![DEF CON 22 [Materials] Speeches from the Hacker Convention. artwork](https://is2-ssl.mzstatic.com/image/thumb/Podcasts113/v4/82/04/33/820433a7-10a6-87a7-aea8-9e5e71907412/mza_1749050550477263526.jpg/100x100bb.jpg)
DEF CON 22 [Materials] Speeches from the Hacker Convention.
113 episodes - English - Latest episode: over 9 years ago -The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Zach Fasel - Logging ALL THE THINGS Without All The Cost With Open Source Big Data Tools </buzzwords>
December 14, 2014 01:34 - 23.7 MBLogging ALL THE THINGS Without All The Cost With Open Source Big Data Tools Zack Fasel Managing Partner, Urbane Security Many struggle in their job with the decision of what events to log in battle against costly increases to their licensing of a commercial SIEM or other logging solution. Leveraging the open source solutions used for "big-data" that have been proven by many can help build a scalable, reliable, and hackable event logging and security intelligence system to address security...
Will Schroeder - Veil-Pillage: Post-exploitation 2.
December 14, 2014 01:31 - 25.4 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Schroeder/DEFCON-22-Will-Schroeder-Veil-Pillage-Post-Exploitation-2.0.pdf Veil-Pillage: Post-exploitation 2.0 Will Schroeder SECURITY RESEARCHER, VERIS GROUP The Veil-Framework is a project that aims to bridge the gap between pentesting and red team toolsets. It began with Veil-Evasion, a tool to generate AV-evading payload executables, expanded into payload delivery with the release of Veil-Catapult, and branched into p...
Fatih Ozavci - VoIP Wars: Attack of the Cisco Phones
December 14, 2014 01:30 - 28.4 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Ozavci/DEFCON-22-Fatih-Ozavci-VoIP-Wars-Attack-of-the-Cisco-Phones-UPDATED.pdf VoIP Wars: Attack of the Cisco Phones Fatih Ozavci SENIOR SECURITY CONSULTANT, SENSE OF SECURITY Many hosted VoIP service providers are using Cisco hosted collaboration suite and Cisco VoIP solutions. These Cisco hosted VoIP implementations are very similar; they have Cisco Unified Communication services, SIP protocol for IP Phones of tenants,...
Dominic White and Ian de Villiers - Manna from Heaven: Improving the state of wireless rogue AP attacks
December 14, 2014 01:29 - 25.6 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/White-deVilliers/DEFCON-22-Dominic-White-Ian-de-Villiers-Manna-from-Heaven-Detailed-UPDATED.pdf Manna from Heaven: Improving the state of wireless rogue AP attacks Dominic White CTO, SENSEPOST Ian de Villiers SENIOR ANALYST, SENSEPOST The current state of theoretical attacks against wireless networks should allow this wireless world to be fully subverted for all but some edge cases. Devices can be fooled into connecting...
Blake Self and Shawn "cisc0ninja" Burrell - Don't DDoS Me Bro: Practical DDoS Defense
December 14, 2014 01:29 - 25.2 MBSlides here: https://defcon.org/images/defcon-22/dc-22-presentations/Self/DEFCON-22-Blake-Self-cisc0ninja-Dont-DDOS-me-bro-UPDATED.pdf Don't DDoS Me Bro: Practical DDoS Defense Blake Self SENIOR SECURITY ARCHITECT Shawn "cisc0ninja" Burrell SOLDIERX CREW Layer 7 DDoS attacks have been on the rise since at least 2010, especially attacks that take down websites via resource exhaustion. Using various tools and techniques - it is possible to defend against these attacks on even a shoestring ...
