Ya se encuentran disponibles las presentaciones (diapositivas y algún documento extra) de Defcon 22:

• Protecting SCADA From the Ground Up - PDF
• Detecting Bluetooth Surveillance Systems - PDF
• Dropping Docs on Darknets: How People Got Caught - PDF
• Hacking 911: Adventures in Disruption, Destruction, and Death - PDF
• How to Disclose an Exploit Without Getting in Trouble - PDF
• Reverse Engineering Mac Malware - PDF
• NSA Playset: PCIe - PDF
• The Monkey in the Middle: A pentesters guide to playing in traffic. - PDF
• Investigating PowerShell Attacks - PDF
• Is This Your Pipe? Hijacking the Build Pipeline. - PDF
• Screw Becoming A Pentester - When I Grow Up I Want To Be A Bug Bounty Hunter! - PDF
• Home Alone with localhost: Automating Home Defense - PDF
• Meddle: Framework for Piggy-back Fuzzing and Tool Development - PDF
• Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively - PDF White Paper
• One Man Shop: Building an effective security program all by yourself - PDF
• RF Penetration Testing, Your Air Stinks - PDF
• Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin - PDF
• USB for all! - PDF
• ShareEnum: We Wrapped Samba So You Don’t Have To - PDF
• An Introduction to Back Dooring Operating Systems for Fun and Trolling - PDF
• Android Hacker Protection Level 0 - PDF
• Anatomy of a Pentest; Poppin' Boxes like a Pro - PDF
• Bug Bounty Programs Evolution - PDF Extras
• Practical Foxhunting 101 - PDF
• Client-Side HTTP Cookie Security: Attack and Defense - PDF
• Bypass firewalls, application white lists, secure remote desktops under 20 seconds - PDF
• PropLANE: Kind of keeping the NSA from watching you pee - PDF
• Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse - PDF
• Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog - PDF
• Through the Looking-Glass, and What Eve Found There - PDF White Paper
• Summary of Attacks Against BIOS and Secure Boot - PDF
• I am a legend: Hacking Hearthstone with machine learning - PDF
• The Secret Life of Krbtgt - PDF
• The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns - PDF
• Hacking US (and UK, Australia, France, etc.) traffic control systems - PDF
• The Cavalry Year[0] & a Path Forward for Public Safety - PDF
• NSA Playset: DIY WAGONBED Hardware Implant over I2C - PDF
• Abuse of Blind Automation in Security Tools - PDF
• Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go - PDF
• Steganography in Commonly Used HF Radio Protocols - PDF Extras
• Saving Cyberspace by Reinventing File Sharing - PDF
• Empowering Hackers to Create a Positive Impact - PDF
• Just What The Doctor Ordered? - PDF
• Check Your Fingerprints: Cloning the Strong Set - PDF
• Shellcodes for ARM: Your Pills Don't Work on Me, x86 - PDF
• Blowing up the Celly - Building Your Own SMS/MMS Fuzzer - PDF
• Mass Scanning the Internet: Tips, Tricks, Results - PDF
• Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering - PDF
• Saving the Internet (for the Future) - PDF
• Burner Phone DDOS 2 dollars a day : 70 Calls a Minute - PDF
• Hack All The Things: 20 Devices in 45 Minutes - PDF
• Stolen Data Markets: An Economic and Organizational Assessment - PDF
• Raspberry MoCA - A recipe for compromise - PDF White Paper 1 White Paper 2
• Girl… Fault-Interrupted. - PDF
• Extreme Privilege Escalation On Windows 8/UEFI Systems - PDF White Paper
• NinjaTV - Increasing Your Smart TV’s IQ Without Bricking It - PDF
• Oracle Data Redaction is Broken - PDF
• Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System - PDF
• Catching Malware En Masse: DNS and IP Style - PDF White Paper
• Attacking the Internet of Things using Time - PDF
• Open Source Fairy Dust - PDF
• Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment - PDF White Paper
• Generating ROP payloads from numbers - PDF
• DEF CON Comedy Jam Part VII, Is This The One With The Whales? - PDF
• The NSA Playset: RF Retroreflectors - PDF 1 PDF 2
• VoIP Wars: Attack of the Cisco Phones - PDF
• Playing with Car Firmware or How to Brick your Car - PDF
• Measuring the IQ of your Threat Intelligence feeds - PDF
• Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring - PDF
• Abusing Software Defined Networks - PDF
• NSA Playset : GSM Sniffing - PDF
• Cyberhijacking Airplanes: Truth or Fiction? - PDF
• Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance - PDF
• Detecting and Defending Against a Surveillance State - PDF
• Acquire current user hashes without admin privileges - PDF
• You're Leaking Trade Secrets - PDF
• Veil-Pillage: Post-exploitation 2.0 - PDF
• From Raxacoricofallapatorius With Love: Case Studies In Insider Threat - PDF
• Don't DDoS Me Bro: Practical DDoS Defense - PDF
• Advanced Red Teaming: All Your Badges Are Belong To Us - PDF
• I Hunt TR-069 Admins: Pwning ISPs Like a Boss - PDF
• The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State - PDF
• A Journey to Protect Points-of-sale - PDF
• Impostor — Polluting Tor Metadata - PDF
• Domain Name Problems and Solutions - PDF White Paper
• Optical Surgery; Implanting a DropCam - PDF
• Manna from Heaven: Improving the state of wireless rogue AP attacks - PDF
• The Open Crypto Audit Project - PDF
• Practical Aerial Hacking & Surveillance - PDF White Paper
• From root to SPECIAL: Pwning IBM Mainframes - PDF
• PoS Attacking the Traveling Salesman - PDF
• Don't Fuck It Up! - PDF

