*DEF CON 26*

Aquí tenéis el material disponible de la DEF CON 26 :

• Alexei Bulazel
  • Alexei-Bulazel-Reverse-Engineering-Windows-Defender-Demo-Videos
    • Alexei-Bulazel-demo-1-mpclient.mp4
    • Alexei-Bulazel-demo-2-outputdebugstringa.mp4
    • Alexei-Bulazel-demo-3-file-system.mp4
    • Alexei-Bulazel-demo-4-proclist.mp4
    • Alexei-Bulazel-demo-5-apicall.mp4
    • Alexei-Bulazel-demo-6-fuzz.mp4
  • Alexei-Bulazel-Reverse-Engineering-Windows-Defender.pdf
• Alfonso Garcia and Alejo Murillo
  • DEFCON-26-Alfonso-Garcia-and-Alejo-Murillo-Demo-Videos
    • playback_tls_1.mp4
    • playback_tls_2.mp4
    • playback_tls_3.mp4
  • Alfonso-Garcia-and-Alejo-Murillo-Playback-a-TLS-story-Updated.pdf
• Andrea Marcelli
  • Andrea-Marcelli-Demo-Video.mp4
  • Andrea-Marcelli-Looking-for-the-perfect-signature-automatic-YARA-rules.pdf
• Bai Zheng and Chai Wang
  • Bai-Zheng-Chai-Wang-You-May-Have-Paid-more-than-You-Imagine.pdf
• Christopher Domas
  • Christopher-Domas-GOD-MODE- UNLOCKED-hardware-backdoors-in-x86-CPUs.pdf
  • Christopher-Domas-The-Ring-0-Facade.pdf
• DEFCON-26-Damien-Cauquil-Updated
  • DEFCON-26-Damien-Cauquil-Extras
  • DEFCON-26-Damien-Cauquil-Secure-Your-BLE-Devices-Demo-Videos
    • demo-hush.mp4
    • demo-jamming-final.mp4
    • demo-sniff-active.mp4
    • demo-sniff-connreq.mp4
    • volvo-fail.gif
    • volvo-fail.mp4
  • Damien-Cauquil-Secure-Your-BLE-Devices-Updated.pdf
• Damien Cauquil
  • DEFCON-26-Damien-Cauquil-Extras
  • DEFCON-26-Damien-Cauquil-Secure-Your-BLE-Devices-Demo-Videos
    • demo-hush.mp4
    • demo-jamming-final.mp4
    • demo-sniff-active.mp4
    • demo-sniff-connreq.mp4
    • volvo-fail.gif
    • volvo-fail.mp4
  • Damien-Cauquil-Secure-Your-BLE-Devices.pdf
• Dan Crowley - Mauro Paredes - Jen Savage - Updated
  • Crowley-Paredes-Savage-Outsmarting-the-Smart-City-Demo-Video.mp4
  • Crowley-Paredes-Savage-Outsmarting-the-Smart-City-Updated.pdf
• Daniel Zolnikov
  • Daniel-Zolnikov-Politics-and-the-Surveillence-State.pdf
• David Melendez
  • David-Melendez-Project-Interceptor-Demo-Video.mp4
  • David-Melendez-Project-Interceptor-WP.pdf
  • David-Melendez-Project-Interceptor.pdf
• Dongsung Kim and Hyoung Kee Choi
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Demo-Video.mp4
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You.pdf
• Dongsung Kim and Hyoung Kee Choi - Updated
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Demo-Video.mp4
  • Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf
• Douglas Mckee
  • DEFCON-26-Douglas-McKee-Demo-Videos
    • 30To180-2.mp4
    • 80To180-2.mp4
    • Emulation.mp4
    • FlatlineDemo2.mp4
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals.pdf
• Douglas Mckee - Updated
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals-updated.pdf
  • Douglas-McKee-80-to-0-in-5-sec-falsifying-medical-pt-vitals-updated.pptx
• Eric Sesterhenn
  • DEFCON-26-Eric-Sesterhenn-Demo-Videos
    • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You-PoC1.mp4
    • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You-PoC2.mp4
  • Eric-Sesterhenn-Soviet-Russia-Smartcard-Hacks-You.pdf
• Feng Xiao - Jianwei Huang - Peng Liu
  • Xiao-Huang-Liu-Hacking-the-Brain-Custom-Attack-SDN-Controller.pdf
  • Huang-Liu-Hacking-the-Brain-Custom-Attack-SDN-Controller-Demo-Video.mp4
• Gabriel Ryan
  • DEFCON-26-Gabriel-Ryan-Demo-Videos
    • Gabriel-Ryan-bait-n-switch.mp4
    • Gabriel-Ryan-bypass-mab.mp4
    • Gabriel-Ryan-classic-8021x-bypass-with-interaction (1920 x 1080).mp4
    • Gabriel-Ryan-classic-8021x-bypass-with-interaction.mp4
    • Gabriel-Ryan-eap-md5-forced-reauth-full.mp4
    • Gabriel-Ryan-rogue-gateway-final (1920 x 1080).mp4
    • Gabriel-Ryan-rogue-gateway-final.mp4
    • Gabriel-Ryan-ryan-gabriel-ryan-bait-n-switch (1920 x 1080).mp4
    • Gabriel-Ryanforged-eapol-start.mp4
  • Gabriel-Ryan-Owning-the-LAN-in-2018-WP.pdf
  • Gabriel-Ryan-Owning-the-LAN-in-2018.pdf
• Joe Rozner
  • Joe-Rozner-Demo-Video.mp4
  • Joe-Rozner-RE-Targetable-Grammer-Based-Test-Case-Generation-Synfuzz.pdf
• John Seymour and Azeem Aqil
  • DEFCON-26-John-Seymour-and-Azeem-Aqil-Demo-Videos
    • 07-01.mp4
    • 10-01-trimmed.mp4
    • 13-01.mp4
    • 16-01.wav
    • 16-02.wav
    • 16-03.wav
    • 21-01.wav
    • 21-02.wav
  • John-Seymour-and-Azeem-Aqil-Your-Voice-is-My-Passport.pdf
• Josep Rodriguez
  • Josep-Rodriguez-Breaking-Extreme-Networks-WingOS.pdf
  • Josep-Rodriguez-Breaking-Extreme-Networks-WingOS-Demo-Video.mp4
• L0pht Panel
  • L0pht-Testimony-20-years-later.pdf
• Leigh Anne Galloway and Tim Yunusov
  • DEFCON-26-Galloway-and-Yunusov-Demo-Videos
    • Galloway-and-Yunusov-RCE.mp4
    • Galloway-and-Yunusov-arbitrary-code.mp4
    • Galloway-and-Yunusov-modifying-amount.mp4
  • Galloway-and-Yunusov-For-the-love-of-money-Findingexploiting-vulns-in-mobile-pos-terminals.pdf
• Louis Dion Marcil
  • DEFCON-26-Louis-Dion-Marcil-Demo-Videos
    • demo1.mp4
    • demo2.mp4
  • Louis-Dion-Marcil-Edge-Side-Include-Injection.pdf
• Martin Vigo
  • DEFCON-26-Martin-Vigo-Demo-Videos
    • demo-bruteforcing-v1.mp4