Michele Fincher - How to you Feel about your Mother.. Psych and The SE
December 14, 2014 01:22 - 32.1 MBMichele Fincher - How to you Feel about your Mother.. Psych and The SE
Christopher Soghoian - Blinding The Surveillance State
December 14, 2014 01:18 - 26.7 MBBlinding The Surveillance State Christopher Soghoian Principal Technologist, American Civil Liberties Union We live in a surveillance state. Law enforcement and intelligence agencies have access to a huge amount of data about us, enabling them to learn intimate, private details about our lives. In part, the ease with which they can obtain such information reflects the fact that our laws have failed to keep up with advances in technology. However, privacy enhancing technologies can offer re...
Chris Hadnagy - What Your Body Tells Me - Body Language for the SE
December 14, 2014 01:16 - 35.7 MBChris Hadnagy - What Your Body Tells Me - Body Language for the SE
Charlie Miller & Chris Valasek - A Survey of Remote Automotive Attack Surfaces
December 14, 2014 01:15 - 31.2 MBA Survey of Remote Automotive Attack Surfaces Charlie Miller Security Engineer, Twitter Chris Valasek Director of Threat Intelligence, IOActive Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes....
Brent White - Corporate Espionage - Gathering Actionable Intelligence Via Covert Operations
December 14, 2014 01:13 - 23.5 MBBrent White - Corporate Espionage - Gathering Actionable Intelligence Via Covert Operations
Zoz - Don't Fuck It Up!
December 14, 2014 01:04 - 33.9 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Zoz/DEFCON-22-Zoz-Dont-Fuck-It-Up-UPDATED.pdf Don't Fuck It Up! Zoz ROBOTICS ENGINEER Online antics used to be all about the lulz; now they're all about the pervasive surveillance. Whether you're the director of a TLA just trying to make a booty call or an internet entrepreneur struggling to make your marketplace transactions as smooth as silk, getting up to any kind of mischief involving electronic communications now in...
Zoltán Balázs - Bypass firewalls, application white lists, secure remote desktops under 20 seconds
December 14, 2014 01:03 - 26.2 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Balazs/DEFCON-22-Zoltan-Balazs-Bypass-firewalls-application-whitelists-in-20-seconds-UPDATED.pdf Bypass firewalls, application white lists, secure remote desktops under 20 seconds Zoltán Balázs CHIEF TECHNOLOGY OFFICER AT MRG EFFITAS In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where you have...
Weston Hecker - Burner Phone DDOS 2 dollars a day : 70 Calls a Minute
December 14, 2014 01:02 - 26.4 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Hecker/DEFCON-22-Weston-Hecker-Burner-Phone-DDOS-UPDATED.pdf Burner Phone DDOS 2 dollars a day : 70 Calls a Minute Weston Hecker SR SYSTEMS SECURITY ANALYST/ NETWORK SECURITY Phone DDOS research. Current proof of concept is dealing with Samsung SCH-U365 QUALCOMM prepaid Verizon phone custom firmware was written that makes it into an anonymous DOS systems It Does PRL list hopping and several other interesting evasion meth...
Wesley McGrew- Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively
December 14, 2014 01:01 - 29.1 MBSlides Here:https://www.defcon.org/images/defcon-22/dc-22-presentations/McGrew/DEFCON-22-Wesley-McGrew-Instrumenting-Point-of-Sale-Malware.pdf Additional Materials available: https://www.defcon.org/images/defcon-22/dc-22-presentations/McGrew/DEFCON-22-Wesley-McGrew-Instrumenting-Point-of-Sale-Malware-WP.pdf Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively Wesley McGrew ASSISTANT RESEARCH PROFESSOR, MISSISSIPPI STATE UNIVERSITY The pur...
Tim Strazzere and Jon Sawyer - Android Hacker Protection Level 0
December 14, 2014 01:00 - 30.5 MBSlides Here:https://www.defcon.org/images/defcon-22/dc-22-presentations/Strazzere-Sawyer/DEFCON-22-Strazzere-and-Sawyer-Android-Hacker-Protection-Level-UPDATED.pdf Android Hacker Protection Level 0 Tim Strazzere LEAD RESEARCH & RESPONSE ENGINEER Jon Sawyer CTO OF APPLIED CYBERSECURITY LLC Obfuscator here, packer there - the Android ecosystem is becoming a bit cramped with different protectors for developers to choose. With such limited resources online about attacking these protectors, w...
