Defcon 22, the largest conference for hackers with 15,000 attendees saw some of the most interesting researches in the field of security and hacking. From hundreds of talks, we have handpicked the top presentations which are relevant for security managers and leaders.
- All presentations are courtesy Defcon and is presented as-is without any modification
- Some of the descriptions below are taken from Defcon website (www.defcon.org)
- You need to Sign in/Sign up to view the presentations. (It's free)
Elevator Hacking: From the Pit to the Penthouse
Elevators have played a key role from hackers to pen testers. An in-depth of how elevators work, allowing a greater understanding of the system and how sometimes the unexplored features can leave serious threat exposure.
Weaponizing your Pets: The War Kitteh and the Denial of Service Dog
A walk through how the tracking works for your cat and dog. Thus, creation of war kitteh and service dog. The presentation takes you through every step and tells exactly what works and doesn't. For example- 'Cats are very tough to work with'.
One Man Shop:Building an effective security program all by yourself
Learning the process from "Step 1" to an effective security program in a cost effective and resource constrained manner. It is based on real world experiences and introduces multi-year approach to methodologies, techniques, and tools.
Instrumenting Point-of-Sale Malware
Encourages the adoption of better practices in the publication and demonstration of malware analyses. It proposes borrowing the concept of “executable research” by supplementing our written analysis with material designed to illustrate our analysis using the malware itself. This helps analysts for in-depth research. It also talks about taking a step beyond traditional sandboxes to implement bespoke virtual environments and scripted instrumentation with commentary can supplement written reports so that makes the malware analysis more sound and useful to others.
Burner Phone DDOS 2 dollars a day : 70 Calls a Minute
Research DDOS on phone! Model for proof-of-concept SCH-U365 QUALCOMM prepaid Verizon phone. A custom firmware written can convert it into a DOS system allowing spam call that number 70 times a min. till battery dies and automatic phonebook number receival using speaker. Use of evasion methods including PRL list hopping.
Bypass Firewalls, Application White Lists, Secure Remote Desktops under 20seconds
"Imagine a scenario, where you have deployed a malware on a user’s workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.). On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user’s workstation." 2 developments are offered- The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help you to circumvent the hardware firewall after we can execute code on the server with admin privileges (using a signed kernel driver).
The Dangers of Insecure Home Automation Deployment
A dissection of reverse engineering of the KNX/IP home automation protocol; a description of the deployment flaws; blueprints on how to create an Ipad Trojan to send commands outside the hotel; and, of course, solutions to avoid all these pitfall in future deployments.
Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin
An introductory level talk covering basics of Tor, Darknets, Darknet Market places, and Bitcoin. Some recommendations to help make the use of TOR, Bitcoin, and Marketplaces more secure.
A Journey to Protect Points-of-Sale
Learn how points-of-sale get compromised from both retailer’s and software-vendor’s perspective. Know how some concepts work while some don't.
Attacking the Internet of Things Using Time
Internet of Things devices being slow and resource constrained are easy target to network-based timing attacks, allowing brute-forcing of credentials. This talk explores the working of timing attacks, their optimization and how to tackle various parameters of exploitation.
From ROOT to Special: Pwning IBM Mainframes
1.1 million transactions are run through mainframes every second worldwide. Yet the mainframe security is negligent enough. This presentation tears open the mainframe security, it visits the root, exploits it within present tools and uses it to develop new tools.
Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance
There's that eerie feeling when someone spies on us.Stop that! This will teach you several low-tech ways that you can detect even high-tech surveillance. Topics cover- surveillance cameras, physical surveillance, detecting active and passive bugs, devices implanted inside computers, tablets, and cell phones.
Cyber-hijacking Airplanes: Truth or Fiction?
This presentation examines the in depth mechanisms of an airplane to justify the claims of cyber-hijacking airplanes. It assumes no prior knowledge thus beginning from fundamentals to leaving a better understanding of ADS-B, ADS-A, ACARS, GPS, transponders, collision avoidance systems, autopilots, and avionics networking and communications. Several important aircraft technologies have been examined.
Hacking 911: Adventures in Disruption, Destruction & Death
Emergency medical services (EMS) are what we today trust on to safeguard the lives of our beloved. But the tide of time and technology has left them 20 years behind time and obsolete. The security of such critical devices have not been critically watched. This talk will tell you how it can crash.