insights for Managers
• Tom Van Goethem - The Timing Attacks They Are a - Changin
• Tony Uceda Velez - Attack tree vignettes for Containers as a Service applications and
• Wojtek Dworakowski - Internet banking safeguards vulnerabilities
• Yair Amit - Why Hackers Are Winning The Mobile Malware Battle - Bypassing

Dropbox ha liberado una herramienta llamada Lepton. Ésta es capaz de comprimir archivos JPEG reduciendo hasta un 22% el tamaño del mismo, sin perder calidad alguna.

Lepton, además de una herramienta de compresión gráfica, da también nombre al formato del fichero generado por la misma. Según el anuncio oficial, ésta comprime los ficheros JPEG a una velocidad de 5mb por segundo, y descomprime los archivos .lep (extensión de dichos ficheros) a 15mb por segundo, con un consumo de memoria por debajo de los 24mb.

Microsoft a través de la plataforma edX, ha lanzado una certificación sobre ciencia de datos (Data Science Curriculum from Microsoft). Dicha certificación está dividida en 4 unidades, y cada unidad en varios cursos (la unidad 4 es un proyecto), como puede verse a continuación:

Unit 1 - Fundamentals Course 1:      Data Science Orientation Course 2:      Querying Data with Transact-SQL Course 3a:    Analyzing and Visualizing Data with Excel Course 3b:    Analyzing and Visualizing Data with Power BI Course 4:      Statistical Thinking for Data Science and Analytics from Columbia University

https://sophosnews.files.wordpress.com/2012/06/mac-osx-before-after.jpg

En el año 2012 Apple acabó reconociendo y editando el contenido de su web de "It doesn't PC viruses" a "It's built to be safe", en reconocimiento a que Mac OS X podría ser atacado e infectado por malware. De hecho, no es que fuera posible, sino que estaba ocurriendo.

Por ello a día de hoy ya no nos podemos despistar lo más mínimo y tomar un mínimo número de medidas que nos ayuden reforzar la seguridad de nuestro Mac OS X.