Skip to main content

Hack In The Box Security Conference



rss RSS

402
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 4,017

favorite 1

comment 0

IoT connected devices are being released at a staggering rate. According to Gartner it’s speculated that by the end of 2018, there will be 11.2 billion IoT devices currently connected at any given time. A large part of that connected ecosystem includes wireless speaker systems created by some of the largest manufacturers around the globe Looking closer at Sonos and Bose wireless speaker systems, this research looks to find flaws in these common household devices. This research analyzes the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, stephen hilt, trend...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 4,251

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=yAW49z4vHns Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 25

favorite 0

comment 0

Presentation Title Hacking Androids for Profit Presentation Abstract We will reveal new threats to Android Apps, and discuss known and unknown weaknesses in the Android OS and Android Market. This presentation will offer insight into the inner working of Android apps and the risks any user faces when installing and using apps from the marketplace. We will reveal previously undisclosed vulnerabilities in vendor apps installed on millions of US mobile phones and techniques to evade all available...
Topics: Youtube, video, Science & Technology, Hacking, Androids, for, Profit, Riley, Hassell
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 42

favorite 0

comment 0

The history of hacking both new and old will be presented in music in this serious all-singing musical revue. Your favorite new hacks, long forgotten hacks, 0days, and computer security lessons will be told in song. It’s all happened before, and it will all happen again. These cautionary tales of hacking, crypto, computer security, reverse engineering, and pen testing will reawaken your passion for getting things right both at work and at home. Think you know all about your servers? Do you...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, fbz, fabienne serriere,...
Hack In The Box Security Conference
movies

eye 100

favorite 1

comment 0

Many of today’s cars have upgraded from the old RKE (remote keyless entry) keyfob to PKE (passive keyless entry) system making it more convenient for end users. A car equipped with the PKE system allows the driver to unlock the car by being in proximity of the vehicle or by touching the handle of the door while in possession of the keyfob. In addition, PKE equipped vehicles can be started and driven without the driver inserting the key into the keyhole manually. (For a better understanding of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jun li, qing yang,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 36

favorite 0

comment 0

Citing Hugo Teso's Aircraft Hacking talk from #HITB2013AMS Source: https://www.youtube.com/watch?v=PmtefTPuY8s Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Criminal Minds...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 27

favorite 0

comment 0

A special 1-hour LIVE STREAMED iOS / OS X panel discussion held on the afternoon of Day 2 at #HITB2012KUL featuring (L-R:) Mark Dowd (Azimuth Security), Cyril aka pod2g (Chronic Dev Team), L33tdawg (Founder/CEO of HITB and moderator for the panel), MuscleNerd (iPhone Dev Team) and David 'planetbeing' Wang (iPhone Dev Team) Source: https://www.youtube.com/watch?v=STAWXGQvmRI Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, 0day, hackers, hacking,...
Hack In The Box Security Conference
movies

eye 36

favorite 0

comment 0

There are different policies for the generation of secure passwords. However, one of the biggest challenges is to memorize all these complex passwords. Password manager applications are a promising way of storing all sensitive passwords cryptographically secure. Accessing these passwords is only possible if the user enters the correct master password, which is the only password that he needs to remember. At first, the requirements for a password manager application seem simple: Storing the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Steven Arzt, Siegfried...
Hack In The Box Security Conference
movies

eye 23

favorite 0

comment 0

In a casual conversation with Thomas “Halvar Flake” Dullien I suggested that performance counters could be used as a software mitigation for the row hammer exploit he and Mark Seaborn had developed. Thomas encouraged me to research it and it became suggestion for a software solution for row hammer. I presented this research with Nishat Herath during Black Hat 2015. While researching row hammer I noticed that the methodology I was developing could be important in mitigating cache side...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, intel, cache, cpu, row...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 13

favorite 0

comment 0

The zero-day market has recently experienced an exponential growth with top exploit prices reaching the seven figures. Together with “standard” exploits affecting IT and end-users’ technologies, the black market is nowadays offering a new, widely-wanted and refined product: cyber weapons to target Industrial Control Systems (ICS), Critical Infrastructures, and Smart Cities environments. Objective of this panel will be discussing the impact of exploits leveraging unpublished...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, SAM GOH, Andrea...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 37

