Cyberhades

Audio de las charlas de la HOPE X

Los organizadores de la HOPE X han puesto disponible el audio de todas las charlas que se dieron lugar. Si quieres los vídeos, puedes comprarlos online.

HOPE X se dio lugar en Nueva York los pasados 18-20 de julio.

Aquí como de costumbre os dejamos las lista con todas las charlas:

A Conversation with Edward Snowden - 16kbps - 128kbps
Keynote Address Daniel Ellsberg - 16kbps - 128kbps
The Hacker Wars A Conversation with NSA Whistleblower Thomas Drake - 16kbps The Hacker Wars - 128kbps
#radBIOS: Yelling a Database across the Room - 16kbps - 128kbps
(Geo)location, Location, Location: Technology and Countermeasures for Mobile Location Surveillance - 16kbps - 128kbps
A Beautiful Mosaic: How to Use FOIA to Fight Secrecy, Explore History, and Strengthen American Democracy - 16kbps - 128kbps
A Sea of Parts - 16kbps - 128kbps
A Story of Self Publishing Success - 16kbps - 128kbps
Apophenia: Hunting for the Ghost in the Machine - 16kbps - 128kbps
Are You Ready to SIP the Kool-Aid? - 16kbps - 128kbps
Art under Mass Surveillance - 16kbps - 128kbps
Ask the EFF This Year on the Internet - 16kbps - 128kbps
Barrett Brown and Anonymous: Persecution of Information Activists - 16kbps - 128kbps
Biohacking and DIYbiology North of the 45th Parallel - 16kbps - 128kbps
Bless the Cops and Keep Them Far from Us: Researching, Exploring, and Publishing Findings While Staying out of Legal Trouble - 16kbps - 128kbps
Blinding The Surveillance State - 16kbps - 128kbps
Bootkits: Step-by-Step - 16kbps - 128kbps
Bringing Down the Biological System: How Poisons Hack the Body - 16kbps - 128kbps
Building an Open Source Cellular Network at Burning Man - 16kbps - 128kbps
Can You Patent Software? - 16kbps - 128kbps
Closing Ceremonies - 16kbps - 128kbps
Codesigning Countersurveillance - 16kbps - 128kbps
Community Infrastructure for FOSS Projects - 16kbps - 128kbps
Community Owned and Operated Cellular Networks in Rural Mexico - 16kbps - 128kbps
Crypto for Makers: Projects for the BeagleBone, Pi, and AVRs - 16kbps - 128kbps
Cultures of Open Source: A Cross-Cultural Analysis - 16kbps - 128kbps
Cyber Security in Humanitarian Projects as a Social Justice Issue - 16kbps - 128kbps
Dark Mail - 16kbps - 128kbps
Disruptive Wearable Technology - 16kbps - 128kbps
DIY Usability Research: A Crash Course in Guerrilla Data Gathering - 16kbps - 128kbps
Drop It Like Its Hot: Secure Sharing and Radical OpSec for Investigative Journalists - 16kbps - 128kbps
Echoes of Returns Lost: The History of The Telecom Digest - 16kbps - 128kbps
Electric Waste Orchestra: Learning and Teaching Music, Electronics, Programming, and Repurposing - 16kbps - 128kbps
Elevator Hacking: From the Pit to the Penthouse - 16kbps - 128kbps
Ergonomic Human Interface Hacking - 16kbps - 128kbps
Ethical Questions and Best Practices for Service Providers in the Post-Snowden Era - 16kbps - 128kbps
Fuckhackerfucks! An Audience Bashing - 16kbps - 128kbps
G-code: The Programming Language of Machining and 3D Printers - 16kbps - 128kbps
Hacking Money, from Alexander the Great to Zerocoin - 16kbps - 128kbps
Hacking the Patent System: The Vulnerabilities That Allow for Bad Patents and How to Stop Them - 16kbps - 128kbps
Hearses and Hand-Held Calculators: The Unlikely Connections That Shaped Modern Technology and Tech Culture - 16kbps - 128kbps
How to Prevent Security Afterthought Syndrome - 16kbps - 128kbps
HTTP Must Die - 16kbps - 128kbps
I Am The Cavalry: Lessons Learned Fuzzing the Chain of Influence - 16kbps - 128kbps
Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices - 16kbps - 128kbps
Jumping the Carbon-Silicon Boundary for Fun and (Mostly) Profit - 16kbps - 128kbps
Keeping Old Code Alive: The Venerable LambdaMOO Server in 2014 - 16kbps - 128kbps
Lessons Learned from Implementing Real Life Whistleblowing Platforms - 16kbps - 128kbps
