Show filters Hide filters

Refine your search

Publication Year
Publisher
1-36 out of 436 results
Change view
  • Sort by:
28:21 DEF CON English 2018

BLUE TEAM VILLAGE - Automating DFIR: The Counter Future

Automation has been the forefront of almost every tool or talk in the recent years. The DFIR industry has been moving rapidly towards automating everything! With some great work being done in the area of integrating workflows and various toolsets to make things easier for analysts, automation has really taken off. While that sounds like a worthwhile solution to help SOC analysts weed out the run of the mill adware/PUPs or phishing expeditions, can we really automate a response to the more sophisticated or targeted attack on our company’s crown jewels? The current argument being made, is that -- rather than building in house Incident Response teams, we should utilize automation to substitute analysts and use third party retainers for skilled analysis. Large investments in automation technologies, rather than resource development reflect this strategy. What does this mean for career progression for budding DFIR analysts? With security engineering taking the forefront, is analysis as a career in DFIR a dying star? Is automation moving us towards click forensics rather than intelligent analysis? I’d like to challenge groupthink, and debate where automation will lead the industry trends. Additionally, I will share some of my experiences in the changing face of DFIR.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
18:31 DEF CON English 2018

Hacking the Brain: Customize Evil Protocol to Pwn an SDN Controller

Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Though SDN's software-based architecture enables network programmability, it also introduces dangerous code vulnerabilities into SDN controllers. However, the decoupled SDN control plane and data plane only communicate with each other with pre-defined protocol interactions, which largely increases the difficulty of exploiting such security weaknesses from the data plane. In this talk, we extend the attack surface and introduce Custom Attack, a novel attack against SDN controllers that leverages legitimate SDN protocol messages (i.e., the custom protocol field) to facilitate Java code vulnerability exploitation. Our research shows that it was possible for a weak adversary to execute arbitrary command or manipulate data in the SDN controller without accessing the SDN controller or any applications, but only controlling a host or a switch. To the best of our knowledge, Custom Attack is the first attack that can remotely compromise SDN software stack to simultaneously cause multiple kinds of attack effects in SDN controllers. Till now we have tested 5 most popular SDN controllers and their applications and found all of them are vulnerable to Custom Attack in some degree. 14 serious vulnerabilities are discovered, all of which can be exploited remotely to launch advanced attacks against controllers (e.g., executing arbitrary commands, exfiltrating confidential files, crashing SDN service, etc.). This presentation will include: an overview of SDN security research and practices. a new attack methodology for SDN that is capable of compromising the entire network. our research process that leads to these discoveries, including technical specifics of exploits. showcases of interesting Custom Attack chains in real-world SDN projects.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
23:40 DEF CON English 2018

CAR HACKING VILLAGE - CAN Signal Extraction from OpenXC with Radare2

OpenXC builds its firmware -- for both the open and proprietary builds -- using JSON data structures which define the CAN signals. These definitions are akin to the CAN database files (.dbc) files. Reverse engineering of the open openXC builds (as an educational excersise) reveals that it is a straightforward matter to identify and extract the CAN signal definitions from the binary. Attendees will learn: What are dbc files? How strings lead reverse engineers to interesting code via backwards cross-references? What tools do attackers use to reverse engineer raw binary firmwares? How do they use them? What are some simple, useful deterrents? How do descriptive data structures -- JSON in particular -- aid attackers in their reverse engineering efforts? What mitigations are possible for this risk? The exposition of machine code in the talk will be via the free radare2 RE tool.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
32:39 DEF CON English 2018

CAAD VILLAGE - GeekPwn - The Uprising Geekpwn AI/Robotics Cybersecurity Contest U.S. 2018 - Practical adversarial attacks against challenging models environments

Moustafa Alzantot is a Ph.D. Candidate in Computer Science at UCLA. His research interests include machine learning, privacy, and mobile computing. He is an inventor of two US patents and the recipient of several awards including the COMESA 2014 innovation award. He worked as an intern at Google, Facebook, and Qualcom. Yash Sharma is a visiting scientist at Cornell who recently graduated with a Bachelors and Masters in Electrical Engineering. His research has focused on adversarial examples, namely pushing the state-of-the-art in attacks in both limited access settings and challenging domains. He is interested in finding more principled solutions for resolving the robustness problem, as well as studying other practical issues which are inhibiting us from achieving AGI.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
18:03 DEF CON English 2018

