Skip to main content

DEFCON 25

DEF CON (also written as DEFCON, Defcon or DC) is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada, with the first DEF CON taking place in June 1993.


rss RSS

249
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
DEFCON 25
movies

eye 93

favorite 0

comment 0

At Cloudflare we deal with DDoS attacks every day. Over the years, we've gained a lot of experience in defending from all different kinds of threats. We have found that the largest attacks that cause the internet infrastructure to burn are only possible due to IP spoofing. In this talk we'll discuss what we learned about the L3 (Layer 3 OSI stack) IP spoofing. We'll explain why L3 attacks are even possible in today's internet and what direct and reflected L3 attacks look like. We'll describe...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies

eye 64

favorite 0

comment 0

A judge with preferences for hard core porn, a police officer investigating a cyber-crime, a politician ordering burn out medication - this kind of very personal and private information is on the market. Get sold to who is willing to pay for. In a long time experiment, with the help of some social engineering techniques, we were able to get our hands on the most private data you can find on the internet. Click stream data of three million German citizens. They contain every URL they have looked...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 27

favorite 0

comment 0

High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these skill sets are constantly overlooked for job positions. That group of people is the High Functioning Autistic (HFA) community. Individuals in the high functioning autistic community are often overlooked for job positions due to their social...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 4,024

favorite 1

comment 0

In theme with this year's DEF CON this presentation goes through a 20 year history of exploiting massively multiplayer online role-playing games (MMORPGs). The presentation technically analyzes some of the virtual economy-devastating, low-hanging-fruit exploits that are common in nearly every MMORPG released to date. The presenter, Manfred (@_EBFE), goes over his adventures in hacking online games starting with 1997's Ultima Online and subsequent games such as Dark Age of Camelot, Anarchy...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 55

favorite 0

comment 0

Much of next-gen AV relies on machine learning to generalize to never-before-seen malware. Less well appreciated, however, is that machine learning can be susceptible to attack by, ironically, other machine learning models. In this talk, we demonstrate an AI agent trained through reinforcement learning to modify malware to evade machine learning malware detection. Reinforcement learning has produced game-changing AI's that top human level performance in the game of Go and a myriad of hacked...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 67

favorite 0

comment 0

On April 16 2016, an army of bots stormed upon Wix servers, creating new accounts and publishing shady websites in mass. The attack was carried by a malicious Chrome extension, installed on tens of thousands of devices, sending HTTP requests simultaneously. This "Extension Bot" has used Wix websites platform and Facebook messaging service, to distribute itself among users. Two months later, same attackers strike again. This time they used infectious notifications, popping up on...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 39

favorite 0

comment 0

The security of your bitcoins rests entirely in the security of your private key. Bitcoin hardware wallets help protect against software-based attacks to recover or misuse your key. However, hardware attacks on these wallets are not as well studied. In 2015, Jochen Hoenicke was able to extract the private key from a TREZOR using a simple power analysis technique. While that vulnerability was patched, he suggested the Microcontroller on the TREZOR, which is also the same on the KeepKey, may be...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 27

favorite 0

comment 0

The “Internet of Things” (IoT) is taking over our lives, so we should be constantly questioning the security and integrity of these technologies. As an IoT researcher, this is precisely what I do. During this presentation, I will be sharing details of my day-to-day research, covering the various processes and methodologies around researching (attacking) various IoT technologies that we all use every day. I will be discussing the various structures of an IoT ecosystem and showing how each...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
by DEFCONConference
movies

eye 108

favorite 0

comment 0

Former world chess champion Garry Kasparov has a unique place in history as the proverbial "man" in "man vs. machine" thanks to his iconic matches against the IBM supercomputer Deep Blue. Kasparov walked away from that watershed moment in artificial intelligence history with a passion for finding ways humans and intelligent machines could work together. In the spirit of "if you can't beat'em, join'em," Kasparov has explored that potential for the 20 years since his...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 25, DC25, DC-25, hackers,...
DEFCON 25
movies

eye 29

favorite 0

comment 0

One vulnerability in CSFB (Circuit Switched Fallback) in 4G LTE network will be presented. In the CSFB procedure, we found the authentication step is missing. This results in that an attacker can hijack the victim's communication. We named this attack as 'Ghost Telephonist'. Several exploitations can be made based on this vulnerability. When the call or SMS is not encrypted, or weakly encrypted, the attacker can impersonate the victim to receive the "Mobile Terminated" calls and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 32

