Show filters Hide filters

Refine your search

Publication Year
Organisation found in the video
1-29 out of 29 results
Change view
  • Sort by:
42:06 Hacktivity English 2015

Why Nation-State Malwares Target Telco Networks: Dissection Technical Capabilities of Regin and Its Counterparts

The recent research in malware analysis suggests state actors allegedly use cyber espionage campaigns against GSM networks. Analysis of state-sponsored malwares such as Flame, Duqu, Uruborus and the Regin revealed that these were designed to sustain long-term intelligence-gathering operations by remaining under the radar. Antivirus companies made a great job in revealing technical details of the attack campaigns, however, they have almost exclusively focused on the executables or the memory dump of the infected systems - the research hasn't been simulated in a real environment. In this talk, we are going to break down the Regin framework stages from a reverse engineering perspective - kernel driver infection scheme, virtual file system and its encryption scheme, kernel mode manager- while analyzing its behaviors on a GSM network and making technical comparison of its counterparts - such as TDL4, Uruborus, Duqu2.
  • Published: 2015
  • Publisher: Hacktivity
  • Language: English
46:00 Hacktivity English 2015

Layer 1 encryption and decryption

Ha a fizikai rétegrol beszélünk, mindenki drótokra és optikai kapcsolatokra gondol, miközben a modern kommunikáció jelentos része vezeték nélkül zajlik. A rendelkezésre álló frekvenciaspektrum jobb kihasználáshoz az eszközök frekvenciaugratásos technikákat használnak, azaz mind a leadó-, mind a vevo-berendezés másodpercenként több ezerszer vált frekvenciát. A megfelelo kommunikáció biztosításához a leadót és a vevot szinkronban kell tartani. A kereskedelmi használatban ezt frekvenciaugratásos eloírások biztosítják. Ha a kommunikációt tovább akarjuk titkosítani, csak annyit kell tennünk, hogy nem szabványos eloírást használunk, így harmadik fél nem tudja veszteség nélkül összegyojteni az átvitt adatokat, ez a veszteség pedig megakadályozza a tartalom titkosítását megfejtését. A digitális jelfeldolgozás új eszközt biztosít minden átvitt karakterfüzér azonosítására és összegyujtésére.
  • Published: 2015
  • Publisher: Hacktivity
  • Language: English
41:44 Hacktivity English 2015

Hacking cars in the style of Stuxnet

We believe that the most important impact of Stuxnet in the long run is that it provides a blueprint for carrying out similar attacks in different embedded computing environments. To demonstrate this, we started experimenting with attacking cars in the same style as Stuxnet attacked uranium centrifuges. Our experiments show that it is relatively easy to perform dangerous modifications to the settings of different car electronic control units. by sSimply infecting the mechanic's PC or laptop that runs the diagnostic software used to manage those ECUs in the car, and replacing the DLL responsible for communications between the diagnostic software and the CAN bus with a malicious DLL, that we can implements man-in-the-middle type attacks (e.g., replay or modification of commands). As a proof-of-concept, we managed to forge a message that switches off the airbag of an Audi TT without the mechanic noticing the misdeed.
  • Published: 2015
  • Publisher: Hacktivity
  • Language: English
46:17 Free and Open Source software Conference (FrOSCon) e.V. English 2015

Unit Testing by Example

Everyone tells you that you need to test. You know the theory, but you don't know where to begin. What to test? What cases to write? Through realistic and pragmatic examples, this presentation will take you away from var dump and ease you into the testing business until you're ready to do TDD. All this without losing sight of the tight deadlines. Anna Filina
  • Published: 2015
  • Publisher: Free and Open Source software Conference (FrOSCon) e.V.
  • Language: English
1:07:59 Free and Open Source software Conference (FrOSCon) e.V. German 2015

MARS: Replicating Petabytes over Long Distances

MARS Light is a kernel-level asynchronous block replication for long distances, supporting disaster recovery / georedundancy. Thomas Schöbel-Theuer
  • Published: 2015
  • Publisher: Free and Open Source software Conference (FrOSCon) e.V.
  • Language: German
25:50 EuroPython English 2014

