All Articles

Top Talks @ DEF CON 26, 2018: Your Complete Guide

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top Emerging A

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Blockchain at DEF CON 26.

DEFCON 2018, 26th Def-Con

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Authentication Security  at DEF CON 26.

DEFCON 2018

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Android Security at DEF CON 26.

DEFCON 2018, 26th D

When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced what is called "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still imple

Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on Application Security  at DEF CON 26.

DEFCON 2018, 2

Right now, combatting credit card fraud is mostly a reactionary process. Issuers wait until transactions occur that either appear fraudulent according to rules-based analytic engines or are reported by customers, and only then, do they intervene to p

For years and years, anti-malware solutions, across many levels of the network, have been assisted by online anti-virus aggregation services and online sandboxes to extend their detection level and identify unknown threats. But, this power booster co

The Namecoin and Emercoin blockchains were designed to provide decentralized and takedown-resistant domain names to users with the reported goal of promoting free speech. By leveraging unofficial Top-Level Domains (TLDs) such as .bit and alternate DN

Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vul

MS17-010 is the most important patch in the history of operating systems, fixing remote code execution vulnerabilities in the world of modern Windows. The ETERNAL exploits, written by the Equation Group and dumped by the Shadow Brokers, have been use

Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vul

There are billions of ARM Cortex M based SOC being deployed in embedded systems. Most of these devices are Internet ready and definitely security is always the main concern. Vendors would always apply security measurements into the ARM Cortex M produ

Mobile phones are quite complicated and feature multiple embedded processors handling wifi, cellular connectivity, bluetooth, and other signal processing in addition to the application processor. Have you ever been curious about how your phone actual

Unless you've been living under a rock for the past 30 years or so, you probably know what a fax machine is. For decades, fax machines were used worldwide as the main way of electronic document delivery. But this happened in the 1980s. Humanity has s

Defenders have been slowly adapting to the new reality: Any organization is a target. They bought boxes that blink and software that floods the SOC with alerts. None of this matters as much as how administration is performed: Pop an admin, own the sy

In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing me

We propose a new exploit technique that brings a whole-new attack surface to defeat path normalization, which is complicated in implementation due to many implicit properties and edge cases. This complication, being under-estimated or ignored by deve

Apple's sandbox was introduced as "SeatBelt" in macOS 10.5 which provided the first full-fledged implementation of the MACF policy. After a successful trial on macOS, Apple applied sandbox mechanism to iOS 6. In its implementation, the policy hooked

In a world of high volume malware and limited researchers we need a dramatic improvement in our ability to process and analyze new and old malware at scale. Unfortunately what is currently available to the community is incredibly cost prohibitive or