En una de mis webs favoritas acaban de publicar los vídeos de la clase sobre análisis dinámico de malware.

La clase está planificada para 3 días, pero desafortunadamente, debido a un problema técnico, los vídeos del tercer día no están disponibles. De todas formas hay bastante material publicado.

Te puedes descargar todo el material en formato PDF u ODP. Dentro del archivo ZIP, hay otro archivo ZIP con malware, éste ZIP está protegido por la contraseña “infected” (sin las comillas).

El 19 de agosto se dio lugar en San Diego una nueva edición de la USENIX, empezando con los workshops (WOOT ‘14), seguido por la 23 edición del USENIX Security Symposium, durante los tres días siguientes, del 20 al 22.

Aquí tenéis la lista de los workshops celebrados en la USENIX Workshop On Offensive Technology (WOOT) 2014. Podéis hacer click en cada enlace para saber más sobre el workshop y bajaros material del mismo, o si os queréis bajar todo el material de golpe, lo podéis hacer desde este enlace.

Gracias a IronGeek, tenemos disponible de las charlas dadas en la Wireless Village de la edición de este año de Defcon.

• Intro
• So ya wanna get into SDR? - Russell Handorf
• Pentoo Primer - Village People
• 802.11ac Evolution: Data rates and Beamforming - Eric Johnson
• Practical Foxhunting 101 - SimonJ
• Pwn Phone: gg next map - Timothy Mossey
• Hacking 802.11 Basics - Benjamin Smith
• UAV-Assisted Three-Dimensional Wireless Assessments - Scott Pack & Dale Rowe
• Manna from Heaven; Improving the state of wireless rogue AP attacks - Dominic White & Ian de Villiers
• ApiMote: a tool for speaking 802.15.4 dialects and frame injection - Ryan Speers & Sergey Bratus
• Pineapple Abductions - Craig Young
• Choosing your next antenna, types, power, sizes, the truth. - Raul J Plà
• Introduction to the Nordic nRF24L01+ - Larry Pesce
• Driver-less Wireless Devices - Dominic Spill & Dragorn
• Hacking the Wireless World with Software Defined Radio - 2.0 - Balint Seeber
• The NSA Playset: Bluetooth Smart Attack Tools - Mike Ryan
• PortaPack: Is that a HackRF in your pocket? - Jared Boone
• PHYs, MACs, and SDRs - Robert Ghilduta
• SDR Tricks with HackRF - Michael Ossmann
• SDR Unicorns Panel - Robert Ghilduta & Michael Ossmann & Balint Seeber
• Inside The Atheros WiFi Chipset - Adrian Chadd

The Complete iOS 7 Course - Learn by Building 14 Apps es un curso para aprender a programar en el sistema operativo móvil de Apple, iOS 7.

Éste te enseña todo lo que tienes que saber a través de la creación de 14 aplicaciones que irás haciendo durante el mismo. El curso está compuesto por más de 350 vídeos!! en los que te muestran paso a paso todos los detalles del mismo. iOS 7 no es la última versión de iOS, pero seguro que casi todo el contenido del mismo es aplicable a iOS 8.