favorite 0

comment 0

We all know how vulnerable IoT devices are - but do we know if our home or industrial IoT devices are being attacked or already compromised? This talk focuses on creating an Intrusion Detection System for IoT devices using Wi-Fi to connect to the Internet. We will look at how to automatically fingerprint our IoT devices over the air and detect attacks such as Honeypots, MAC spoofing, DoS etc. We will also see how to do deep packet inspection and learn device behavior over the network (which...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 117

favorite 0

comment 0

DEF CON 24: VNC vulnerabilities, Blue Hydra bluetooth sniffing, making your own DEF CON Black Badge, and the DEF CON DarkNet, this week on Hak5! ------------------------------- Shop: http://www.hakshop.com Support: http://www.patreon.com/threatwire Subscribe: http://www.youtube.com/hak5 Our Site: http://www.hak5.org Contact Us: http://www.twitter.com/hak5 ------------------------------ Dan Tentler (Viss) from Phobos Group talks VNC vulnerabilities - https://phobos.io/...
Topics: Youtube, video, Science & Technology, hak5, hack, hack5, darren kitchen, shannon morse, snubs,...
DEFCON 25
movies

eye 24

favorite 0

comment 0

With 313 million active users and approximately 500 million Tweets sent per day, Twitter has plenty of low-hanging fruit ripe for OSINT picking. Learn from an experienced information professional how to craft advanced searches to retrieve data from this popular social media platform. Understand the search commands that Twitter uses, tips and techniques for extracting data, examine some of the lesser-known features of Twitter, and get a glimpse of some of the resources that work in conjunction...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 34

favorite 0

comment 0

Everything is impossible until it isn't. Every undertaking, defined by the hard limitations at the edges of our possible achievement. Lossless electrical conductivity, human travel beyond the sound 'barrier', running a four-minute mile...each, seen as some unassailable foe until, one-by-one, these milestones were not just approached and then attained, but very often surpassed. With time, these limits transition from the superlative, to the standard, and what once was thought of as impossible,...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 34

favorite 0

comment 0

Since the release of Windows 10 and especially in the Anniversary and Creators Updates, Microsoft has continued to introduce exploit mitigations to the Windows kernel. These include full scale KASLR and blocking kernel pointer leaks. This presentation picks up the mantle and reviews the powerful read and write kernel primitives that can still be leveraged despite the most recent hardening mitigations. The presented techniques include abusing the kernel-mode Window and Bitmap objects, which...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 43

favorite 0

comment 0

Traditional techniques for C2 channels, exfiltration, surveillance, and exploitation are often frustrated by the growing sophistication and prevalence of security protections, monitoring solutions, and controls. Whilst all is definitely not lost, from an attacker's perspective - we constantly see examples of attackers creatively bypassing such protections - it is always beneficial to have more weapons in one's arsenal, particularly when coming up against heavily-defended networks and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 61

favorite 1

comment 0

In this presentation I start off asking the question "How come there are only a handful of BSD security kernel bugs advisories released every year?" and then proceed to try and look at some data from several sources. It should come as no surprise that those sources are fairly limited and somewhat outdated. The presentation then moves on to try and collect some data ourselves. This is done by actively investigating and auditing. Code review, fuzzing, runtime testing on all 3 major BSD...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 42

favorite 1

comment 0

This practical talk is about using OSINT techniques and tools to obtain intelligence from source code. By analyzing the source code, we will profile developers in social networks to see what social networks they use, what they are saying, who they follow, what they like and much more data about them. We will use well-known tools and custom Python scripts to automatize the parsing of source code, analyzing comments for behavior and sentiments, searching for OSINT patterns in code and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 125

favorite 1

comment 0

The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=0O3pwRHYYKg Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 66

favorite 0

comment 0

At risk of appearing like mad scientists, reveling in our latest unholy creation, we proudly introduce you to DeepHack: the open-source hacking AI. This bot learns how to break into web applications using a neural network, trial-and-error, and a frightening disregard for humankind. DeepHack can ruin your day without any prior knowledge of apps, databases - or really anything else. Using just one algorithm, it learns how to exploit multiple kinds of vulnerabilities, opening the door for a host...
Topics: Youtube, video, Science & Technology, DEFCON, DEF CON, DEF CON 25, DEF CON 2017, DC25, hacker,...
DEFCON 25
movies