    • demo-paypal-v1.mp4
    • demo-whatsapp-v1.mp4
  • Martin-Vigo-Compromising-Online-Cracking-Voicemail-Systems.pdf
• Michael West and Collin Campbell
  • Micheal-West-Colin-Campbell-barcOwned-Popping-shells-with-your-cereal box.pdf
  • Micheal-West-Colin-Campbell-barcOwned-Popping-shells-with-your-cereal box.pptx
• Mickey Shkatov and Jesse Micheal
  • DEFCON-26-Mickey-Shkatov-and-Jesse-Micheal-Demo-Videos
    • EvilMaid-BennyHill-Defcon-Video1.mp4
    • exploit-popcalc-text-Defcon-Video2.MP4
    • exploit-popcalc-win10-Defcon-Video3.MP4
    • exploit-shell-Defcon-Video4.MP4
    • exploit-smileyloop.MP4
  • Mickey-Shkatov-and-Jesse-Micheal-UEFI-Exploitation-For-The-Masses.pdf
• Morgan Gangwere
  • DEFCON-26-Morgan-Gangwere-Its-assembler-jim-Demo-Videos
    • demo-1-rootfs.mp4
    • demo-2-tapdrive.mp4
    • demo-3-containers.mp4
    • demo-4-afl.mp4
  • Morgan-Gangwere-Its-assembler-jim-Notes.pdf
  • Morgan-Gangwere-Its-assembler-jim.pdf
• Nafeez
  • Nafeez-Compression-Oracle-attacks-on-VPN-Networks-openvpn3-voracle.gif
  • Nafeez-Compression-Oracle-attacks-on-VPN-Networks.pdf
• Nick Cano
  • DEFCON-26-Nick-Cano-Demo-Videos
    • demo-1-tools.mp4
    • demo-2-launch.mp4
    • demo-3-scan.mp4
    • demo-4-win10.mp4
  • Nick-Cano-Relocation-Bonus-Attacking-the-Win-Loader.pdf
• Patrick Wardle
  • Patrick-Wardle-Fire-and-Ice.pdf
  • Patrick-Wardle-The-Mouse-Is-Mightier-Synthetic0Reality.pdf
• Ruo Ando
  • Ruo-Ando-Asura-Demo-Video.MP4
  • Ruo-Ando-Asura-PCAP-File-Analyzer-for-Anomaly-Packet-Detection-Multithreading-WP.pdf
  • Ruo-Ando-Asura-PCAP-File-Analyzer-for-Anomaly-Packet-Detection-Multithreading.pdf
• Ryan Johnson and Angelos Stavrou
  • DEFCON-26-Johnson-and-Stavrou-Demo-Videos
    • commexec.mp4
    • maliciousApp.mp4
    • zte-zmax-champ-brick.mp4
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP.pdf
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices.pdf
• Ryan Johnson and Angelos Stavrou - Updated
  • DEFCON-26-Johnson-and-Stavrou-Demo-Videos-Updated
    • commExec.mp4
    • factory_reset.mp4
    • lock_user_out.mp4
    • maliciousApp.mp4
    • modem_and_logcat_logs_zte.mp4
    • take_screenshot.mp4
    • zte_zmax_champ_brick.mp4
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-Updated.pdf
  • Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf
• Sanat Sharma
  • Sanat-Sharma-House-of-Roman-Demo-Video.mp4
  • Sanat-Sharma-House-of-Roman.pdf
• Sheila A Berta and Sergio De Los Santos
  • DEFCON-26-Sheila-A-Berta-and-Sergio-De-Los-Santos-Demo-Video
    • freetool.mp4
    • gmtruntime.mp4
  • Sheila-A-Berta-and-Sergio-De-Los-Santos-Tracking-Android-Malware-Developers.pdf
• Siegfried Rasthofer and Stephan Huber
  • Siegfried-Rasthofer-and-Stephan-Huber-Demo-Video
    • demovideo.mp4
    • greenalp-cast.mp4
  • Siegfried-Rasthofer-and-Stephan-Huber-All-Your-Family-Secrets-Belong-to-Us.pdf
• Siegfried Rasthofer and Stephan Huber - Updated
  • Siegfried-Rasthofer-and-Stephan-Huber-Demo-Video-Updated
    • demovideo_Version2.mp4
    • greenalpdemo_Version2.mp4
  • Siegfried-Rasthofer-and-Stephan-Huber-All-Your-Family-Secrets-Belong-to-Us-Updated.pdf
• Silke Holtmanns and Isha Singh
  • Holtmanns-Singh-4G-Who-is-Paying-your-cell-phone-bill.pdf
• Slava Makkaveev
  • DEFCON-26-Slava-Makkaveev-Demo-Videos
    • Slava-Makkaveev-MITD-Demo1-GoogleTranslate.mp4
    • Slava-Makkaveev-MITD-Demo2-LGAppManager.mp4
    • Slava-Makkaveev-MITD-Demo3-XiaomiBrowser.mp4
  • Slava-Makkaveev-Man-In-The-Disk.pdf
• Stark Riedesel and Parsia Hakimian
  • DEFCON-26-Stark-Riedesel-and-Parsia-Hakimian-Demo-Videos
    • 1-tineola-enum-demo.mp4
    • 2-tineola-invoke-TXes.mp4
    • 2-tineola-invoke-demo.mp4
    • 3-tineola-fuzzing-demo.mp4
    • 4-tineolacc-install.mp4
    • 5-tineola-nmap-scan.mp4
    • 6-tineola-direct-db-TXes.mp4
    • 6-tineola-direct-db-demo.mp4
  • Stark-Riedesel-and-Parsia-Hakimian-Tineola-Taking-Bite-Out-of-Enterprise-Blockchain.pdf
• Thanh Bui and Siddharth Rao
  • DEFCON-26-Thanh-Bui-and-Siddharth-Rao-Demo-Videos
    • 1password-demo.mp4
    • fido-demo.mp4
  • Thanh-Bui-and-Siddharth-Rao-Last-Mile-Auth-Problem-Exploiting-End-to-End.pdf
• The Tarquin
  • DEFCON-26-The-Tarquin-Demo-Videos
    • homograph-ocr.mp4
    • homographbomb.mp4
    • java-homograph.mp4
  • The-Tarquin-Weaponizing-Unicode-Homographs-Beyond-IDNs.pdf
• Thiago Alves
  • DEFCON-26-Thiago-Alves-Demo-Videos
    • first-attack.mp4
    • second-attack.mp4
    • third-attack.mp4
  • Thiago-Alves-Hacking-PLCs-and-Causing-Havoc-on-Critical-Infrastructures.pdf
• Torani - Buchwald - Nirenberg
  • Torani-Buchwald-Nirenberg-Reverse-Engineering-Hacker-Docu-Series-Sample-Scene.mp4
  • Torani-Buchwald-Nirenberg-Reverse-Engineering-Hacker-Docu-Series.pdf
• Truman Kain
  • Truman-Kain-Demo-Video.mp4
  • Truman-Kain-Dragnet-Social-Engineering-Sidekick.pdf
• Truman Kain - Updated
  • Truman-Kain-Demo-Video-Updated.mp4
  • Truman-Kain-Dragnet-Social-Engineering-Sidekick-Updated.pdf
• Vincent Tan
  • DEFCON-26-Vincent-Tan-Demo-Videos
    • Vincent-Tan-Hacking-BLE-Bicycle-Locks-Demo-Video-1.mp4