Lockpicking, a Primer - 16kbps - 128kbps
Media, Popular Misconceptions, and the CSI Effect What Does It Mean for InfoSec and Tech Policy? - 16kbps - 128kbps
Movie: Algorithm - 16kbps - 128kbps
Movie: Die Gstettensaga: The Rise of Echsenfriedl - 16kbps - 128kbps
Movie: The Internets Own Boy: The Story of Aaron Swartz - 16kbps - 128kbps
Movie: War on Whistleblowers: Free Press and the National Security State - 16kbps - 128kbps
North Korea Using Social Engineering and Concealed Electronic Devices to Gather Information in the Worlds Most Restrictive Nation - 16kbps - 128kbps
Obfuscation and its Discontents: DIY Privacy from Card Swap to Browser Hack - 16kbps - 128kbps
Per Speculum In Ænigmate - 16kbps - 128kbps
Postprivacy: A New Approach to Thinking about Life in the Digital Sphere - 16kbps - 128kbps
PRISM-Proof Email: Why Email Is Insecure and How We Are Fixing It - 16kbps - 128kbps
Privacy-Friendly Hypertext? Do Not Track, Privacy Badger, and the Advertising-Funded Web - 16kbps - 128kbps
Project PM: Crowdsourcing Research of the Cyber-Intelligence Complex - 16kbps - 128kbps
Reverse Engineering Unlocking the Locks - 16kbps - 128kbps
Rickrolling Your Neighbors with Google Chromecast - 16kbps - 128kbps
Screening: Nowhere to Hide (working title: Rambam Gets His Man) - 16kbps - 128kbps
SecureDrop: A WikiLeaks in Every Newsroom - 16kbps - 128kbps
Securing a Home Router - 16kbps - 128kbps
Shortwave Pirate Radio and Oddities of the Spectrum - 16kbps - 128kbps
Showing Keys in Public What Could Possibly Go Wrong? - 16kbps - 128kbps
Skeuomorphic Steganography - 16kbps - 128kbps
Social Engineering - 16kbps - 128kbps
Solve the Hard Problem - 16kbps - 128kbps
Spy Improv: Ask Me Anything - 16kbps - 128kbps
SSL++: Tales of Transport-Layer Security at Twitter - 16kbps - 128kbps
Steepest Dissent: Small Scale Digital Fabrication - 16kbps - 128kbps
Stupid Whitehat Tricks - 16kbps - 128kbps
Surveillance, Sousveillance, and Anti-Surveillance: Artistic Responses to Watching - 16kbps - 128kbps
Teaching Electronic Privacy and Civil Liberties to Government - 16kbps - 128kbps
Technology and Jamming of XKEYSCORE - 16kbps - 128kbps
The Hidden World of Game Hacking - 16kbps - 128kbps
The Internet Society Speaks The History, Futures, and Alternate Directions of the Internet and Its Governance - 16kbps - 128kbps
The Many Faces of LockSport - 16kbps - 128kbps
The Repair Movement - 16kbps - 128kbps
The Science of Surveillance - 16kbps - 128kbps
The Sex Geek as Culture Hacker - 16kbps - 128kbps
The Web Strikes Back Fighting Mass Surveillance with Open Standards - 16kbps - 128kbps
This Is the X You Are Looking For - 16kbps - 128kbps
Threat Modeling and Security Test Planning - 16kbps - 128kbps
Thwarting the Peasants: A Guided and Rambunctious Tour Through the 2600 DeCSS Legal Files - 16kbps - 128kbps
Travel Hacking with The Telecom Informer - 16kbps - 128kbps
Unmasking a CIA Criminal - 16kbps - 128kbps
Updates from the Online Identity Battlefield - 16kbps - 128kbps
Usable Crypto: New Progress in Web Cryptography - 16kbps - 128kbps
Using Travel Routers to Hide in Safety - 16kbps - 128kbps
Vigilante Justice: Masks, Guns, and Networks - 16kbps - 128kbps
Visualization for Hackers: Why Its Tricky, and Where to Start - 16kbps - 128kbps
When Confidentiality and Privacy Conflict - 16kbps - 128kbps
When Whistleblowers Are Branded as Spies: Edward Snowden, Surveillance, and Espionage - 16kbps - 128kbps
When You Are the Adversary - 16kbps - 128kbps
Why the Future is Open Wireless - 16kbps - 128kbps
Will It Blend? How Evil Software Clogs the Pipes - 16kbps - 128kbps
Wireless Meshnets: Building the Next Version of the Web - 16kbps - 128kbps
Youve Lost Privacy, Now Theyre Taking Anonymity (aka Whistleblowing is Dead Get Over It) - 16kbps - 128kbps
Your Right to Whisper: LEAP Encryption Access Project - 16kbps - 128kbps