eye 69

favorite 0

comment 0

Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While most people use Tor to reach ordinary websites more safely, a tiny fraction of Tor traffic makes up what overhyped journalists like to call the "dark web". Tor onion services (formerly known as Tor hidden services) let people run Internet services such as websites in a way where both the service and the people reaching it can get stronger security and privacy. I wrote...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 40

favorite 0

comment 0

How to forensic, how to fuck forensics and how to un-fuck cyber forensics. Defense: WTF is a RoP, why I care and how to detect it statically from memory. Counteract "Gargoyle" attacks. Defense: For one of DEF CON 24's more popular anti-forensics talks (see int0x80 - Anti Forensics). In memory (passive debugging) techniques that allows for covert debugging of attackers (active passive means that we will (try hard to) not use events or methods that facilities are detectable by...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 34

favorite 0

comment 0

Whether you do wide scope pentesting or bounty hunting, domain discovery is the 1st method of expanding your scope. Join Jason as he walks you through his tool chain for discovery including; subdomain scraping, bruteforce, ASN discovery, permutation scanning, automation, and more… Source: https://www.youtube.com/watch?v=NUsJpquFq0Q Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 40

favorite 0

comment 0

Closing Ceremonies Source: https://www.youtube.com/watch?v=Ly7uurZ2d9A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 46

favorite 0

comment 0

What if you could super-charge your web hacking? Not through pure automation (since it can miss so much) but through powerful alerts created from real threat intelligence? What if you had a Burp plugin that did this for you? What if that plugin not only told you where to look for vulns but also gave you curated resources for additional exploitation and methodology? What if you could organize your web hacking methodology inside of your tools? Well, now you do! HUNT is a new Burp Suite extension...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 28

favorite 0

comment 0

In 2015, BBC sponsored Micro:Bit was launched and offered to one million students in the United Kingdom to teach them how to code. This device is affordable and have a lot of features and can be programmed in Python rather than C++ like the Arduino. When we discovered this initiative in 2016, we quickly thought it was possible to turn this tiny device into some kind of super-duper portable wireless attack tool, as it is based on a well-known 2.4GHz RF chip produced by Nordic Semiconductor. It...
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEFCON 25, DEFCON2017, DC25, DEF CON...
DEFCON 25
movies

eye 18

favorite 0

comment 0

You are on the inside of the perimeter. And maybe you want to exfiltrate data, download a tool, or execute commands on your command and control server (C2). Problem is - the first leg of connectivity to your C2 is denied. Your DNS and ICMP traffic is being monitored. Access to your cloud drives is restricted. You've implemented domain fronting for your C2 only to discover it is ranked low by the content proxy, which is only allowing access to a handful of business related websites on the...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 20

favorite 0

comment 0

Secure multiparty computation is about jointly computing a function while keeping each parties inputs secret. This comes off as an esoteric area of cryptography, but the goal of this talk is to introduce you to the core concepts through a history of the topic. I will conclude by demoing an implementation of an example protocol I implemented. Source: https://www.youtube.com/watch?v=AfWRDgOBMQU Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 22

favorite 0

comment 0

The current consensus within the security industry is that high-assurance systems cannot tolerate the presence of compromised hardware components. In this talk, we challenge this perception and demonstrate how trusted, high-assurance hardware can be built from untrusted and potentially malicious components. The majority of IC vendors outsource the fabrication of their designs to facilities overseas, and rely on post-fabrication tests to weed out deficient chips. However, such tests are not...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 29

favorite 0

comment 0

Get out your rollerblades, plug in your camo keyboard, and fire up your BLT drive. It's 25 years later and we're still hacking the planet. The Exploitee.rs are back with new 0day, new exploits and more fun. Celebrating a quarter century of DEF CON the best way we know how: hacking everything! Our presentation will showcase vulnerabilities discovered during our research into thousands of dollars of IoT gear performed exclusively for DEF CON. We will be releasing all the vulnerabilities during...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 44

favorite 0

comment 0

802.11ac networks present a significant challenge for scalable packet sniffing and analysis. With projected speeds in the Gigabit range, USB Wi-Fi card based solutions are now obsolete! In this workshop, we will look at how to build a custom monitoring solution for 802.11ac using off the shelf access points and open source software. Our "Hacker Gadget" will address 802.11ac monitoring challenges such as channel bonding, DFS channels, spatial streams and high throughput data rates. We...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 25

