Presentaciones de Ruxcon 2015

Aquí tenéis la lista de las presentaciones que se han publicados de Ruxcon 2015: DNS as a Defense Vector High Performance Fuzzing The New South Wales iVote System: Security Failures and Verification Flaws in a Live Online Election MalwAirDrop: Compromising iDevices via AirDrop Broadcasting Your Attack: Security Testing DAB Radio In Cars Windows 10: 2 Steps Forward, 1 Step Back Practical Intel SMEP Bypass Techniques on Linux Advanced SOHO Router Exploitation Why Attacker's Toolsets Do What They Do SDN Security Window Driver Attack Surface: Some New Insights Abusing Adobe Reader¹s JavaScript APIs High-Def Fuzzing: Exploring Vulnerabilities in HDMI-CEC VoIP Wars: Destroying Jar Jar Lync VENOM Fruit Salad, yummy yummy: An analysis of ApplePay A Peek Under The Blue Coat Automated Malware Analysis: A Behavioural Approach to Automated Unpacking Tasty Malware Analysis with T.
Leer más

Material de SecTor 2015

Ya está disponible el material (vídeos y diapositivas) de SecTor 2015. Maturing InfoSec: Lessons from Aviation on Information Sharing - Slides Automation is your Friend: Embracing SkyNet to Scale Cloud Security - Video Breaking Access Controls with BLEKey - Video Breaking and Fixing Python Applications - Video Slides Tools Complete Application Ownage via Multi-POST XSRF - Video Confessions of a Professional Cyber Stalker - Video Cymon - An Open Threat Intelligence System - Video Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing - Slides Hijacking Arbitrary .
Leer más

Material de HITB Singapur 2015

Ha sido publicado el material de la Hack In The Box de Singapur de este año 2015: CLOSING NOTE - Dhillon Kannabhiran.pdf D1 - Alfonso De Gregorio - Extortion and Cooperation in the Zero%c2%ad-Day Market.pdf D1 - Chris Rouland - Understanding the IoT from DC to 10Ghz.pdf D1 - Dawid Czagan - Hacking Cookies in Modern Web Applications and Browsers.pdf D1 - Julien Lenoir - Implementing Your Own Generic Unpacker.
Leer más

Material de Hack.lu 2015

El material presentado en Hack.lu 2015 ya está disponible, incluido el material usado en el taller sobre radare2: 2015-10-20-SEKOIA-Keynote Internet of Tchotchke-v1.0.pdf 2015-10-21-Keynote-Hack-lu-Marie-Moe.pdf Crowdsourced_Malware_Triage_-_Workshop.pdf Draw-me-a-LocalKernelDebuger.pdf HT_Android_hack_lu2015_v1.0.pdf Hacklu2015-SecurityDesignAndHigh-RiskUsers-4.3.pdf MahsaAlimardani-MobileApplicationsinIran.pdf Practical_Spear_Phishing.pdf Security_of_Virtual_Desktop_Infrastructures-Maxime_Clementz-Simon_Petitjean.pdf They Hate Us Cause They Ain't Us.pdf TotallySpies.pdf Trusting_files__and_their_formats___1_.pdf Trusting files (and their formats).pdf Why Johnny can’t Unpack-22.10.2015_lu_edition.key crema-hacklu.pdf fitbit-hacklu-slides.pdf forging_the_usb_armory.pdf hacklu15_enovella_reversing_routers.pdf hacklu2015_qkaiser_hownottobuildanevotingsystem.pdf key-logger-video-mouse.pdf keys_where_we_re_going_we_dont_need_keys.zip logos/ metabrik-framework.pdf mispsummit/ radare2-workshop-slides.pdf radare2-workshop/ stegosploit_hacklu2015.pdf
Leer más

