Material de Black Hat Asia 2016
- April 2, 2016
- tuxotron
- Devaluing Attack: Disincentivizing Threats Against the Next Billion Devices
- A New CVE-2015-0057 Exploit Technology asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology.pdf asia-16-Wang-A-New-CVE-2015-0057-Exploit-Technology-wp.pdf
- Android Commercial Spyware Disease and Medication asia-16-Saad-Android-Commercial-Spyware-Disease-And-Medication.pdf asia-16-Saad-Android-Commercial-Spyware-Disease-And-Medication-wp.pdf
- Automated Detection of Firefox Extension-Reuse Vulnerabilities
- Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces.pdf asia-16-Costin-Automated-Dynamic-Firmware-Analysis-At-Scale-A-Case-Study-On-Embedded-Web-Interfaces-wp.pdf
- Break Out of the Truman Show: Active Detection and Escape of Dynamic Binary Instrumentation asia-16-Sun-Break-Out-Of-The-Truman-Show-Active-Detection-And-Escape-Of-Dynamic-Binary-Instrumentation.pdf
- Bypassing Browser Security Policies for Fun and Profit asia-16-Baloch-Bypassing-Browser-Security-Policies-For-Fun-And-Profit.pdf asia-16-Baloch-Bypassing-Browser-Security-Policies-For-Fun-And-Profit-wp.pdf
- CANtact: An Open Tool for Automotive Exploitation
- DSCompromised: A Windows DSC Attack Framework asia-16-Kazanciyan-DSCompromised-A-Windows-DSC-Attack-Framework.pdf
- Enterprise Apps: Bypassing the iOS Gatekeeper asia-16-Bashan-Enterprise-Apps-Bypassing-The-iOS-Gatekeeper.pdf asia-16-Bashan-Enterprise-Apps-Bypassing-The-iOS-Gatekeeper-wp.pdf
- Exploiting Linux and PaX ASLR's Weaknesses on 32-bit and 64-bit Systems asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems.pdf asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems-wp.pdf
- Hacking a Professional Drone asia-16-Rodday-Hacking-A-Professional-Drone.pdf
- Hey Your Parcel Looks Bad - Fuzzing and Exploiting Parcel-ization Vulnerabilities in Android asia-16-He-Hey-Your-Parcel-Looks-Bad-Fuzzing-And-Exploiting-Parcelization-Vulnerabilities-In-Android.pdf asia-16-He-Hey-Your-Parcel-Looks-Bad-Fuzzing-And-Exploiting-Parcelization-Vulnerabilities-In-Android-wp.pdf
- I'm Not a Human: Breaking the Google reCAPTCHA asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA.pdf asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf
- Incident Response @ Scale - Building a Next Generation SOC asia-16-Cohen-Incident-Response-At-Scale-Building-A-Next-Generation-SOC.pdf
- Let's See What's Out There - Mapping the Wireless IoT asia-16-Zillner-Complete-Lets-See-Whats-Out-There-Mapping-The-Wireless-IOT.pdf
- Locknote: Conclusions and Key Takeaways from Black Hat Asia 2016
- Multivariate Solutions to Emerging Passive DNS Challenges asia-16-Vixie-Multivariate-Solutions-to-Emerging-Passive-DNS-Challenges.pdf
- Never Trust Your Inputs: Causing 'Catastrophic Physical Consequences' from the Sensor (or How to Fool ADC) asia-16-Bolshev-Never-Trust-Your-Inputs-Causing-Catastrophic-Physical-Consequences-From-The-Sensor.pdf
- NumChecker: A System Approach for Kernel Rootkit Detection and Identification
- PLC-Blaster: A Worm Living Solely in the PLC asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC.pdf asia-16-Spenneberg-PLC-Blaster-A-Worm-Living-Solely-In-The-PLC-wp.pdf
- Practical New Developments in the BREACH Attack asia-16-Karakostas-Practical-New-Developments-In-The-BREACH-Attack.pdf asia-16-Karakostas-Practical-New-Developments-In-The-BREACH-Attack-wp.pdf
- Rapid Radio Reversing asia-16-Ossmann-Rapid-Radio-Reversing.pdf asia-16-Ossmann-Rapid-Radio-Reversing-wp.pdf
- su-a-Cyder: Homebrewing Malware for iOS Like a B0$$! asia-16-Tamir-Su-A-Cyder-Homebrewing-Malware-For-iOS-Like-A-B0SS.pdf
- The Kitchen's Finally Burned Down: DLP Security Bakeoff
- The Perl Jam 2: The Camel Strikes Back asia-16-Rubin-The-Perl-Jam-2-The-Camel-Strikes-Back.pdf
- The Security Wolf of Wall Street: Fighting Crime with High-Frequency Classification and Natural Language Processing asia-16-Reuille-The-Security-Wolf-Of-Wall-Street-Fighting-Crime-With-High-Frequency-Classification-And-Natural-Language-Processing.pdf asia-16-Reuille-The-Security-Wolf-Of-Wall-Street-Fighting-Crime-With-High-Frequency-Classification-And-Natural-Language-Processing-wp.pdf
- The Tactical Application Security Program: Getting Stuff Done asia-16-Scott-Tactical-Application-Security-Program-Getting-Stuff-Done.pdf
Una de las conferencias sobre seguridad referente a nivel mundial, Black Hat, ya ha publicado el material de la edición Asia 2016.