Cada vez son más los dispositivos que salen al mercado con procesadores ARM. No sólo teléfonos móviles y tabletas, sino dispositivos embebidos y pequeños como Raspberry Pi, Beaglebone, etc también incorporan dicha arquitectura.

Si estás interesado en aprender más sobre ARM, este tutorial está dividido en dos partes: Introduction to ARM y Efficient C for ARM.

El índice de la primera parte: Introduction to ARM, es el siguiente:

• Start
• Why Learn Assembly Language?
• Not a Trivial Mapping
• Instruction Sets
• Registers
• Program Counter
• Instruction Syntax
• Organisation
• Movement
• Arithmetic Instructions
• Logical Instructions
• Compare Instructions
• Barrel Shifter
• Operand2
• Immediate Values
• Branch Instructions
• Conditional Execution
• Multiply Instructions
• Single Register Data Transfer
• Addressing Modes
• Multiple Register Data Transfer
• The Stack
• A Call Chain
• Task One
• Task One - Answers
• Task Two
• Task Two - Answers
• Thumb
• Interworking
• Thumb Example
• Thumb-2
• ARM Ltd.
• Tools
• Applications
• ARM Architecture
• Early Architectures
• Architecture 4
• Architecture 5
• Architecture 6
• Architecture 7
• Summary of current ARM cores
• What’s inside various devices?
• Test
• Books

• Start
• Efficiency
• Before Tuning...
• Optimising
• Profilers
• Stuff That’s Slow on ARM
• Floating Point
• Division and Modulus
• Unaligned Data Access
• Bools
• Bitfields
• Padding
• Hoisting
• Data Drive
• Avoid Array Indexing
• Pointer Aliasing
• Pointer Chains
• Sentinels
• Loop Unrolling
• C Data Types
• Memory Access
• Local Variable Types
• Function Argument Types
• Taking a Variable’s Address
• Looping Structures
• Register Allocation
• Function Calls
• Small Functions
• Biasing Values
• Unsigned Ranges
• Base Pointer Optimisation
• References

A continuación os dejo la lista de los vídeos (algunos con su correspondiente presentación) la conferencia sobre seguridad informática CONFidence 2014. Ésta se celebro los días 27 y 28 de mayo.

El material publicado es el siguiente:

• 50 Shades of RED: Stories from the “Playroom” - Video
• NSA for dummies …methods to break RSA - Video
• Scaling Security - Video
• ATMs – We kick their ass - Video - Slides
• Bitcoin Forensics: Fact or Fiction? - Video - Slides
• Shameful secrets of proprietary protocols - Video - Slides
• Evaluation of Transactional Controls in e-Banking Systems - Video - Slides
• All your SAP P@$$w0ЯdZ belong to us - Video - Slides
• Protecting Big Data at Scale - Video - Slides
• Security Implications of the Cross-Origin Resource Sharing - Video - Slides
• Asymmetric Defense “Using your home-field advantage” - Video - Slides
• Preventing violation of memory safety in C/C++ software - Video - Slides
• On the battlefield with the Dragons – the interesting and surprising CTF challenges - Video - Slides
• SCADA deep inside: protocols and security mechanisms - Video - Slides
• Exploring treasures of 77FEh - Video - Slides
• The Tale of 100 CVE’s - Video - Slides
• Hacking the Czech Parliament via SMS - Video

Los organizadores de la HOPE X han puesto disponible el audio de todas las charlas que se dieron lugar. Si quieres los vídeos, puedes comprarlos online.

HOPE X se dio lugar en Nueva York los pasados 18-20 de julio.

Aquí como de costumbre os dejamos las lista con todas las charlas:

• A Conversation with Edward Snowden - 16kbps - 128kbps
• Keynote Address – Daniel Ellsberg - 16kbps - 128kbps
• The Hacker Wars – A Conversation with NSA Whistleblower Thomas Drake - 16kbpsThe Hacker Wars - 128kbps
• #radBIOS: Yelling a Database across the Room - 16kbps - 128kbps
• (Geo)location, Location, Location: Technology and Countermeasures for Mobile Location Surveillance - 16kbps - 128kbps
• A Beautiful Mosaic: How to Use FOIA to Fight Secrecy, Explore History, and Strengthen American Democracy - 16kbps - 128kbps
• A Sea of Parts - 16kbps - 128kbps
• A Story of Self Publishing Success - 16kbps - 128kbps
• Apophenia: Hunting for the Ghost in the Machine - 16kbps - 128kbps
• Are You Ready to SIP the Kool-Aid? - 16kbps - 128kbps
• Art under Mass Surveillance - 16kbps - 128kbps
• Ask the EFF – This Year on the Internet - 16kbps - 128kbps
• Barrett Brown and Anonymous: Persecution of Information Activists - 16kbps - 128kbps
• Biohacking and DIYbiology North of the 45th Parallel - 16kbps - 128kbps
• Bless the Cops and Keep Them Far from Us: Researching, Exploring, and Publishing Findings While Staying out of Legal Trouble - 16kbps - 128kbps
• Blinding The Surveillance State - 16kbps - 128kbps
• Bootkits: Step-by-Step - 16kbps - 128kbps
• Bringing Down the Biological System: How Poisons Hack the Body - 16kbps - 128kbps
• Building an Open Source Cellular Network at Burning Man - 16kbps - 128kbps
• Can You Patent Software? - 16kbps - 128kbps
• Closing Ceremonies - 16kbps - 128kbps
• Codesigning Countersurveillance - 16kbps - 128kbps
• Community Infrastructure for FOSS Projects - 16kbps - 128kbps
• Community Owned and Operated Cellular Networks in Rural Mexico - 16kbps - 128kbps
• Crypto for Makers: Projects for the BeagleBone, Pi, and AVRs - 16kbps - 128kbps
• Cultures of Open Source: A Cross-Cultural Analysis - 16kbps - 128kbps
• Cyber Security in Humanitarian Projects as a Social Justice Issue - 16kbps - 128kbps
• Dark Mail - 16kbps - 128kbps
• Disruptive Wearable Technology - 16kbps - 128kbps
• DIY Usability Research: A Crash Course in Guerrilla Data Gathering - 16kbps - 128kbps
• Drop It Like It’s Hot: Secure Sharing and Radical OpSec for Investigative Journalists - 16kbps - 128kbps
• Echoes of Returns Lost: The History of The Telecom Digest - 16kbps - 128kbps
• Electric Waste Orchestra: Learning and Teaching Music, Electronics, Programming, and Repurposing - 16kbps - 128kbps
• Elevator Hacking: From the Pit to the Penthouse - 16kbps - 128kbps
• Ergonomic Human Interface Hacking - 16kbps - 128kbps
• Ethical Questions and Best Practices for Service Providers in the Post-Snowden Era - 16kbps - 128kbps
• Fuckhackerfucks! An Audience Bashing - 16kbps - 128kbps
• G-code: The Programming Language of Machining and 3D Printers - 16kbps - 128kbps
• Hacking Money, from Alexander the Great to Zerocoin - 16kbps - 128kbps
• Hacking the Patent System: The Vulnerabilities That Allow for Bad Patents and How to Stop Them - 16kbps - 128kbps
• Hearses and Hand-Held Calculators: The Unlikely Connections That Shaped Modern Technology and Tech Culture - 16kbps - 128kbps
• How to Prevent Security Afterthought Syndrome - 16kbps - 128kbps
• HTTP Must Die - 16kbps - 128kbps
• I Am The Cavalry: Lessons Learned Fuzzing the Chain of Influence - 16kbps - 128kbps
• Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices - 16kbps - 128kbps
• Jumping the Carbon-Silicon Boundary for Fun and (Mostly) Profit - 16kbps - 128kbps
• Keeping Old Code Alive: The Venerable LambdaMOO Server in 2014 - 16kbps - 128kbps
• Lessons Learned from Implementing Real Life Whistleblowing Platforms - 16kbps - 128kbps
• Lockpicking, a Primer - 16kbps - 128kbps
• Media, Popular Misconceptions, and the CSI Effect – What Does It Mean for InfoSec and Tech Policy? - 16kbps - 128kbps