Man-In-The-Disk

Most of modern OS are using sandboxing in order to prevent malicious apps from affecting other apps or even harming the OS itself. Google is constantly reinforcing Android’s sandbox protection, introducing new features to prevent any kind of sandbox bypass. In this talk we want to shed new light on a less known attack surface which affects all Android devices and allows an attacker to hijack the communication between privileged apps and the disk, bypassing Android’s latest sandbox protection. The problem begins when privileged apps interact with files stored in exposed areas, and even worse, some of them will unintentionally break the sandbox by insecurely appending such data to its confinements. Can you imagine if someone could execute code in the context of your keyboard, or install an unwanted app without your consent? Well… It’s hardly within the realm of imagination. The external storage and network based vulnerabilities we discovered, can be leveraged by the attacker to corrupt data, steal sensitive information or even take control of your device.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
18:38 DEF CON English 2018

CAAD VILLAGE - GeekPwn - The Uprising Geekpwn AI/Robotics Cybersecurity Contest U.S. 2018 - Explanation: Alternative Path to Secure Deep Learning System

In this talk, the speaker will introduce the state-of-art techniques in both defense and attack. More specifically, he will summary the most effective attack approach and the defense mechanisms. He will also share the approaches their team adopted for the competition. Wenbo Guo is a Ph.D. student in the College of Information Science and Technology at Pennsylvania State University. Currently, he is a research intern at JD security research center in Silicon Valley. Before joining the Penn State, he got his Master degree from Shanghai Jiao Tong University in 2017. His research mainly focuses on deep learning as well as its applications in program analysis and security. He has published several research papers in the high-quality journals and conferences, such as KDD. Alejandro Cuevas, originally from Paraguay, graduated in May 2018 from The Pennsylvania State University with a B.S. Security and Risk Analysis. As an undergraduate, Alejandro co-authored 2 papers in different areas within computer security. At Penn State, Alejandro has worked on analyzing the challenges in the reproduction of crowd-reported vulnerabilities and is currently involved in a project presenting a novel RNN for memory alias analysis. Furthermore, Alejandro has also extensively collaborated with EPFL, exploring the security challenges faced by the ICRC and helping in the deployment of an anonymous communication protocol with provable traffic-analysis resistance. Alejandro is currently applying to Ph.D. programs and hopes to start in the fall of 2019.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
21:41 DEF CON English 2018

PACKET HACKING VILLAGE - Normalizing Empire's Traffic to Evade Anomaly-based IDS

Perimeter defenses are holding an important role in computer security. However, when we check the method of APT groups, a single spear-phishing usually enough to gain a foothold on the network. Therefore, red teams are mostly focused on "assume breach" type of scenarios. In these scenarios, testers need to use a post-exploitation framework. Besides that, testers also need to hide the server-agent communication from NIDS (Network Intrusion Detection Systems). In this session, we will discuss one of the most famous post-exploitation tool, Empire's situation against payload-based anomaly detection systems. We will explain how to normalize Empire's traffic with polymorphic blending attack (PBA) method. We will also cover our tool, "firstorder" which is designed to evade anomaly-based detection systems. firstorder tool takes a traffic capture file of the network, tries to identify normal profile and configures Empire's listener in such way.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
29:11 DEF CON English 2018

CRYPTO AND PRIVACY VILLAGE - No Way JOSE! Designing Cryptography Features for Mere Mortals

  • Published: 2018
  • Publisher: DEF CON
  • Language: English
20:06 DEF CON English 2018

WIRELESS VILLAGE - Exploring the 802.15.4 attack surface

Whilst 802.15.4 technologies such as Zigbee have been around for some time, our understanding of threats and risks associated with it have been lacking. As new use cases evolve, so have the opportunities for attack and exploitation. The purpose of this talk is to provide a real world exploration of where I've been finding zigbee devices with a purpose built war driving kit, some of the live collection I've done as well as an exploration of risks and what can be done. By the end of this talk, audience members will have an appreciation for cool technologies floating around their environments, an appreciation the issues associated with the 802.15.4 protocol, and how to plan and prepare from a security standpoint.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
55:41 DEF CON English 2018

