Cyberhades

Er docu der finde: La escuela olvidada

Presentaciones de Defcon 22 ya disponibles

Ya se encuentran disponibles las presentaciones (diapositivas y algún documento extra) de Defcon 22:

Protecting SCADA From the Ground Up - PDF
Detecting Bluetooth Surveillance Systems - PDF
Dropping Docs on Darknets: How People Got Caught - PDF
Hacking 911: Adventures in Disruption, Destruction, and Death - PDF
How to Disclose an Exploit Without Getting in Trouble - PDF
Reverse Engineering Mac Malware - PDF
NSA Playset: PCIe - PDF
The Monkey in the Middle: A pentesters guide to playing in traffic. - PDF
Investigating PowerShell Attacks - PDF
Is This Your Pipe? Hijacking the Build Pipeline. - PDF
Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! - PDF
Home Alone with localhost: Automating Home Defense - PDF
Meddle: Framework for Piggy-back Fuzzing and Tool Development - PDF
Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively - PDF White Paper
One Man Shop: Building an effective security program all by yourself - PDF
RF Penetration Testing, Your Air Stinks - PDF
Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin - PDF
USB for all! - PDF
ShareEnum: We Wrapped Samba So You Don’t Have To - PDF
An Introduction to Back Dooring Operating Systems for Fun and Trolling - PDF
Android Hacker Protection Level 0 - PDF
Anatomy of a Pentest; Poppin' Boxes like a Pro - PDF
Bug Bounty Programs Evolution - PDF Extras
Practical Foxhunting 101 - PDF
Client-Side HTTP Cookie Security: Attack and Defense - PDF
Bypass firewalls, application white lists, secure remote desktops under 20 seconds - PDF
PropLANE: Kind of keeping the NSA from watching you pee - PDF
Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse - PDF
Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog - PDF
Through the Looking-Glass, and What Eve Found There - PDF White Paper
Summary of Attacks Against BIOS and Secure Boot - PDF
I am a legend: Hacking Hearthstone with machine learning - PDF
The Secret Life of Krbtgt - PDF
The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns - PDF
Hacking US (and UK, Australia, France, etc.) traffic control systems - PDF
The Cavalry Year[0] & a Path Forward for Public Safety - PDF
NSA Playset: DIY WAGONBED Hardware Implant over I2C - PDF
Abuse of Blind Automation in Security Tools - PDF
Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go - PDF
Steganography in Commonly Used HF Radio Protocols - PDF Extras
Saving Cyberspace by Reinventing File Sharing - PDF
Empowering Hackers to Create a Positive Impact - PDF
Just What The Doctor Ordered? - PDF
Check Your Fingerprints: Cloning the Strong Set - PDF
Shellcodes for ARM: Your Pills Don't Work on Me, x86 - PDF
Blowing up the Celly - Building Your Own SMS/MMS Fuzzer - PDF
Mass Scanning the Internet: Tips, Tricks, Results - PDF
Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering - PDF
Saving the Internet (for the Future) - PDF
Burner Phone DDOS 2 dollars a day : 70 Calls a Minute - PDF
Hack All The Things: 20 Devices in 45 Minutes - PDF
Stolen Data Markets: An Economic and Organizational Assessment - PDF
Raspberry MoCA - A recipe for compromise - PDF White Paper 1 White Paper 2
Girl… Fault-Interrupted. - PDF
Extreme Privilege Escalation On Windows 8/UEFI Systems - PDF White Paper
NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It - PDF
Oracle Data Redaction is Broken - PDF
Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System - PDF
Catching Malware En Masse: DNS and IP Style - PDF White Paper
Attacking the Internet of Things using Time - PDF
Open Source Fairy Dust - PDF
Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment - PDF White Paper
Generating ROP payloads from numbers - PDF
DEF CON Comedy Jam Part VII, Is This The One With The Whales? - PDF
The NSA Playset: RF Retroreflectors - PDF 1 PDF 2
VoIP Wars: Attack of the Cisco Phones - PDF
Playing with Car Firmware or How to Brick your Car - PDF
Measuring the IQ of your Threat Intelligence feeds - PDF
Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring - PDF
Abusing Software Defined Networks - PDF
NSA Playset : GSM Sniffing - PDF
Cyberhijacking Airplanes: Truth or Fiction? - PDF
Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance - PDF
Detecting and Defending Against a Surveillance State - PDF
Acquire current user hashes without admin privileges - PDF
You're Leaking Trade Secrets - PDF
Veil-Pillage: Post-exploitation 2.0 - PDF
From Raxacoricofallapatorius With Love: Case Studies In Insider Threat - PDF
Don't DDoS Me Bro: Practical DDoS Defense - PDF
Advanced Red Teaming: All Your Badges Are Belong To Us - PDF
I Hunt TR-069 Admins: Pwning ISPs Like a Boss - PDF
The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State - PDF
A Journey to Protect Points-of-sale - PDF
Impostor — Polluting Tor Metadata - PDF
Domain Name Problems and Solutions - PDF White Paper
Optical Surgery; Implanting a DropCam - PDF
Manna from Heaven: Improving the state of wireless rogue AP attacks - PDF
The Open Crypto Audit Project - PDF
Practical Aerial Hacking & Surveillance - PDF White Paper
From root to SPECIAL: Pwning IBM Mainframes - PDF
PoS Attacking the Traveling Salesman - PDF
Don't Fuck It Up! - PDF