Tess Schrodinger - From Raxacoricofallapatorius With Love: Case Studies In Insider Threat
December 14, 2014 00:59 - 29.9 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Schrodinger/DEFCON-22-Tess-Schrodinger-Raxacoricofallapatorius-With-Love-Case-Studies.pdf From Raxacoricofallapatorius With Love: Case Studies In Insider Threat Tess Schrodinger Espionage, honey pots, encryption, and lies. Clandestine meetings in hotels. The naïve girl seduced by a suave businessman. The quiet engineer who was busted by the shredded to do list found in his trash. Encryption the NSA couldn’t crack. What m...
Svetlana Gaivoronski and Ivan Petrov - Shellcodes for ARM: Your Pills Don't Work on Me, x86
December 14, 2014 00:59 - 24.1 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Petrov-Gaivoronski/DEFCON-22-Ivan-Petrov-Svetlana-Gaivoronski-ShellCodes-for-ARM-Updated.pdf Extra Materials are available here: https://defcon.org/images/defcon-22/dc-22-presentations/Petrov-Gaivoronski/DEFCON-22-Ivan-Petrov-Svetlana-Gaivoronski-ShellCodes-for-ARM.avi Shellcodes for ARM: Your Pills Don't Work on Me, x86 Svetlana Gaivoronski PHD STUDENT, MOSCOW STATE UNIVERSITY, RUSSIA Ivan Petrov MASTERS STUDENT, MOSCO...
Shane Macaulay - Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System
December 14, 2014 00:58 - 26.4 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Macaulay/DEFCON-22-Shane-Macaulay-Weird-Machine-Motivated-Practical-Page-Table-Shellcode-UPDATED.pdf Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System Shane Macaulay DIRECTOR OF CLOUD SECURITY, IOACTIVE Windows7 & Server 2008R2 and earlier kernels contain significant executable regions available for abuse. These regions are great hiding places and more; e.g. Using PTE shel...
Shahar Tal - I Hunt TR-069 Admins: Pwning ISPs Like a Boss
December 14, 2014 00:58 - 20.2 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Tal/DEFCON-22-Shahar-TaI-I-hunt-TR-069-admins-UPDATED.pdf I Hunt TR-069 Admins: Pwning ISPs Like a Boss Shahar Tal SECURITY & VULNERABILITY RESEARCH TEAM LEADER, CHECK POINT SOFTWARE TECHNOLOGIES Residential gateway (/SOHO router) exploitation is a rising trend in the security landscape - ever so often do we hear of yet another vulnerable device, with the occasional campaign targeted against specific versions of devices ...
Scott Erven and Shawn Merdinger - Just What The Doctor Ordered?
December 14, 2014 00:57 - 57 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Erven-Merdinger/DEFCON-22-Scott-Erven-and-Shawn-Merdinger-Just-What-The-DR-Ordered-UPDATED.pdf Just What The Doctor Ordered? Scott Erven FOUNDER & PRESIDENT SECMEDIC, INC Shawn Merdinger HEALTHCARE SECURITY RESEARCHER You have already heard the stories of security researchers delivering lethal doses of insulin to a pump, or delivering a lethal shock to a vulnerable defibrillator. But what is the reality of medical devic...
Ryan Noah Shapiro - Hacking the FBI - How & Why to Liberate Government Records
December 14, 2014 00:55 - 31.9 MBHacking the FBI: How & Why to Liberate Government Records Ryan Noah Shapiro PhD candidate, Massachusetts Institute of Technology After narrowly avoiding a lengthy activism-related prison sentence, I began PhD work at MIT in part to map out the criminalization of political dissent in Post-9/11 America. Especially in trying to obtain records from the FBI, Freedom of Information Act (FOIA) work became an essential component of my research. However, it quickly became apparent that the FBI rout...