WIRELESS VILLAGE - Introduction to Railroad Telemetry

North American railroads use several wireless systems for remote control, monitoring, and tracking of locomotives, railcars, signals, and other equipment. This talk will provide an overview of the systems in use, an in-depth look of two of them: The end-of-train (EOT) device contributed to the demise of the caboose 35 years ago, taking over one of its primary functions: monitoring brake pipe pressure. The EOT transmits pressure, its unique ID, and other data, encoded into AFSK packets, to a corresponding head-of-train (HOT) device in the locomotive. A secondary function is venting the line in an emergency braking event, under command of the HOT. BCH error correction is employed for reliability, but there are inherent security flaws. A SDR/GNU Radio/Python workflow for decoding and verifying packets will be demonstrated. Attempts at automatically identifying passing railcars were largely unsuccessful until the introduction of the Automatic Equipment Identification (AEI) system in the early 90s. This 900 MHz RFID system consists of passive tags on each locomotive and car and wayside readers at rail yard entrances and other locations of interest. The author's day job in environmental noise consulting led to a study of the feasibility of using AEI for rail noise studies. It had to be reverse-engineered first, of course. Using a repurposed commercial reader, Raspberry Pi, and cellular modem, a remote monitoring system gathered tag date for 5 weeks. Details of the protocol and monitoring system will be presented, along with video demonstrations.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
09:58 DEF CON English 2018

VOTING VILLAGE - Mechanics and Pitfalls of Auditing with Scanners

  • Published: 2018
  • Publisher: DEF CON
  • Language: English
42:04 DEF CON English 2018

VOTING VILLAGE - Recap of Voting Village 2017 Lessons Learned

  • Published: 2018
  • Publisher: DEF CON
  • Language: English
20:39 DEF CON English 2018

WIRELESS VILLAGE - Attacking Gotenna Networks

Talk will focus on privacy (or lack thereof) of gotenna networks. We will cover traditional attacks which have only been available to state sponsored prior to popularization and wide availability of software defined radios. We will cover signal analysis, triangulation, protocol analysis, deanonimization, cryptanalysis, spoofing and selective jamming. Since the gotenna ecosystem also includes an app we will cover the vulnerabilities in the underlying crypto libraries, weak token generation, broken API segregation as well as other vulnerabilities. You too can learn how to analyze, snoop on and exploit RF networks like a pro with a hackrf, laptop and some elbow grease, sweat and sleep deprivation.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
45:45 DEF CON English 2018

Defending the 2018 Midterm Elections from Foreign Adversaries

Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee (DNC) IT services company, and foreign adversaries probed voter registration systems. The tool now cross-checks domain information against open source threat intelligence feeds, and uses a semi-autonomous scheme for identifying phundraising and false flag sites via ensembled data mining and deep learning techniques. We identified Russian nationals registering fake campaign sites, candidates deploying defensive—and offensive—measures against their opponents, and candidates unintentionally exposing sensitive PII to the public. This talk provides an analysis of our 2016 Presidential Election data, and all data recently collected during the 2018 midterm elections. The talk also details technological and procedural measures that government offices and campaigns can use to defend themselves.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
26:46 DEF CON English 2018

AI VILLAGE - Hunting the Ethereum Smart Contract: Color Inspired Inspection of Potential Attacks

Blockchain and Cryptocurrencies are gaining unprecedented popularity and understanding. Meanwhile, Ethereum is gaining a significant popularity in the blockchain community, mainly due to the fact that it is designed in a way that enables developers to write decentralized applications (Dapps) and smart contract. This new paradigm of applications opens the door to many possibilities and opportunities. However, the security of Ethereum smart contracts has not received much attention; several Ethereum smart contracts malfunctioning have recently been reported. Unlike many previous works that have applied static and dynamic analyses to find bugs in smart contracts, we do not attempt to define and extract any features; instead we focus on reducing the expert’s labor costs. We first present a new in-depth analysis of potential attacks methodology and then translate the bytecode of solidity into RGB color code. After that, we transform them to a fixed-sized encoded imag​​e. Finally, the encoded image is fed to convolutional neural network (CNN) for automatic feature extraction and learning, detecting security flaw of Ethereum smart contract.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
1:37:17 DEF CON English 2018

RECON VILLAGE - Building visualisation platforms for OSINT Data Using open source solutions

“Reconnaissance is about gathering information. The information gathered is only as good as the insights and actionable decisions that we can gain from it. A lot of research is focused on finding OSINT data but little is done towards converting the data into insights and actionable decisions. Visualisation is an easy and efficient way to gain insights from any the data gleaned. In this workshop, we will look at how we can gather OSINT data and visualise it using free and open source solutions. Visualising data is not enough, we’ll also look at how we can use the metrics to answer business questions and lead to actionable decisions. We’ll tackle the problem by breaking it into following steps: Gathering OSINT data Storing the OSINT data Processing & visualising the data Gaining insights and making actionable decisions Some specific use-cases we’ll look at during the workshop includes: Monitoring an organisation’s SSL/TLS certificates, domains and subdomains in near-real time Creating dashboards using public datasets(scans.io) to gain insights into an organisation’s external posture Building monitoring and alerting solutions using OSINT data that will help us take business decisions Participants will get Step by Step Gitbook covering the entire training (html, pdf, epub, mobi) Custom scripts, playbooks and tools used as part of the workshop Scenarios that can be readily implemented for your use cases References to the data used in the workshop
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
35:11 DEF CON English 2018

Fuzzing Malware For Fun & Profit. Applying Coverage-Guided Fuzzing to Find Bugs in Modern Malware

Practice shows that even the most secure software written by the best engineers contain bugs. Malware is not an exception. In most cases their authors do not follow the best secure software development practices thereby introducing an interesting attack scenario which can be used to stop or slow-down malware spreading, defend against DDoS attacks and take control over C&Cs and botnets. Several previous researches have demonstrated that such bugs exist and can be exploited. To find those bugs it would be reasonable to use coverage-guided fuzzing. This talk aims to answer the following two questions: we defend against malware by exploiting bugs in them ? How can we use fuzzing to find those bugs automatically ? The author will show how we can apply coverage-guided fuzzing to automatically find bugs in sophisticated malicious samples such as botnet Mirai which was used to conduct one of the most destructive DDoS in history and various banking trojans. A new cross-platform tool implemented on top of WinAFL will be released and a set of 0day vulnerabilities will be presented. Do you want to see how a small addition to HTTP-response can stop a large-scale DDoS attack or how a smart bitflipping can cause RCE in a sophisticated banking trojan? If the answer is yes, this is definitely your talk.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
54:24 DEF CON English 2018

WIRELESS VILLAGE - Little Fluffy Pineapple Clouds

What happens when a Pineapple, a Turtle and a Squirrel get high...up in the clouds? It's been a solid year for Hak5 and we're excited to debut some epic new features! Like a centralized web consoles for all your networked Hak5 Gear, WiFi Pineapple WPA Enterprise harvesting, credential capturing and pass-through, or LIVE reconnaissance and more! Join Sebastian Kinne and Darren Kitchen of famed pentesting tools for a peek into what's right around the corner.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
58:37 DEF CON English 2018

WIRELESS VILLAGE - "It's not Wi-Fi": Reverse engineering and managing radio signals

  • Published: 2018
  • Publisher: DEF CON
  • Language: English
02:23 DEF CON English 2018

RECON VILLAGE - Closing Note

  • Published: 2018
  • Publisher: DEF CON
  • Language: English
45:09 DEF CON English 2018