favorite 0

comment 0

This presentation will explore how the cyber kill chain can be used as a defensive framework for security engineers, network defenders, senior managers, and more. This discussion will continue to guide the community from a vulnerability-centric to a threat-centric approach to security. === Alexis Lavi is a cybersecurity technology and policy professional with experience analyzing cyber risk, planning offensive engagements, and designing cyber governance programs. Alexis is currently supporting...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, alexis lavi, closing...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 41

favorite 0

comment 0

The topic aims to explore known existing issues with Smart contracts and the Blockchain. The Smart Contract examples used are issues that have occurred on the Ethereum blockchain. They are applicable to any platform that uses the Ethereum Virtual Machine and the concepts can be applied to any form of smart contracts. The topic will also cover known best practices to mitigate these issues. The Topology attacks explore possible attack vectors on the Bitcoin network, and subsequently any networks...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jorden seet, blockchain,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 23

favorite 0

comment 0

Exploit kits are one of the threats that is ever present on the Internet. Indiscriminately compromising users that are simply surfing websites. As ransomware has exploded so has the proliferation of these exploit kits. This combination of ransomware, tor, and bitcoin has created a financially lucrative monster. One of the challenges with investigating exploit kits is how quickly they move and pivot to other systems. For the last year Talos has been systematically diving into each exploit kit...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, cisco, talos,...
Hack In The Box Security Conference
movies

eye 26

favorite 0

comment 0

“Next-Generation” firewalls provide functionality well beyond the traditional filtering capabilities. They offer deep protocol inspection, application identification, user based filtering, VPN functionality and more. While this significantly increases the attack surface of these devices, little public research is available. In this talk I will present an in-depth analysis of one of the leading NGFW solutions: PAN-OS. Besides describing the overall system architecture, I will discuss and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ernw, palo alto,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 17

favorite 0

comment 0

Tegra is a system on a chip (SoC) series developed by Nvidia for mobile devices such as smartphones, personal digital assistants, and mobile Internet devices. Nvidia targeted Tegra as the fastest mobile processor in the world. Although Tegra platform is not famous as Qualcomm platform in smart phone field, but Tegra platforms are used in many important devices. For example, Google Nexus 9 Tablet is using Tegra K1 platform, Tesla moto is using Tegra 3 platform in its cars. Chromebooks are also...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, trend micro, nvidia,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 42

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Unified Extensible Firmware Interface or UEFI, is the result of a common effort from several manufacturers and industry stakeholders based on an initiative from Intel. It is a new software component or 'middleware' interposed between the hardware and the operating system designed to replace the traditional aka old BIOS. This presentation is a study of the overall architecture of UEFI from a...
Topics: Youtube, video, Science & Technology, esx, kaczmarek, hitbsecconf, sebastien kaczmarek,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 42

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Amazon Web Services has emerged as one of the fastest growing companies in the past five years, and is increasingly...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 26

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: This will be an in-depth talk about the SIA-HS and Vebon SecIP alarm system protocols in use in The Netherlands. We will cover why these protocols are broken and how Dutch alarm systems can be rendered useless, creating panic at the alarm receiving centers and allow for a 'Die Hard' like scenario to be achieved. We will go through the mistakes and assumptions about security that were made...
Topics: Youtube, video, Science & Technology, fire sale, alarm systems, Amsterdam, hitbsecconf, hitb,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 30

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: For more than two years, ThreatGRID has been building a threat intelligence service where samples and content are cross-indexed and related. This allows for tremendous amounts of derived analysis, building relationships based on timing, behavioral, structural, and communications characteristics. We are able to determine origin, aims, and targets of specific samples via second and third order...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, security, hackers,...
Hack In The Box Security Conference
movies

eye 26

favorite 0

comment 0

Presentation Title Femtocells: A Poisonous Needle in the Operator's Hay Stack Presentation Abstract Femtocells are an emerging technology deployed by the operators around the world to enhance 3G connectivity. These secured devices are installed in the customers home and connect the mobile phone to the mobile network operator's network using an existing broadband connection. Various researchers (including us) have shown in the past that these devices are not secure and can be hacked. However,...
Topics: Youtube, video, Science & Technology, Femtocells A Poisonous Needle in the Operator's Hay Stack...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 32