Presentaciones de Troopers 16
- April 2, 2016
- tuxotron
- Opening Keynote
- Hiding your White-Box Designs is Not Enough
- Mind The Gap - Exploit Free Whitelisting Evasion Tactics
- Patch me if you can
- Attacking Next-Generation Firewalls
- Towards a LangSec-aware SDLC
- Preventing vulnerabilities in HANA-based deployments
- QNX: 99 Problems but a Microkernel ain't one!
- An easy way into your multi-million dollar SAP systems: An unknown default SAP account
- unrubby: reversing without reversing
- Imma Chargin Mah Lazer - How to protect against (D)DoS attacks
- Deep-dive into SAP archive file formats
- Crypto code: the 9 circles of testing
- Passive Intelligence Gathering and Analytics - It’s all Just Metadata!
- BetterCrypto: three years in
- The road to secure Smart Cars: ENISA approach
- Medical Device Security: Hack or Hype?
- The Joy of Sandbox Mitigations
- Caring for file formats
- Unpatchable Living with a vulnerable implanted device
- One tool to rule them all - and what can it lead to
- Planes, Trains and Automobiles: The Internet of Deadly Things
Troopers, otra conocida conferencia sobre seguridad con sede en Alemania, ha publicado la mayoría de las presentaciones de la edición de este año (Troopers 16), celebrada el pasado mes de marzo.
Colección de documentos académicos entorno a Ruby
- March 21, 2016
- tuxotron
Personalmente creo firmemente en la educación continua y la lectura es uno de los pilares fundamentales de la misma. De hecho, la lectura en general debería ser parte de nuestra vida.
Leer libros, artículos, blogs, etc es algo que me gusta bastante, pero algo a lo que le tengo amor-odio son lo textos académicos. He leído muchos que he disfrutado y otros que son muy aburridos, quizás porque están llenos de teoría y anotaciones matemáticas que me superan.
Los textos académicos técnicos suelen ser complicados de digerir en muchas ocasiones, por el simple hecho que suelen textos de investigación y por lo tanto se contrastan ideas y/o conceptos nuevos.
Existe una web llamada The Ruby Bibliography en la que se recogen textos públicos de investigación académica (además del famoso Blue book) entorno al lenguaje de programación Ruby. Aunque estos están enfocado a dicho lenguaje, en realidad los conceptos que se tratan son realmente aplicables a lenguajes de programación de este tipo e incluso conceptos de enfoque más general.
La lista tiene buena pinta y hay bastante documentación sobre máquinas virtuales y concurrencia.
Libros
Buscar
Entradas Recientes
- Posts
- Reemplazando la bateria del AirTag
- OpenExpo Europe décima edición, 18 de mayo: El Epicentro de la Innovación y la Transformación Digital
- Docker Init
- Kubernetes para profesionales
- Agenda: OpenExpo Europe 2022 llega el 30 de junio en formato presencial
- Libro 'Manual de la Resilencia', de Alejandro Corletti, toda una referencia para la gestión de la seguridad en nuestros sistemas
- Mujeres hackers en ElevenPaths Radio
- Creando certificados X.509 caducados
- Generador de imágenes Docker para infosec