    • Vincent-Tan-Hacking-BLE-Bicycle-Locks-Demo-Video-2.mp4
  • Vincent-Tan-Hacking-BLE-Bicycle-Locks.pdf
• Wesley McGrew
  • Wesley-McGrew-An-Attacker-Looks-at-Docker-Demo-Video.mp4
  • Wesley-McGrew-An-Attacker-Looks-at-Docker-WP.pdf
  • Wesley-McGrew-An-Attacker-Looks-at-Docker.pdf
• William Martin
  • William-Martin-SMBetray-Backdooring-and-Breaking-Signiatures.pdf
  • William-Martin-SMBetray-Demo-Video.mp4
• Wu HuiYu and Qian Wenxiang
  • DEFCON-26-Wu-HuiYu-and-Qian-Wenxiang-Demo-Videos
    • MI-AI-SPEAKER-MIIO.mp4
    • MI-AI-SPEAKER-RCE.mp4
    • amazon-echo-2soldering.mp4
    • amazon-echo-desoldering.mp4
    • amazon-echo-exploit.mp4
    • breaking-smart-speaker-video-1.mp4
    • breaking-smart-speaker-video-2.mp4
    • breaking-smart-speaker-video-3.mp4
    • breaking-smart-speaker-video-4.mp4
  • Wu-HuiYu-and-Qian-Wenxiang-Breaking-Smart-Speakers.pdf
• Xiaolong Bai and Min Zheng
  • DEFCON-26-Xiaolong-Bai-and-Min-Zheng-Demo-Video
    • DemoOnPage13.mp4
    • DemoOnPage78.mp4
  • Xiaolong-Bai-and-Min-Zheng-One-Bite-And-All-Your-Dreams-Will-Come-True.pdf
• Zach Miller and Alex Kissinger
  • DEFCON-26-Zach-Miller-and-Alex-Kissinger-Demo-Videos
    • demo-1-command-file-exploit.mp4
    • demo-2-telnet-exploit.mp4
    • demo-3-mlwar.mp4
  • Zach-Miller-and-Alex-Kissinger-Infecting-Embedded-Supply-Chain.pdf
• Zach Miller and Alex Kissinger - Updated
  • Zach Miller and Alex Kissinger - Extras
    • demo3_mlwar_v2.ogv
    • demo4_brute_force_and_dump_fw.mp4
  • Zach-Miller-and-Alex-Kissinger-Infecting-Embedded-Supply-Chain-Updated.pdf
• nevermoe
  • nevermoe-One-Step-Before-Game-Hackers-Andriod-Emulators-cheat-Demo-Video.mp4
  • nevermoe-One-Step-Before-Game-Hackers-Andriod-Emulators.pdf
• sghctoma
  • DEFCON-26-sghctoma-Demo-Videos
    • maple/
    • mathematica/
    • matlab/
  • sghctoma-all-your-math-are-belong-to-us.pdf
• singe
  • singe-Practical-and-Improved-Wifi-MitM-with-Mana-eap-relay-v1.mp4
  • singe-Practical-and-Improved-Wifi-MitM-with-Mana.pdf
• smea
  • DEFCON-26-smea-Jailbreaking-the-3DS-Demo-Videos
    • fuzz.mp4
    • hbmenu.mp4
    • mcopy.mp4
    • ninjhax.mp4
    • tubehax.mp4
  • smea-Jailbreaking-the-3DS.pdf
• Alex-Levinson-Overview-of-Genesis-Scripting-Engine.pdf
• Alexandre-Borges-Ring-02-Rootkits-bypassing-defenses-Updated.pdf
• Alexandre-Borges-Ring-02-Rootkits-bypassing-defenses.pdf
• Alfonso-Garcia-and-Alejo-Murillo-Playback-a-TLS-story.pdf
• Crowley-Paredes-Savage-Outsmarting-the-Smart-City.pdf
• Eckert-Sumner-Krause-Inside-the-Fake-Science-Factory.pdf
• Eduardo-Izycki-And-Rodrigo-Colli-Digital-Leviathan-Nation-State-Big-Brothers.pdf
• Egypt-One-Liners-to-Rule-Them-All.pdf
• Fireside-Panel-D0-N0-H4RM.pdf
• Fireside-Panel-Goerzen-and-Matthews-Beyond-The-Lulz-Updated.pdf
• Fireside-Panel-Goerzen-and-Matthews-Beyond-The-Lulz.pdf
• Foster-and-Ayrey-Lost-and-Found-Certs-residual-certs-for-pre-owned-domains.pdf
• Galloway-and-Yunusov-For-the-love-of-Money-Finding-And-Exploiting-Vulns-In-Mobile-POS-Updated.pdf
• Ian-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains.pdf
• Jianjun-Dai-Guang-Gong-Wenlin-Yang-Pwning-The-Toughest-Target-Updated.pdf
• Jianjun-Dai-Guang-Gong-Wenlin-Yang-Pwning-The-Toughest-Target.pdf
• Joe-Grand-Searching-for-the-Light-Adventures-w-Opticspy.pdf
• Josep-Rodriguez-Breaking-Extreme-Networks-WingOS-Updated.pdf
• Lawshae-Who-Controls-the-Controllers-Hacking-Crestron.pdf
• Maggie-Mayhem-Sex-Work-After-SESTA.pdf
• Maksim-Shudrak-Fuzzing-Malware-For-Fun-and-Profit.pdf
• Matt-King-Micro-Renovator-Bringing-Proc-Firmware-Up-To-Code.pdf
• Matt-Knight-and-Ryan-Speers-RF-Fuzzing-Tools-to-Expose-PHY-Layer-Vulns.pdf
• Matt-Wixey-Betrayed-by-the-Keyboard-Updated.pdf
• Matt-Wixey-Betrayed-by-the-Keyboard.pdf
• Matthews-Adams-Greco-Youre-Just-Complaining-Because-Youre-Guilty.pdf
• Michael-Ossmann-and-Dominic-Spill-Revolting-Radios.pdf
• Min-Zheng-Xiaolong-Bai-Fasten-your-Seatbelts-Escaping-iOS-11-Sandbox.pdf
• Nils-Amiet-and-Yonal-Romailler-Reaping-and-breaking-keys-at-scale-when-crypto-meets-big-data.pdf
• Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-and-Pop-0days-Out.pdf
• Panel-DCGroups.pdf
• Paternotte-and-van-Ommeren-It-WISNt-Me-Attacking-Industrial-Wireless-Mesh.pdf
• Rachel-Greenstadt-and-Aylin-Caliskan-De-anonymizing-Programmers.pdf
• Richard-Thieme-The-Road-to-Resilience .pdf
• Rob-Joyce-Absurd-Xmas-Lights.pdf
• Rousseau-and-Seymour-Finding-Xori-Malware-Analysis-Triage-w-Auto-Disassembly.pdf
• Seamus-Burke-Journey-Into-Hexagon.pdf
• Sean-Metcalf-Exploiting-Administrator-Insecurities.pdf
• Shortxstack-and-Seth-Law-Building-the-Hacker-tracker.pdf
• Si-and-AgentX-Wagging-The-Tail.pdf
• Steven-Danneman-Your-Banks-Digital-Side-Door.pdf
• Yaniv-Balmas-What-The-FAX.pdf
• YawnBox-Emerald-Onion-Privacy-Infrastructure-Challenges-and-Opportunites.pdf
• Yu-Wang-Attacking-The-MacOS-Kernel-Graphics-Driver.pdf
• Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs-Updated.pdf
• Yuwei-Zheng-Shaokun-Cao-Bypass-the-SecureBoot-and-etc-on-NXP-SOCs.pdf
• zerosum0x0-Eternal-Exploits.pdf