Material de la Black Hat USA 2014

Como muchos ya sabréis Black Hat USA 2014 se celebró la semana pasada, 2-7 agosto, como de costumbre en Las Vegas. Para los que no tuvieran la fortuna de haber asistido a esta conferencia, al menos podréis disfrutar del material que se presentó en las charlas, y que os enlazo a continuación:

Cybersecurity as Realpolitik geer.blackhat.6viii14.txt
48 Dirty Little Secrets Cryptographers Don't Want You To Know
802.1x and Beyond!
A Journey to Protect Points-of-Sale us-14-Valtman-A-Journey-To-Protect-Point-Of-Sale.pdf
A Practical Attack Against VDI Solutions us-14-Brodie-A-Practical-Attack-Against-VDI-Solutions-WP.pdf
A Scalable, Ensemble Approach for Building and Visualizing Deep Code-Sharing Networks Over Millions of Malicious Binaries us-14-Saxe.pdf us-14-Saxe-Tool.zip
A Survey of Remote Automotive Attack Surfaces
Abuse of CPE Devices and Recommended Fixes us-14-Spring-Abuse-Of-CPE-Devices-And-Recommended-Fixes-WP.pdf us-14-Spring-Abuse-Of-CPE-Devices-And-Recommended-Fixes.pdf
Abusing Microsoft Kerberos: Sorry You Guys Don't Get It
Abusing Performance Optimization Weaknesses to Bypass ASLR
Android FakeID Vulnerability Walkthrough us-14-Forristal-Android-FakeID-Vulnerability-Walkthrough.pdf
APT Attribution and DNS Profiling us-14-Li-APT-Attribution-And-DNS-Profiling-WP.pdf us-14-Li-APT-Attribution-And-DNS-Profiling.pdf
Attacking Mobile Broadband Modems Like a Criminal Would us-14-Lindh-Attacking-Mobile-Broadband-Modems-Like-A-Criminal-Would-WP.pdf us-14-Lindh-Attacking-Mobile-Broadband-Modems-Like-A-Criminal-Would.pdf
Babar-ians at the Gate: Data Protection at Massive Scale
Badger - The Networked Security State Estimation Toolkit us-14-Rogers-Badger-The-Networked-Security-State-Estimation-Toolkit.pdf
BadUSB - On Accessories that Turn Evil
Bitcoin Transaction Malleability Theory in Practice us-14-Chechik-Bitcoin-Transaction-Malleability-Theory-In-Practice.pdf us-14-Chechik-Malleability-Tool-Tool.zip
Breaking the Security of Physical Devices
Bringing Software Defined Radio to the Penetration Testing Community us-14-Picod-Bringing-Software-Defined-Radio-To-The-Penetration-Testing-Community-WP.pdf us-14-Picod-Bringing-Software-Defined-Radio-To-The-Penetration-Testing-Community.pdf
Building Safe Systems at Scale - Lessons from Six Months at Yahoo
Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering us-14-Johns-Call-To-Arms-A-Tale-Of-The-Weaknesses-Of-Current-Client-Side-XSS-Filtering-WP.pdf us-14-Johns-Call-To-Arms-A-Tale-Of-The-Weaknesses-Of-Current-Client-Side-XSS-Filtering.pdf
Capstone: Next Generation Disassembly Framework
Catching Malware En Masse: DNS and IP Style us-14-Mahjoub-Catching-Malware-En-Masse-DNS-And-IP-Style-WP.pdf us-14-Mahjoub-Catching-Malware-En-Masse-DNS-And-IP-Style.pdf
Cellular Exploitation on a Global Scale: The Rise and Fall of the Control Protocol
CloudBots: Harvesting Crypto Coins Like a Botnet Farmer