Who Controls the Controllers? Hacking Crestron IoT Automation Systems

While you may not always be aware of them or even have heard of them, Crestron devices are everywhere. They can be found in universities, modern office buildings, sports arenas, and even high-end Las Vegas hotel rooms. If an environment has a lot of audio/video infrastructure, needs to interconnect or automate different IoT and building systems, or just wants the shades to close when the TV is turned on, chances are high that a Crestron device is controlling things from behind the scenes. And as these types of environments become the norm and grow ever more complex, the number of systems that Crestron devices are connected to grows as well. But it is in large part because of this complexity that installing and programming these devices is difficult enough without considering adding security. Instead of being a necessity, it's an extra headache that almost always gets entirely passed over. In this talk, I will take a look at different Crestron devices from a security perspective and discuss the many vulnerabilities and opportunities for fun to be found within. I will demonstrate both documented and undocumented features that can be used to achieve full system compromise and show the need to make securing these systems a priority, instead of an afterthought, in every deployment. In short, hijinx will ensue.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
37:53 DEF CON English 2018

Project "The Interceptor": Owning anti-drone systems with nanodrones

Antidrone system industries have arised. Due to several, and even classic, vulnerabilities in communication systems now used by drones , anti-drone systems are able to take down those drone by means of well documented attacks. Drone/antidrone competition has already been set into the scene. This talk provides a new vision about drone protection against anti-drone systems, presenting "The Interceptor Project", a hand-sized nano drone based on single-core tiniest Linux Board: Vocore2. This Linux board manages a WiFi (side/hidden) bidirectional channel communication that cannot be deauthenticated and it is replay-resistant, keeping all 802.11 hacking capabilities and standard utilities as any other WiFi hacker drone, with only the built-in adapter of the tiny Vocore2. Also, a "just in case", fallback control by SDR is implemented taking advantage of all the goods that SDR radio gives. All embedded into a hand-sized aircraft to make detection and mitigation a real and new pain, with a very low budget: About 70.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
32:37 DEF CON English 2018

Last mile authentication problem: Exploiting the missing link in end-to-end secure communication

With "Trust none over the Internet" mindset, securing all communication between a client and a server with protocols such as TLS has become a common practice. However, while the communication over Internet is routinely secured, there is still an area where such security awareness is not seen: inside individual computers, where adversaries are often not expected. This talk discusses the security of various inter-process communication (IPC) mechanisms that local processes and applications use to interact with each other. In particular, we show IPC-related vulnerabilities that allow a non-privileged process to steal passwords stored in popular password managers and even second factors from hardware tokens. With passwords being the primary way of authentication, the insecurity of this "last mile" causes the security of the rest of the communication strands to be obsolete. The vulnerabilities that we demonstrate can be exploited on multi-user computers that may have processes of multiple users running at the same time. The attacker is a non-privileged user trying to steal sensitive information from other users. Such computers can be found in enterprises with centralized access control that gives multiple users access to the same host. Computers with guest accounts and shared computers at home are similarly vulnerable.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
43:52 DEF CON English 2018

NSA Talks: Cybersecurity

The National Security Agency (NSA) has authorities for both foreign intelligence and cyber security. This unique position gives NSA insights into the ways networks are exploited and the methods that are effective in defending against threats. Over time, NSA has adapted the focus of its security efforts and continues to evolve with technologies and the adversaries we face. The talk will look back at some of the inflection points that have influenced NSA and US Government cybersecurity efforts and look at what is necessary to stay safe in the new environment.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
40:30 DEF CON English 2018

PACKET HACKING VILLAGE - Grand Theft Auto: Digital Key Hacking

The security of automobiles accesses control system is a topic often discussed. Today's vehicles rely on key-fob control modules, to ensure the vehicle is accessible to authorized users only. While most traditional automobile key-fob systems have been shown to be insecure in the past, here comes a game changer. Instead of the regular key-fob system, some car owners will be able to access their vehicle by having their smartphone authenticates as a digital car key.In this talk, we will reveal the research and attacks for one of digital car keys system in the current market. By investigating how these features work, and how to exploit it through different possibles of attack vectors, we will demonstrate the security limitations of such system. By the end of this talk, the attendees will not only understand how to exploit these systems also which tools can be used to achieve our goals.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
53:37 DEF CON English 2018

BCOS Monero Village - Inside Monero

  • Published: 2018
  • Publisher: DEF CON
  • Language: English
35:11 DEF CON English 2018

HARDWARE HACKING VILLAGE - Building drones, the hard way

  • Published: 2018
  • Publisher: DEF CON
  • Language: English
39:22 DEF CON English 2018

SE VILLAGE - From Introvert to SE

In 20 years I learned how to step outside my introverted personality to explore the world in a more successful way, but not without bumps and bruises which taught me valuable lessons. This is my story of that journey which I hope to convey to those listening that being a deep introvert should not prevent them from trying and achieving goals in life up to and including being a professional social engineer and beyond. I wrap up with the specific lessons I learned over the course of that time, so others can reap the benefits of those lessons in a much shorter time frame.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
22:49 DEF CON English 2018

CAR HACKING VILLAGE - Automotive Evidence Collection – Automotive Driving Aids and Liability

The presentation will cover security implications of GPS and positioning attacks. We will discuss real world attacks and incidents. We will touch upon increased reliance on positioning data in accident reconstruction and assistive driving technologies.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
50:45 DEF CON English 2018

SE VILLAGE - Social Engineering Course Projects for Undergraduate Students

The hard science disciplines (computer science, electrical and computer engineering) have already started investing heavily in cybersecurity education. Security experts, however, note that cybersecurity is a wider discipline than simply the [technical] fields, and professionals with backgrounds [in] the social sciences … will be needed in the cyber workforce of the future. The relevance of incorporating social sciences into the cybersecurity domain has been acknowledged by the National Academies of Sciences, Engineering, and Medicine and the Department of Homeland Security. Social science disciplines, such as sociology, criminology/criminal justice, anthropology, political science, and psychology are particularly adept at unpacking the complex facets of human behavior and should therefore be leveraged for their contributions to the area of cybersecurity. Yet, the social science arena remains weak in cybersecurity training and education of the future cyber workforce. This talk shares an educator’s efforts to engage undergraduate students in a hands-on social engineering project across Fall 2017 and Spring 2018 semesters. It uses the experiential learning framework that promotes “learning by doing”. Specifically, this talk focuses on three sub-projects: (i) shoulder surfing where student teams competed against each other, (ii) laptop distraction, where student teams attempted to convince Temple University Computer Services employees to leave their laptops (designed for the class exercise) so that the students could remove a bogus ‘intellectual property’ file and place a fake ‘malware’ program on the employees’ machines, and (iii) convince individuals on Temple University campus to take a selfie with team members and a funny prop. The talk also offers a comparative analysis of these projects over the two semesters, sharing the experiences and challenges of both the students and this educator. It also details the issues about designing projects that follow university ethics standards, training students in human subjects research ethics, generating relevant rubrics, and how to evaluate student engagement and learning. To conclude, the educator shares these cases discussed to initiate dialog in the area of hands-on learning for social science students. Audience feedback is welcomed as this educator is still exploring the experiential learning approach, especially in the area of social engineering.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
44:57 DEF CON English 2018

Revolting Radios: Get it? It's a pun!

There are many Software Defined Radios (SDRs) available, with a great deal of time and effort having gone in to their design. These are not those radios. We present four radios that we have designed using crude, novel, and sometimes ridiculous methods for transmitting and receiving signals. The arrival of SDR allowed more hackers than ever to experiment with radio protocols, but we're still using hardware built by other people. In the time honored hacker tradition of rolling our own tools, we'll demonstrate four simple radios that can be home-built using commonly available parts for little to no cost.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
39:33 DEF CON English 2018

BCOS Monero Village - Welcome Speech

  • Published: 2018
  • Publisher: DEF CON
  • Language: English
21:22 DEF CON English 2018

Playing Malware Injection with Exploit thoughts

In the past, when hackers did malicious program code injection, they used to adopt RunPE, AtomBombing, cross-process creation threads, and other approaches. They could forge their own execution program as any critical system service. However with increasing process of anti-virus techniques, these sensitive approaches have been gradually proactively killed. Therefore, hackers began to aim at another place, namely memory-level weakness, due to the breakages of critical system service itself. This agenda will simply introduce a new memory injection technique that emerged after 2013, PowerLoadEx. Based on this concept, three new injection methods will be disclosed as well. These makes good use of the memory vulnerability in Windows to inject malicious behavior into system critical services. The content will cover Windows reverse analysis, memory weakness analysis, how to use and utilize, and so on. The relevant PoC will be released at the end of the agenda.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
24:46 DEF CON English 2018

Pwning "the toughest target": the exploit chain of winning the largest bug bounty in the history of ASR program

In recent years, Google has made many great efforts in exploit mitigation and attack surface reduction to strengthen the security of android system. It is becoming more and more difficult to remotely compromise Android phones especially Google’s Pixel phone. The Pixel phone is protected by many layers of security. It was the only device that was not pwned in the 2017 Mobile Pwn2Own competition. But our team discovered a remote exploit chain—the first of its kind since the Android Security Rewards (ASR) program expansion, which could compromise The Pixel phone remotely. The exploit chain was reported to Android security team directly. They took it seriously and patched it quickly. Because of the severity and our detailed report, we were awarded the highest reward (112,500) in the history of the ASR program. In this talk we will detail how we used the exploit chain to inject arbitrary code into system server process and get system user permissions. The exploit chain includes two bugs, CVE-2017-5116 and CVE-2017-14904. CVE-2017-5116 is a V8 engine bug related with Webassembly and SharedArrayBuffer. It is used to get remote code execution in sandboxed Chrome render process. CVE-2017-14904 is a bug in Android's libgralloc module that is used to escape from the sandbox. The way we used for sandbox escaping is very interesting, rarely talked about before. All details of vulnerabilities and mitigation bypassing techniques will be given in this talk.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
36:47 DEF CON English 2018

ETHICS VILLAGE - Ethical Disclosure and the Reduction of Harm

How does a researcher become empowered to influence business and marketing leaders to balance coordinated disclosure, opsec protection, and tradecraft protection, with corporate interests? This talk examines use cases gone wrong, and opportunities for all groups to work together to make it right.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
31:05 DEF CON English 2018

SE VILLAGE - Social Engineering From a CISO's Perspective

Social Engineering is a powerful tool. With the weapons gathered through Open Source Intelligence (OSINT) gathering and well crafted vishing or phishing a Social Engineer wields incredible power to do good. Unfortunately, for some the power of being a Social Engineer is one that they wield to show they are smarter than those around them and cause stress and fear doing damage to any potential relationship they or the department they represents. This discussion will be about how to create meaningful, targeted phish and vish in an enterprise while strengthening information security from the real world perspective of a CISO as well as a few specifics to avoid. In conclusion this presentation will cover the importance of trust and how social engineering can help build or destroy trust.
  • Published: 2018
  • Publisher: DEF CON
  • Language: English
out of 13 pages
Loading...
Feedback

Timings

  164 ms - page object
   94 ms - search
    4 ms - highlighting
    1 ms - highlighting/39729
    2 ms - highlighting/39738
    0 ms - highlighting/39975
    2 ms - highlighting/39789
    2 ms - highlighting/39884
    4 ms - highlighting/39963
    2 ms - highlighting/39696
    2 ms - highlighting/39726
    0 ms - highlighting/39824
    1 ms - highlighting/39872
    0 ms - highlighting/39847
    0 ms - highlighting/39957
    2 ms - highlighting/39795
    1 ms - highlighting/39757
    0 ms - highlighting/39660
    3 ms - highlighting/39918
    0 ms - highlighting/39742
    2 ms - highlighting/39681
    2 ms - highlighting/39891
    0 ms - highlighting/39655
    1 ms - highlighting/39823
    0 ms - highlighting/39977
    1 ms - highlighting/39914
    1 ms - highlighting/39653
    2 ms - highlighting/39961
    2 ms - highlighting/39854
    0 ms - highlighting/39654
    1 ms - highlighting/39674
    1 ms - highlighting/39788
    0 ms - highlighting/39819
    3 ms - highlighting/39721
    2 ms - highlighting/39971
    1 ms - highlighting/39970
    1 ms - highlighting/39657
    1 ms - highlighting/39691
    1 ms - highlighting/39713

Version

AV-Portal 3.8.0 (dec2fe8b0ce2e718d55d6f23ab68f0b2424a1f3f)