Skip to main content

PART OF
Community Texts
More right-solid
More right-solid
SHOW DETAILS
up-solid down-solid
eye
Title
Date Published
Creator
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 81
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Drawing on lessons gleaned from recent hacker indictments, research on surveillance, espionage and counter-intelligence, this talk focuses on practical operational security (OPSEC) measures to avoid detection and prevent arrest by Law Enforcement Officials. The target audience for this talk are hacktivists whose primary mission requires strong online anonymity in the face of intense scrutiny...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, opsec, grugq, security,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 26
favorite 0
comment 0
A last minute open panel discussion slotted in to replace the PEDA talk by Thanh Nguyen and Long Le of VNSECURITY which had to unfortunately be cancelled. Featuring (L-R): Rodrigo 'bsdaemon' Branco, Ben Nagy, The Grugq, Saumil Shah (who joined the discussion in the second half), Marc 'van hauser' Heuse and Felix 'FX' Lindner . ABOUT RODRIGO RUBIRA BRANCO Rodrigo Rubira Branco (BSDaemon) is the Director of Vulnerability & Malware Research at Qualys. In 2011 he was honored as one of the top...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, open bottle, panel...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 19
favorite 0
comment 0
IoT connected devices are being released at a staggering rate. According to Gartner it’s speculated that by the end of 2018, there will be 11.2 billion IoT devices currently connected at any given time. A large part of that connected ecosystem includes wireless speaker systems created by some of the largest manufacturers around the globe Looking closer at Sonos and Bose wireless speaker systems, this research looks to find flaws in these common household devices. This research analyzes the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, stephen hilt, trend...
Hack In The Box Security Conference
movies
eye 19
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Fears of cyber-attacks with catastrophic physical consequences are easily capturing the public imagination. The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action, nobody is going to let one present it at a conference like Hack in the Box. As a poor substitute, this presentation will get as...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 18
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: HTML5 has empowered browser with a number of new features and functionalities. Browsers with this new architecture include features like XMLHttpRequest Object (L2), Local Storage, File System APIs, WebSQL, WebSocket, File APIs and many more. The browser is emerging as a platform like a little operating system and expanded its attack surface significantly. Applications developed in this new...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, html 5, csrf, xss, web,...
Hack In The Box Security Conference
movies
eye 17
favorite 0
comment 0
Following recent security issues discovered in Android, Google made a number of changes to tighten security across its fragmented landscape. However, Google is not alone in the struggle to keep Android safe. Qualcomm, a supplier of 80% of the chipsets in the Android ecosystem, has almost as much effect on Android’s security as Google. With this in mind, we decided to examine Qualcomm’s code in Android devices. During our research, we found multiple privilege escalation vulnerabilities in...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, qualcomm, mobile...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 17
favorite 0
comment 0
Today’s attacks succeed because the defense is reactive”. I have been researching attacks and offensive techniques since the past 16 years. As the defenses kept catching up and closing open doors, we attackers looked for new avenues and vectors. Upon looking back on the state of defenses during my days of One-Way Web Hacking in 2001 to Stegosploit in 2016, a common pattern emerges. Defense boils down to reacting to new attacks and then playing catch-up. It is time to transition defense from...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, saumil shah,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 16
favorite 0
comment 0
Everybody knows about Apple iCloud backups — how to disable this feature, or (if you are on the other side) how to download the data. However, iCloud is not just about backups. There is quite a lot of data that is also being *synced* across all the devices, and so stored in the iCloud — including contacts, calendars, notes, media files, documents, 3rd party application data, passwords, credit card numbers and much more (e.g. mail signatures and custom text shortcuts). Even if you disable...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, vladimir katalov,...
Hack In The Box Security Conference
movies
eye 16
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Since cookies store sensitive data (session ID, CSRF token, etc.) they are interesting from attacker’s point of view. As it turns out, quite many web applications (including sensitive ones like bitcoin platforms) have cookie related vulnerabilities that lead for example to user impersonation, remote cookie tampering, XSS and more. Developers tend to forget that multi-factor authentication will not help when...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 16
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Phrack and other magazines used to be full of obscure hardware and systems descriptions for telecom equipment that were the pride and the thrill of many dark-corner hackers. There's a specific kink about these strange OS, protocols and interfaces. But sadly (or not, as we'll see), it's a gone era. Gone are the DMS100, the DX200, the COSMOS switches and other telecom legacy beauty, ahem, well,...