También también podéis descargar todo este contenido desde este enlace o por torrent a través de este otro enlace .

*Black Hat USA 2018*

Aquí tenéis la list de las presentaciones de Black Hat USA de este año, con enlace a las diapositivas y documentos que se han hecho públicos:

• Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes
• Finding Xori: Malware Analysis Triage with Automated Disassembly
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Rousseau-Finding-Xori-Malware-Analysis-Triage-With-Automated-Disassembly.pdf )
• Exposing the Bait: A Qualitative Look at the Impact of Autonomous Peer Communication to Enhance Organizational Phishing Detection
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Malmquist-Exposing-The-Bait-A-Qualitative-Look-At-The-Impact-Of-Autonomous-Peer-Communication-To-Enhance-Organizational-Phishing-Detection.pdf )
• Software Attacks on Hardware Wallets
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Volokitin-Software-Attacks-On-Hardware-Wallets.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Volokitin-Software-Attacks-On-Hardware-Wallets-wp.pdf )
• Dissecting Non-Malicious Artifacts: One IP at a Time
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Goland-Dissecting-Non-Malicious-Artifacts-One-IP-At-A-Time.pdf )
• Detecting Credential Compromise in AWS
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Bengtson-Detecting-Credential-Compromise-In-AWS.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Bengtson-Detecting-Credential-Compromise-In-AWS-wp.pdf )
• How I Learned to Stop Worrying and Love the SBOM
• Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Dion_Marcil-Edge-Side-Include-Injection-Abusing-Caching-Servers-into-SSRF-and-Transparent-Session-Hijacking.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Dion_Marcil-Edge-Side-Include-Injection-Abusing-Caching-Servers-into-SSRF-and-Transparent-Session-Hijacking-wp.pdf )
• Measuring the Speed of the Red Queen’s Race; Adaption and Evasion in Malware
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Harang-Measuring-the-Speed-of-the-Red-Queens-Race.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Harang-Measuring-the-Speed-of-the-Red-Queens-Race-wp.pdf )
• Holding on for Tonight: Addiction in InfoSec
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Tomasello-Holding-On-For-Tonight-Addiction-In-Infosec.pdf )
• TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of Industrial Control Systems, Forever
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Carcano-TRITON-How-It-Disrupted-Safety-Systems-And-Changed-The-Threat-Landscape-Of-Industrial-Control-Systems-Forever-wp.pdf )
• Stress and Hacking: Understanding Cognitive Stress in Tactical Cyber Ops
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Paul-Stress-and-Hacking.pdf )
• From Bot to Robot: How Abilities and Law Change with Physicality
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Postnikoff-From-Bot-To-Robot-How-Abilities-And-Law-Change-With-Physicality.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Postnikoff-From-Bot-To-Robot-How-Abilities-And-Law-Change-With-Physicality-wp.pdf )
• Miasm: Reverse Engineering Framework
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-DesclauxMougey-Miasm-Reverse-Engineering-Framework.pdf )
• New Trends in Browser Exploitation: Attacking Client-Side JIT Compilers
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Gro ß-New-Trends-In-Browser-Exploitation-Attacking-Client-Side-JIT-Compilers.pdf)
• Deep Neural Networks for Hackers: Methods, Applications, and Open Source Tools
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-saxe-Deep-Learning-For-Hackers-Methods-Applications-and-Open-Source-Tools.pdf )
• KeenLab iOS Jailbreak Internals: Userland Read-Only Memory can be Dangerous
• Blockchain Autopsies - Analyzing Ethereum Smart Contract Deaths
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Little-Blockchain-Autopsies-Analyzing-Ethereum-Smart-Contract-Deaths.pdf )
• A Dive in to Hyper-V Architecture & Vulnerabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Joly-Bialek-A-Dive-in-to-Hyper-V-Architecture-&-Vulnerabilities.pdf )
• No Royal Road … Notes on Dangerous Game
• There will be Glitches: Extracting and Analyzing Automotive Firmware Efficiently
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Milburn-There-Will-Be-Glitches-Extracting-And-Analyzing-Automotive-Firmware-Efficiently.pdf )
• Compression Oracle Attacks on VPN Networks
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Nafeez-Compression-Oracle-Attacks-On-Vpn-Networks.pdf )
• CANCELLED: Too Soft[ware Defined] Networks: SD-WAN VulnerabilityAssessment
• Screaming Channels: When Electromagnetic Side Channels Meet Radio Transceivers
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Camurati-Screaming-Channels-When-Electromagnetic-Side-Channels-Meet-Radio-Tranceivers.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Camurati-Screaming-Channels-When-Electromagnetic-Side-Channels-Meet-Radio-Tranceivers-wp.pdf )
• Remotely Attacking System Firmware
• Reversing a Japanese Wireless SD Card - From Zero to Code Execution
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Valadon-Reversing-a-Japanese-Wireless-SD-Card-From-Zero-to-Code-Execution.pdf )
• Deep Dive into an ICS Firewall, Looking for the Fire Hole
• Legal Landmines: How Law and Policy are Rapidly Shaping Information Security
• Every ROSE has its Thorn: The Dark Art of Remote Online Social Engineering
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Wixey-Every-ROSE-Has-Its-Thorn-The-Dark-Art-Of-Remote-Online-Social-Engineering.pdf )
• From Workstation to Domain Admin: Why Secure Administration isn’t Secure and How to Fix it
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Metcalf-From-Workstation-To-Domain-Admin-Why-Secure-Administration-Isnt-Secure.pdf )
• An Attacker Looks at Docker: Approaching Multi-Container Applications
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-McGrew-An-Attacker-Looks-At-Docker-Approaching-Multi-Container-Applications-wp.pdf )
• The Unbearable Lightness of BMC’s
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Waisman-Soler-The-Unbearable-Lightness-of-BMC-wp.pdf )
• Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Dameff-Mental-Health-Hacks-Fighting-Burnout-Depression-And-Suicide-In-The-Hacker-Community.pdf )
• WireGuard: Next Generation Secure Network Tunnel
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Donenfeld-WireGuard-Next-Generation-Secure-Network-Tunnel.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Donenfeld-WireGuard-Next-Generation-Secure-Nework-Tunnel-wp.pdf )
• Threat Modeling in 2018: Attacks, Impacts and Other Updates
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Shostack-Threat-Modeling-in-2018.pdf )
• Subverting Sysmon: Application of a Formalized Security Product Evasion Methodology
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Graeber-Subverting-Sysmon-Application-Of-A-Formalized-Security-Product-Evasion-Methodology.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Graeber-Subverting-Sysmon-Application-Of-A-Formalized-Security-Product-Evasion-Methodology-wp.pdf )
• Don’t @ Me: Hunting Twitter Bots at Scale
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Anise-Wright-Don'[email protected] )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Anise-Wright-Don'[email protected] )
• A Brief History of Mitigation: The Path to EL1 in iOS 11
  • [] ()
• ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?
• Behind the Speculative Curtain: The True Story of Fighting Meltdown and Spectre
• Breaking Parser Logic: Take Your Path Normalization off and Pop 0days Out!