Ryan Lackey & Marc Rogers & theGrugq - Masquerade - How a Helpful Man-in-the-Middle Can Help You Evade Monitoring
December 14, 2014 00:51 - 26.5 MBMasquerade: How a Helpful Man-in-the-Middle Can Help You Evade Monitoring. Ryan Lackey Founder, CryptoSeal, Inc. Marc Rogers Principal Security Researcher, Lookout The Grugq Information Security Researcher Sometimes, hiding the existence of a communication is as important as hiding the contents of that communication. While simple network tunneling such as Tor or a VPN can keep the contents of communications confidential, under active network monitoring or a restrictive IDS such tunnels a...
Ryan Kazanciyan and Matt Hastings, Investigating PowerShell Attacks
December 14, 2014 00:48 - 24.5 MBSlides Here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Kazanciyan-Hastings/DEFCON-22-Ryan-Kazanciyan-Matt-Hastings-Investigating-Powershell-Attacks.pdf Investigating PowerShell Attacks Ryan Kazanciyan TECHNICAL DIRECTOR, MANDIANT Matt Hastings CONSULTANT, MANDIANT Over the past two years, we've seen targeted attackers increasingly utilize PowerShell to conduct command-and-control in compromised Windows environments. If your organization is running Windows 7 or Server 20...
Robert Rowley - Detecting and Defending Against a Surveillance State
December 14, 2014 00:46 - 27.1 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Rowley/DEFCON-22-Robert-Rowley-Detecting-Defending-Against-Surveillance-State.pdf Detecting and Defending Against a Surveillance State Robert RowleySECURITY RESEARCHER, TRUSTWAVE SPIDERLABS This talk is based on semi-recent reported leaks that detail how state-actors could be engaging in surveillance against people they deem as 'threats'. I will cover the basics on what was leaked, and focus the talk on how to detect har...
Richard Thieme - The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State
December 14, 2014 00:34 - 32.3 MBSlides Here:https://defcon.org/images/defcon-22/dc-22-presentations/Theime/DEFCON-22-Theime-Truth-Through-Fiction-Updated.pdf The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State Richard Thieme THIEMEWORKS Over a decade ago, a friend at the National Security Agency told Richard Thieme that he could address the core issues they discussed in a context of "ethical considerations for intelligence and security professionals" only if he wrote fiction...
Richard Klafter (Free) and Eric Swanson (Lachesis) - Check Your Fingerprints: Cloning the Strong Set
December 14, 2014 00:33 - 13.9 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Klafter-Swanson/DEFCON-22-Richard-Klafter-and-Eric-Swanson-Check-Your-Fingerprints-Cloning-the-Strong-Set.pdf Check Your Fingerprints: Cloning the Strong Set Richard Klafter (Free) SENIOR SOFTWARE ENGINEER, OPTIMIZELY Eric Swanson (Lachesis) SOFTWARE DEVELOPER The web of trust has grown steadily over the last 20 years and yet the tooling that supports it has remained stagnant despite staggering hardware advancement. Cho...
Pierce and Loki - NSA Playset : GSM Sniffing
December 14, 2014 00:31 - 28.9 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Pierce-Loki/DEFCON-22-Pierce-Loki-NSA-PLAYSET-GSM.pdf NSA Playset : GSM Sniffing Pierce SECURITY RESEARCHER Loki SECURITY RESEARCHER A5/1, as implemented in GSM, was broken wide open in 2003, yet GSM is still the most widely used mobile communications protocol in the world. Introducing TWILIGHTVEGETABLE, our attempt to pull together the past decade of GSM attacks into a single, coherent toolset, and finally make real, p...
Phil Zimmermann - How To Get Phone Companies To Just Say No To Wiretapping
December 14, 2014 00:30 - 31.8 MBHow To Get Phone Companies To Just Say No To Wiretapping Phil Zimmermann President & Co-Founder Silent Circle Phil is going to talk about his latest projects, which are helping several mobile carriers to provide their customers with wiretap-free phone services. These carriers are breaking ranks with the rest of their industry's century-long culture of wiretapping. When you can get actual phone companies to join in the struggle, you know change is afoot. And yes, Navy SEALS are involved....