Jython in practice

Fredrik Håård - Jython in practice A lot of people have heard of Jython, some have tried it, but it seems few have actually deployed it in a corporate environment. In this talk I'll share my experiences in using Jython as a testbed for Java applications, for rapid prototyping in Java desktop and web environments, and for embedding scripting capabilities in Java products. ----- Not everyone gets paid to work with Python all the time, but if you find yourself in a Java project, there are good chances you could benefit from Python without throwing out the Java stack. Using Jython, you can do rapid prototyping without the long edit-compile-test cycles normally associated with large Java projects, whether on the web or the desktop, and when testing an application might become a nightmare of scaffolding in Java, a little Jython may be just what you need to be able to run your tests smoothly. At the end of this talk, I will put on my politician´s hat and bring up the best - and worst - arguments to use to get permission to use Jython in a corporate environment.
  • Published: 2014
  • Publisher: EuroPython
  • Language: English
35:50 EuroPython English 2016

High Performance Networking in Python

Yury Selivanov - High Performance Networking in Python The talk will cover new async/await syntax in Python, asyncio library and ecosystem around it, and ways to use them for creating high performance servers. It will explain how to build custom event loops for asyncio, with an example of using the libuv library with Cython to achieve 2-3x performance boost over vanilla asyncio. ----- The talk will start with an overview of async/await syntax introduced with PEP 492 in Python 3.5. We'll go through asynchronous context managers and iteration protocols it introduces. I'll briefly explain how the feature is implemented in CPython core. Then we'll explore asyncio design. I'll briefly cover event loop, policies, transports, protocols and streams abstractions. I'll explain that event loops are pluggable, which really makes asyncio a universal framework. We'll cover libuv - a high performance networking library that drives NodeJS. I'll highlight where it's similar to asyncio and how it's different. In the final part of the talk I'll explain how to make an asyncio compatible event loop on top of libuv. I'll showcase Cython, which is an amazing tool for tasks like this. Finally, I'll share some ideas on how we can further improve the performance of asyncio and networking in Python, and what are the challenges that we will face. **Objectives:** 1. Deeper understanding of async/await in Python and why it's important. 2. Deeper understanding of asyncio architecture and protocols. 3. How to improve asyncio performance by implementing custom event loops. 4. Show that it's easy to integrate existing complex & low level libraries with Cython. 5. Some perspective on how Python may evolve wrt networking.
  • Published: 2016
  • Publisher: EuroPython
  • Language: English
28:08 FOSS4G, Open Source Geospatial Foundation (OSGeo) English 2016

Command Line Geography

The keyboard is the new compass ! In this entertaining session, we will see how our beloved shell can fit into the workflow of the modern cartographer in the most surprising ways, and we will generate maps in the least expected places (your terminal, your desktop, your IDE...) analyse and visualise geo data with expressive SQL one-liners ; manipulate file formats with shell I/O and useful libraries ; geocode with the blink of an eye (or with your voice) ; make ASCII and emoji maps ; transform Atom into a supercharged geo IDE ; set up the perfect web mapping project environment in seconds ; and many more ! The CartoDB SQL APIs, along with the CartoDB Node client, SQL and PostGIS, plus a host of other open source libraries (GDAL, CSVKit, Yeoman...), will be showcased as the "survival kit" for the hurried but demanding mapper.
  • Published: 2016
  • Publisher: FOSS4G, Open Source Geospatial Foundation (OSGeo)
  • Language: English
1:04:51 re:publica English 2013

Export Controls for Dual-Use Software

Neuartige Formen der Überwachung digitaler Geräte bedrohen die Informationsfreiheit im Internet. Häufig sind deutsche Firmen beteiligt, wenn autoritäre Regime Journalisten, Dissidenten und Aktivisten ausspionieren. Dieses Panel soll sich ebenso mit dem Status quo auseinandersetzen wie mit Möglichkeiten, den Zugang zu Überwachungstechnologien besser zu kontrollieren Das Internet hat (Bürger-) Journalisten, Aktivisten und Blogger weltweit vernetzt und ist ein wichtiger Träger der Informationsfreiheit. Andererseits haben autoritäre Regime das Internet für sich entdeckt und nutzen digitale Technologien, um kritische Stimmen zu überwachen. Das Know-how dafür kommt oft von Unternehmen aus Europa und den USA -- und auch aus Deutschland. Deren IT-basierte Überwachungstechnologien können teils Festplatten von Computern durchsuchen, verschlüsselte E-Mails mitlesen sowie Kamera und Mikrofon eines Computers oder Handys aus der Ferne aktivieren. Wir fragen uns deshalb: Was ist der Stand der Technik?
  • Published: 2013
  • Publisher: re:publica
  • Language: English
40:38 EuroPython English 2017