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Orange-Tsai-Breaking-Parser-Logic-Take-Your-Path-Normalization-Off-And-Pop-0days-Out-2.pdf )
• LTE Network Automation Under Threat
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Shaik-LTE-Network-Automation-Under-Threat.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Shaik-LTE-Network-Automation-Under-Threat-wp.pdf )
• Why so Spurious? How a Highly Error-Prone x86/x64 CPU “Feature” can be Abused to Achieve Local Privilege Escalation on Many Operating Systems
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Mulasmajic-Peterson-Why-So-Spurious.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Mulasmajic-Peterson-Why-So-Spurious-wp.pdf )
• Open Sesame: Picking Locks with Cortana
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Beery-Open-Sesame-Picking-Locks-with-Cortana.pdf )
• Breaking the IIoT: Hacking industrial Control Gateways
• Squeezing a Key through a Carry Bit
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Valsorda-Squeezing-A-Key-Through-A-Carry-Bit.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Valsorda-Squeezing-A-Key-Through-A-Carry-Bit-wp.pdf )
• I, for One, Welcome Our New Power Analysis Overlords
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-O'Flynn-I-For-One-Welcome-Our-New-Power-Analysis-Overloards.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-O'Flynn-I-For-One-Welcome-Our-New-Power-Analysis-Overloards-wp.pdf )
• How can Communities Move Forward After Incidents of Sexual Harassment or Assault?
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Peterson-How-Can-Communities-Move-Forward-After-Incidents-Of-Sexual-Harassment-Or-Assault.pdf )
• AFL’s Blindspot and How to Resist AFL Fuzzing for Arbitrary ELF Binaries
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Li-AFLs-Blindspot-And-How-To-Resist-AFL-Fuzzing-For-Arbitrary-ELF-Binaries.pdf )
• Is the Mafia Taking Over Cybercrime?
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Lusthaus-Is-The-Mafia-Taking-Over-Cybercrime.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Lusthaus-Is-The-Mafia-Taking-Over-Cybercrime-wp.pdf )
• The Air-Gap Jumpers
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Guri-AirGap.pdf )
• Beating the Blockchain by Mapping Out Decentralized Namecoin and Emercoin Infrastructure
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Perlow-Beating-the-Blockchain-by-Mapping-Out_Decentralized_Namecoin-and-Emercoin-Infrastructure.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Perlow-Beating-the-Blockchain-by-Mapping-Out_Decentralized_Namecoin-and-Emercoin-Infrastructure-wp.pdf )
• InfoSec Philosophies for the Corrupt Economy
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Munro-Infosec-Philosophies-For-The-Corrupt-Economy.pdf )
• Back to the Future: A Radical Insecure Design of KVM on ARM
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-SINGH-BACK-TO-THE-FUTURE-A-RADICAL-INSECURE-DESIGN-OF-KVM-ON-ARM.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-SINGH-BACK-TO-THE-FUTURE-A-RADICAL-INSECURE-DESIGN-OF-KVM-ON-ARM-wp.pdf )
• A Tangled Curl: Attacks on the Curl-P Hash Function Leading to Signature Forgeries in the IOTA Signature Scheme
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Narula-Heilman-Cryptanalysis-of-Curl-P.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Wed-August-8/us-18-Narula-Heilman-Cryptanalysis-of-Curl-P-wp.pdf )
• ARTist - A Novel Instrumentation Framework for Reversing and Analyzing Android Apps and the Middleware
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Schranz-ARTist-A-Novel-Instrumentation-Framework-for-Reversing-and-Analyzing-Android-Apps-and-the-Middleware.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Schranz-ARTist-A-Novel-Instrumentation-Framework-for-Reversing-and-Analyzing-Android-Apps-and-the-Middleware-wp.pdf )
• Stop that Release, There’s a Vulnerability!
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gadsby-Stop-That-Release,-There's-A-Vulnerability!.pdf )
• Two-Factor Authentication, Usable or Not? A Two-Phase Usability Study of the FIDO U2F Security Key
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Das-Two-Factor-Authentication-Usable-Or-Not.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Das-Two-Factor-Authentication-Usable-Or-Not-A-Two-Phase-Usability.pdf )
• Fire & Ice: Making and Breaking macOS Firewalls
• The Problems and Promise of WebAssembly
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Silvanovich-The-Problems-and-Promise-of-WebAssembly.pdf )
• Money-rity Report: Using Intelligence to Predict the Next Payment Card Fraud Victims
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gollnick-Smyth-Money-Rity-Report-Using-Intelligence-To-Predict-The-Next-Payment-Card-Victims-wp.pdf )
• Lessons from Virginia - A Comparative Forensic Analysis of WinVote Voting Machines
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Sch ürmann-Carsten-A-Comparative-Forensic-Analysis-of-WinVote-Voting-Machines.pdf)
• Demystifying PTSD in the Cybersecurity Environment
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Slowik-Demystifying-PTSD-In-The-Cybersecurity-Environment.pdf )
• Real Eyes, Realize, Real Lies: Beating Deception Technologies
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Hart-Real-Eyes-Realize-Real-Lies-Beating-Deception-Technologies.pdf )
• Kernel Mode Threats and Practical Defenses
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Desimone-Kernel-Mode-Threats-and-Practical-Defenses.pdf )
• Snooping on Cellular Gateways and Their Critical Role in ICS
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Shattuck-Snooping-on-Cellular-Gateways-and-Their-Critical-Role-in-ICS.pdf )
• Your Voice is My Passport
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Seymour-Aqil-Your-Voice-Is-My-Passport.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Seymour-Aqil-Your-Voice-Is-My-Passport-wp.pdf )
• Identity Theft: Attacks on SSO Systems
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Ludwig-Identity-Theft-Attacks-On-SSO-Systems.pdf )
• Black Box is Dead. Long Live Black Box!
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Stennikov-Blackbox-is-dead--Long-live-Blackbox!.pdf )
• Reconstruct the World from Vanished Shadow: Recovering Deleted VSS Snapshots
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Kobayashi-Reconstruct-The-World-From-Vanished-Shadow-Recovering-Deleted-VSS-Snapshots.pdf )
• The Science of Hiring and Retaining Female Cybersecurity Engineers
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Holtz-The-Science-Of-Hiring-And-Retaining-Female-Cybersecurity-Engineers.pdf )
• The Windows Notification Facility: Peeling the Onion of the Most Undocumented Kernel Attack Surface Yet
• New Norms and Policies in Cyber-Diplomacy
• Pestilential Protocol: How Unsecure HL7 Messages Threaten Patient Lives
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages_Threaten-Patient-Lives.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Dameff-Pestilential-Protocol-How-Unsecure-HL7-Messages-Threaten-Patient-Lives-wp.pdf )
• AI & ML in Cyber Security - Why Algorithms are Dangerous
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Marty-AI-and-ML-in-Cybersecurity.pdf )
• GOD MODE UNLOCKED - Hardware Backdoors in x86 CPUs
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Domas-God-Mode-Unlocked-Hardware-Backdoors-In-x86-CPUs.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Domas-God-Mode-Unlocked-Hardware-Backdoors-In-x86-CPUs-wp.pdf )
• Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Geesaman-Detecting-Malicious-Cloud-Account-Behavior-A-Look-At-The-New-Native-Platform-Capabilities.pdf )
• Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Mueller-Dresen-EFAIL-Breaking-SMIME-And-OpenPGP-Email-Encryption-Using-Exfiltration-Channels.pdf )
• Decompiler Internals: Microcode
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Guilfanov-Decompiler-Internals-Microcode.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Guilfanov-Decompiler-Internals-Microcode-wp.pdf )
• Stealth Mango and the Prevalence of Mobile Surveillanceware
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Blaich-Stealth-Mango-and-the-Prevalence-of-Mobile-Surveillanceware.pdf )
• A Deep Dive into macOS MDM (and How it can be Compromised)
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Endahl-A-Deep-Dive-Into-macOS-MDM-And-How-It-Can-Be-Compromised.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Endahl-A-Deep-Dive-Into-macOS-MDM-And-How-It-Can-Be-Compromised-wp.pdf )
• Are You Trading Stocks Securely? Exposing Security Flaws in Trading Technologies
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Hernandez-Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Hernandez-Are-You-Trading-Stocks-Securely-Exposing-Security-Flaws-in-Trading-Technologies-wp.pdf )
• Playback: A TLS 1.3 Story
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-GarciaAlguacil-MurilloMoya-Playback-A-TLS-1.3-Story.pdf )
• Outsmarting the Smart City
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Crowley-Savage-Paredes-Outsmarting-The-Smart-City.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Crowley-Outsmarting-The-Smart-City-wp.pdf )
• Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks
• So I became a Domain Controller
• None of My Pixel is Your Business: Active Watermarking Cancellation Against Video Streaming Service
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Hui-None-Of-My-Pixel-Is-Your-Business-Active-Watermarking-Cancellation-Against-Video-Streaming-Service.pdf )
• WebAssembly: A New World of Native Exploits on the Browser
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Lukasiewicz-WebAssembly-A-New-World-of-Native_Exploits-On-The-Web-wp.pdf )
• Applied Self-Driving Car Security
  • [] ()
• TLBleed: When Protecting Your CPU Caches is Not Enough
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gras-TLBleed-When-Protecting-Your-CPU-Caches-is-Not-Enough.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gras-TLBleed-When-Protecting-Your-CPU-Caches-is-Not-Enough-w.pdf )
• Wrangling with the Ghost: An Inside Story of Mitigating Speculative Execution Side Channel Vulnerabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Fogh-Ertl-Wrangling-with-the-Ghost-An-Inside-Story-of-Mitigating-Speculative-Execution-Side-Channel-Vulnerabilities.pdf )
• Another Flip in the Row
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gruss-Another-Flip-in-the-Row.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Gruss-Another-Flip-In-The-Row-wp.pdf )
• Windows Offender: Reverse Engineering Windows Defender’s Antivirus Emulator
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Bulazel-Windows-Offender-Reverse-Engineering-Windows-Defenders-Antivirus-Emulator.pdf )
• Legal Liability for IOT Cybersecurity Vulnerabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Palansky-Legal-Liability-For-IoT-Vulnerabilities.pdf )
• How can Someone with Autism Specifically Enhance the Cyber Security Workforce?
• Exploitation of a Modern Smartphone Baseband
• Last Call for SATCOM Security
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Santamarta-Last-Call-For-Satcom-Security.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Santamarta-Last-Call-For-Satcom-Security-wp.pdf )
• Automated Discovery of Deserialization Gadget Chains
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Haken-Automated-Discovery-of-Deserialization-Gadget-Chains-wp.pdf )
• Catch me, Yes we can! – Pwning Social Engineers using Natural Language Processing Techniques in Real-Time
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Harris-Catch-Me-Yes-We-Can –Pwning-Social-Engineers-Using-Natural-Language-Techniques-In-Real-Time.pdf)
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Harris-Catch-Me-Yes-We-Can –Pwning-Social-Engineers-Using-Natural-Language-Techniques-In-Real-Time-wp.pdf)
• From Thousands of Hours to a Couple of Minutes: Automating Exploit Generation for Arbitrary Types of Kernel Vulnerabilities
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Wu-Towards-Automating-Exploit-Generation-For-Arbitrary-Types-of-Kernel-Vulnerabilities-wp.pdf )
• SDL That Won’t Break the Bank
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Lipner-SDL-For-The-Rest-Of-Us.pdf )
• Lowering the Bar: Deep Learning for Side Channel Analysis
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-perin-ege-vanwoudenberg-Lowering-the-bar-Deep-learning-for-side-channel-analysis.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-perin-ege-vanwoudenberg-Lowering-the-bar-Deep-learning-for-side-channel-analysis-wp.pdf )
• Mainframe [z/OS] Reverse Engineering and Exploit Development
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Rikansrud-Mainframe-[zOS]-Reverse-Engineering-and-Exploit-Development.pdf )
• Hardening Hyper-V through Offensive Security Research
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Rabet-Hardening-Hyper-V-Through-Offensive-Security-Research.pdf )
• Practical Web Cache Poisoning: Redefining ‘Unexploitable’
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Kettle-Practical-Web-Cache-Poisoning-Redefining-Unexploitable-wp.pdf )
• For the Love of Money: Finding and Exploiting Vulnerabilities in Mobile Point of Sales Systems
• SirenJack: Cracking a ‘Secure’ Emergency Warning Siren System
• Understanding and Exploiting Implanted Medical Devices
• IoT Malware: Comprehensive Survey, Analysis Framework and Case Studies
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Costin-Zaddach-IoT-Malware-Comprehensive-Survey-Analysis-Framework-and-Case-Studies.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Costin-Zaddach-IoT-Malware-Comprehensive-Survey-Analysis-Framework-and-Case-Studies-wp.pdf )
• The Finest Penetration Testing Framework for Software-Defined Networks
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Lee-The-Finest-Penetration-Testing-Framework-for-Software-Defined-Networks.pdf )
• It’s a PHP Unserialization Vulnerability Jim, but Not as We Know It
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-Know-It-wp.pdf )
• Unpacking the Packed Unpacker: Reverse Engineering an Android Anti-Analysis Native Library
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Stone-Unpacking-The-Packed-Unpacker.pdf )
• Return of Bleichenbacher’s Oracle Threat (ROBOT)
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Boeck-Young-Return-Of-Bleichenbachers-Oracle-Threat-wp.pdf )
• Over-the-Air: How we Remotely Compromised the Gateway, BCM, and Autopilot ECUs of Tesla Cars
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Liu-Over-The-Air-How-We-Remotely-Compromised-The-Gateway-Bcm-And-Autopilot-Ecus-Of-Tesla-Cars.pdf )
  • [Download White Paper] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Liu-Over-The-Air-How-We-Remotely-Compromised-The-Gateway-Bcm-And-Autopilot-Ecus-Of-Tesla-Cars-wp.pdf )
• DeepLocker - Concealing Targeted Attacks with AI Locksmithing
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Kirat-DeepLocker-Concealing-Targeted-Attacks-with-AI-Locksmithing.pdf )
• Meltdown: Basics, Details, Consequences
• Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
  • [Download Presentation Slides] ( http://i.blackhat.com/us-18/Thu-August-9/us-18-Ulitzsch-Follow-The-White-Rabbit-Simplifying-Fuzz-Testing-Using-FuzzExMachina.pdf )
• Lessons and Lulz: The 4th Annual Black Hat USA NOC Report