Clase gratuita sobre análisis dinámico de malware

En una de mis webs favoritas acaban de publicar los vídeos de la clase sobre análisis dinámico de malware.

La clase está planificada para 3 días, pero desafortunadamente, debido a un problema técnico, los vídeos del tercer día no están disponibles. De todas formas hay bastante material publicado.

Te puedes descargar todo el material en formato PDF u ODP. Dentro del archivo ZIP, hay otro archivo ZIP con malware, éste ZIP está protegido por la contraseña “infected” (sin las comillas).

Material del WOOT'14 y sesiones técnicas de 23 USENIX Security Symposium

El 19 de agosto se dio lugar en San Diego una nueva edición de la USENIX, empezando con los workshops (WOOT ‘14), seguido por la 23 edición del USENIX Security Symposium, durante los tres días siguientes, del 20 al 22.

Aquí tenéis la lista de los workshops celebrados en la USENIX Workshop On Offensive Technology (WOOT) 2014. Podéis hacer click en cada enlace para saber más sobre el workshop y bajaros material del mismo, o si os queréis bajar todo el material de golpe, lo podéis hacer desde este enlace.

Er docu der finde: Los verdaderos revolucionarios

Defcon 22 - Vídeos de la Wireless Village

Gracias a IronGeek, tenemos disponible de las charlas dadas en la Wireless Village de la edición de este año de Defcon.

Curso sobre el desarrollo de aplicaciones en iOS 7

The Complete iOS 7 Course - Learn by Building 14 Apps es un curso para aprender a programar en el sistema operativo móvil de Apple, iOS 7.

Éste te enseña todo lo que tienes que saber a través de la creación de 14 aplicaciones que irás haciendo durante el mismo. El curso está compuesto por más de 350 vídeos!! en los que te muestran paso a paso todos los detalles del mismo. iOS 7 no es la última versión de iOS, pero seguro que casi todo el contenido del mismo es aplicable a iOS 8.

Er docu der finde: Steve Jobs: Billion Dollar Hippy (subtitulado)

Introducción a la arquitectura y programación sobre ARM

Cada vez son más los dispositivos que salen al mercado con procesadores ARM. No sólo teléfonos móviles y tabletas, sino dispositivos embebidos y pequeños como Raspberry Pi, Beaglebone, etc también incorporan dicha arquitectura.

Si estás interesado en aprender más sobre ARM, este tutorial está dividido en dos partes: Introduction to ARM y Efficient C for ARM.

El índice de la primera parte: Introduction to ARM, es el siguiente:

Y el de la segunda: Efficient C for ARM:

Vídeos y diapositivas de CONFidence 2104

A continuación os dejo la lista de los vídeos (algunos con su correspondiente presentación) la conferencia sobre seguridad informática CONFidence 2014. Ésta se celebro los días 27 y 28 de mayo.

El material publicado es el siguiente:

50 Shades of RED: Stories from the “Playroom” - Video
NSA for dummies …methods to break RSA - Video
Scaling Security - Video
ATMs – We kick their ass - Video - Slides
Bitcoin Forensics: Fact or Fiction? - Video - Slides
Shameful secrets of proprietary protocols - Video - Slides
Evaluation of Transactional Controls in e-Banking Systems - Video - Slides
All your SAP P@$$w0ЯdZ belong to us - Video - Slides
Protecting Big Data at Scale - Video - Slides
Security Implications of the Cross-Origin Resource Sharing - Video - Slides
Asymmetric Defense “Using your home-field advantage” - Video - Slides
Preventing violation of memory safety in C/C++ software - Video - Slides
On the battlefield with the Dragons – the interesting and surprising CTF challenges - Video - Slides
SCADA deep inside: protocols and security mechanisms - Video - Slides
Exploring treasures of 77FEh - Video - Slides
The Tale of 100 CVE’s - Video - Slides
Hacking the Czech Parliament via SMS - Video