Philip “Soldier of Fortran” Young - From root to SPECIAL: Pwning IBM Mainframes
December 14, 2014 00:29 - 13.8 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Young/DEFCON-22-Philip-Young-From-root-to-SPECIAL-Hacking-IBM-Mainframes-Updated.pdf From root to SPECIAL: Pwning IBM Mainframes Philip “Soldier of Fortran” Young 1.1 million transactions are run through mainframes every second worldwide. From your flight to your ATM withdrawal a mainframe was involved. These critical, mainstays of the corporate IT world aren’t going anywhere. But while the hacker community has evolved o...
Paul Such 0x222 and Agix - Playing with Car Firmware or How to Brick your Car
December 14, 2014 00:26 - 12.3 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Such/DEFCON-22-Paul-Such-0x222-Playing-with-Car-Firmware.pdf Playing with Car Firmware or How to Brick your Car Paul Such 0x222 FOUNDER OF SCRT Agix SCRT A lot of papers have already been done/produced on hacking cars through ODB2/CanBus. Looking at the car firmware could also be something really fun :) How to access the firmware, hidden menus & functionalities, hardcoded SSID, users and passwords (yes, you read right),...
Paul McMillan - Attacking the Internet of Things using Time
December 14, 2014 00:25 - 27.6 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Mcmillan/DEFCON-22-Paul-Mcmillan-Attacking-the-IOT-Using-timing-attacks.pdf Attacking the Internet of Things using Time Paul McMillan SECURITY ENGINEER, NEBULA Internet of Things devices are often slow and resource constrained. This makes them the perfect target for network-based timing attacks, which allow an attacker to brute-force credentials one character at a time, rather than guessing the entire string at once. We ...
Paul Drapeau and Brent Dukes - Steganography in Commonly Used HF Radio Protocols
December 14, 2014 00:25 - 22.8 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Drapeau-Dukes/DEFCON-22-Drapeau-Dukes-Steganography-in-Commonly-Used-HF-Radio-Protocols-UPDATED.pdf Additional Extra Materials are available here: https://defcon.org/images/defcon-22/dc-22-presentations/Drapeau-Dukes/Paul%20Drapeau%20and%20Brent%20Dukes%20-%20Extras.zip Steganography in Commonly Used HF Radio Protocols Paul Drapeau PRINCIPAL SECURITY RESEARCHER, CONFER TECHNOLOGIES INC. Brent Dukes Imagine having the c...
Patrick Wardle and Colby Moore - Optical Surgery; Implanting a DropCam
December 14, 2014 00:23 - 22.8 MBSlides Here; https://defcon.org/images/defcon-22/dc-22-presentations/Moore-Wardle/DEFCON-22-Colby-Moore-Patrick-Wardle-Synack-DropCam-Updated.pdf Optical Surgery; Implanting a DropCam Patrick Wardle DIRECTOR OF RESEARCH, SYNACK Colby Moore SECURITY RESEARCH ENGINEER, SYNACK Video Monitoring solutions such as DropCam aim to provide remote monitoring, protection and security. But what if they could be maliciously subverted? This presentation details a reverse-engineering effort that result...
Panel - Summary of Attacks Against BIOS and Secure Boot
December 14, 2014 00:23 - 28.8 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Bulygin-Bazhaniul-Furtak-Loucaides/DEFCON-22-Bulygin-Bazhaniul-Furtak-Loucaides-Summary-of-attacks-against-BIOS-UPDATED.pdf Summary of Attacks Against BIOS and Secure Boot Yuriy Bulygin CHIEF THREAT ARCHITECT, INTEL SECURITY Oleksandr Bazhaniuk SECURITY RESEARCHER, INTEL SECURITY Andrew Furtak SECURITY RESEARCHER, INTEL SECURITY John Loucaides SECURITY RESEARCHER, INTEL SECURITY A variety of attacks targeting platform...