*Libro Docker: SevDevOps*

Cómo ya nos adelantó Chema en su blog , la editorial 0xWord acaba de publicar un nuevo libro sobre Docker y su uso en entornos SecDevOps .

El libro ha sido escrito por Fran Ramírez ( @Cybercaronte ), Elías Grande ( @3grander ) y el que escribe, Rafael Troncoso ( @tuxotron ).

El libro contiene material tanto para los no iniciados, como para los que ya conocen Docker. Aunque Docker no es la única opción en el ámbito de los contenedores de aplicaciones, es sin duda alguna la más conocida y extendida hasta la fecha.

*Black Hat Asia 2018*

Ya están disponibles la mayoría de las presentaciones de Black Hat Asi 2018 celebrada el pasado 20-23 de marzo:

• A Short Course in Cyber Warfare
• National Cyber-Aggression and Private-Sector Internet Infrastructure
• A Deal with the Devil: Breaking Smart Contracts
  • Wong-Hemmel-A-Deal-with-the-Devil-Breaking-Smart-Contracts.pdf
• A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
  • Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages_update_Thursday.pdf
• AES Wireless Keyboard – Template Attack for Eavesdropping
  • Kim-AES-Wireless-Keyboard-Template-Attack-for-Eavesdropping.pdf
• All Your Payment Tokens Are Mine: Vulnerabilities of Mobile Payment Systems
  • zhou-ALL%20YOUR%20PAYMENT%20TOKENS%20ARE%20MINE%20VULNERABILITIES%20OF%20MOBILE%20PAYMENT%20SYSTEMS.pdf
  • zhou-ALL%20YOUR%20PAYMENT%20TOKENS%20ARE%20MINE%20VULNERABILITIES%20OF%20MOBILE%20PAYMENT%20SYSTEMS-wp.pdf
• Analyzing & Breaking Exploit Mitigations and PRNGs on QNX for Automotive Industrial Medical and other Embedded Systems
  • Wetzels_Abassi_dissecting_qnx__PPT.pdf
  • Wetzels_Abassi_dissecting_qnx__WP.pdf
• Back To The Epilogue: How to Evade Windows’ Control Flow Guard with Less than 16 Bytes
  • Lain-Back-To-The-Epilogue-How-To-Evade-Windows-Control-Flow-Guard-With-Less-Than-16-Bytes.pdf
• Breach Detection At Scale With AWS Honey Tokens
  • bourke-grzelak-breach-detection-at-scale-with-aws-honey-tokens.pdf
  • bourke-grzelak-breach-detection-at-scale-with-aws-honey-tokens-wp.pdf
• Breaking State-of-the-Art Binary Code Obfuscation via Program Synthesis
  • Blazytko-Breaking-State-Of-The-Art-Binary-Code-Obfuscation-Via-Program-Synthesis.pdf
  • Blazytko-Breaking-State-Of-The-Art-Binary-Code-Obfuscation-Via-Program-Synthesis-wp.pdf
• Breaking the Attack Graph: How to Leverage Graphs to Strengthen Security in a Domain Environment
  • Simakov-Marina-Breaking-The-Attack-Graph.pdf
• Counter-Infiltration: Future-Proof Counter Attacks Against Exploit Kit Infrastructure
  • papa-Future-Proof%20Counter%20Attacks%20Against%20Exploit%20Kit%20Infrastructure.pdf
• Cyber Comrades: Alliance-Building in Cyberspace
  • Geers-Cyber%20Comrades%20Alliance%20Building%20in%20Cyberspace.pdf
• Death Profile
  • Zhu%20and%20Li-Death%20Profile.pdf
  • Zhu%20and%20Li-Death%20Profile-wp.pdf
• Documenting the Undocumented: The Rise and Fall of AMSI
  • Tal-Liberman-Documenting-the-Undocumented-The-Rise-and-Fall-of-AMSI.pdf
• eMMC & UFS: Security Vulnerabilities Rootkits
• Hourglass Model 2.0: Case Study of Southeast Asia Underground Services Abusing Global 2FA
  • [Asia-18-CHUNG-Hourglass 2.0.pdf]( https://www.blackhat.com/docs/asia-18/Asia-18-CHUNG-Hourglass 2.0.pdf)
• I Don’t Want to Sleep Tonight: Subverting Intel TXT with S3 Sleep
  • Seunghun-I_Dont_Want_to_Sleep_Tonight_Subverting_Intel_TXT_with_S3_Sleep.pdf
• International Problems: Serialized Fuzzing for ICU Vulnerabilities
  • Deng-International-Problems-Serialized-Fuzzing-for-ICU-Vulnerabilities.pdf
• Invoke-DOSfuscation: Techniques FOR %F IN (-style) DO (S-level CMD Obfuscation)
  • bohannon-invoke_dosfuscation_techniques_for_fin_style_dos_level_cmd_obfuscation.pdf
  • bohannon-invoke_dosfuscation_techniques_for_fin_style_dos_level_cmd_obfuscation-wp.pdf
• KSMA: Breaking Android Kernel Isolation and Rooting with ARM MMU Features
  • WANG-KSMA-Breaking-Android-kernel-isolation-and-Rooting-with-ARM-MMU-features.pdf
• Locknote: Conclusions and Key Takeaways from Black Hat Asia 2018
• Mac-A-Mal: An Automated Platform for Mac Malware Hunting
  • Phuc-Mac-A-Mal-An%20Automated%20Framework%20for%20Mac%20Malware%20Hunting.pdf
  • Phuc-Mac-A-Mal-An%20Automated%20Framework%20for%20Mac%20Malware%20Hunting-wp.pdf
• Nation-State Moneymule’s Hunting Season – APT Attacks Targeting Financial Institutions
  • Shen-Nation-State%20Moneymule%20hunting%20season_Thursday%20.pdf
• New Compat Vulnerabilities in Linux Device Drivers
  • Ding-New-Compat-Vulnerabilities-In-Linux-Device-Drivers.pdf
• Prison Break Season 6: Defeating the Mitigations Adopted by Android OEMs
• return-to-csu: A New Method to Bypass 64-bit Linux ASLR
  • Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR.pdf
  • Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf
• RustZone: Writing Trusted Applications in Rust
• Securing Your In-Ear-Fitness Coach: Challenges in Hardening Next Generation Wearables
• Server Tailgating - A Chosen-PlainText Attack on RDP
  • Karni-Zinar-Blachman-Server-Tailgating-A-Chosen-Plaintext-Attack-on-RDP.pdf
• Shadow-Box v2: The Practical and Omnipotent Sandbox for ARM
  • Seunghun-Shadow-Box_v2_The_Practical_and_Omnipotent_Sandbox_for_ARM.pdf
• Tales from the NOC: Going Public in Asia
• UbootKit: A Worm Attack for the Bootloader of IoT Devices
  • Yang-UbootKit-A-Worm-Attack-for-the-Bootloader-of-IoT-Devices.pdf
  • Yang-UbootKit-A-Worm-Attack-for-the-Bootloader-of-IoT-Devices-wp.pdf
• VSPMiner: Detecting Security Hazards in SEAndroid Vendor Customizations via Large-Scale Supervised Machine Learning
• When Good Turns Evil: Using Intel SGX to Stealthily Steal Bitcoins
  • Schwarz-When-Good-Turns-Evil-Using-Intel-SGX-To-Stealthily-Steal-Bitcoins.pdf
  • Schwarz-When-Good-Turns-Evil-Using-Intel-SGX-To-Stealthily-Steal-Bitcoins-wp.pdf
• XOM-switch: Hiding Your Code from Advanced Code Reuse Attacks In One Shot
  • Zhang-xom-switch-mingwei-v1.2.pptx

*Proyecto SEED*

El Proyecto SEED tiene como objetivo desarrollar un conjunto de talleres prácticos para la enseñanza y estudio de la seguridad de la información. Este proyecto es principalmente subvencionado por National Science Foundation (NSF) , una organización gubernamental estadounidense creada en 1950.

Actualmente existen más de 30 talleres llamados SEED Labs , organizadoes en seis categorías:

• Software Security Labs - Talleres con vulnerabilides en software más comunes.

![OpenIA videogames] ( https://cyberhades.ams3.cdn.digitaloceanspaces.com/imagenes/31406720546_7496797da3_o_opt.png )

*OpenAI Games*

Ya os hemos hablado en alguna ocasión de OpenAI y de cómo utiliza videojuegos para entrenar a una IA a resolver problemas. Pues en el blog de LUCA estamos escribiendo una serie de artículos donde explicamos paso a paso desde cómo comenzar a configurar el entorno de OpenAI en Linux hasta nuestra nuestra primera IA capaz de resolver un juego sencillo.

*Chaos Communication Congress 34*

Nada mejor que empezar el año con material de primera calidad. El Chaos Communication Congress, como de costumbre a celebrado su cita con el hacking mundial entre el 27 y el 30 de diciembre . Si tienes algo de tiempo libre hasta después de los reyes, aquí tienes dónde entretenerte.