Computrace Backdoor Revisited us-14-Kamluk-Computrace-Backdoor-Revisited-WP.pdf us-14-Kamlyuk-Kamluk-Computrace-Backdoor-Revisited.pdf
Contemporary Automatic Program Analysis
Creating a Spider Goat: Using Transactional Memory Support for Security us-14-Muttik-Creating-A-Spider-Goat-Using-Transactional-Memory-Support-For-Securitypdf.pdf
Data-Only Pwning Microsoft Windows Kernel: Exploitation of Kernel Pool Overflows on Microsoft Windows 8.1 us-14-Tarakanov-Data-Only-Pwning-Microsoft-Windows-Kernel-Exploitation-Of-Kernel-Pool-Overflows-On-Microsoft-Windows-8.1.pdf
Defeating the Transparency Feature of DBI us-14-Li-Defeating-The-Transparency-Feature-Of-DBI.pdf
Digging for IE11 Sandbox Escapes us-14-Forshaw-Digging-For_IE11-Sandbox-Escapes.pdf us-14-Forshaw-Digging-For-IE11-Sandbox-Escapes-Tool.zip
Dynamic Flash Instrumentation for Fun and Profit
Epidemiology of Software Vulnerabilities: A Study of Attack Surface Spread
Evasion of High-End IPS Devices in the Age of IPv6 us-14-Atlasis-Evasion-Of-HighEnd-IPS-Devices-In-The-Age-Of-IPv6-WP.pdf us-14-Atlasis-Evasion-Of-HighEnd-IPS-Devices-In-The-Age-Of-IPv6.pdf
Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
Exposing Bootkits with BIOS Emulation us-14-Haukli-Exposing-Bootkits-With-BIOS-Emulation-WP.pdf us-14-Haukli-Exposing-Bootkits-With-BIOS-Emulation.pdf
Extreme Privilege Escalation on Windows 8/UEFI Systems us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems-WP.pdf us-14-Kallenberg-Extreme-Privilege-Escalation-On-Windows8-UEFI-Systems.pdf
Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces us-14-Mulliner-Finding-And-Exploiting-Access-Control-Vulnerabilities-In-Graphical-User-Interfacess-WP.pdf us-14-Mulliner-Finding-And-Exploiting-Access-Control-Vulnerabilities-In-Graphical-User-Interfaces.pdf us-14-Mulliner-Finding-And-Exploiting-Access-Control-Vulnerabilities-In-Graphical-User-Interfaces-Tool.zip
Fingerprinting Web Application Platforms by Variations in PNG Implementations us-14-Bongard-Fingerprinting-Web-Application-Platforms-By-Variations-In-PNG-Implementations-WP.pdf us-14-Bongard-Fingerprinting-Web-Application-Platforms-By-Variations-In-PNG-Implementations.pdf
From Attacks to Action - Building a Usable Threat Model to Drive Defensive Choices
Full System Emulation: Achieving Successful Automated Dynamic Analysis of Evasive Malware us-14-Kruegel-Full-System-Emulation-Achieving-Successful-Automated-Dynamic-Analysis-Of-Evasive-Malware-WP.pdf us-14-Kruegel-Full-System-Emulation-Achieving-Successful-Automated-Dynamic-Analysis-Of-Evasive-Malware.pdf
Governments As Malware Authors: The Next Generation us-14-Hypponen-Goverments-As-Malware-Authors.pdf
GRR: Find All the Badness, Collect All the Things us-14-Castle-GRR-Find-All-The-Badness-Collect-All-The-Things-WP.pdf us-14-Castle-GRR-Find-All-The-Badness-Collect-All-The-Things.pdf
Hacking the Wireless World with Software Defined Radio - 2.0 us-14-Seeber-Hacking-The-Wireless-World-With-Software-Defined-Radio-2.0.pdf
How Smartcard Payment Systems Fail us-14-Anderson-How_Smartcard-Payment-Systems-Fail.pdf