favorite 1

comment 0

The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=EzSVIaykTs0 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 52

favorite 0

comment 0

Everything you know about your environment mediated by your senses. Likely, you can see in a range of colors, hear a car horn honking, and feel the roughness of sandpaper, but light exists in bands too narrow or wide to be processed by your eyes, some sounds are too high or low to be recognized by your ears, and magnetic fields pulse around you all day. Most of us hardly notice. Dr. Paul Bach-y-Rita’s research in the 60’s eventually lead to The BrainPort which lets a user see through an...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 21

favorite 0

comment 0

In September 2016 the House Committee on oversight finally released their report. Four years after the original breach, we are still asking how the f*#! did this happen. This talk with go over the key findings of the report and the impact on those who were effected. Source: https://www.youtube.com/watch?v=uXB4AiQw98s Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 30

favorite 0

comment 0

The typical security professional is largely unfamiliar with the Windows named pipes interface, or considers it to be an internal-only communication interface. As a result, open RPC (135) or SMB (445) ports are typically considered potentially entry points in "infrastructure" penetration tests. However, named pipes can in fact be used as an application-level entry vector for well known attacks such as buffer overflow, denial of service or even code injection attacks and XML bombs,...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 31

favorite 0

comment 0

This presentation will walk audience through and explain recently developed Kismet features that greatly benefit multiple radio cards setup. Support for multiple devices allows smarter splitting across them, including separate discovery and tracking activities, as well as dedicating certain radios to targeted bands and channels ranges. Coming Kismet release (currently under development, slated to be released shortly) has new and very flexible configuration options targeting utilization of...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 21

favorite 0

comment 0

You know the ins and outs of pivoting through your target's domains. You've had the KRBTGT hash for months and laid everything bare. Or have you? More targets today have some or all of their infrastructure in the cloud. Do you know how to follow once the path leads there? Red teams and penetration testers need to think beyond the traditional network boundaries and follow the data and services they are after. This talk will focus on how to take domain access and leverage internal access as a...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

It’s no secret that trying to change corporate culture is hard. This is primarily due to the fact that large corporations are complex systems and fundamentally averse to change. This reluctance is rooted in a systematic misalignment of shared vision, shared values, and shared culture within the organization. This talk defines a new method of business transformation by illustrating how to effectively influence corporate cultures towards collective action. To achieve that end, we outline an...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 23

favorite 0

comment 0

When Google announced an intent to revoke trust from certificates issued by Symantec, this set off alarm bells all over the certificate authority industry. But that was March. What actually happened? Rendition Infosec has periodically tracked the SSL certificates on the Alexa top 1 million sites. In this talk, we’ll review that data set and examine what, if any, changes the Google announcement regarding Symantec certs had on certificate renewal/reissuance. We’ll also offer realistic...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 74

favorite 0

comment 0

Privacy is fairly cut and dry when it’s US verses THEM, but what if it’s ME verses YOU within US? What are YOUR Privacy Rights, in the context of OUR relationship? Am I your non-trusting girlfriend? Am I your controlling boyfriend? Am I your snooping wife? Am I your abusive husband? How do YOU protect your privacy from ME? I will be providing tips, techniques, and resources to enable someone (anyone – even YOU) to protect their Privacy in a relationship, perhaps even one with ME....
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 41

favorite 0

comment 0

In this talk, we'll be exploring how wireless communication works. We'll capture digital data live (with Software-Defined Radio), and see how the actual bits are transmitted. From here, we'll see how to view, listen to, manipulate, and replay wireless signals. We'll also look at interrupting wireless communication, and finally, we'll even generate new radio waves from scratch (which can be useful for fuzzing and brute force attacks). I'll also be demoing some brand new tools I've written to...
Topics: Youtube, video, Science & Technology, defcon, def con, computer security, defcon 2017, defcon...
DEFCON 25
movies

eye 39

favorite 0

comment 0

rustls is a new open-source TLS stack written in rust. This talk covers past TLS standard and implementation errors, and how those are avoided in rustls's design. Source: https://www.youtube.com/watch?v=SsHLEuiyPI8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 32

favorite 0

comment 0

Currently, all known IoT botnets harvest zombies through telnet with hardcoded or weak credentials. Once this bubble bursts, the next step will be exploiting other, more evolved vulnerabilities that can provide control over a large number of devices. In this talk, we'll take a glimpse into that future showing our research on a RCE vulnerability that affects more than 175k devices worldwide Source: https://www.youtube.com/watch?v=UpxNkBvejf8 Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 32

favorite 0

comment 0

In recent months it seems like not a week passes where you do not encounter a headline that states that a healthcare organization has been held for ransom or in some other way involved in a breach. Healthcare has been a sector that has routinely been described as being lax with the implementation and enforcement of information security controls and the challenges faced by healthcare organizations are growing as attackers begin to look past EHR and PACS systems and target the medical devices...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 33

favorite 1

comment 0

Source: https://www.youtube.com/watch?v=eun-2BMo6qY Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 37

favorite 0

comment 0

In October of 2016, a teenage hacker triggered DTDoS attacks against 9-1-1 centers across the United States with five lines of code and a tweet. This talk provides an in-depth look at the attack, and reviews and critiques the latest academic works on TDoS attacks directed at 9-1-1 systems. It then discusses potential mitigation strategies for legacy TDM and future all-IP access networks, as well as disaggregated "over-the-top" originating services and the devices on which both the...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 10

favorite 0

comment 0

Tinder. The Final Frontier. Pick gorgeous (or not so gorgeous) members of your desired sex with the tip of your finger, at the comfort of your sofa, your bed, and let’s admit it - your toilet seat. Research shows that there are 50 million active users on Tinder, who check their accounts 11 times per day and spend an average of 90 minutes per day on the app. Even celebrities, it seems… Source: https://www.youtube.com/watch?v=d5eV36wR5Ew Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 33

favorite 1

comment 0

Data breaches have become all too common. Major security incidents typically occur at least once a month. With the rise of both security incidents and full data breaches, blue teams are often left scrambling to put out fires and defend themselves without enough information. This is something that can be changed with the right tools. Tools now available allow blue teams to weaponize data and use it to their advantage. This talk reviews frameworks for clean, consistent data collection and...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 61

favorite 0

comment 0

Cross-site Scripting (XSS) is the most widespread plague of the web but is usually restricted to a simple popup window with the infamous vector. In this short talk we will see what can be done with XSS as an attacker or pentester and the impact of it for an application, its users and even the underlying system. Many sorts of black javascript magic will be seen, ranging from simple virtual defacement to create panic with a joke to straightforward and deadly RCE (Remote Command Execution) attacks...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 30

favorite 0

comment 0

2016 was the year of Java deserialization apocalypse. Although Java Deserialization attacks were known for years, the publication of the Apache Commons Collection Remote Code Execution (RCE from now on) gadget finally brought this forgotten vulnerability to the spotlight and motivated the community to start finding and fixing these issues. One of the most suggested solutions for avoiding Java deserialization issues was to move away from Java Deserialization altogether and use safer formats such...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
by DEFCONConference
movies

eye 26

favorite 0

comment 0

NFC (Near Field Communication) technology is widely used in security, bank, payment and personal information exchange fields now, which is highly well-developed. Corresponding, the attacking methods against NFC are also emerged in endlessly. To solve this problem, we built a hardware tool which we called "UniProxy". This tool contains two self-modified high frequency card readers and two radio transmitters, which is a master-slave way. The master part can help people easily and...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
by DEFCONConference
movies

eye 31

favorite 0

comment 0

Digital Archeology' is actually the name of a Digital Forensics text book. But what if we used forensics techniques targetting cyber crime investigations to help address the void in Archeology that addresses digital media and silicon artifacts. At NYC Resistor in Brooklyn we've gotten into the world of Digital Archeology on several occasions and the projects have been enjoyable and educational. Now, imagine what could happen if a bunch of hackers are able to get their hands on a laptop pulled...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 28

favorite 0

comment 0

The presentation will describe the requirements and design methodology behind the bladeRF's newly released VHDL Automatic Gain Control. The talk will walk SDR beginners through the RF gain architecture of modern radios and explain why gain control is required. The talk will then use the bladeRF as an example, and show what it took to develop the AGC in VHDL. Source: https://www.youtube.com/watch?v=gAwbe-G1t-A Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 26

favorite 0

comment 0

Biotech companies have historically been started by professors from prestigious institutions with millions of dollars of investment funding. Today, with the lowering cost of research and increasing amount of resources driven by Moore's law, robotics, software and efficiencies in bioproduction, anyone with an insight can start a biotech company for a fraction of the cost, be they PhD or biohacker. At IndieBio, the world's largest biotech accelerator started just under 3 years ago, we've funded...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 24

favorite 0

comment 0

Wireless technologies are seeing increased use on the plant floor to enable pervasive monitoring and control of processes. Off-the-shelf security tools focus on assessing the security properties of commercial and consumer protocols such as 802.11 and Bluetooth. Several new standards have emerged for use in industrial environments. In this talk, Blake will offer an introduction to Software Defined Radio (SDR) tools and their application in industrial security assessments. We will review two...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 26

favorite 0

comment 0

Telegram is a popular instant messaging service, a self-described fast and secure solution. It introduces its own home-made cryptographic protocol MTProto instead of using already known solutions, which was criticised by a significant part of the cryptographic community. In this talk we will briefly introduce the protocol to provide context to the reader and then present two major findings we discovered as part of our security analysis performed in late 2016. First, the undocumented obfuscation...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 24

favorite 0

comment 0

Ever wondered if there was such thing as a “hacker-friendly” member of Congress? We found some and convinced them to come to DEF CON so you can meet them too! In this first-of-its-kind DEF CON session, two of the most hacker-friendly Congress critters will join DEF CON for an engaging and interactive session with the security research community. Join the Atlantic Council’s Cyber Statecraft Initiative for a candid discussion with Representatives Will Hurd (R-TX) and James Langevin (D-RI)....
Topics: Youtube, video, Science & Technology, DEF CON, DEFCON, DEF CON 25, DC25, DC-25, hack, hackers,...
DEFCON 25
movies

eye 43

favorite 0

comment 0

Koadic C3, or COM Command & Control, is a Windows post-exploitation tool similar to other penetration testing rootkits such as Meterpreter and Powershell Empire. The major difference is that Koadic does most of its operations using the Windows Script Host (a.k.a. JScript/VBScript), with compatibility in the core to support a default installation of Windows 2000 with no service packs (and potentially even versions of NT4) all the way through Windows 10. An in-depth view of default COM...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 31

favorite 0

comment 0

Every SOC is deluged by massive amounts of logs, suspect files, alerts and data that make it impossible to respond to everything. It is essential to find the signal in the noise to be able to best protect an organization. This talk will cover techniques to automate the processing of data mining malware to derive key indicators to find active threats against an enterprise. Techniques will be discussed covering how to tune the automation to avoid false positives and the many struggles we have had...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

Attackers, administrators and many legitimate products rely on PowerShell for their core functionality. However, its power has made it increasingly attractive for attackers and commodity malware authors alike. How do you separate the good from the bad? A/V signatures applied to command line arguments work sometimes. AMSI-based (Anti-malware Scan Interface) detection performs significantly better. But obfuscation and evasion techniques like Invoke-Obfuscation can and do bypass both approaches....
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DEFCON, Security...
DEFCON 25
movies

eye 28

favorite 0

comment 0

Most people lock their doors at night, however if you walk into someone's home you likely won't find every piece of furniture bolted to the floor as well. We trust that if someone is inside our home they are supposed to be there. Unfortunately many developers treat local networks just the same, assuming all internal HTTP traffic is trusted, however this is not always the case. They incorrectly assume that their services will be protected by the same-origin policy in browsers, rather than...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 22

favorite 0

comment 0

Denial of service. It requires a low level of resources and knowledge, it is very easy to deploy, it is very common and it is remarkable how effective it is overall. PEIMA is a brand new method of client side malicious activity detection based on mathematical laws, usually used in finance, text retrieval and social media analysis, that is fast, accurate, and capable of determining when denial of service attacks start and stop without flagging legitimate heavy interest in your server...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 44

favorite 0

comment 0

XenoScan is the next generation in tooling for hardcore game hackers. Building on the solid foundation from older tools like Cheat Engine and Tsearch, XenoScan makes many innovations which take memory scanning to a whole new level. This demo-heavy talk will skip the fluff and show the power of the tool in real-time. The talk will demonstrate how the tool can scan for partial structures, detect complex data structures such as binary trees or linked lists, detect class-instances living on the...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 31

favorite 0

comment 0

Building rapport is essential in life, and critical in Social Engineering. A lesson learned while tending bar on the Las Vegas Strip taught me something that everyone has in common: Everybody is from somewhere. Find out how to use this idea on engagements and in everyday life. Source: https://www.youtube.com/watch?v=e_TQTDrRyWI Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 33

favorite 0

comment 0

It's hard not to use a service now days that doesn't track your every move and keystroke if you absolutely must use these systems why not give them the most useless information possible. Along with the fact that several companies are tracking their customers online now they are taking it to physical brick and mortar stores this talk will be geared looking at the attack surface of instore tracking and attacking these systems for the purpose of overloading their systems or making the information...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 43

favorite 0

comment 0

How prepared is your incident response team for a worst case scenario? Waiting for a crisis to happen before training for a crisis is a losing approach. For things that must become muscle memory, instinctive, you must simulate the event and go through the motions. This talk is a deep-dive technical discussion on how you can build your own DFIR simulation. Best part -- almost all of this can be accomplished with open source tools and inexpensive equipment, but I'll also share tips and tricks on...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 32

favorite 0

comment 0

The Car Hacking Village is a group of Professional and Hobbyist car hackers who work together to provide hands-on, interactive car hacking learning, talks, hardware, and interactive contests. Source: https://www.youtube.com/watch?v=-aJUUdKRy_k Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 34

favorite 0

comment 0

In a world filled with danger emanating from all sorts of digital channels, having a proxy (or two) that you create, control, manage and direct is not just useful, but a requirement. Instead of worrying about an ineffectual government or an incomprehensible privacy policy, it’s possible that fake identities are a way to take ownership of the problem. Fake identities in the hands of the individual, are the way to swing the pendulum of privacy back to the people. The presentation will present...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 19

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=CKfm414YsjU Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 25

favorite 0

comment 0

Keynote Source: https://www.youtube.com/watch?v=NB4fPiCc-jc Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 34

favorite 0

comment 0

As internet DDoS attacks get bigger and more elaborate, the importance of high performance network traffic filtering increases. Attacks of hundreds of millions of packets per second are now commonplace. In this session, we will introduce modern techniques for high speed network packet filtering on Linux. We will follow the evolution of the subject, starting with Iptables and userspace offload solutions (such as EF_VI and Netmap), discussing their use cases and their limitations. We will then...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 46

favorite 0

comment 0

It can be argued that the DAO hack of June 2016 was the moment smart contracts entered mainstream awareness in the InfoSec community. Was the hope of taking blockchain from mere cryptocurrency platform to one that can perform amazing Turing-complete functions doomed? We've learned quite a lot from that attack against contract code, and Ethereum marches on. Smart contracts are a key part of the applications being created by the Enterprise Ethereum Alliance, Quorum, and smaller projects in...
Topics: Youtube, video, Science & Technology, DEF CON 2017, DEF CON 25, DEF CON, DC25, hackers,...
DEFCON 25
movies

eye 35

favorite 0

comment 0

Over past decade, electronic medical records (EMR's) and networked medical devices have become a healthcare norm. However, vendors and consumers alike have not paid sufficient attention to the security implications of EMR's and networked medical devices. In this talk, I will cover my experience [ethical] hacking and social engineering my way into healthcare networks. I will highlight security issues with healthcare networks and share real life stories. Source:...
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...
DEFCON 25
movies

eye 51

favorite 0

comment 0

We've built a $200 open source robot that cracks combination safes using a mixture of measuring techniques and set testing to reduce crack times to under an hour. By using a motor with a high count encoder we can take measurements of the internal bits of a combination safe while it remains closed. These measurements expose one of the digits of the combination needed to open a standard fire safe. Additionally, 'set testing' is a new method we created to decrease the time between combination...
Topics: Youtube, video, Science & Technology, defcon, def con, dc25, dc-25, def con 25, hack, Hackers,...
DEFCON 25
movies

eye 38

favorite 0

comment 0

This talk will introduce a cheat engine using demos of hacking simple games such as Counterstrike and/or emulated games like Super Mario 64 etc. This talk will open the kids' horizons to developing game cheats and will challenge them to build skills in reverse engineering to combine with skills in the cheat engine tool Source: https://www.youtube.com/watch?v=x-LRfh_-IGI Uploader: DEFCONConference
Topics: Youtube, video, Science & Technology, DEF, CON, DEF CON 2017, DEF CON 25, DEF CON, DC25,...