(IN) Secure Magazine, Diciembre 2016

Último número de la fantástica revista gratuita sobre seguridad (IN) Secure Magazine que podéis descargar en PDF o leer directamente desde su página web: (IN) Secure Magazine Número 52, Diciembre 2016 De paso puedes también echarle un vistazo a números anteriores.
Leer más

Vídeos de App Sec USA 2016

Ya están disponibles los vídeos de las presentaciones de App Sec USA 2016 Cleaning Your Applications' Dirty Laundry with Scumblr - AppSecUSA 2016 Everything is Terrible: Three Perspectives on Building, Configuring, and Securing Software HTTPS & TLS in 2016: Security practices from the front lines - AppSecUSA 2016 Justin Collins - Practical Static Analysis for Continuous Application Security - AppSecUSA 2016 Using language-theoretics and runtime visibility to align AppSec with DevOps - AppSecUSA 2016 Manideep Konakandla - Breaking and Fixing your ‘Docker’ ized environments - AppSecUSA 2016 Chris Gates & Ken Johnson - DevOops: Redux - AppSecUSA 2016 Zane Lackey - Practical tips for web application security in the age of agile and DevOps Chenxi Wang - Protect Containerized Applications With System Call Profiling - AppSecUSA 2016 Scaling Security Assessment at the Speed of DevOps - AppSecUSA 2016 Yair Amit - The Ways Hackers Are Taking To Win The Mobile Malware Battle - AppSecUSA 2016 Your License for Bug Hunting Season - AppSecUSA 2016 When encryption is not enough: Attacking Wearable - AppSecUSA 2016 Jimmy Mesta - Containerizing your Security Operations Center - AppSecUSA 2016 Practical Tips For Running A Successful Bug Bounty Program - AppSecUSA 2016 Simon Thorpe - Why using SMS in the authentication chain is risky - AppSecUSA 2016 Marco Lancini - Needle: Finding Issues within iOS Applications - AppSecUSA 2016 Patterns of Authentication and Self-Announcement in IoT - AppSecUSA 2016 [AUDIO] Should there be an Underwriters Laboratories certification for software in IoT products?
Leer más

Presentaciones de Black Hat Europe 2016

Ya se encuentran disponibles las presentaciones de otra de las ediciones de Black Hat, la edición europea de 2016 en este caso. (Pen)Testing Vehicles with CANToolz eu-16-Sintsov-Pen-Testing-Vehicles-With-Cantoolz.pdf 50 Thousand Needles in 5 Million Haystacks: Understanding Old Malware Tricks to Find New Malware Families eu-16-Valeros-50-Thousand-Needles-In-5-Million-Haystacks-Understanding-Old-Malware-Tricks-To-Find-New-Malware-Families.pdf AI based Antivirus: Can AlphaAV Win the Battle in which Man Has Failed? eu-16-Wang-AI-Based-Antivirus-Can-Alphaav-Win-The-Battle-In-Which-Man-Has-Failed.pdf Another Brick Off the Wall: Deconstructing Web Application Firewalls Using Automata Learning eu-16-Argyros-Another-Brick-Off-The-Wall-Deconstructing-Web-Application-Firewalls-Using-Automata-Learning.
Leer más

Presentaciones de Ruxcon 2016

Ya podemos acceder a las presentaciones de Ruxcon Security Conference 2016: Windows Metafiles: An Analysis of the EMF Attack Surface & Recent Vulnerabilities Forcing A Targeted LTE Cellphone Into An Unsafe Network $hell on Earth: From Browser to System Compromise Demystifying the Secure Enclave Processor Strolling into Ring-0 via I/O Kit Drivers Rainbow Over the Windows: More Colors Than You Could Expect Hacker-Machine Interface - State of the Union for SCADA HMI Vulnerabilities Breaking out of QEMU Make iOS App more Robust and Security through Fuzzing Exploiting COF Vulnerabilities In The Linux Kernel Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets Firmware Biopsy: Towards Taming The Lunacy Leaking Windows Kernel Pointers FRAPL - Next Generation Reverse Engineering Framework Documented to Fail Writing Malware While The Blue Team Is Staring At You Fighting Metamorphism using Deep Neural Network with Fourier On Her Majesty’s Secret Service – GRX and a Spy Agency Orbiting The Saturn: Investigating A Decades-Old DRM System Make Event Tracing Great Again
Leer más

Golosas iniciativas de Incibe en #CyberCamp16 para programadores

Incibe, el instituto sobre ciberseguridad español, celebra de su segundo evento anual sobre ciberseguridad CyberCamp del 1 al 4 de diciembre en León, España. Este año, edición 16, trae dos nuevas iniciativas: novedades en el Hackathon y un torneo sobre desarrollo de software seguro. Un Hackathon o “maratón de hacking”, es una actividad que está muy de moda en los círculos de la programación y el desarrollo de software. Esto no es necesariamente una competición, de hecho muchos grupos de desarrolladores se reúnen de forma mensual o cada X tiempo, para desarrollar aplicaciones para la comunidad, empresas sin ánimo de lucro, etc.
Leer más

Vídeos de DEF CON 24

Junto con las presentaciones de DEF CON 24, ya también tenemos acceso a los vídeos: WIFI 204 Insteon, Inste off, Inste open WIFI 202 Evil ESP WIFI 201 WCTF Day 2 Kickoff WIFI 105 Introducing the HackMeRF WIFI 104 Handing Full Control of the Radio Spectrum Over to the Machines WIFI 103 How Do IBLE Hacking WIFI 102 Decoding LoRa Exploring Next Gen Wireless WIFI 101 Wireless Capture the Flag Inbrief Weaponizing Data Science for Social Engineering Automated E2E spear phishing on Twit weaponize your feature codes VLAN hopping, ARP poisoning & MITM Attacks in Virtualized Environments Use Their Machines Against Them Loading Code with a Copier Universal Serial aBUSe Remote physical access attacks toxic proxies bypassing HTTPS and VPNs to pwn your online identity The Remote Metamorphic Engine Detecting, Evading, Attacking the AI and Reverse Engin the next gen of emergency ph0nage T1 Jeopardy 2 T1 Jeopardy 1 Stumping the Mobile Chipset sticky keys to the kingdom Stargate Pivoting Through VNC To Own Internal Networks so you think you want to be a pentester Slouching Towards Utopia The State of the Internet Dream Sk3wlDbg Emulating all well many of the things with Ida Six Degrees of Domain Admin Side channel attacks on high security electronic safe locks sentient storage do ssd's have a mind of their own secure penetration testing operations SE 301 The Live SE Podcast SE 205 Advanced Social Engineering Techniques and The Rise of Cyber Scam Industrial SE 204 How to Un Work your job Revolutionism Radicals, and Engineering by Committee SE 203 SCAM CALL Call Dropped SE 202 Total Fail and Bad Mistakes I've Made a Few SE 201 Human Hacking You ARE the weakest link SE 105 You are being manipulated SE 104 US Interrogation Techniques and Social Engineering SE 103 7 Jedi Mind Tricks Influence Your Target without a Word SE 102 The Wizard of Oz Painting a reality through deception SE 101 Does Cultural differences become a barrier for social engineering Samsung Pay Tokenized Numbers, Flaws and Issues Robot Hacks Video Games How TASBot Exploits Consoles with Custom Controllers Retweet to win How 50 lines of Python made me the luckiest guy on Twitter Research on the Machines Help the FTC Protect Privacy & Security real time bluetooh device detection with blue hydra propaganda and you Project CITL Playing Through the Pain The Impact of Secrets and Dark Knowledge Platform Agnostic Kernel Fuzzing pin2pwn How to Root an Embedded Linux Box with a Sewing Needle Picking Bluetooth Low Energy Locks from a Quarter Mile Away phishing without failure and frustration PH 301 Packet Hacking Village, Block 5 PH 202 Packet Hacking Village, Block 4 PH 201 Packet Hacking Village, Block 3 PH 102 Packet Hacking Village, Block 2 PH 101 Packet Hacking Village, Block 1 network protocol reverse engineering Mr Robot Panel MouseJack Injecting Keystrokes into Wireless Mice mouse jiggler offense and defense malware command and control channels a journey into darkness Maelstrom are you plaing with a full deck Machine Duping Pwning deep learning systems LOCK 302 Sesame Style Pad Locks LOCK 203 Intro to LockpickingPower LOCK 202 Intro to LockpickingPower LOCK 201 Intro to LockpickingDuffley LOCK 104 Intro to Lock PickingFitzhugh LOCK 102 Locking Picking 101 LOCK 101 Locking Picking 101 Light Weight Protocol!
Leer más

Vídeos de Black Hat USA 2016

Ya también están disponibles de los vídeos de Black Hat USA 2016, así como el material presentado: Why This Internet Worked How We Could Lose It and the Role Hackers Play A Journey From JNDI/LDAP Manipulation to Remote Code Execution Dream Land The Art of Defense - How Vulnerabilities Help Shape Security Features and Mitigations in Android Call Me: Gathering Threat Intelligence on Telephony Scams to Detect Fraud Applied Machine Learning for Data Exfil and Other Fun Topics Canspy: A Platform for Auditing Can Devices Dangerous Hare: Hanging Attribute References Hazards Due to Vendor Customization Over the Edge: Silently Owning Windows 10's Secure Browser How to Make People Click on a Dangerous Link Despite Their Security Awareness Certificate Bypass: Hiding and Executing Malware From a Digitally Signed Executable Pay No Attention to That Hacker Behind the Curtain: A Look Inside the Black Hat Network Drone Attacks on Industrial Wireless: A New Front in Cyber Security Hackproofing Oracle Ebusiness Suite Using Undocumented CPU Behavior to See Into Kernel Mode and Break Kaslr in the Process Gattacking Bluetooth Smart Devices - Introducing a New BLE Proxy Tool Measuring Adversary Costs to Exploit Commercial Software Removing Roadblocks to Diversity HEIST: HTTP Encrypted Information Can Be Stolen Through TCP-Windows Memory Forensics Using Virtual Machine Introspection for Cloud Computing Secure Penetration Testing Operations: Demonstrated Weaknesses in Learning Material and Tools Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Towards a Holistic Approach in Building Intelligence to Fight Crimeware Subverting Apple Graphics: Practical Approaches to Remotely Gaining Root The Remote Malicious Butler Did It!
Leer más

Presentaciones de LinuxCon Europa 2016

Del 4 al 6 de octubre se ha celebrado la LinuxCon edición Europa en Berlín, Alemania. Como puedes imaginar ésta, es una conferencia alrededor del kernel de Linux. Desde la web de la Fundación Linux puedes acceder a dichas presentaciones, que a continuación listo: Linux Kernel Security Update Ceph and Flash Efficient kernel backporting Making More Open: Creating open source infrastructure for your open source project Flowgrind: a TCP traffic generator for developers Efficient unit test and fuzz tools for kernel/libc porting Adding CPU frequency scaling for your ARM platform to Linux kernel entry_*.
Leer más

Material de Black Hat USA 2016

Para pasar las tardes de verano, ya tenemos disponible la mayoría del material presentado en Black Hat USA 2016: $hell on Earth: From Browser to System Compromise us-16-Molinyawe-Shell-On-Earth-From-Browser-To-System-Compromise.pdf 1000 Ways to Die in Mobile OAuth us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth.pdf us-16-Tian-1000-Ways-To-Die-In-Mobile-OAuth-wp.pdf A Journey from JNDI/LDAP Manipulation to Remote Code Execution Dream Land us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf A Lightbulb Worm? us-16-OFlynn-A-Lightbulb-Worm.pdf us-16-OFlynn-A-Lightbulb-Worm-wp.pdf Abusing Bleeding Edge Web Standards for AppSec Glory us-16-Zadegan-Abusing-Bleeding-Edge-Web-Standards-For-AppSec-Glory.pdf Access Keys Will Kill You Before You Kill the Password us-16-Simon-Access-Keys-Will-Kill-You-Before-You-Kill-The-Password.
Leer más

Vídeos de Shmoocon 2016

Ya tenemos disponibles los vídeos de la última edición de Shmoocon, conferencia de seguridad que se celebra en Washington DC. 0wn The Con Ask the EFF Attack On Titans AVLeak: Turning Antivirus Emulators Inside Out Be Free Little Guardbunny Breaking Bulbs Briskly By Bogus Broadcasts 1 Building an Encyclopedia of Malware Configs (to punch miscreants) Closing Plenary: Information Security Programs in Academia Compressed Context Analytical Results For Computer Vision Containing an Attack with Linux Containers and AppArmor/SELinux Crypto and Quantum and Post Quantum Exploiting Memory Corruption Gatekeeper Exposed Hacking The Wireless World Hiding From The Investigator Keynote Address LostPass: Pixel-perfect LastPass Phishing LTE Security & Protocol Exploits Making Milware My Hash Is My Passport No Easy Breach Online No One Knows You're Dead Opening Remarks Rumblings Ruminatons Rants OSX Vulnerability Research and Why We Wrote Our Own Debugger P G Ohst Exploitation Penetration Testing Custom Tls Stacks Resistance Is Futile Reverse Engineering Wireless Scada Systems Software Security By The Numbers Speak Security And Enter Static Malware & Smtp Fail Analysis The Road to SYSTEM: Recycling Old Vulnerabilities for Unpatched Privilege Escalation and A New Network Attack #thingswikfound #omarax What Is It, And Why You May Care This Message Will Self Destruct In 10 Seconds Users Are People Too: How to Make Your Tools Not Suck for Humans Using The Algebraic Eraser To Secure Low Power Devices Where Do The Phishers Live You Ain't Seen Nothing Yet
Leer más