How to Leak a 100-Million-Node Social Graph in Just One Week? - A Reflection on Oauth and API Design in Online Social Networks us-14-Hu-How-To-Leak-A100-Million-Node-Social-Graph-In-Just-One-Week-WP.pdf us-14-Hu-How-To-Leak-A100-Million-Node-Social-Graph-In-Just-One-Week.pdf
How to Wear Your Password us-14-Jakobsson-How-To-Wear-Your-Password-WP.pdf us-14-Jakobsson-How-To-Wear-Your-Password.pdf
I Know Your Filtering Policy Better than You Do: External Enumeration and Exploitation of Email and Web Security Solutions us-14-Williams-I-Know-Your-Filtering-Policy-Better-Than-You-Do-WP.pdf us-14-Williams-I-Know-Your-Filtering-Policy-Better-Than-You-Do.pdf
ICSCorsair: How I Will PWN Your ERP Through 4-20 mA Current Loop us-14-Bolshev-ICSCorsair-How-I-Will-PWN-Your-ERP-Through-4-20mA-Current-Loop-WP.pdf us-14-Bolshev-ICSCorsair-How-I-Will-PWN-Your-ERP-Through-4-20mA-Current-Loop.pdf
Internet Scanning - Current State and Lessons Learned us-14-Schloesser-Internet-Scanning-Current-State-And-Lessons-Learned.pdf
Investigating PowerShell Attacks us-14-Kazanciyan-Investigating-Powershell-Attacks-WP.pdf us-14-Kazanciyan-Investigating-Powershell-Attacks.pdf
It Just (Net)works: The Truth About iOS 7's Multipeer Connectivity Framework
Learn How to Control Every Room at a Luxury Hotel Remotely: The Dangers of Insecure Home Automation Deployment
Leviathan: Command and Control Communications on Planet Earth us-14-Geers-Leviathan-Command-And-Control-Communications-On-Planet-Earth-WP.pdf us-14-Geers-Leviathan-Command-And-Control-Communications-On-Planet-Earth.pdf
Lifecycle of a Phone Fraudster: Exposing Fraud Activity from Reconnaissance to Takeover Using Graph Analysis and Acoustical Anomalies us-14-Balasubramaniyan-Lifecycle-Of-A-Phone-Fraudster-WP.pdf us-14-Balasubramaniyan-Lifecycle-Of-A-Phone-Fraudster.pdf
Miniaturization us-14-Larsen-Miniturization-WP.pdf us-14-Larsen-Miniturization.pdf
Mission mPOSsible
Mobile Device Mismanagement
MoRE Shadow Walker: The Progression of TLB-Splitting on x86 us-14-Torrey-MoRE-Shadow-Walker-The-Progression-Of-TLB-Splitting-On-x86-WP.pdf us-14-Torrey-MoRE-Shadow-Walker-The-Progression-Of-TLB-Splitting-On-x86.pdf
Multipath TCP: Breaking Today's Networks with Tomorrow's Protocols us-14-Pearce-Multipath-TCP-Breaking-Todays-Networks-With-Tomorrows-Protocols-WP.pdf us-14-Pearce-Multipath-TCP-Breaking-Todays-Networks-With-Tomorrows-Protocols.pdf us-14-Pearce-Multipath-TCP-Breaking-Todays-Networks-With-Tomorrows-Protocols-Tool.zip
My Google Glass Sees Your Passwords! us-14-Fu-My-Google-Glass-Sees-Your-Passwords-WP.pdf us-14-Fu-My-Google-Glass-Sees-Your-Passwords.pdf
Network Attached Shell: N.A.S.ty Systems that Store Network Accessible Shells
"Nobody is Listening to Your Phone Calls." Really? A Debate and Discussion on the NSA's Activities
One Packer to Rule Them All: Empirical Identification, Comparison, and Circumvention of Current Antivirus Detection Techniques us-14-Mesbahi-One-Packer-To-Rule-Them-All-WP.pdf us-14-Mesbahi-One-Packer-To-Rule-Them-All.pdf