Rethinking how we build HTTP APIs

Rethinking how we build HTTP APIs [EuroPython 2017 - Talk - 2017-07-14 - PyCharm Room] [Rimini, Italy] Rethinking how we build HTTP APIs The Python universe is overflowing with web frameworks, from full featured batteries included frameworks like Django to micro frameworks like Bottle or Flask. They each have their own specific features but in the end they are all very similar in their core functionality of processing requests and generating responses. In this talk I will discuss why I felt the need to create yet another framework, a pico framework, that specifically focuses on the task of building HTTP based APIs for the web. Pico, as it is aptly called, doesn't do templating, ORM, custom routing, authentication, validation, caching, or a million other things. Instead it helps you write clean APIs using simple functions and modules with minimal boilerplate. Pico is both opinionated and flexible in equal measures so you can focus on what matters; your API logic. Pico helps you to write code that that is simple to get started, trivial to test, and easy to maintain as your project grows. APIs built with Pico are self describing so client code can automatically/dynamically be created. Pico includes both a Python & Javascript client but it is also very simple to interact with your API with plain old cURL/Requests/jQuery/etc. It is just a HTTP API after all. Having recently released Pico 2.0, this talk will outline the evolution of this framework over the past 7 years and discuss some lessons learnt along the way about building HTTP APIs and frameworks
  • Published: 2017
  • Publisher: EuroPython
  • Language: English
1:47:19 Chaos Computer Club e.V. German 2017

Nougatbytes 11₂

Zwei Teams mit rauchenden Köpfen und ein johlendes Publikum raten sich durch unsere dritte Wortspielhölle der IT, Informatik und digitalen Gesellschaft. Wer bei vielschichtigen (Anm. d. R.: „haarsträubenden“!) Assoziazionsbilderrätseln freudiges Synapsenfunkeln und feuchte Augen bekommt oder aber bei Gehirnschmerz und Um-die-Ecke-Denk-Beulen trotzdem feiert, ist bei uns zu Hause.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
31:19 Chaos Computer Club e.V. English 2017

Running GSM mobile phone on SDR

Since SDR (Software Defined Radio) becomes more popular and more available for everyone, there is a lot of projects based on this technology. Looking from the mobile telecommunications side, at the moment it's possible to run your own GSM or UMTS network using a transmit capable SDR device and free software like OsmoBTS or OpenBTS. There is also the srsLTE project, which provides open source implementation of LTE base station (eNodeB) and moreover the client side stack (srsUE) for SDR. Our talk is about the R&D process of porting the existing GSM mobile side stack (OsmocomBB) to the SDR based hardware, and about the results we have achieved.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
59:24 Chaos Computer Club e.V. German 2017

All Computers Are Beschlagnahmt

Im August 2017 wurde Indymedia linksunten vom Bundesinnenminister verboten. Rechtsanwältin Kristin Pietrzyk berichtet von den Razzien, von der Zusammenarbeit zwischen Polizei und Geheimdiensten und gibt Einblick in das juristische Vorgehen gegen Verbot und Zensur.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
57:18 Chaos Computer Club e.V. English 2017

34C3 Infrastructure Review

In this traditional lecture, various teams provide an inside look at how this Congress‘ infrastructure was planned and built. You’ll learn what worked and what went wrong, and some of the talks may even contain facts! Also, the NOC promises to try and not have the network fail in the middle of the NOC presentation this time.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
23:54 re:publica German 2013

Mixing Pop & Politics

Über Pop und Politik zu bloggen ist scheiße, birgt aber viele Möglichkeiten in sich. Mixing Pop & Politics, wo liegt der Sinn darin diese beiden Bereiche zu vermischen und wo die Gefahren? Welche Möglichkeiten ergeben sich dem/der BloggerIn, der/die diesen Weg einschlägt?Welche nervigen immer wieder kehrenden Diskussionen werden kommen, welche Fettnäpfchen und worauf kannst Du achten?Daniel Decker zieht eine Bilanz aus drei Jahren Blogging unter diesem Motto und vielleicht singen wir ja alle am Ende zusammen Billy Bragg.
  • Published: 2013
  • Publisher: re:publica
  • Language: German
41:46 FOSDEM VZW English 2014

osmocom: Overview of our SDR projects

Osmocom stands for Open-Source MObile COMmunication. It's an umbrella project for several sub-projects that focus on implementing various telecom standard. A growing part of these are using SDR and theses are the the ones that will be presented in this talk. Among theses are rtl-sdr, a library to use cheap dvb-t dongle as SDR receiver; gr-osmosdr, a GNURadio source block to support multiple capture hardware easily in your apps; osmo-tetra, an sdr implementation of a TETRA receiver; osmo-gmr, a protocol stack for this satphone standard; gr-fosphor, a GPU accelerated spectrum visualization block for GNURadio.
  • Published: 2014
  • Publisher: FOSDEM VZW
  • Language: English
33:50 re:publica German 2017

(Wofür) Braucht Deutschland eine Schul-Cloud?

Als Johanna Wanka 5 Milliarden Euro für die Digitalisierung von Schulen ankündigte, ging ein Aspekt der Überlegungen im Kleingedruckten unter: die Idee einer Schul-Cloud als „zentralen webbasierten Dienst“. Dieser Dienst soll Schulen Lern- und Arbeitsumgebungen sowie Lerninhalte bereitstellen. Aber ist ein (neuer) zentraler Dienst wünschenswert und realistisch? Darüber wollen wir diskutieren!
  • Published: 2017
  • Publisher: re:publica
  • Language: German
54:26 re:publica German 2015

Europa, wir müssen reden! Mit Comedy und Alltagsgeschichten gegen Ausgrenzung

Europa hat offenbar ein Problem. Comedien und Youtube-Star Idil Baydar und die Bloggerin, Juristin und Moscheeführerin Betül Ulusoy sprechen es an. Häufig humorvoll, immer direkt. Dabei machen sie künstliche Trennungen in "wir" und "ihr" sichtbar und konfrontieren ihre Zuschauer und Leser damit.
  • Published: 2015
  • Publisher: re:publica
  • Language: German
48:18 Chaos Computer Club e.V. English 2017

Mobile Data Interception from the Interconnection Link

Many mobile network operators rush to upgrade their networks to 4G/LTE from 2G and 3G, not only to improve the service, but also the security. The Diameter protocol - the successor of SS7 in Long Term Evolution (LTE) networks is believed to offer more protection to the network itself and to the end-users. However, also Diameter offers a rich functionality set, which can be also exploited and misused, if the network is not properly protected. We will show in this lecture, how data interception (MiM) can be done via the diameter based interconnection link.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
46:36 Chaos Computer Club e.V. English 2015

Iridium Hacking

Listening to satellites and decoding is fun. We show how you can do it with an Software Defined Radio and some spare time. And we show what interesting stuff you can expect to find.
  • Published: 2015
  • Publisher: Chaos Computer Club e.V.
  • Language: English
1:02:30 Chaos Computer Club e.V. English 2017

Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection

In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. This situation raised our awareness on the lack of research in our community about operating and detecting spying microphones. Our biggest concern was that most of the knowledge came from fictional movies. Therefore, we performed a deep study on the state-of-the-art of microphone bugs, their characteristics, features and pitfalls. It included real life experiments trying to bug ourselves and trying to detect the hidden mics. Given the lack of open detection tools, we developed a free software SDR-based program, called Salamandra, to detect and locate hidden microphones in a room. After more than 120 experiments we concluded that placing mics correctly and listening is not an easy task, but it has a huge payoff when it works. Also, most mics can be detected easily with the correct tools (with some exceptions on GSM mics). In our experiments the average time to locate the mics in a room was 15 minutes. Locating mics is the novel feature of Salamandra, which is released to the public with this work. We hope that our study raises awareness on the possibility of being bugged by a powerful actor and the countermeasure tools available for our protection.
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: English
30:47 Chaos Computer Club e.V. German 2017

Schreibtisch-Hooligans

Wie umgehen mit politischer Ohnmacht? Das Informationsfreiheitsgesetz bietet einige Ansätze: Es macht es auch für juristische Laien möglich, gegen Behörden vorzugehen, die das Recht brechen. Wir kämpfen gegen die Ohnmacht: Dieses Jahr haben wir alle Gesetzentwürfe aller Bundesministerien und Lobby-Stellungnahmen dazu befreit. Wir haben uns mit der Berliner Partypolizei angelegt - prost! - und 13 Behörden verklagt, darunter die Polizei Köln, das Innenministerium und das Verteidigungsministerium. Und wir haben einen Weg gefunden, zwei Behörden zu verklagen, die eigentlich sonst keine Auskunft geben ...
  • Published: 2017
  • Publisher: Chaos Computer Club e.V.
  • Language: German
41:44 Chaos Computer Club e.V. English 2018

What the flag is CTF?