Presentaciones y vídeos de BruCON 0x07 - 2015

Ya se encuentran disponibles las presentaciones y los vídeos de BruCON 0x07 (2015). Creating REAL Threat Intelligence ... with Evernote - L. Grecs (slides) Unified DNS View to Track Threats - Dhia Mahjoub & Thomas Mathew Desired state: compromised - Ryan Kazanciyan & Matt Hastings (slides) Shims For The Win - Willi Ballenthin & Jon Tomczak (slides) Hacking as Practice for Transplanetary Life in the 21st Century - Richard Thieme CVE-Search - Alexandre Dulaunoy & Pieter-Jan Moreels (slides) OSXCollector: Automated forensic evidence collection & analysis for OS X - Kuba Sendor (slides) Keynote - Looking Forward - Finding the right balance for INFOSEC - David Kennedy (slides) Advanced WiFi Attacks using Commodity Hardware - Mathy Vanhoef (slides) The .
Leer más

Material de LinuxCon Europe 2015

Ya podemos descargarnos las diapositivas (PDFs) de las presentaciones de la LinuxCon Europe 2015 celebrada a principios de este mes de octubre. IoTivity Core Framework: Features & Opportunities IoT Meets Security Creating IoT Demos with IoTivity Container mechanics in rkt and Linux TC: Traffic Control Measuring and reducing crosstalk between virtual machines Introduction to GPUs and the Free Software Graphics Stack At-Scale Datacenters and the Demand for New Storage Architectures Reducing Latency for Linux Transport Maximum Performance: How to get it and how to avoid pitfalls Linux Performance Profiling and Monitoring Introducing the Industrial IIO subsystem - the home of sensor drivers Deadline scheduler in the audio domain Secure server Network Analysis: People and Open Source Communities Challenges in Distributed SDN Portable Linux Lab - a novel approach to teaching programming in schools BitRot detection in GlusterFS How to Thoroughly Insult and Offend People in Your Open Source Communities, or “Your #$%@ $%@&ing Sucks and I $%@&ing Hate It"
Leer más

Vídeos de GrrCON 2015

Una vez más desde la web de IronGeek podemos ver los vídeos que se han publicado de la edición de este año de GrrCON, conferencia anual sobre seguridad celebrada en Michigan los pasados 9 y 10 de octubre. Subject matter to be determined by the number of federal agents present in the audience Chris Roberts Breaking in Bad (I,m The One Who Doesn,t Knock) Jayson Street Process The Salvation of Incident Response - Charles Herring But Can They Hack?
Leer más

Vídeos de Black Hat USA 2015

Y después del material, ya podemos acceder también a los vídeos de las presentaciones de Black Hat USA 2015: ZigBee Exploited The Good, The Bad, And The Ugly WSUSpect Compromising The Windows Enterprise Via Windows Update Writing Bad @$$ Malware For OS X Winning The Online Banking War Why Security Data Science Matters & How It's Different Pitfalls And Promises Of Why Security Data Science Matters & How It's Different Pitfalls And Promises Of When IoT Attacks Hacking A Linux Powered Rifle Web Timing Attacks Made Practical Using Static Binary Analysis To Find Vulnerabilities And Backdoors In Firmware Unicorn Next Generation CPU Emulator Framework Understanding The Attack Surface & Attack Resilience Of Project Spartan's New E Understanding And Managing Entropy Usage TrustKit Code Injection On IOS 8 For The Greater Good ThunderStrike 2 Sith Strike THIS IS DeepERENT Tracking App Behaviors With Nothing Changed Phone These're Not Your Grand Daddy's CPU Performance Counters CPU Hardware Performa The Tactical Application Security Program Getting Stuff Done The NSA Playset A Year Of Toys And Tools The Node js Highway Attacks Are At Full Throttle The Memory Sinkhole Unleashing An X86 Design Flaw Allowing Universal Privilege The Little Pump Gauge That Could Attacks Against Gas Pump Monitoring Systems The Lifecycle Of A Revolution The Kali Linux Dojo Workshop #2 Kali USB Setups With Persistent Stores & LUKS N The Kali Linux Dojo Workshop #1 Rolling Your Own Generating Custom Kali Linux 2 The Battle For Free Speech On The Internet The Applications Of Deep Learning On Traffic Identification Taxonomic Modeling Of Security Threats In Software Defined Networking Targeted Takedowns Minimizing Collateral Damage Using Passive DNS Taking Event Correlation With You Take A Hacker To Work Day How Federal Prosecutors Use The CFAA Switches Get Stitches Subverting Satellite Receivers For Botnet And Profit Stranger Danger!
Leer más