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Two years ago, we showed how to use social web site to identify target in a company using LinkedIn then learn about...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies

eye 38

favorite 0

comment 0

Though residing in the kernel with high privileges, drivers in macOS and iOS are always blamed for their poor quality and frequently abused in exploitations against the kernel. However, most drivers in macOS and iOS are closed source, making them difficult to be analyzed. In this talk, we will share our experience of analyzing and finding bugs in macOS and iOS kernel drivers (in short, Apple drivers). We will introduce our open source tool, Ryuk, for analyzing Apple drivers, which greatly...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, min (spark) zheng,...
Hack In The Box Security Conference
movies

eye 42

favorite 0

comment 0

We have built (a prototype of) a passive listing ransomware detector that is able to guard network data shares against ransomware in real world operation. Ransomware is a variation of malware that takes partial or full control of the victim’s computer, often through encryption or locking the computer itself behind an alternative desktop. The end goal is to extort the owner of the computer into paying a ransom in order to undo or avoid further damage. In contrary to most malware-practices,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2017ams, don muders,...
Hack In The Box Security Conference
movies

eye 35

favorite 0

comment 0

Have you left your iPad unattended in a hotel room? Or perhaps, have seen an unattended iPad in locations like a coffee shop? All it takes is a brief moment of negligence for a third party to access them, and guess what, MILLIONS of people leave their iPads unattended everyday. iOS security features such as the passcode lock are typically sufficient to protect the data on the device from being retrieved or manipulated. However, near to nothing is known about the security risk of the accessories...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, stefan esser, apple,...
Hack In The Box Security Conference
movies

eye 37

favorite 0

comment 0

In 2016, several Stagefright inspired mitigations have been added to Android Nougat. One outstanding change is that the mediaserver process does not have all the capabilities like Bluetooth, etc. Those capabilities have been granted to several new daemons. Recently, Android 8.0 has released, born with new kernel harden features(PAN and KASLR, etc.) and more strict SELinux policies enforcing. Rooting large numbers of newest Android devices with one single vulnerability is quite a challenge. In...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, yong wang, yang song,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 31

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: What could be insecure about charging an electric car? Just plug in to a power outlet and off you go... Nothing can be further from the truth. The vision of electric cars call for charge stations to perform smart charging as part of a global smart grid. As a result, a charge station is a sophisticated computer that communicates with the electric grid on one side and the car on the other. To...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2013ams, ofer...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 30

favorite 0

comment 0

Threat Hunting took the Information Security world by storm in 2016. Its introduction as the solution to the now outdated SOC model has created a new breed of security professionals – Threat Hunters. People with both offensive and defensive skills who proactively hunt through the unknown for the next APT. This talk aims to continue the discussion around Threat Hunting but also moves onto how to actually become an effective Threat Hunter in 2017. Areas such as skillset, what the role entails...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hamza beghal, hitbgsec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 36

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Behind every successful exploit is a good delivery mechanism. This talk combines my research in exploit writing, browser and PDF exploitation, web hacking and old school data representation techniques, bringing you a slew of creative and innovative tricks and techniques to send exploits successfully to the victim's doorstep. Never before has the fine art of packaging been more important when...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, exploit, exploit...
Hack In The Box Security Conference
movies

eye 20

favorite 0

comment 0

The past decade has taught us that there are quite some attacks vectors on USB. These vary from hardware key-logging to driver fuzzing and from power surge injection to network traffic re-routing. In addition to addressing these issues, the security community has also tried to fix some of these. Several defensive hard- and software tools focus on a particular piece of the puzzle. However none, is able to completely mitigate the risks that involves the everyday use of USB in our lives. Key...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, keynterceptor,...
Hack In The Box Security Conference
movies

