Top Talks from Defcon - The Largest Hacker Conference ( Part 2 )


This is the second compilation of Best Of Defcon 22 at a glance. The following Links will link you to the respective complete PPT. 

Important Note:

  • All presentations are courtesy Defcon and is presented as-is without any modification
  • Some of the descriptions below are taken from Defcon website (www.defcon.org)
  • You need to Sign in/Sign up to view the presentations. (It's free)

Hacking US (and UK, Australia, France, etc.) traffic control systems

The traffic signals seem easy to mess with, even when we realize the results can be miserable. This speaker has found out some major devices used by the Traffic signals in various cities and countries(Washington DC, Seattle, New York, San Francisco, Los Angeles,UK,Australia,France etc.), hacked them, found vulnerabilities and how they can be exploited. Learn it from the scratch (with testing demos) in this talk.

Click here to view ppt.

Don't DDoS Me Bro: Practical DDoS Defense

DDOS might have been a nightmare recently and you felt its wave recently multiple times including evernote! How to defend and what to do when DDOSed is exactly what this talk tells. It also allows your defence to be kept low budget with the tools and techniques and how to analyze.

Click here to view ppt.

Protecting SCADA from the Ground Up

From electricity to water distribution ICS(Industrial Control Systems) and SCADA is everywhere. Their internet association increases and thus their protection is crucial. This talk tells us how to best protect these infrastructures by getting into the system, understanding how it works and where it goes wrong.

Click here to view ppt.

Optical Surgery: Implanting a DropCam

DropCam users may want to know, any malicious software can be installed on it and someone might just be tapping into your video stream. Dropcam is a cloud based wifi video monitoring service allowing you to be connected from anywhere. This talk demonstrates complete takeover of your Dropcam and manipulation from the brain. Your tracker can see you, hear you and probably much more.

Click here to view ppt.

Client-Side HTTP Cookie Security: Attack and Defense

HTTP cookies, everyone has many. But how do they help or harm. This talk explores the popular browser cookie storing mechanisms, how they can get stolen and of course how you can prevent it happening. Your cookie might just have given away your worthy special character passwords or someone by-passed your 2-factor authentication?

Click here to view ppt.

Acquire Current User Hashes without Admin Privileges

User level access doesn't exist after this talk. Any such user can now have the admin privileges! How? Its there in this talk, the new technique. The design flaw in Windows SSPI implementation proves to be fatal.

Click here to view ppt.

VoIP Wars: Attack of the Cisco Phones

Using Cisco VoIP Solutions? They may be vulnerable to attacks like VLAN attacks, SIP trust hacking, Bypassing authentication and authorisation, Call spoofing, Eavesdropping and many more. This talk covers some of the basic hacks including brute force attacks, Skinny and SIP signalling attacks, 0day bypass technique for call spoofing and billing bypass etc.

Click here to view ppt.

Detecting and Defending Against A Surveillance State

Not too many days while we were thinking "Are we being spied on by the state?". This talk will allow us to find out whether we are being spied on and detect the hardware bug,firmware etc. doing so.

Click here to view ppt.

Check your Fingerprints: Cloning the Strong Set

A GPG focussed session with all the facts to not be broken. The very fact that even fingerprints may not render you safe, learning the widely used GPG Ui is broken, the key server not using SSL breaks MITM and DNS can be eye-openers. If you use GPG, this talk is a must for you!

Click here to view ppt.

Abusing Software Defined Networks

SDN(Software Defined Networking) is known to have potentials to make a great difference in the internet world. However, its present implementations are highly vulnerable for attacks like protocol weaknesses which could lead to information leak, MITM, DOS attacks etc. This talk runs through the weaknesses and their protection.

Click here to view ppt.

Mass Scanning the Internet: Tips,Tricks,Results

A working knowledge of nmap and this talk will teach you how to scan the internet.Thinking of -'Devices vulnerable to heartbleed or D-Link router vulnerability?'. From the ISP needed to the friendly tools and how to avoid the mess. The vast sea of undiscovered knowledge can now be ripped whether for fun or precaution is yours to choose.

Click here to view ppt.

POS Attacking the Traveling Salesman

Targeting the international passengers, POS can give some useful information like name, picture, flight number, destination, seat number etc. Even though it is not exploiting the commercial POS details like credit card credentials, this information can be exploited to gain unauthorised access to airport data and many more ways. This talk focuses on the transport(airlines) POS.

Click here to view ppt.

Dropping Docs on Darknets: How People got Caught

Tor? Looking for obfuscating your traffic source? Some tried and still failed cases in this talk will rip the reasons for getting caught and how you can prevent so happening. 

Click here to view ppt.

Practical Foxhunting 101

Finding out the wireless emitters(Foxhunting) in the current environment can be a tad easy, that too with no special device. This talk will tell you how from Antennas, Radios, Visualizing softwares everything.

Click here to view ppt.

From Raxacoricofallapatorius With Love: Case Studies in Insider Threats

This talk unfolds the story of insider threats- their potential signs, what inspires them and how to be aware. It will lead you through interesting examples of honey pots, encryption etc.

Click here to view ppt.

RF Penetration Testing, Your Air Stinks

Security professionals normally use few effective RF tools, procedures and tactics while conducting repeatable RF penetration tests. From finding out the RF in the environment to identifying the vulnerabilities and then exploiting them has been methodically stated in this talk. It also recommends software and hardware, so newbies can be comfortable.

Click here to view ppt.

>>Don't Miss "Part 1" of this Blog: Click here to read more !

Views: 1467

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service