Panel - PropLANE: Kind of keeping the NSA from watching you pee
December 14, 2014 00:22 - 30.5 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Bathurst-Rogers-Carey-Clarke/DEFCON-22-Bathurst-Rogers-Carey-Clarke-PROPLANE.pdf PropLANE: Kind of keeping the NSA from watching you pee Rob Bathurst (EVILROB) Russ Rogers (RUSSR) Mark Carey (PHORKUS) Ryan Clarke (L0STBOY) No one likes to be watched, especially on the Internet. Your Internet…habits are only for you to know, not ISPs, hotels, government agencies, your neighbor, that creepy guy down the street with the ...
Panel- Ephemeral Communications: Why and How?
December 14, 2014 00:21 - 29.4 MBPanel: Ephemeral Communications: Why and How? Ryan Lackey Founder, CryptoSeal, Inc. Jon Callas Silent Circle Elissa Shevinsky Glimpse Possibly more to come..... Ephemeral communications applications are increasingly popular ways, especially among younger users, to communicate online. In contrast to “once it’s on the Internet, it’s forever”, these applications promise to delete information rapidly, or to maintain anonymity indefinitely, lowering inhibitions to share sensitive or personal...
Panel - Diversity in Information Security
December 14, 2014 00:19 - 36 MBPanel - Diversity in Information Security Jennifer Imhoff-Dousharm Informatics student, co-organizer of theSummit, NCWIT affiliate member Sandy “Mouse” Clark Security Researcher and part-time Phd. candidate Kristin Paget Jolly Full time hacker Vyrus Independent Security Consultant Scott Martin CIO Spikes Security Discussion from the point of view of a diverse panel of leading representatives currently in or thinking of becoming part of the Information Security industry. This panel wil...
Panel - DEF CON the Mystery, Myth, and Legend
December 14, 2014 00:17 - 51 MBDEF CON the Mystery, Myth and Legend Panel It's hard to throw a stone these days without hitting a security/hacking conference. But, when every year the Las Vegas Metro SWAT Team stages for an interdiction of your convention, you know you have something "different". From crawling through Air Ducts to surreptitiously "acquiring" telco equipment, these are the stories of DEF CON you don't often hear about. The stories of yesteryear that not only helped shape defcon but also the people who ma...
Nicole Ozer & Kevin Bankston & Timothy Edgar - Panel - Surveillance on the Silver Screen - Fact or Fiction
December 14, 2014 00:15 - 35.6 MBPanel — Surveillance on the Silver Screen- Fact or Fiction? Nicole Ozer Technology and Civil Liberties Policy Director, ACLU of California Kevin Bankston Policy Director, New America Foundation's Open Technology Institute Timothy Edgar Fellow, Watson Institute for International Studies, Brown University Join ACLU and others for a fun-filled surveillance tour of the movies - from Brazil to Bourne - to talk about what is still fiction and what is now fact. What is technologically possible?...
Nemus - An Introduction to Back Dooring Operating Systems for Fun and Trolling
December 14, 2014 00:13 - 22 MBSlides Here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Nemus/DEFCON-22-Lance-Buttars-Nemus-Intro-to-backdooring-OS.pdf An Introduction to Back Dooring Operating Systems for Fun and Trolling Nemus SECURITY RESEARCHER So you want to setup a back door? Have you ever wondered how its done and what you can do to detect back doors on your network and operating systems? Ever wanted to setup a back door to prank a friend?. This presentations will do just that. We will go over th...
David Kennedy - Destroying Education and Awareness Programs
December 14, 2014 00:11 - 33 MBDavid Kennedy - Destroying Education and Awareness Programs
The Dark Tangent & LosT - Welcome and Making of the DEF CON Badge
December 14, 2014 00:06 - 62.2 MBThe Dark Tangent and Ryan Clarke "LosT" Welcome to DEF CON and discuss the making of the DEF CON 22 Badge.
Dan Kaminsky - Secure Random by Default
December 14, 2014 00:03 - 62.2 MBSecure Random By Default Dan Kaminsky Chief Scientist, White Ops As a general rule in security, we have learned that the best way to achieve security is to enable it by default. However, across operating systems and languages, random number generation is always exposed via two separate and most assuredly unequal APIs -- insecure and default, and secure but obscure. Why not fix this? Why not make JavaScript and PHP and Java and Python and even libc rand() return strong entropy? What are th...
Panel - Hack All The Things: 20 Devices in 45 Minutes
December 14, 2014 00:00 - 30.2 MBSlides here: https://defcon.org/images/defcon-22/dc-22-presentations/Heres-Etemadieh-Baker-Nielsen/DEFCON-22-Heres-Etemadieh-Baker-Nielsen-Hack-All-The-Things.pdf Hack All The Things: 20 Devices in 45 Minutes CJ Heres SECURITY CONSULTANT Amir Etemadieh SECURITY RESEARCHER AT ACCUVANT LABS Mike Baker CO-FOUNDER OPENWRT Hans Nielsen SENIOR SECURITY CONSULTANT AT MATASANO When we heard “Hack All The Things,” we took it as a challenge. So at DEF CON this year we’re doing exactly that, we’r...
Panel - DEF CON Comedy Jam Part VII, Is This The One With The Whales?
December 13, 2014 23:44 - 67.1 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Mortman/DEFCON-22-Fail-Panel-Defcon-Comedy-Jam-VII.pdf DEF CON Comedy Jam Part VII, Is This The One With The Whales? David Mortman @MORTMAN Rich Mogull @RMOGULL Chris Hoff @BEAKER Dave Maynor @ERRATADAVE Larry Pesce @HAXORTHEMATRIX James Arlen @MYRCURIAL Rob Graham @ERRATAROB Alex Rothman Shostack @ARS_INFOSECTICA Weeeeeeeeee're baaaaaack. Bring out your FAIL. It's the most talked about panel at DEF CON! A standin...
Panel - Contests Award Ceremony
December 13, 2014 23:41 - 31.7 MBDEF CON 22 Contests Award Ceremony
Nir Valtman - Bug Bounty Programs Evolution
December 13, 2014 23:37 - 30 MBSlides Here; https://www.defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-Bug-Bounty-Programs-Evolution.pdf Extra Materials are available here: https://www.defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-Extras-Bug-Bounty-Programs-Evolution.zip Bug Bounty Programs Evolution Nir Valtman ENTERPRISE SECURITY ARCHITECT Bug bounty programs have been hyped in the past 3 years, but this concept was actually widely implemented in the pas...
Nir Valtman - A Journey to Protect Points-of-sale
December 13, 2014 23:36 - 32.7 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Valtman/DEFCON-22-Nir-Valtman-A-Journey-To-Protect-POS-UPDATED.pdf A Journey to Protect Points-of-sale Nir Valtman ENTERPRISE SECURITY ARCHITECT, NCR RETAIL Many point-of-sale breaches occurred in the past year and many organizations are still vulnerable against the simplest exploits. In this presentation, I explain about how points-of-sale get compromised from both retailer’s and software-vendor’s perspective. One of th...
Michael Schrenk - You're Leaking Trade Secrets
December 13, 2014 23:35 - 26 MBSlides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Schrenk/DEFCON-22-Mike-Schrenk-Youre-Leaking-Trade-Secrets-UPDATED.pdf You're Leaking Trade Secrets Michael Schrenk BUSINESS INTELLIGENCE SPECIALIST Networks don't need to be hacked for information to be compromised. This is particularly true for organizations that are trying to keep trade secrets. While we hear a lot about personal privacy, little is said in regard to organizational privacy. Organizations, in fact, leak...