OpenStack Cloud at Yahoo Scale: How to Avoid Disaster
Oracle Data Redaction is Broken
Pivoting in Amazon Clouds us-14-Riancho-Pivoting-In-Amazon-Clouds-WP.pdf us-14-Riancho-Pivoting-In-Amazon-Clouds.pdf us-14-Riancho-Nimbostratus-Target-Tool.zip us-14-Riancho-Nimbostratus-Tool.zip
Poacher Turned Gamekeeper: Lessons Learned from Eight Years of Breaking Hypervisors us-14-Wojtczuk-Poacher-Turned-Gamekeeper-Lessons_Learned-From-Eight-Years-Of-Breaking-Hypervisors.pdf
Point of Sale System Architecture and Security us-14-Zaichkowsky-Point-Of-Sale System-Architecture-And-Security.pdf
Prevalent Characteristics in Modern Malware us-14-Branco-Prevalent-Characteristics-In-Modern-Malware.pdf
Probabilistic Spying on Encrypted Tunnels us-14-Niemczyk-Probabilist-Spying-On-Encrypted-Tunnels.pdf us-14-Niemczyk-Pacumen.tar-Tool.gz
Protecting Data In-Use from Firmware and Physical Attacks us-14-Weis-Protecting-Data-In-Use-From-Firmware-And-Physical-Attacks-WP.pdf us-14-Weis-Protecting-Data-In-Use-From-Firmware-And-Physical-Attacks.pdf
Pulling Back the Curtain on Airport Security: Can a Weapon Get Past TSA? us-14-Rios-Pulling-Back-The-Curtain-On-Airport-Security.pdf
RAVAGE - Runtime Analysis of Vulnerabilities and Generation of Exploits us-14-Wang-RAVAGE-Runtime-Analysis-Of-Vulnerabilities-And-Generation-Of-Exploits.pdf
Reflections on Trusting TrustZone us-14-Rosenberg-Reflections-On-Trusting-TrustZone-WP.pdf us-14-Rosenberg-Reflections-on-Trusting-TrustZone.pdf
Researching Android Device Security with the Help of a Droid Army
Reverse Engineering Flash Memory for Fun and Benefit us-14-Oh-Reverse-Engineering-Flash-Memory-For-Fun-And-Benefit-WP.pdf us-14-Oh-Reverse-Engineering-Flash-Memory-For-Fun-And-Benefit.pdf
Reverse-Engineering the Supra iBox: Exploitation of a Hardened MSP430-Based Device
SAP, Credit Cards, and the Bird that Talks Too Much us-14-Arsal-SAP-Credit-Cards-And-The-Bird-That-Talks-Too-Much.pdf
SATCOM Terminals: Hacking by Air, Sea, and Land us-14-Santamarta-SATCOM-Terminals-Hacking-By-Air-Sea-And-Land-WP.pdf us-14-Santamarta-SATCOM-Terminals-Hacking-By-Air-Sea-And-Land.pdf
Saving Cyberspace us-14-Healey-Saving-Cyberspace-WP.pdf us-14-Healey-Saving-Cyberspace.pdf
SecSi Product Development: Techniques for Ensuring Secure Silicon Applied to Open-Source Verilog Projects us-14-FitzPatrick-SecSi-Product-Development-WP.pdf us-14-FitzPatrick-SecSi-Product-Development.pdf
Secure Because Math: A Deep-Dive on Machine Learning-Based Monitoring us-14-Pinto-Secure-Because-Math-A-Deep-Dive-On-Machine-Learning-Based-Monitoring-WP.pdf
Sidewinder Targeted Attack Against Android in the Golden Age of Ad Libs us-14-Wei-Sidewinder-Targeted-Attack-Against-Android-In-The-Golden-Age-Of-Ad-Libs.pdf
Smart Nest Thermostat: A Smart Spy in Your Home us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home-WP.pdf us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home.pdf