• Movie: “Algorithm” - 16kbps - 128kbps
• Movie: “Die Gstettensaga: The Rise of Echsenfriedl” - 16kbps - 128kbps
• Movie: “The Internet’s Own Boy: The Story of Aaron Swartz” - 16kbps - 128kbps
• Movie: “War on Whistleblowers: Free Press and the National Security State” - 16kbps - 128kbps
• North Korea – Using Social Engineering and Concealed Electronic Devices to Gather Information in the World’s Most Restrictive Nation - 16kbps - 128kbps
• Obfuscation and its Discontents: DIY Privacy from Card Swap to Browser Hack - 16kbps - 128kbps
• Per Speculum In Ænigmate - 16kbps - 128kbps
• Postprivacy: A New Approach to Thinking about Life in the Digital Sphere - 16kbps - 128kbps
• PRISM-Proof Email: Why Email Is Insecure and How We Are Fixing It - 16kbps - 128kbps
• Privacy-Friendly Hypertext? Do Not Track, Privacy Badger, and the Advertising-Funded Web - 16kbps - 128kbps
• Project PM: Crowdsourcing Research of the Cyber-Intelligence Complex - 16kbps - 128kbps
• Reverse Engineering – Unlocking the Locks - 16kbps - 128kbps
• Rickrolling Your Neighbors with Google Chromecast - 16kbps - 128kbps
• Screening: “Nowhere to Hide” (working title: “Rambam Gets His Man”) - 16kbps - 128kbps
• SecureDrop: A WikiLeaks in Every Newsroom - 16kbps - 128kbps
• Securing a Home Router - 16kbps - 128kbps
• Shortwave Pirate Radio and Oddities of the Spectrum - 16kbps - 128kbps
• Showing Keys in Public – What Could Possibly Go Wrong? - 16kbps - 128kbps
• Skeuomorphic Steganography - 16kbps - 128kbps
• Social Engineering - 16kbps - 128kbps
• Solve the Hard Problem - 16kbps - 128kbps
• Spy Improv: Ask Me Anything - 16kbps - 128kbps
• SSL++: Tales of Transport-Layer Security at Twitter - 16kbps - 128kbps
• Steepest Dissent: Small Scale Digital Fabrication - 16kbps - 128kbps
• Stupid Whitehat Tricks - 16kbps - 128kbps
• Surveillance, Sousveillance, and Anti-Surveillance: Artistic Responses to Watching - 16kbps - 128kbps
• Teaching Electronic Privacy and Civil Liberties to Government - 16kbps - 128kbps
• Technology and Jamming of XKEYSCORE - 16kbps - 128kbps
• The Hidden World of Game Hacking - 16kbps - 128kbps
• The Internet Society Speaks – The History, Futures, and Alternate Directions of the Internet and Its Governance - 16kbps - 128kbps
• The Many Faces of LockSport - 16kbps - 128kbps
• The Repair Movement - 16kbps - 128kbps
• The Science of Surveillance - 16kbps - 128kbps
• The Sex Geek as Culture Hacker - 16kbps - 128kbps
• The Web Strikes Back – Fighting Mass Surveillance with Open Standards - 16kbps - 128kbps
• This Is the X You Are Looking For - 16kbps - 128kbps
• Threat Modeling and Security Test Planning - 16kbps - 128kbps
• Thwarting the Peasants: A Guided and Rambunctious Tour Through the 2600 DeCSS Legal Files - 16kbps - 128kbps
• Travel Hacking with The Telecom Informer - 16kbps - 128kbps
• Unmasking a CIA Criminal - 16kbps - 128kbps
• Updates from the Online Identity Battlefield - 16kbps - 128kbps
• Usable Crypto: New Progress in Web Cryptography - 16kbps - 128kbps
• Using Travel Routers to Hide in Safety - 16kbps - 128kbps
• Vigilante Justice: Masks, Guns, and Networks - 16kbps - 128kbps
• Visualization for Hackers: Why It’s Tricky, and Where to Start - 16kbps - 128kbps
• When Confidentiality and Privacy Conflict - 16kbps - 128kbps
• When Whistleblowers Are Branded as Spies: Edward Snowden, Surveillance, and Espionage - 16kbps - 128kbps
• When You Are the Adversary - 16kbps - 128kbps
• Why the Future is Open Wireless - 16kbps - 128kbps
• Will It Blend? How Evil Software Clogs the Pipes - 16kbps - 128kbps
• Wireless Meshnets: Building the Next Version of the Web - 16kbps - 128kbps
• You’ve Lost Privacy, Now They’re Taking Anonymity (aka Whistleblowing is Dead – Get Over It) - 16kbps - 128kbps
• Your Right to Whisper: LEAP Encryption Access Project - 16kbps - 128kbps