Vídeos del Chaos Communication Camp 2015

Para cualquier profesional en el campo de la seguridad informática, el verano no es precisamente la temporada para desconectar, si no todo lo contrario, es la época del año en la que te tienes que poner las botas y absorber toda la información que puedas, sobre todo de las grandes conferencias sobre seguridad que acontecen alrededor del mundo. En este caso hablamos de Chaos Communication Camp, una conferencia veraniega organizada por miembros del CCC (Chaos Communication Club), que cómo sabemos, éste se celebra una de las mejores conferencias del mundo a finales de diciembre.
Leer más

Material de USENIX 24 y sus talleres: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS

La organización sobre computación avanzada USENIX, celebra su 24 simposio sobre seguridad. Dicho evento termina hoy, pero el contenido de las charlas ya se encuentran disponibles: Post-Mortem of a Zombie: Conficker Cleanup After Six Years - Paper Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World - Paper Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem - Paper Under-Constrained Symbolic Execution: Correctness Checking for Real Code - Paper TaintPipe: Pipelined Symbolic Taint Analysis - Paper Type Casting Verification: Stopping an Emerging Attack Vector - Paper All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS - Paper Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS - Paper Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Paper Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception - Paper Control-Flow Bending: On the Effectiveness of Control-Flow Integrity - Paper Automatic Generation of Data-Oriented Exploits - Paper Protocol State Fuzzing of TLS Implementations - Paper Verified Correctness and Security of OpenSSL HMAC - Paper Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation - Paper To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections - Paper De-anonymizing Programmers via Code Stylometry - Paper RAPTOR: Routing Attacks on Privacy in Tor - Paper Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services - Paper SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization - Paper Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer - Paper Trustworthy Whole-System Provenance for the Linux Kernel - Paper Securing Self-Virtualizing Ethernet Devices - Paper EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning - Paper Marionette: A Programmable Network Traffic Obfuscation System - Paper CONIKS: Bringing Key Transparency to End Users - Paper Investigating the Computer Security Practices and Needs of Journalists - Paper Constants Count: Practical Improvements to Oblivious RAM - Paper Raccoon: Closing Digital Side-Channels through Obfuscated Execution - Paper M2R: Enabling Stronger Privacy in MapReduce Computation - Paper Measuring Real-World Accuracies and Biases in Modeling Password Guessability - Paper Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound - Paper Android Permissions Remystified: A Field Study on Contextual Integrity - Paper Phasing: Private Set Intersection Using Permutation-based Hashing - Paper Faster Secure Computation through Automatic Parallelization - Paper The Pythia PRF Service - Paper EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services - Paper Trends and Lessons from Three Years Fighting Malicious Extensions - Paper Meerkat: Detecting Website Defacements through Image-based Object Recognition - Paper Recognizing Functions in Binaries with Neural Networks - Paper Reassembleable Disassembling - Paper How the ELF Ruined Christmas - Paper Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale - Paper You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps - Paper Boxify: Full-fledged App Sandboxing for Stock Android - Paper Cookies Lack Integrity: Real-World Implications - Paper The Unexpected Dangers of Dynamic JavaScript - Paper ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities - Paper Anatomization and Protection of Mobile Apps’ Location Privacy Threats - Paper LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors - Paper PowerSpy: Location Tracking Using Mobile Device Power Analysis - Paper In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services - Paper Bohatei: Flexible and Elastic DDoS Defense - Paper Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge - Paper GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - Paper Thermal Covert Channels on Multi-core Platforms - Paper Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors - Paper Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches - Paper A Placement Vulnerability Study in Multi-Tenant Public Clouds - Paper A Measurement Study on Co-residence Threat inside the Cloud - Paper Towards Discovering and Understanding Task Hijacking in Android - Paper Cashtags: Protecting the Input and Display of Sensitive Data - Paper SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps - Paper UIPicker: User-Input Privacy Identification in Mobile Applications - Paper Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents - Paper WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths - Paper Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits - Paper Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence - Paper A este evento le preceden una serie de talleres enfocados en temas más específicos, también dentro del ámbito de la seguridad informática: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS.
Leer más