Static Detection and Automatic Exploitation of Intent Message Vulnerabilities in Android Applications
Stay Out of the Kitchen: A DLP Security Bake-Off
SVG: Exploiting Browsers without Image Parsing Bugs
The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques
The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP
The Big Chill: Legal Landmines that Stifle Security Research and How to Disarm Them
The Devil Does Not Exist - The Role of Deception in Cyber us-14-Mateski-The-Devil-Does-Not-Exist-The-Role-Of-Deception-In-Cyber.pdf
The Library of Sparta us-14-Raymond-The-Library-Of-Sparta-WP.pdf us-14-Raymond-The-Library-Of-Sparta.pdf
The New Page of Injections Book: Memcached Injections us-14-Novikov-The-New-Page-Of-Injections-Book-Memcached-Injections-WP.pdf us-14-Novikov-The-New-Page-Of-Injections-Book-Memcached-Injections-WP.pdf
The New Scourge of Ransomware: A Study of CryptoLocker and Its Friends
The State of Incident Response
Thinking Outside the Sandbox - Violating Trust Boundaries in Uncommon Ways us-14-Gorenc-Thinking-Outside-The-Sandbox-Violating-Trust-Boundaries-In-Uncommon-Ways-WP.pdf us-14-Gorenc-Thinking-Outside-The-Sandbox-Violating-Trust-Boundaries-In-Uncommon-Ways.pdf
Threat Intelligence Library - A New Revolutionary Technology to Enhance the SOC Battle Rhythm!
Time Trial: Racing Towards Practical Timing Attacks us-14-Mayer-Time-Trial-Racing-Towards-Practical-Timing-Attacks-WP.pdf us-14-Mayer-Time-Trial-Racing-Towards-Practical-Timing-Attackss.pdf
Understanding IMSI Privacy
Understanding TOCTTOU in the Windows Kernel Font Scaler Engine
Unveiling the Open Source Visualization Engine for Busy Hackers us-14-Hay-Unveiling-The-Open-Source-Visualization-Engine-For-Busy-Hackers-WP.pdf us-14-Hay-Unveiling-The-Open-Source-Visualization-Engine-For-Busy-Hackers.pdf us-14-Hay-OpenGraphiti-Black-Hat-2014-Release-Tool.zip
Unwrapping the Truth: Analysis of Mobile Application Wrapping Solutions
VoIP Wars: Attack of the Cisco Phones us-14-Ozavci-VoIP-Wars-Attack-Of-The-Cisco-Phones.pdf us-14-Ozavci-Viproy-1.9.0-Tool.zip
What Goes Around Comes Back Around - Exploiting Fundamental Weaknesses in Botnet C&C Panels! us-14-Sood-What-Goes-Around-Comes-Back-Around-Exploiting-Fundamental-Weaknesses-In-Botnet-C&C-Panels-WP.pdf us-14-Sood-What-Goes-Around-Comes-Back-Around-Exploiting-Fundamental-Weaknesses-In-Botnet-C&C-Panels.pdf
When the Lights Go Out: Hacking Cisco EnergyWise us-14-Luft-When-The-Lights-Go-Out-Hacking-Cisco-EnergyWise-WP.pdf us-14-Luft-When-The-Lights-Go-Out-Hacking-Cisco-EnergyWise.pdf us-14-Luft-When-The-Lights-Go-Out-Hacking-Cisco-EnergyWise-Tool.zip
Why Control System Cyber-Security Sucks... us-14-Luders-Why-Control-System-Cyber-Security-Sucks.pdf
Why You Need to Detect More Than PtH us-14-Hathaway-Why-You-Need-To-Detect-More-Than-PtH-WP.pdf us-14-Hathaway-Why-You-Need-To-Detect-More-Than-PtH.pdf
Windows Kernel Graphics Driver Attack Surface us-14-vanSprundel-Windows-Kernel-Graphics-Driver-Attack-Surface.pdf
Write Once, Pwn Anywhere