• [Antipatterns und Missverständnisse in der Softwareentwicklung]( https://media.ccc.de/v/34c3-9095-antipatterns_und_missv erstandnisse_in_der_softwareentwicklung)
• Dude, you broke the Future!
• Eröffnung: tuwat
• Die Lauschprogramme der Geheimdienste
• Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit
• Social Bots, Fake News und Filterblasen
• QualityLand
• Methodisch inkorrekt!
• The Ultimate Apollo Guidance Computer Talk
• Die fabelhafte Welt des Mobilebankings
• Internet of Fails
• Relativitätstheorie für blutige Anfänger
• Jahresrückblick des CCC 2017
• Security Nightmares 0x12
• Gamified Control?
• Demystifying Network Cards
• Everything you want to know about x86 microcode, but might have been afraid to ask
• Uncovering British spies’ web of sockpuppet social media personas
• Console Security - Switch
• Free Electron Lasers
• hacking disaster
• Beeinflussung durch Künstliche Intelligenz
• Der PC-Wahl-Hack
• All Computers Are Beschlagnahmt
• Inside Intel Management Engine
• Tiger, Drucker und ein Mahnmal
• Hacker Jeopardy
• How to drift with any car
• Doping your Fitbit
• Are all BSDs created equally?
• Ecstasy 10x yellow Twitter 120mg Mdma
• Pointing Fingers at ‘The Media’
• Trügerische Sicherheit
• DPRK Consumer Technology
• Taxation
• Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection
• Unleash your smart-home devices: Vacuum Cleaning Robot Hacking
• 34C3 Abschluss
• Digitale Bildung in der Schule
• Watching the changing Earth
• Coming Soon: Machine-Checked Mathematical Proofs in Everyday Software and Hardware…
• How risky is the software you use?
• cryptocurrencies, smart contracts, etc.: revolutionary tech?
• Der netzpolitische Wetterbericht
• Mietshäusersyndikat: den Immobilienmarkt hacken
• Deep Learning Blindspots
• Die Sprache der Überwacher
• WTFrance
• eMMC hacking, or: how I fixed long-dead Galaxy S3 phones
• LatticeHacks
• Science is broken
• 1-day exploit development for Cisco IOS
• KRACKing WPA2 by Forcing Nonce Reuse
• Intel ME: Myths and reality
• Schreibtisch-Hooligans
• Protecting Your Privacy at the Border
• Tightening the Net in Iran
• Bildung auf dem Weg ins Neuland
• Schnaps Hacking
• Nougatbytes 11₂
• Die göttliche Informatik / The divine Computer Science
• Home Distilling
• iOS kernel exploitation archaeology
• Decoding Contactless (Card) Payments
• Reverse engineering FPGAs
• The Work of Art in the Age of Digital Assassination
• SCADA - Gateway to (s)hell
• Resilienced Kryptographie
• Financial surveillance
• Growing Up Software Development
• How can you trust formally verified software?
• Opening Closed Systems with GlitchKit
• The Snowden Refugees under Surveillance in Hong Kong
• Ein Festival der Demokratie
• Lets break modern binary code obfuscation
• Access To Bodies
• Holography of Wi-Fi radiation
• Designing PCBs with code
• Social Cooling - big data’s unintended side effect
• Forensic Architecture
• Mobile Data Interception from the Interconnection Link
• BGP and the Rule of Custom
• How Alice and Bob meet if they don’t like onions
• Low Cost Non-Invasive Biomedical Imaging
• 0en & 1en auf dem Acker
• BBSs and early Internet access in the 1990ies
• The making of a chip
• Bringing Linux back to server boot ROMs with NERF and Heads
• Es sind die kleinen Dinge im Leben II
• May contain DTraces of FreeBSD
• End-to-end formal ISA verification of RISC-V processors with riscv-formal
• Electromagnetic Threats for Information Security
• BootStomp: On the Security of Bootloaders in Mobile Devices
• Netzpolitik in der Schweiz
• UPSat - the first open source satellite
• Squeezing a key through a carry bit
• Fuck Dutch mass-surveillance: let’s have a referendum!
• Internet censorship in the Catalan referendum
• Robot Music
• Running GSM mobile phone on SDR
• Treibhausgasemissionen einschätzen
• Lobby-Schlacht um die ePrivacy-Verordnung
• Catch me if you can: Internet Activism in Saudi Arabia
• Defeating (Not)Petya’s Cryptography
• Lightning Talks Day 2
• Why Do We Anthropomorphize Computers?…
• A hacker’s guide to Climate Change - What do we know and how do we know it?
• Blinkenrocket!
• Drones of Power: Airborne Wind Energy
• Inside Android’s SafetyNet Attestation: Attack and Defense
• The Noise Protocol Framework
• Briar
• Vintage Computing for Trusted Radiation Measurements and a World Free of Nuclear Weapons
• Saving the World with Space Solar Power
• We should share our secrets
• WHWP
• Privacy Shield - Lipstick on a Pig?
• Humans as software extensions
• Net Neutraliy Enforcement in the EU
• MQA - A clever stealth DRM-Trojan
• The Internet in Cuba: A Story of Community Resilience
• avatar²
• ASLR on the line
• Implementing an LLVM based Dynamic Binary Instrumentation framework
• Policing in the age of data exploitation
• Lightning Talks Day 3
• Practical Mix Network Design
• Regulating Autonomous Weapons
• Open Source Estrogen
• History and implications of DRM
• Lightning Talks Day 4
• Taking a scalpel to QNX
• The seizure of the Iuventa
• SatNOGS: Crowd-sourced satellite operations
• Afro TECH
• Extended DNA Analysis
• Uncovering vulnerabilities in Hoermann BiSecur
• Making Experts Makers and Makers Experts
• Microarchitectural Attacks on Trusted Execution Environments
• Deconstructing a Socialist Lawnmower
• Italy’s surveillance toolbox
• openPower - the current state of commercial openness in CPU development
• Hardening Open Source Development
• This is NOT a proposal about mass surveillance!
• library operating systems
• Think big or care for yourself
• Algorithmic science evaluation and power structure: the discourse on strategic citation…
• Type confusion: discovery, abuse, and protection
• “Nabovarme” opensource heating infrastructure in Christiania
• Visceral Systems
• TrustZone is not enough
• Electroedibles
• Modern key distribution with ClaimChain
• Simulating the future of the global agro-food system
• Zamir Transnational Network und Zagreb Dairy
• Public FPGA based DMA Attacking
• OONI: Let’s Fight Internet Censorship, Together!
• Tracking Transience
• Organisational Structures for Sustainable Free Software Development
• 34C3 Infrastructure Review
• Ensuring Climate Data Remains Public
• Uncertain Concern
• institutions for Resolution Disputes
• Don’t stop ’til you feel it
• International Image Interoperability Framework (IIIF) – Kulturinstitutionen schaffen…
• Closing the loop: Reconnecting social-technologial dynamics to Earth System science
• On the Prospects and Challenges of Weather and Climate Modeling at Convection-Resolving…

*NIST - NSA* [NIST](https://www.nist.gov/), el Instiuto Nacional de Estándares y Tecnología de los EEUU ha anunciado el resultado de una investigación llevada a cabo en conjunción con [Telefónica](https://www.telefonica.com). Dicha investigación liderada por Chema Alonso, Pablo González y Fran Ramírez, ha desembocado en uno de los descubrumientos más importantes en ciber seguridad de los últimos tiempos: El Parche Universal.

El Parche Universal encajaría dentro de lo que conocemos como hardening o fortificación de sistemas. Éste, una vez aplicado en tu sistema lo vuelve infalible, impenetrable y los exploits son inútiles.

*The Woz Wonderbook*

Con la popularización del Apple ][ y su incremento en ventas, una de las cosas que la preocupaba a Steve Job era la pobre calidad de la documentación de dicho ordenador. Durante el verano y otoño de 1977, se recolectaron de los archivos de Steve Wozniak todos sus apuntes para crear un “libro” de documentación interna usado por los ingenieros de Apple. A esta colección de notas, diagramas, código, etc se le bautizó como The Woz Wonderbook. Este cubría el vacío que existía en la documentación oficial del Apple ][.

*Tiredful API*

Cómo hemos dicho muchas veces, sin hacer no se aprende. Leer es un hábito que todos debemos desarrollar y cultivar, pero cuando hablamos de tecnología, si sólo lees y no pruebas, practicas, rompes, etc, no aprenderás mucho.

Ya hemos publicado algunas entradas ( vulnerable , pentesting , etc) con aplicaciones vulnerables de forma intencionada para el beneficio del que desea practicar y aprender. En este caso os hablamos sobre otra de estas aplicaciones, aunque esta vez es una REST API .