Top Talks from Defcon - The Largest Hacker Conference ( Part 1 )

Defcon 22, the largest conference for hackers with 15,000 attendees saw some of the most interesting researches in the field of security and hacking. From hundreds of talks, we have handpicked the top presentations which are relevant for security managers and leaders.

Important Note:

  • All presentations are courtesy Defcon and is presented as-is without any modification
  • Some of the descriptions below are taken from Defcon website (www.defcon.org)
  • You need to Sign in/Sign up to view the presentations. (It's free)

Elevator Hacking: From the Pit to the Penthouse

Elevators have played a key role from hackers to pen testers. An in-depth of how elevators work, allowing a greater understanding of the system and how sometimes the unexplored features can leave serious threat exposure. 

Click here to view ppt.

Weaponizing your Pets: The War Kitteh and the Denial of Service Dog

A walk through how the tracking works for your cat and dog. Thus, creation of war kitteh and service dog. The presentation takes you through every step and tells exactly what works and doesn't. For example- 'Cats are very tough to work with'.

Click here to view ppt.

One Man Shop:Building an effective security program all by yourself

Learning the process from "Step 1" to an effective security program in a cost effective and resource constrained manner. It is  based on real world experiences and introduces multi-year approach to methodologies, techniques, and tools.

Click here to view ppt.

Instrumenting Point-of-Sale Malware

Encourages the adoption of better practices in the publication and demonstration of malware analyses. It proposes borrowing the concept of “executable research” by supplementing our written analysis with material designed to illustrate our analysis using the malware itself. This helps analysts for in-depth research. It also talks about taking a step beyond traditional sandboxes to implement bespoke virtual environments and scripted instrumentation with commentary can supplement written reports so that makes the malware analysis more sound and useful to others.

Click here to view ppt.

Burner Phone DDOS 2 dollars a day : 70 Calls a Minute

Research DDOS on phone! Model for proof-of-concept SCH-U365 QUALCOMM prepaid Verizon phone. A custom firmware written can convert it into a DOS system allowing spam call that number 70 times a min. till battery dies and automatic phonebook number receival using speaker. Use of evasion methods including PRL list hopping.

Click here to view ppt.

Bypass Firewalls, Application White Lists, Secure Remote Desktops under 20seconds

"Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation." 2 developments are offered- The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver).

Click here to view ppt.

The Dangers of Insecure Home Automation Deployment

A dissection of reverse engineering of the KNX/IP home automation protocol; a description of the deployment flaws; blueprints on how to create an Ipad Trojan to send commands outside the hotel; and, of course, solutions to avoid all these pitfall in future deployments.

Click here to view ppt.

Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin

An introductory level talk covering basics of Tor, Darknets, Darknet Market places, and Bitcoin. Some recommendations to help make the use of TOR, Bitcoin, and Marketplaces more secure. 

Click here to view ppt.

A Journey to Protect Points-of-Sale

Learn how points-of-sale get compromised from both retailer’s and software-vendor’s perspective. Know how some concepts work while some don't.

Click here to view ppt.

Attacking the Internet of Things Using Time

Internet of Things devices being slow and resource constrained are easy target to network-based timing attacks, allowing brute-forcing of credentials. This talk explores the working of timing attacks, their optimization and how to tackle various  parameters of exploitation. 

Click here to view ppt.

From ROOT to Special: Pwning IBM Mainframes

1.1 million transactions are run through mainframes every second worldwide. Yet the mainframe security is negligent enough. This presentation tears open the mainframe security, it visits the root, exploits it within present tools and uses it to develop new tools.

Click here to view ppt.

Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance

There's that eerie feeling when someone spies on us.Stop that! This will teach you several low-tech ways that you can detect even high-tech surveillance. Topics cover- surveillance cameras, physical surveillance, detecting active and passive bugs, devices implanted inside computers, tablets, and cell phones.

Click here to view ppt.

Cyber-hijacking Airplanes: Truth or Fiction?

This presentation examines the in depth mechanisms of an airplane to justify the claims of cyber-hijacking airplanes. It assumes no prior knowledge thus beginning from fundamentals to leaving a better understanding of ADS-B, ADS-A, ACARS, GPS, transponders, collision avoidance systems, autopilots, and avionics networking and communications. Several important aircraft technologies have been examined. 

Click here to view ppt.

Hacking 911: Adventures in Disruption, Destruction & Death

Emergency medical services (EMS) are what we today trust on to safeguard the lives of our beloved. But the tide of time and technology has left them 20 years behind time and obsolete. The security of such critical devices have not been critically watched. This talk will tell you how it can crash.  

Click here to view ppt.

>>Don't Miss "Part 2" of this Blog: Click here to read more !

Views: 2188

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service