Er docu der finde: The Internet's own boy - La historia de Aaron Swartz (subtitulado)

No olvides activar los subtítulos (captions) en español.

Banda sonora oficial de DEF CON 22

Otro año, otra DEF CON, más música, más hacking, más, más… La DEF CON 22 ya tiene banda sonora, disponible de forma totalmente gratuita como en años anteriores, aunque siempre puedes ponerle precio y así reconocer y agradecer el trabajo a sus autores.

Las pistas están disponibles en Gravitas Recordings. Puedes escuchar las canciones online o bien descargarlas para poder escucharlas en cualquier momento sin tener que estar conectado a internet. Esta la lista de las pistas:

Si te gusta la informática, vas a adorar Halt and Catch Fire

Si no has visto la serie Halt and Catch Fire, deja todo lo que estés haciendo y busca la manera de verla, te aseguro que no te arrepentirás.

Parte del argumento principal está basado en un hecho real, la ingeniería inversa realizada por los chicos de Compaq (Cardif en la serie) para clonar la BIOS del IBM PC (en nuestro libro tenemos todo un capítulo dedicado a esta espectacular historia de la informática), hecho que fue la clave para la situación actual del mercado de ordenadores. Sí,sí, ese es el argumento ... ¿qué más necesitas?

Gran colección de recursos enfocado al análisis del código binario

REMath es un repositorio en Github que contiene una gran lista de recursos relacionados con el análisis de código binario o máquina.

Dicha lista es bastante amplia, y contiene desde documentos académicos con lo último en investigaciones en este campo, hasta herramientas bien conocidas. Para que tengas una idea de lo que puedes encontrar en el mismo, os dejo las secciones en las que se divide la lista:

Er docu der finde: Las conexiones de la ingeniería, El Formula 1

Conversor de códigos de operación a instrucciones ensamblador online

Hemos visto en otras ocasiones desensambladores y ensambladores online que no permiten tanto escribir nuestro código como el subir un fichero binario y obtener el resultado. En este caso la herramienta de la que os hablo, por ahora, sólo nos permite escribir código en hexadecimal (opcodes - códigos de operación), y ésta la convierte a las instrucciones ensamblador a las que dichos códigos corresponden.

La herramienta se llama CEnigma y usa el framework de desensamblado quizás más moderno, Capstone. Gracias a ello, CEnigma es capaz de convertir nuestra entrada a 8 arquitecturas distintas: Arm, Arm64 (Armv8), Mips, PowerPC, Sparc, SystemZ, XCore & Intel, con distintos modos dependiendo de la arquitectura elegida.

Vídeos de la Hack In Paris 2014

Ya se encuentran disponibles los vídeos de las charlas dadas en la conferencia sobre seguridad informática Hack In Paris 2014.

La lista es la siguiente:

Presentaciones de la SyScan+360 2014

Si te interesaron las charlas de la SyScan+360 de este año 2014, ya las puedes descargar desde su web. No están todas, pero las que están tienen buena pinta (parece que sólo faltan 3).

Esta es la lista de las que están disponibles: