defcon - All Articles - CISO Platform2024-03-29T11:56:17Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/defconTop Talks from Defcon - The Largest Hacker Conference ( Part 1 )https://www.cisoplatform.com/profiles/blogs/top-defcon-talks-part-12014-08-16T11:00:00.000Z2014-08-16T11:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>Defcon 22, the largest conference for hackers with 15,000 attendees saw some of the most interesting researches in the field of security and hacking. From hundreds of talks, we have handpicked the top presentations which are relevant for security managers and leaders.</p>
<p></p>
<p></p>
<p><span style="text-decoration:underline;"><strong>Important Note:</strong></span></p>
<ul>
<li>All presentations are courtesy Defcon and is presented as-is without any modification</li>
<li>Some of the descriptions below are taken from Defcon website (<a href="http://www.defcon.org" target="_blank">www.defcon.org</a><span>)</span></li>
<li>You need to <span style="text-decoration:underline;"><strong>Sign in/Sign up to view the presentations. (It's free)</strong></span></li>
</ul>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Elevator Hacking: From the Pit to the Penthouse</span></p>
<p>Elevators have played a key role from hackers to pen testers. An in-depth of how elevators work, allowing a greater understanding of the system and how sometimes the unexplored features can leave serious threat exposure. </p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/elevator-hacking-from-the-pit-to-the-penthouse" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Weaponizing your Pets: The War Kitteh and the Denial of Service Dog</span></p>
<p>A walk through how the tracking works for your cat and dog. Thus, creation of war kitteh and service dog. The presentation takes you through every step and tells exactly what works and doesn't. For example- 'Cats are very tough to work with'.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/weaponizing-your-pets-the-war-kitteh-and-the-denial-of-service-do" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">One Man Shop:Building an effective security program all by yourself</span></p>
<p>Learning the process from "Step 1" to an effective security program in a cost effective and resource constrained manner. It is based on real world experiences and introduces multi-year approach to methodologies, techniques, and tools.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/one-man-shop-how-to-build-a-functional-security-program-with-limi" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Instrumenting Point-of-Sale Malware</span></p>
<p>Encourages the adoption of better practices in the publication and demonstration of malware analyses. It proposes borrowing the concept of “executable research” by supplementing our written analysis with material designed to illustrate our analysis using the malware itself. This helps analysts for in-depth research. It also talks about taking a step beyond traditional sandboxes to implement bespoke virtual environments and scripted instrumentation with commentary can supplement written reports so that makes the malware analysis more sound and useful to others.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/instrumenting-point-of-sale-malware" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Burner Phone DDOS 2 dollars a day : 70 Calls a Minute</span></p>
<p>Research DDOS on phone! Model for proof-of-concept SCH-U365 QUALCOMM prepaid Verizon phone. A custom firmware written can convert it into a DOS system allowing spam call that number 70 times a min. till battery dies and automatic phonebook number receival using speaker. Use of evasion methods including PRL list hopping.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/easy-to-use-phone-ddos" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Bypass Firewalls, Application White Lists, Secure Remote Desktops under 20seconds</span></p>
<p>"Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation." 2 developments are offered- The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver).</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/bypass-firewalls-application-white-lists-secure-remote-desktops-i" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">The Dangers of Insecure Home Automation Deployment</span></p>
<p>A dissection of reverse engineering of the KNX/IP home automation protocol; a description of the deployment flaws; blueprints on how to create an Ipad Trojan to send commands outside the hotel; and, of course, solutions to avoid all these pitfall in future deployments.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/the-dangers-of-insecure-home-automation-deployment" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin</span></p>
<p>An introductory level talk covering basics of Tor, Darknets, Darknet Market places, and Bitcoin. Some recommendations to help make the use of TOR, Bitcoin, and Marketplaces more secure. </p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/a-tour-through-the-dark-side-of-the-internet" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">A Journey to Protect Points-of-Sale</span></p>
<p>Learn how points-of-sale get compromised from both retailer’s and software-vendor’s perspective. Know how some concepts work while some don't.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/a-journey-to-protect-points-of-sale" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Attacking the Internet of Things Using Time</span></p>
<p>Internet of Things devices being slow and resource constrained are easy target to network-based timing attacks, allowing brute-forcing of credentials. This talk explores the working of timing attacks, their optimization and how to tackle various parameters of exploitation. </p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/attacking-the-internet-of-things-using-time" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">From ROOT to Special: Pwning IBM Mainframes</span></p>
<p>1.1 million transactions are run through mainframes every second worldwide. Yet the mainframe security is negligent enough. This presentation tears open the mainframe security, it visits the root, exploits it within present tools and uses it to develop new tools.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/from-root-to-special-hacking-ibm-mainframes" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance</span></p>
<p>There's that eerie feeling when someone spies on us.Stop that! This will teach you several low-tech ways that you can detect even high-tech surveillance. Topics cover- surveillance cameras, physical surveillance, detecting active and passive bugs, devices implanted inside computers, tablets, and cell phones.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/am-i-being-spied-on" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Cyber-hijacking Airplanes: Truth or Fiction?</span></p>
<p>This presentation examines the in depth mechanisms of an airplane to justify the claims of cyber-hijacking airplanes. It assumes no prior knowledge thus beginning from fundamentals to leaving a better understanding of ADS-B, ADS-A, ACARS, GPS, transponders, collision avoidance systems, autopilots, and avionics networking and communications. Several important aircraft technologies have been examined. </p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/cyber-hijacking-airplanes" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Hacking 911: Adventures in Disruption, Destruction & Death</span></p>
<p>Emergency medical services (EMS) are what we today trust on to safeguard the lives of our beloved. But the tide of time and technology has left them 20 years behind time and obsolete. The security of such critical devices have not been critically watched. This talk will tell you how it can crash. </p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/adventures-in-disruption-destruction-death" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p></p>
<p><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/top-defcon-talks-part-2" target="_blank">>>Don't Miss "Part 2" of this Blog: Click here to read more !</a></span></p>
<p></p>
<p></p></div>Top Talks from Defcon - The Largest Hacker Conference ( Part 2 )https://www.cisoplatform.com/profiles/blogs/top-defcon-talks-part-22014-08-29T08:00:00.000Z2014-08-29T08:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><br />This is the second compilation of Best Of Defcon 22 at a glance. The following Links will link you to the respective complete PPT. </p>
<p><span style="text-decoration:underline;"><strong>Important Note:</strong></span></p>
<ul>
<li>All presentations are courtesy Defcon and is presented as-is without any modification</li>
<li>Some of the descriptions below are taken from Defcon website (<a href="http://www.defcon.org" target="_blank">www.defcon.org</a><span>)</span></li>
<li>You need to <span style="text-decoration:underline;"><strong>Sign in/Sign up to view the presentations. (It's free)</strong></span></li>
</ul>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Hacking US (and UK, Australia, France, etc.) traffic control systems</span></p>
<p>The traffic signals seem easy to mess with, even when we realize the results can be miserable. This speaker has found out some major devices used by the Traffic signals in various cities and countries(Washington DC, Seattle, New York, San Francisco, Los Angeles,UK,Australia,France etc.), hacked them, found vulnerabilities and how they can be exploited. Learn it from the scratch (with testing demos) in this talk.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/hacking-traffic-control-systems" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Don't DDoS Me Bro: Practical DDoS Defense</span></p>
<p>DDOS might have been a nightmare recently and you felt its wave recently multiple times including evernote! How to defend and what to do when DDOSed is exactly what this talk tells. It also allows your defence to be kept low budget with the tools and techniques and how to analyze.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/dont-ddos-me" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Protecting SCADA from the Ground Up</span></p>
<p>From electricity to water distribution ICS(Industrial Control Systems) and SCADA is everywhere. Their internet association increases and thus their protection is crucial. This talk tells us how to best protect these infrastructures by getting into the system, understanding how it works and where it goes wrong.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/protecting-scada-from-the-ground-up" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Optical Surgery: Implanting a DropCam</span></p>