eye 27

favorite 0

comment 0

KVM-Qemu and Docker containers are important components of virtualization technology and are widely used by mainstream cloud vendors. KVM-Qemu is a full virtualization solution for Linux on x86 hardware which contains virtualization extensions (Intel VT or AMD-V) and devices emulated by QEMU in user components. Docker is an open-source and light-weight project that automates the development of applications inside software containers by providing an additional layer of abstraction and automation...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, qihoo360,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 32

favorite 0

comment 0

Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which aims to be a stateless OS that leaves no trace on the computer of its presence, Heads is intended for the case where you need to store data and state on the computer. It targets specific models of commodity hardware and takes advantage of lessons learned from several years of vulnerability research....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, trammel hudson,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 24

favorite 1

comment 0

Source: https://www.youtube.com/watch?v=3cFCs6YkwMs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 31

favorite 0

comment 0

Long gone are the days of easy command shells through PowerShell. Defenders are catching more than ever, forcing red teamers to up their game in new and innovative ways. This presentation will explore several new OSINT sources, techniques, and tools developed to accelerate and assist in target asset discovery and profiling. We will discover how some new advances in EDR has changed the general landscape of more mature organisations, and how red team tactics and procedures have been modified to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, vincent yiu, killchain,...
Hack In The Box Security Conference
movies

eye 42

favorite 0

comment 0

In the era of cyberwarfare, it becomes a norm to see cyber criminals use multi-level attacks to penetrate a multi-layered protected network infrastructure. We often see APT attackers manipulate 0-day or N-day Windows kernel vulnerabilities in order to guarantee a successful full system compromise. It would be a surprise if we do not see Windows kernel exploit involved in such targeted attacks. It is also worth noting that beside APT attackers, the botnet operators also seize the opportunity to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, exploit,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 42

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: HTML5 has empowered browser with a number of new features and functionalities. Browsers with this new architecture include features like XMLHttpRequest Object (L2), Local Storage, File System APIs, WebSQL, WebSocket, File APIs and many more. The browser is emerging as a platform like a little operating system and expanded its attack surface significantly. Applications developed in this new...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, html 5, csrf, xss, web,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 29

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ CXML and VXML languages are used to power IVR applications. IVR systems are often seen in Phone Banking , Call Center...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 21

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=C_pdkP6YalM Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 22

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=P-OpyGJcMHE Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies

eye 41

favorite 0

comment 0

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. We were concerned about the lack of research about placing and detecting bugs and how little it is discussed in the community. While in some countries the possibility of having a mic bug at home is non existent, sadly in other countries is far to common. As the technology gets cheaper and more accessible, the possibility of being bugged gets more real. However, our general knowledge about mic bugs comes mostly...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
movies

eye 27

favorite 0

comment 0

The majority of applications written in Java use Object-relational Mapping (ORM) libraries for working with underlying relational database management systems (RDBMS). Java has API for utilizing ORM functionality called Java Persistence API (JPA), which is the part of J2SE and J2EE specifications since version 5. Usage of ORM simplifies database programming and gives solid benefits to the developer over plain JDBC, like providing database and schema independence, leveraging object oriented...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, orm...
Hack In The Box Security Conference
movies

eye 43

favorite 0

comment 0

Blog Post: https://www.vantagepoint.sg/blog/73-does-security-by-obscurity-work Cloning a VASCO DIGIPASS instance using config file and device data. 1. The attack requires root access to the device 2. The version shown is a demo version of DIGIPASS available on the Play Store. According to the vendor, the production version contains additional security measures not included in the demo. For the full analysis and vendor response please read the paper. To prevent this kind of attack: 1. Always...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, banking tokens,...
Hack In The Box Security Conference
movies

eye 52

favorite 0

comment 0

Everything must be connected right now! Go! Do it! It’ll be great…. Then I’ll be able to order my Iced Half Caff Ristretto Venti 4-Pump Sugar Free Cinnamon Dolce Soy Skinny Latte so I can pick it up on the way to work as I cycle past the coffeee shop without breaking a sweat… Marvelous! Wait, did I say “I’ll be able to order”? Sorry, what I meant was: “My bicycle will be able to order”, because, obviously, my bicycle saddle is connected to my home WiFi, so when it detects my...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, keynote
Hack In The Box Security Conference
movies

eye 24

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ In this presentation, we will discuss The System of Automatic Searching for Vulnerabilities (SASV). We will show how...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies

eye 45

favorite 0

comment 0

Fuzzing is one of the hardest and simplest things in computer security at the same time. It’s really easy to start fuzz something and it’s really hard to understand what else you can fuzz after obvious methods like bitflip, walking byte flips, etc, etc, etc. For the complex data formats, it’s required to learn hard and drill into this format description like BNF to be able to apply the payload in a right place. Some times ago genetic (~2012) algorithms were suggested as a new approach for...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ivan novikov, neural...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 18

favorite 0

comment 0

PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: This talk is about applying analogue thinking to Network Security. It’s about a different way of approaching our defenses, understanding the attackers and hopefully will inspire others. It’s about a mélange of concepts, many analogue, that when combined in various ways, I hope will help our industry. My goal is to introduce some ideas more conventionally thought of as ‘analogue’ than digital, then...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
movies

eye 34

favorite 0

comment 0

Open-source has taken over the world of software and now makes up the majority of code found in everything from phones to banks, but reusable code also means reusable vulnerabilities and bad actors are increasingly exploiting vulnerabilities in open-source code and now inserting malware upstream into libraries used by millions of developers. Software security in an open-source world needed a fundamentally different approach to finding security issues than the traditional tools and techniques...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, mark curphey, source...
Hack In The Box Security Conference
movies

eye 25

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=ddEHhIrMlzw Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 22

favorite 0

comment 0

Keynote 2 @ HITB2010 Malaysia presented by Paul Vixie on Taking Back the DNS Source: https://www.youtube.com/watch?v=l4hqtA9L-eA Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 21

favorite 0

comment 0

The observer effect (commonly confused with Heisenberg’s Uncertainty principle) tells us that in particle physics, the act of observing an event changes its behavior. This is true in computer systems as well, and can be used by an attacker to determine if they are being monitored or introspected upon from on high. This talk will begin by examining architectural “tells” that can be utilized to detect the presence of analysis tools, even those with higher privilege/stealth capabilities than...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, pufs, cots,...
Hack In The Box Security Conference
movies

eye 16

favorite 0

comment 0

In this presentation, we show promising new defense-in-depth techniques to protect modern web applications from old and new classes of bugs: Suborigins to have finer-grained control over origin boundaries, Site Isolation and XSDB against Spectre and Meltdown attacks, and last but not least Origin and Feature Policy. In addition to that, we explain new features of the upcoming CSP 3 specification like ‘unsafe-hashed-attributes’ and give an overview of how we were able to enforce CSP as a...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Lukas Weichselbaum,...
Hack In The Box Security Conference
movies

eye 14

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=agSPx_p-KI8 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies

eye 14

favorite 0

comment 0

Source: https://www.youtube.com/watch?v=EO0DxgZhz_g Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 21

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Windows 7 introduced many new security mechanisms regarding the use of the front end allocator. In an attempt to...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies

eye 17

favorite 0

comment 0

This talk will provide an in-depth treatment of satellite telephony networks from a security perspective. The overall system seems secure, but in reality, it cannot be expected to be fully reliable. We will briefly cover the satellite mobile system architecture, then discuss GMR (GEO-Mobile Radio) system elements, e.g. GSS (Gateway Station Subsystem), MES (Mobile Earth Station), AOC (Advanced Operation Center), and TCS (Traffic Control Subsystem) for GMR-1 systems and NCC (Network Control...
Topics: Youtube, video, Science & Technology, Satellite, Telephony, Security, What, is, and, Will,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 16

favorite 0

comment 0

Recently Apple introduced “Sign In With Apple Account” Development track, allowing anyone to write application for an i-Device and execute it, under the radar, no identification process required (e.g. anonymously). In this presentation I will show new vulnerabilities that are now re-introduced into the Apple devices eco-system. I will demonstrate how easy it is to create an iOS evil client / malware application that targets both the personal and the corporate markets. Evil client can be...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, ios,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 13

favorite 0

comment 0

Keynote 1 @ HITB2010 Malaysia presented by Chris 'weldpond' Wysopal on The Perpetual Insecurity Machine Source: https://www.youtube.com/watch?v=Sgy8Tj1LfjA Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 39

favorite 0

comment 0

The Microsoft Windows graphics subsystem is a huge and complex subsystem that contains some extremely important components such as the font engine, window manager, graphics device interface and more. In recent years, we have seen several nice kernel exploits such as CVE-2015-2455 (TTF), CVE-2016-0173 (Surface), CVE-2017-8465 (Cursor) and it’s clear that Microsoft is constantly increasing the mitigations for the Windows kernel. About a year and a half ago, Tencent ZhanluLab started to look...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, rancho han, windows...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 27

favorite 0

comment 0

Perf has been added into Linux kernel since 2.6.3x to provide a framework for all things performance analysis. It covers hardware level (CPU/PMU, Performance Monitoring Unit) features and software features (software counters, trace points) as well. Among the supported perf measurable event list, there is a small set of common hardware events monikers which get mapped onto an actual events provided by the CPU, if they exists, otherwise the event cannot be used. So there is no surprise CPU...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, perf,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 24

favorite 0

comment 0

Monitoring the radio spectrum usage is an important way to keep track of wireless devices in your organisation. Whether it’s an unauthorised IoT device or an implanted device exfiltrating data, we want to keep an eye on RF devices within out infrastructure. Over the past few months a group of open source software developers have been working on tools to allow low cost SDR platforms to rapidly sweep frequencies in order to monitor the spectrum around us. Our base platform is HackRF and we are...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, dominic spill,...
Hack In The Box Security Conference
movies

eye 20

favorite 0

comment 0

This talk will give researchers insight into a program’s perspective on bug bounty. First, we identify characteristics of a successful bug bounty researcher. Then we’ll dive into some specific example reports with the goal of understanding why some reports are more valuable than others – researchers should expect to understand which types of reports are highest ROI for their time and effort. Finally, we will give researchers insight into the why/how around our recent program updates....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, rob fletcher, uber, bug...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 29

favorite 0

comment 0

In this talk I will be discussing the tactics used by APTs and Nation State threat actors. Starting with the basics of who is responsible for attacks we will move swiftly on to the top 2% of attacks which can be classed as APTs: State Sponsored Hackers, Organised Crime and Intelligence Services. I will briefly cover the history of industrial espionage starting with the theft of Lockheed Martin’s jet designs and the subsequent suspiciously similar MIG which was produced in 1998. Moving on I...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec, apt
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 18

favorite 0

comment 0

This talk will present a new disarming flaw that can be used to prevent all anti-ROP checks in EMET 5.5x from ever being performed. The disarming condition is caused by the fact that references to the read-only CONFIG_STRUCT are always retrieved from the process heap (which has a PAGE_READWRITE protection). This is obfuscated by the usage of DecodePointer throughout EMET. Presentation Outline Short introduction of EMET Short introduction of info leak / RW-primitive requirement Recap of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2017ams, emet
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 36

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Almost every recent higher class DSLR camera features multiple and complex access technologies. For example, CANON's new flagship features IP connectivity both wired via 802.3 and wireless via 802.11. All big vendors are pushing these features to the market and advertise them as realtime image transfer to the cloud. We have taken a look at the layer 2 and 3 implementations in the CamOS and...
Topics: Youtube, video, Science & Technology, Canon (company), daniel mende, Hitb2013ams, canon camera,...
Hack In The Box Security Conference
movies

eye 22

favorite 0

comment 0

PyREBox (Python scriptable Reverse Engineering Sandbox) is an open-source tool focused on reverse engineering that provides instrumentation and debugging capabilities on top of the QEMU emulator. It won the 1st prize on the Volatility Plugin Contest in late 2017. PyREBox allows to inspect a running QEMU VM, to modify its memory or registers, and to instrument its execution with simple Python scripts. It combines whole-system-emulation (QEMU) with Virtual Machine Introspection (Volatility) and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Xabier Ugarte-Pedrero,...
Hack In The Box Security Conference
movies

eye 25

favorite 0

comment 0

Fake president scams are on the rise. Fraudsters use fake identities to impersonate leaders of a company and trick employees to transfer large sums of money to the fraudster. More often than not, the transferred money is deposited from the target bank accounts within minutes, and the victim organizations are left with the damage. This talk discusses the psychology behind fake president scams, guides through recent, prominent cases and proposes solutions both to prevent such scams and to...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, fraud,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 33

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Global Fortune 1000 companies, large governmental organizations and defense entities have something in common -- they...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies

eye 27

favorite 0

comment 0

In this talk Miika will be discussing the steps it took to own a bank’s infrastructure years ago. He will be describing how he gained the initial foothold in DMZ, what it took to get past the forbidding firewall and AV into the internal network and how he finally ended up in the DC. Along the way he will be reflecting on the features (weaknesses), tools and techniques and discuss how they have changed over the years. === Miika has worked as a technical security specialist in Nixu for almost...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, miika turkia,...
Hack In The Box Security Conference
movies

eye 18

favorite 0

comment 0

The Internet and the security industry have been on fire for the last several months with threats that are plaguing the Internet: worms and SMB vulnerabilities. Wait is it 2017 or 2003? It’s obvious that we are failing at basic security. Case in point: 991,812. That’s how many internet-connected hosts were listening on port 445 as of May 19th 2017. This talk will discuss how everything is cyclical and the last handful of years we have regressed from strong security controls to one of data...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 24

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware. Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, bsdaemon, rodrigo rubira...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 190

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Drawing on lessons gleaned from recent hacker indictments, research on surveillance, espionage and counter-intelligence, this talk focuses on practical operational security (OPSEC) measures to avoid detection and prevent arrest by Law Enforcement Officials. The target audience for this talk are hacktivists whose primary mission requires strong online anonymity in the face of intense scrutiny...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, opsec, grugq, security,...
Hack In The Box Security Conference
movies

eye 33

favorite 0

comment 0

------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Shortly after the release of Corona, @xvolks came to @pod2g with an interesting observation. He noticed it was...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 64

favorite 0

comment 0

PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Phrack and other magazines used to be full of obscure hardware and systems descriptions for telecom equipment that were the pride and the thrill of many dark-corner hackers. There's a specific kink about these strange OS, protocols and interfaces. But sadly (or not, as we'll see), it's a gone era. Gone are the DMS100, the DX200, the COSMOS switches and other telecom legacy beauty, ahem, well,...
Topics: Youtube, video, Science & Technology, dos, tftp, dpi, philippe langlois, hackinthebox, telecom,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 50

favorite 0

comment 0

Everybody knows about Apple iCloud backups — how to disable this feature, or (if you are on the other side) how to download the data. However, iCloud is not just about backups. There is quite a lot of data that is also being *synced* across all the devices, and so stored in the iCloud — including contacts, calendars, notes, media files, documents, 3rd party application data, passwords, credit card numbers and much more (e.g. mail signatures and custom text shortcuts). Even if you disable...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, vladimir katalov,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 24

favorite 0

comment 0

Live stream of the second day of the HITB GSEC CommSec track in Singapore. 25th August 10:30 – 11:00 – Searching for a Needle in a Remote Haystack – Vitaly Kamluk & Wayne Lee 11:00 – 11:30 – It’s Friday Evening Professor Moriarty – Nicolas Collery 11:30 – 12:30 – Applying Intelligence and Counterintelligence Techniques to Cyber Network Operations – Joseph Hesse & Kamal Ranjan 12:30 – 14:00 – LUNCH BREAK (for paid conference delegates) 14:00 – 14:30 –...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies

eye 14

favorite 0

comment 0

CTF contests are designed to serve as an educational exercise to give participants experience in securing machines, as well as conducting and reacting to the sort of attacks found in the real world. Reverse-engineering, network sniffing, protocol analysis, system administration, programming, and cryptanalysis are all skills which are generally refined and tested through CTFs. Facebook has recently launched a new open-source Capture the Flag platform, a standalone CTF site that can be used by...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...