This is the second compilation of Best Of Defcon 22 at a glance. The following Links will link you to the respective complete PPT.
- All presentations are courtesy Defcon and is presented as-is without any modification
- Some of the descriptions below are taken from Defcon website (www.defcon.org)
- You need to Sign in/Sign up to view the presentations. (It's free)
Hacking US (and UK, Australia, France, etc.) traffic control systems
The traffic signals seem easy to mess with, even when we realize the results can be miserable. This speaker has found out some major devices used by the Traffic signals in various cities and countries(Washington DC, Seattle, New York, San Francisco, Los Angeles,UK,Australia,France etc.), hacked them, found vulnerabilities and how they can be exploited. Learn it from the scratch (with testing demos) in this talk.
Don't DDoS Me Bro: Practical DDoS Defense
DDOS might have been a nightmare recently and you felt its wave recently multiple times including evernote! How to defend and what to do when DDOSed is exactly what this talk tells. It also allows your defence to be kept low budget with the tools and techniques and how to analyze.
Protecting SCADA from the Ground Up
From electricity to water distribution ICS(Industrial Control Systems) and SCADA is everywhere. Their internet association increases and thus their protection is crucial. This talk tells us how to best protect these infrastructures by getting into the system, understanding how it works and where it goes wrong.
Optical Surgery: Implanting a DropCam
DropCam users may want to know, any malicious software can be installed on it and someone might just be tapping into your video stream. Dropcam is a cloud based wifi video monitoring service allowing you to be connected from anywhere. This talk demonstrates complete takeover of your Dropcam and manipulation from the brain. Your tracker can see you, hear you and probably much more.
Client-Side HTTP Cookie Security: Attack and Defense
HTTP cookies, everyone has many. But how do they help or harm. This talk explores the popular browser cookie storing mechanisms, how they can get stolen and of course how you can prevent it happening. Your cookie might just have given away your worthy special character passwords or someone by-passed your 2-factor authentication?
Acquire Current User Hashes without Admin Privileges
User level access doesn't exist after this talk. Any such user can now have the admin privileges! How? Its there in this talk, the new technique. The design flaw in Windows SSPI implementation proves to be fatal.
VoIP Wars: Attack of the Cisco Phones
Using Cisco VoIP Solutions? They may be vulnerable to attacks like VLAN attacks, SIP trust hacking, Bypassing authentication and authorisation, Call spoofing, Eavesdropping and many more. This talk covers some of the basic hacks including brute force attacks, Skinny and SIP signalling attacks, 0day bypass technique for call spoofing and billing bypass etc.
Detecting and Defending Against A Surveillance State
Not too many days while we were thinking "Are we being spied on by the state?". This talk will allow us to find out whether we are being spied on and detect the hardware bug,firmware etc. doing so.
Check your Fingerprints: Cloning the Strong Set
A GPG focussed session with all the facts to not be broken. The very fact that even fingerprints may not render you safe, learning the widely used GPG Ui is broken, the key server not using SSL breaks MITM and DNS can be eye-openers. If you use GPG, this talk is a must for you!
Abusing Software Defined Networks
SDN(Software Defined Networking) is known to have potentials to make a great difference in the internet world. However, its present implementations are highly vulnerable for attacks like protocol weaknesses which could lead to information leak, MITM, DOS attacks etc. This talk runs through the weaknesses and their protection.
Mass Scanning the Internet: Tips,Tricks,Results
A working knowledge of nmap and this talk will teach you how to scan the internet.Thinking of -'Devices vulnerable to heartbleed or D-Link router vulnerability?'. From the ISP needed to the friendly tools and how to avoid the mess. The vast sea of undiscovered knowledge can now be ripped whether for fun or precaution is yours to choose.
POS Attacking the Traveling Salesman
Targeting the international passengers, POS can give some useful information like name, picture, flight number, destination, seat number etc. Even though it is not exploiting the commercial POS details like credit card credentials, this information can be exploited to gain unauthorised access to airport data and many more ways. This talk focuses on the transport(airlines) POS.
Dropping Docs on Darknets: How People got Caught
Tor? Looking for obfuscating your traffic source? Some tried and still failed cases in this talk will rip the reasons for getting caught and how you can prevent so happening.
Practical Foxhunting 101
Finding out the wireless emitters(Foxhunting) in the current environment can be a tad easy, that too with no special device. This talk will tell you how from Antennas, Radios, Visualizing softwares everything.
From Raxacoricofallapatorius With Love: Case Studies in Insider Threats
This talk unfolds the story of insider threats- their potential signs, what inspires them and how to be aware. It will lead you through interesting examples of honey pots, encryption etc.
RF Penetration Testing, Your Air Stinks
Security professionals normally use few effective RF tools, procedures and tactics while conducting repeatable RF penetration tests. From finding out the RF in the environment to identifying the vulnerabilities and then exploiting them has been methodically stated in this talk. It also recommends software and hardware, so newbies can be comfortable.