<p>DropCam users may want to know, any malicious software can be installed on it and someone might just be tapping into your video stream. Dropcam is a cloud based wifi video monitoring service allowing you to be connected from anywhere. This talk demonstrates complete takeover of your Dropcam and manipulation from the brain. Your tracker can see you, hear you and probably much more.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/synack" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Client-Side HTTP Cookie Security: Attack and Defense</span></p>
<p>HTTP cookies, everyone has many. But how do they help or harm. This talk explores the popular browser cookie storing mechanisms, how they can get stolen and of course how you can prevent it happening. Your cookie might just have given away your worthy special character passwords or someone by-passed your 2-factor authentication?</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/client-side-http-cookie-security" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Acquire Current User Hashes without Admin Privileges</span></p>
<p>User level access doesn't exist after this talk. Any such user can now have the admin privileges! How? Its there in this talk, the new technique. The design flaw in Windows SSPI implementation proves to be fatal.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/acquire-current-user-hashes-without-admin-privileges" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">VoIP Wars: Attack of the Cisco Phones</span></p>
<p>Using Cisco VoIP Solutions? They may be vulnerable to attacks like VLAN attacks, SIP trust hacking, Bypassing authentication and authorisation, Call spoofing, Eavesdropping and many more. This talk covers some of the basic hacks including brute force attacks, Skinny and SIP signalling attacks, 0day bypass technique for call spoofing and billing bypass etc.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/voip-wars-attack-of-the-cisco-phones" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Detecting and Defending Against A Surveillance State</span></p>
<p>Not too many days while we were thinking "Are we being spied on by the state?". This talk will allow us to find out whether we are being spied on and detect the hardware bug,firmware etc. doing so.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/detecting-defending-against-state-actor-surveillance" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Check your Fingerprints: Cloning the Strong Set</span></p>
<p>A GPG focussed session with all the facts to not be broken. The very fact that even fingerprints may not render you safe, learning the widely used GPG Ui is broken, the key server not using SSL breaks MITM and DNS can be eye-openers. If you use GPG, this talk is a must for you!</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/check-your-fingerprints-cloning-the-strong-set" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Abusing Software Defined Networks</span></p>
<p>SDN(Software Defined Networking) is known to have potentials to make a great difference in the internet world. However, its present implementations are highly vulnerable for attacks like protocol weaknesses which could lead to information leak, MITM, DOS attacks etc. This talk runs through the weaknesses and their protection.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/abusing-software-defined-networks" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Mass Scanning the Internet: Tips,Tricks,Results</span></p>
<p>A working knowledge of nmap and this talk will teach you how to scan the internet.Thinking of -'Devices vulnerable to heartbleed or D-Link router vulnerability?'. From the ISP needed to the friendly tools and how to avoid the mess. The vast sea of undiscovered knowledge can now be ripped whether for fun or precaution is yours to choose.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/mass-scanning-the-internet" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">POS Attacking the Traveling Salesman</span></p>
<p>Targeting the international passengers, POS can give some useful information like name, picture, flight number, destination, seat number etc. Even though it is not exploiting the commercial POS details like credit card credentials, this information can be exploited to gain unauthorised access to airport data and many more ways. This talk focuses on the transport(airlines) POS.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/attacking-the-traveling-salesman" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Dropping Docs on Darknets: How People got Caught</span></p>
<p>Tor? Looking for obfuscating your traffic source? Some tried and still failed cases in this talk will rip the reasons for getting caught and how you can prevent so happening. </p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/dropping-docs-on-darknets-how-people-got-caught" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">Practical Foxhunting 101</span></p>
<p>Finding out the wireless emitters(Foxhunting) in the current environment can be a tad easy, that too with no special device. This talk will tell you how from Antennas, Radios, Visualizing softwares everything.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/practical-foxhunting" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">From Raxacoricofallapatorius With Love: Case Studies in Insider Threats</span></p>
<p>This talk unfolds the story of insider threats- their potential signs, what inspires them and how to be aware. It will lead you through interesting examples of honey pots, encryption etc.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/from-axacoricofallapatorius-with-love-case-studies-in-insider-thr" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4" style="color:#3366ff;">RF Penetration Testing, Your Air Stinks</span></p>
<p>Security professionals normally use few effective RF tools, procedures and tactics while conducting repeatable RF penetration tests. From finding out the RF in the environment to identifying the vulnerabilities and then exploiting them has been methodically stated in this talk. It also recommends software and hardware, so newbies can be comfortable.</p>
<p><a href="http://www.cisoplatform.com/profiles/blogs/rf-pentesting-your-air-stinks" target="_blank">Click here to view ppt.</a></p>
<p></p>
<p><span class="font-size-4"><span class="font-size-6"><a href="http://www.cisoplatform.com/profiles/blogs/top-defcon-talks-part-1" target="_blank">>>Don't Miss "Part 1" of this Blog: Click here to read more !</a></span><br /></span></p>
<p></p>
<p></p></div>Top talks on Hacking from DEF CON 26https://www.cisoplatform.com/profiles/blogs/top-talks-on-hacking-from-def-con-262018-09-27T08:30:00.000Z2018-09-27T08:30:00.000ZAmit, CISO Platformhttps://www.cisoplatform.com/members/AmitCISOPlatform<div><p><span>DEFCON 2018, 26th Def-Con Hacking Conference is much awaited event on Computer, Information Technology, Cyber Security, Software, Hacking topics.<br /> <br /> Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Hacking at DEF CON 26.</span></p><p><span><strong>DEFCON 2018</strong>, <strong>26th Def-Con Hacking Conference</strong> is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.</span></p><p><span>(Source: DEF CON 26)</span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/i-ll-see-your-missile-and-raise-you-a-mirv-an-overview-of-the-1" target="_blank"><img src="http://i67.tinypic.com/sw7i4g.jpg?width=750" class="align-full" alt="sw7i4g.jpg?width=750" /></a></p><p><span style="font-size:14pt;">1. <a href="http://www.cisoplatform.com/profiles/blogs/i-ll-see-your-missile-and-raise-you-a-mirv-an-overview-of-the-1" target="_blank">I'll See Your Missile and Raise You A MIRV: An overview of the Genesis Scripting Engine</a></span></p><p><strong>Speakers: </strong></p><ul><li>Alex Levinson, Senior Security Engineer</li><li>Dan Borges, Hacker</li></ul><p><span>This talk will consist of an overview of the origins of the project, a technical deep dive into the inner workings including the modified Javascript VM, a walk through of the CLI utility, and examples of how we've leveraged Gscript in the real world. </span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/i-ll-see-your-missile-and-raise-you-a-mirv-an-overview-of-the-1" target="_blank">>>>Go To Presentation</a></span></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/80-to-0-in-under-5-seconds-falsifying-a-medical-patient-s-vitals" target="_blank"><img src="http://i65.tinypic.com/2411md0.jpg?width=750" class="align-full" alt="2411md0.jpg?width=750" /></a></p><p><span style="font-size:14pt;">2. </span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/80-to-0-in-under-5-seconds-falsifying-a-medical-patient-s-vitals" target="_blank">80 to 0 in under 5 seconds: Falsifying a Medical Patient's Vitals</a></span></p><p><strong>Speakers:</strong></p><p>Douglas McKee, Senior Security Researcher for the McAfee Advanced Threat Research team</p><p><span>This presentation will include a technical dissection of the security issues inherent in this relatively unknown protocol. It will describe real-world attack scenarios and demonstrate the ability to modify the communications in-transit to directly influence the receiving devices. We will also explore the general lack of security mitigations in the medical devices field, the risks they pose, and techniques to address them. The talk will conclude with a demonstration using actual medical device hardware and a live modification of a patient's critical data.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/80-to-0-in-under-5-seconds-falsifying-a-medical-patient-s-vitals" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/soviet-russia-smartcard-hacks-you" target="_blank"><img src="http://i65.tinypic.com/262pi4z.png?width=750" class="align-full" alt="262pi4z.png?width=750" /></a></p><p><span style="font-size:14pt;">3.</span> <span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/soviet-russia-smartcard-hacks-you" target="_blank">Soviet Russia Smartcard Hacks You</a></span></p><p><strong>Speakers:</strong></p><p>Eric Sesterhenn, Principal Security Consultant at X41, D-Sec GmbH</p><p><span>Smartcards are secure and trustworthy. This is the idea smartcard driver developers have in mind when developing drivers and smartcard software. The work presented in this talk not only challenges, but crushes this assumption by attacking smartcard drivers using malicious smartcards. </span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/soviet-russia-smartcard-hacks-you" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/edge-side-include-injection-abusing-caching-servers-into-ssrf-and" target="_blank"><img src="http://i68.tinypic.com/9gdlkg.jpg?width=750" class="align-full" alt="9gdlkg.jpg?width=750" /></a></p><p><span style="font-size:14pt;">4. <a href="http://www.cisoplatform.com/profiles/blogs/edge-side-include-injection-abusing-caching-servers-into-ssrf-and" target="_blank">Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparent Session Hijacking</a></span></p><p><strong>Speakers:</strong></p><p>ldionmarcil, Pentester at GoSecure</p><p><span>Due to the upstream-trusting nature of Edge servers, ESI engines are not able to distinguish between ESI instructions legitimately provided by the application server and malicious instructions injected by a malicious party. We identified that ESI can be used to perform SSRF, bypass reflected XSS filters (Chrome), and perform Javascript-less cookie theft, including HTTPOnly cookies. </span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/edge-side-include-injection-abusing-caching-servers-into-ssrf-and" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/compromising-online-accounts-by-cracking-voicemail-systems" target="_blank"><img src="http://i63.tinypic.com/wi50sz.jpg?width=750" class="align-full" alt="wi50sz.jpg?width=750" /></a></p><p><span style="font-size:14pt;">5. <a href="http://www.cisoplatform.com/profiles/blogs/bypassing-port-security-in-2018-defeating-macsec-and-802-1x-2010" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/compromising-online-accounts-by-cracking-voicemail-systems" target="_blank">Compromising online accounts by cracking voicemail systems</a></span></p><p><strong>Speakers: </strong></p><p><span>Martin Vigo, Hacker</span></p><p><span>In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/compromising-online-accounts-by-cracking-voicemail-systems" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/compression-oracle-attacks-on-vpn-networks" target="_blank"><img src="http://i65.tinypic.com/51lcl.jpg?width=750" class="align-full" alt="51lcl.jpg?width=750" /></a></p><p><span style="font-size:14pt;">6. <a href="http://www.cisoplatform.com/profiles/blogs/your-voice-is-my-passport" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/compression-oracle-attacks-on-vpn-networks" target="_blank">Compression Oracle Attacks on VPN Networks</a></span></p><p><strong>Speakers:</strong></p><p>Nafeez, Security Researcher</p><p><span>Compression oracle attacks are not limited to just TLS protected data. In this talk, we try these attacks on browser requests and responses which usually tunnel their HTTP traffic through VPNs. We also show a case study with a well-known VPN server and their plethora of clients. We then go into practical defenses and how mitigations in HTTP/2's HPACK and other mitigation techniques are the way forward rather than claiming 'Thou shall not compress traffic at all.' One of the things that we would like to showcase is how impedance mismatches in these different layers of technologies affect security and how they don't play well together.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/compression-oracle-attacks-on-vpn-networks" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/house-of-roman-a-leakless-heap-fengshui-to-achieve-rce-on-pie" target="_blank"><img src="http://i64.tinypic.com/2mgpmkx.jpg?width=750" class="align-full" alt="2mgpmkx.jpg?width=750" /></a></p><p><span style="font-size:14pt;">7. <a href="http://www.cisoplatform.com/profiles/blogs/barcowned-popping-shells-with-your-cereal-box" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/house-of-roman-a-leakless-heap-fengshui-to-achieve-rce-on-pie" target="_blank">House of Roman—a "leakless" heap fengshui to achieve RCE on PIE Binaries</a></span></p><p><strong>Speakers:</strong></p><p>Sanat Sharma, Hacker</p><p><span>Since this a 20 mins talk, attendees should be aware of basic heap exploitation techniques, like fastbin attacks and unsorted bin attacks, and have a general idea of how the ptmalloc2 algorithm works. As a bonus, I also discuss how to land a fastbin chunk in memory regions with no size alignment (like __free_hook ).</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/house-of-roman-a-leakless-heap-fengshui-to-achieve-rce-on-pie" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/4g-who-is-paying-your-cellular-phone-bill" target="_blank"><img width="690" src="{{#staticFileLink}}8669814077,original{{/staticFileLink}}" class="align-full" alt="8669814077?profile=original" /></a></p><p><span style="font-size:14pt;">8. <a href="http://www.cisoplatform.com/profiles/blogs/last-mile-authentication-problem-exploiting-the-missing-link-in" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/4g-who-is-paying-your-cellular-phone-bill" target="_blank">4G - Who is paying your cellular phone bill?</a></span></p><p><strong>Speakers:</strong></p><ul><li><span>Dr. Silke Holtmanns, Distinguished Member of Technical Staff, Security Expert, Nokia Bell Labs</span></li><li><span>Isha Singh, Master student, Aalto University in Helsinki (Finland)</span></li></ul><p><span>This presentation shows how a S9 interface in 4G networks, which is used for charging related user information exchange between operators can be exploited to perform fraud attacks. A demonstration with technical details will be given and guidance on practical countermeasures.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/4g-who-is-paying-your-cellular-phone-bill" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/practical-amp-improved-wifi-mitm-with-mana" target="_blank"><img width="690" src="{{#staticFileLink}}8669804295,original{{/staticFileLink}}" class="align-full" alt="8669804295?profile=original" /></a></p><p><span style="font-size:14pt;">9. <a href="http://www.cisoplatform.com/profiles/blogs/bypassing-port-security-in-2018-defeating-macsec-and-802-1x-2010" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/practical-amp-improved-wifi-mitm-with-mana" target="_blank">Practical & Improved Wifi MITM with MANA</a></span></p><p><strong>Speakers: </strong></p><p><span>singe, CTO @ SensePost</span></p><p><span>After years of using mana in many security assessments, we've realised rogue AP'ing and MitM'ing is no simple affair. This extended talk will provide an overview of mana, the new capabilities and features, and walk attendees through three scenarios and their nuances:</span><br /> <br /> <span>Intercepting corporate credentials at association (PEAP/EAP-GTC), Targeting one or more devices for MitM & collecting credentials "Snoopy" style geolocation & randomised MAC deanonymization. As a bonus, you'll be able to download a training environment to practise all of this without requiring any wifi hardware (or breaking any laws).</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/practical-amp-improved-wifi-mitm-with-mana" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/weaponizing-unicode-homographs-beyond-idns" target="_blank"><img src="http://i67.tinypic.com/2whf7o4.jpg?width=750" class="align-full" alt="2whf7o4.jpg?width=750" /></a></p><p><span style="font-size:14pt;">10. <a href="http://www.cisoplatform.com/profiles/blogs/your-voice-is-my-passport" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/weaponizing-unicode-homographs-beyond-idns" target="_blank">Weaponizing Unicode: Homographs Beyond IDNs</a></span></p><p><strong>Speakers:</strong></p><p>The Tarquin, Senior Security Engineer, Amazon.com</p><p><span>This talk discusses the use of homographs to attack machine learning systems, to submit malicious software patches, and to craft cryptographic canary traps and leak repudiation mechanisms. It then introduces a generalized defense strategy that should work against homograph attacks in any context.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/weaponizing-unicode-homographs-beyond-idns" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/hacking-plcs-and-causing-havoc-on-critical-infrastructures" target="_blank"><img src="http://i68.tinypic.com/103785e.jpg?width=750" class="align-full" alt="103785e.jpg?width=750" /></a></p><p><span style="font-size:14pt;">11. <a href="http://www.cisoplatform.com/profiles/blogs/barcowned-popping-shells-with-your-cereal-box" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/hacking-plcs-and-causing-havoc-on-critical-infrastructures" target="_blank">Hacking PLCs and Causing Havoc on Critical Infrastructures</a></span></p><p><strong>Speakers:</strong></p><p>Thiago Alves, Ph.D. Student and Graduate Research Assistant at the University of Alabama in Huntsville</p><p><span>During this presentation I will talk about the architecture of a PLC and how it can be p0wned. There will be some live demonstration attacks against 3 different brands of PLCs (if the demo demons allow it, if not I will just show a video). Additionally, I will demonstrate two vulnerabilities I recently discovered, affecting the Rockwell MicroLogix 1400 series and the Schneider Modicon M221 controllers.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/hacking-plcs-and-causing-havoc-on-critical-infrastructures" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/hacking-ble-bicycle-locks-for-fun-and-a-small-profit" target="_blank"><img src="http://i64.tinypic.com/jhaohk.jpg?width=750" class="align-full" alt="jhaohk.jpg?width=750" /></a></p><p><span style="font-size:14pt;">12. <a href="http://www.cisoplatform.com/profiles/blogs/last-mile-authentication-problem-exploiting-the-missing-link-in" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/hacking-ble-bicycle-locks-for-fun-and-a-small-profit" target="_blank">Hacking BLE Bicycle Locks for Fun and a Small Profit</a></span></p><p><strong>Speakers:</strong></p><p>Vincent Tan, Senior Security Consultant, MWR InfoSecurity</p><p><span>This talk will explore the ever growing ride sharing economy and look at how the BLE "Smart" locks on shared bicycles work. The entire solution will be deconstructed and examined, from the mobile application to its supporting web services and finally communications with the lock. We will look at how to go about analysing communications between a mobile device and the lock, what works, what doesn't. </span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/hacking-ble-bicycle-locks-for-fun-and-a-small-profit" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/lost-and-found-certificates-dealing-with-residual-certificates" target="_blank"><img src="http://i64.tinypic.com/2rnifte.jpg?width=750" class="align-full" alt="2rnifte.jpg?width=750" /></a></p><p><span style="font-size:14pt;">13. </span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/lost-and-found-certificates-dealing-with-residual-certificates" target="_blank">Lost and Found Certificates: dealing with residual certificates for pre-owned domains</a></span></p><p><strong>Speakers: </strong></p><ul><li><span>Ian Foster, Hacker</span></li><li><span>Dylan Ayrey, Hacker</span></li></ul><p><span>In this talk, we will review the results from our ongoing large scale quantitative analysis over past and current domains and certificates. We'll explore the massive scale of the problem, what we can do about it, how you can protect yourself, and a proposed process change to make this less of a problem going forwards. <br /> <br /> We end by introducing BygoneSSL, a new tool and dashboard that shows an up to date view of affected domains and certificates using publicly available DNS data and Certificate Transparency logs. BygoneSSL will demonstrate how widespread the issue is, let domain owners determine if they could be affected, and can be used to track the number of affected domains over time.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/lost-and-found-certificates-dealing-with-residual-certificates" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/reaping-and-breaking-keys-at-scale-when-crypto-meets-big-data" target="_blank"><img width="690" src="{{#staticFileLink}}8669805458,original{{/staticFileLink}}" class="align-full" alt="8669805458?profile=original" /></a></p><p><span style="font-size:14pt;">14. <a href="http://www.cisoplatform.com/profiles/blogs/your-voice-is-my-passport" target="_blank"></a></span><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/reaping-and-breaking-keys-at-scale-when-crypto-meets-big-data" target="_blank">Reaping and breaking keys at scale: when crypto meets big data</a></span></p><p><strong>Speakers:</strong></p><ul><li><span>Yolan Romailler, Security Researcher at Kudelski Security</span></li><li><span>Nils Amiet, Security Engineer at Kudelski Security</span></li></ul><p><span>In this talk, we discuss about how could we have impersonated hundreds of people by breaking their PGP keys, mimicked thousands of servers thanks to their factored SSH keys and performed MitM attacks on over 200k websites relying on vulnerable X509 certificates. </span><br /> <br /> <span>In the end, we were able to do this in an entirely passive way. Going further is possible, but it would lead us to the dark side. Would big brother hesitate to go there?</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/reaping-and-breaking-keys-at-scale-when-crypto-meets-big-data" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/breaking-parser-logic-take-your-path-normalization-off-and-pop" target="_blank"><img width="690" src="{{#staticFileLink}}8669806872,original{{/staticFileLink}}" class="align-full" alt="8669806872?profile=original" /></a></p><p><span style="font-size:14pt;">15.</span> <span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/breaking-parser-logic-take-your-path-normalization-off-and-pop" target="_blank">Breaking Parser Logic: Take Your Path Normalization Off and Pop 0days Out!</a></span></p><p></p><p><strong>Speakers:</strong></p><p>Orange Tsai, Security Researcher from DEVCORE</p><p><span>In this talk, we propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by developers for a long time, has made our proposed attack vector possible, lethal, and general. Therefore, many 0days have been discovered via this approach in popular web frameworks written in trending programming languages, including Python, Ruby, Java, and JavaScript. </span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/breaking-parser-logic-take-your-path-normalization-off-and-pop" target="_blank">>>>Go To Presentation</a></span></p><p></p><p></p><p><a href="https://event.cisoplatform.com/defcon-26-2018/?utm_source=CISO%20Platform%20Blog&utm_medium=banner&utm_campaign=DEFCON26Guide&utm_content=Hacking" target="_blank"><img src="http://i68.tinypic.com/v3ipsh.png" class="align-full" alt="v3ipsh.png" /></a></p><p><span style="font-size:14pt;"><a href="https://event.cisoplatform.com/defcon-26-2018/?utm_source=CISO%20Platform%20Blog&utm_medium=banner&utm_campaign=DEFCON26Guide&utm_content=Hacking" target="_blank">Your Complete Guide To Top Talks @DEF CON 26</a></span></p><p>Get your FREE Guide on Top Talks @ DEF CON 26 . Our editorial team has gone through all the talks and handpicked the best of the best talks at DEF CON into a single guide. Get your Free copy today.</p><p><span style="font-size:14pt;"><a href="https://event.cisoplatform.com/defcon-26-2018/?utm_source=CISO%20Platform%20Blog&utm_medium=banner&utm_campaign=DEFCON26Guide&utm_content=Hacking" target="_blank">>>Click Here To Get Your FREE Guide</a></span></p></div>