Every year since 2011 on the 28C3 we organize a Capture the Flag contest for people on the Congress and from all over the world. This year we want to give you an overview about what a CTF is, the challenges, the players, the community and how much fun it is to play (not only our) CTF.
  • Published: 2018
  • Publisher: Chaos Computer Club e.V.
  • Language: English
48:58 Chaos Computer Club e.V. English 2015

Advanced interconnect attacks

The largest weaknesses of mobile network are well hidden from users: Information exchanged between different mobile networks expose users to fraud and privacy risks.
  • Published: 2015
  • Publisher: Chaos Computer Club e.V.
  • Language: English
28:34 FOSDEM VZW English 2018

Get your decentralized project some EU funding

  • Published: 2018
  • Publisher: FOSDEM VZW
  • Language: English
45:47 DEF CON English 2018

Ridealong Adventures: Critical Issues with Police Body Cameras

The police body camera market has been growing in popularity over the last few years. A recent (2016) Johns Hopkins University market survey found 60 different models have been produced specifically for law enforcement use. Rapid adoption is fueling this meteoric increase in availability and utilization. Additionally, device manufactures are attempting to package more and more technology into these devices. This has caused a deficiency in local municipalities' skills and budget to accurately assess the attack surface and exposure to the organization. Furthermore, departmental policies and procedures governing the secure deployment of these devices is largely insufficient. At DEF CON, we will be introducing tactics, techniques, and procedures to assess the security of these devices. We will cover attacks against the physical devices, RF components, smartphone app's, and desktop software. The capabilities demonstrated and discussed will encompass publicly and privately available technologies. Additionally, the talk will cover multiple products and vendors, shedding light on industry wide issues and trends. Finally, we will be releasing software to detect and track various devices and tie these issues into real world events.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
57:33 Chaos Computer Club e.V. German 2016

Your Baseband is watching you

Geräte, die mit Mobilfunknetzen kommunizieren enthalten dafür ein Funk-Modem welches im Fachjargon "Baseband" genannt wird. Dieses erscheint gegenüber dem Rest des Systems typischerweise als Black-Box deren Innenleben Nutzer*innen und Entwicker*innen verborgen bleibt. Ich werde in diesem Vortrag kurz die gängigen Schnittstellen und Architekturen populärer Basebands darlegen und dabei besonders auf die implizite Bedeutung in Hinblick auf die Sicherheit des Gesamtsystems eingehen (Stichwort: 'modem isolation').
  • Published: 2016
  • Publisher: Chaos Computer Club e.V.
  • Language: German
13:21 FOSDEM VZW English 2014

Arduino: from prototype to final product

Arduino is a development platform useful not only for amateur/hobbyist projects, but also for prototyping commercial solutions. Its modularity make easy the process of creating and evaluating concepts in a short space of time and with reduced costs. In this talk we are going to illustrate a development flow divided into three steps: the modular design, the prototype and the final product. The modular design intends to validate the main features of the product being developed, while the prototype has the goal of evaluating its performance. The two first steps allow us to validate the proposed product with reduced costs and reduceddevelopment time, as well as it helps reduce the need of making changes in the final product project in a later stage. To illustrate this process, we are going to go through the development of a GPS tracker with GSM communication made on top of open-source software and hardware. To present the development flow of a product prototyped with Arduino. To divide and detail its development cycle into three steps: the modular design, the actual prototype and the final product. To illustrate this process, we are going to go through the development of a GPS tracker with GSM communication made on top of open-source software and hardware.
  • Published: 2014
  • Publisher: FOSDEM VZW
  • Language: English
38:39 FOSDEM VZW English 2018

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR

  • Published: 2018
  • Publisher: FOSDEM VZW
  • Language: English
out of 1 pages
Loading...
Feedback

Timings

  225 ms - page object
  136 ms - search
    7 ms - highlighting
    1 ms - highlighting/34799
    4 ms - highlighting/33575
    4 ms - highlighting/40514
    1 ms - highlighting/41459
    7 ms - highlighting/38091
    3 ms - highlighting/39704
    2 ms - highlighting/32596
    4 ms - highlighting/32176
    4 ms - highlighting/34936
    1 ms - highlighting/40259
    1 ms - highlighting/41328
    3 ms - highlighting/39304
    3 ms - highlighting/38121
    1 ms - highlighting/34930
    2 ms - highlighting/33477
    2 ms - highlighting/33087
    4 ms - highlighting/34822
    3 ms - highlighting/20322
    3 ms - highlighting/34820
    3 ms - highlighting/33709
    2 ms - highlighting/34804
    1 ms - highlighting/34832
    2 ms - highlighting/19619
    1 ms - highlighting/19552
    1 ms - highlighting/21244
    2 ms - highlighting/18843
    1 ms - highlighting/19978
    1 ms - highlighting/18858
    2 ms - highlighting/18849

Version

AV-Portal 3.8.0 (dec2fe8b0ce2e718d55d6f23ab68f0b2424a1f3f)