Topics: Youtube, video, Science & Technology, dos, tftp, dpi, philippe langlois, hackinthebox, telecom,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
In the past few years hackerspaces came to the world to create a creative and hacky environment for the people but we need something for the younger ones. Let’s call them mini-hackers, junior-nerds, the techchilds or the coding-kids. Most kids aren’t exposed to interesting hacking stuff at their schools and the situation is pretty much the same here in The Netherlands – the main subject is always general studies. These junior-nerds and techchilds don’t fit in to this square hole and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
The history of hacking both new and old will be presented in music in this serious all-singing musical revue. Your favorite new hacks, long forgotten hacks, 0days, and computer security lessons will be told in song. It’s all happened before, and it will all happen again. These cautionary tales of hacking, crypto, computer security, reverse engineering, and pen testing will reawaken your passion for getting things right both at work and at home. Think you know all about your servers? Do you...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, fbz, fabienne serriere,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Every day, software developers around the world, from Bangalore to Silicon Valley, churn out millions of lines of insecure code. We used static binary analysis on thousands of applications submitted to us by large enterprises, commercial software vendors, open source projects, and software outsourcers, to create an anonymized vulnerability data set. By mining this data we can answer some...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2012kul,...
Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
Let’s separate the hype from reality and see what exactly machine learning (ML), deep learning (DL) and artificial intelligence (AI) algorithms can do right now in cybersecurity. We will look how different tasks, such as prediction, classification, clustering and recommendation, are applicable to the ones for attackers, such as captcha bypass and phishing, and for defenders, such as anomaly detection and attack protection. Speaking about the icing on the cake, we will cover the latest...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, alexander polyakov,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
Signal is the most trusted secure messaging and secure voice application, recommended by Edward Snowden and the Grugq. And indeed Signal uses strong cryptography, relies on a solid system architecture, and you’ve never heard of any vulnerability in its code base. That’s what this talk is about: hunting for vulnerabilities in Signal. We will present vulnerabilities found in the Signal Android client, in the underlying Java libsignal library, and in example usage of the C libsignal library....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, markus vervier, signal,...
Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
In the era of cyberwarfare, it becomes a norm to see cyber criminals use multi-level attacks to penetrate a multi-layered protected network infrastructure. We often see APT attackers manipulate 0-day or N-day Windows kernel vulnerabilities in order to guarantee a successful full system compromise. It would be a surprise if we do not see Windows kernel exploit involved in such targeted attacks. It is also worth noting that beside APT attackers, the botnet operators also seize the opportunity to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, exploit,...
Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: All content not indexed by traditional web-based search engines is known as the DeepWeb. Wrongly been associated uniquely with the Onion Routing (TOR), the DeepWeb’s ecosystem comprises a number of other anonymous and decentralized networks. The Invisible Internet Project (I2P), FreeNET and Alternative Domain Names (like Name.Space and OpenNic) are examples of networks leveraged by bad actors to host...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
In the past few years, data only kernel exploitation has been on the rise, since 2011 abusing and attacking Desktop heap objects, to gain a higher exploit primitives, was seen in many exploits. Moving forward to 2015 the focus has changed to GDI subsystem, and the discovery of the GDI Bitmaps objects, abuse, as well as in 2017 the GDI Palettes object abuse technique was released at DefCon 25, all of these techniques aim to, gain arbitrary/relative kernel memory read/write, to further the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, commsec, amsterdam,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
Due to changes in Richard’s schedule, the closing keynote was delivered via a video link. PRESENTATION MATERIALS FROM OTHER TALKS & PRESENTATIONS : http://conference.hitb.org/hitbsecconf2014kul/materials KEYNOTE ABSTRACT: “In my end is my beginning,” said T. S. Eliot in The Four Quartets, and he might have been talking about hacking. Because radical hacking is a state of mind, an approach to life, the universe, everything, a practice that must be understood with humility, explored...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, richard thieme,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
EVENT WEBSITE: http://conference.hitb.org/hitbsecconf2014kul/ Promo video for our final HITB Security Conference in Malaysia taking place at Intercontinental Kuala Lumpur from the 13th - 16th of October. Keynote speakers include Marcia Hofmann, Katie Moussouris and the legendary Richard Thieme Source: https://www.youtube.com/watch?v=-jvUVPe-q9s Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2014kul, malaysia,...
Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
In this talk I will provide the introduction of machine learning and it’s process flow. I’ll be going to discuss on the supervised or unsupervised learning methods. I’ll discuss cognitive automation with machine learning in different areas of cyber security domains like Risk Analytics, Threat Analytics, Fraud Detection, Improvement of a security incident, Intrusion Detection. In addition, I will also cover incident and event-based management analysis by analytics engine with the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, rishi kant, machine...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
Automotive security is a hot research area but up till now, research has only centered around how to attack with no single complete solution for defense. After 2 years of research, I have developed a machine learning based IDS for automobiles to detect abnormal traffic on the CANBUS and built a very low-cost device that can be used to capture raw CAN traffic and wirelessly transmit the data to a computer, mobile phone, or a central server for further analysis. I call this device CANsee – an...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, qihoo360, automotive,...
Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
Having had great success with the first part of our research "A crushing blow at the heart of SAP's J2EE Engine" this is a continuation in this series of presentations and will look deeper at new web-based attacks and post exploitations on SAP's J2EE applications. We will explain the architecture of SAP's J2EE engine and give a complete tour into its internals. Thereafter, we will show a number of previously unknown architecture and program vulnerabilities from auth bypasses,...
Topics: Youtube, video, Science & Technology, SAPocalypse Now
Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
From the ’60s and ’70s, the hacker community started to design tools and procedures in order to take advantage of telephone networks (such as blue boxes, phreaking, etc.). These old school hacking techniques are coming back with the commercialization of cheap open hardware which establish new threats. In this talk, we are going to contextualize some phreaking practices and introduce new threats including a way to modify the behaviour of GSM (Global System for Mobile Communications) antennas...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Jorge Cuadrado Saez,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
Zero-­day vulnerabilities – holes in software that are unknown to the parties who can mitigate their specific negative effects, are gaining a prominent role in the modern­-day intelligence, national security, and law enforcement operations. At the same time, the lack of transparency and accountability in their trade and adoption, their possible over-exploitation or abuse, the latent conflict of interests by entities handling them, and their potential double effect may pose societal risks or...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
Two years have passed since Mirai unleashed its wrath to the world by targeting high profile victims. Many things have happened since then, the good, the author responsible has already been convicted, the bad, source code was released to the public, and the not so bad, organizations became aware of the threat and geared up their defences for the possible next attack. Question is now, who will be the next Mirai? Ever since the release of its source code, many have used, experimented, and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, rommel d joven, iot,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
Cybersecurity: A Dance Between Governments, Companies and Hacker Communities The digital domain makes our lives easier in so many aspects, but our dependence on it also makes us and our vital processes more vulnerable. Just like cyber, cybercrime has become mainstream. To make optimal use of the chances that the digital domain has to offer, we need to work together: governments, companies and hacker communities, nationally and internationally, to strengthen our digital security. ========...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, welcome...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
The topic aims to explore known existing issues with Smart contracts and the Blockchain. The Smart Contract examples used are issues that have occurred on the Ethereum blockchain. They are applicable to any platform that uses the Ethereum Virtual Machine and the concepts can be applied to any form of smart contracts. The topic will also cover known best practices to mitigate these issues. The Topology attacks explore possible attack vectors on the Bitcoin network, and subsequently any networks...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jorden seet, blockchain,...
Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: I've been in the home computing industry ever since it started. From the IBM-360 Main frame through a college course, to a small mini-computer operated by a private individual, Call Computer. Having lived in Silicon valley, the center of all this activity, I managed to be in the right spots most of the time, and have a knack for putting people together -- Steve Wozniak with Alex from Call...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, john draper, captain...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
In the infamous movie Sneakers, our heroes face shadowy underworld black hats, spooky government spies, and their pasts. They do this all to retrieve a little black box designed to break American cryptographic secrets in seconds. Sneakers is rooted in the stereotypical idea that the ultimate hack is devising a single key that can unlock any system in the world. But, what if we’ve been looking at this threat model upside down? What if, instead, a company gave everyone a cryptographic black...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, don bailey, secure...
Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=3F44JbkaU7k Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
In 2015, artist Ai Weiwei was bugged in his home, presumably by government actors. We were concerned about the lack of research about placing and detecting bugs and how little it is discussed in the community. While in some countries the possibility of having a mic bug at home is non existent, sadly in other countries is far to common. As the technology gets cheaper and more accessible, the possibility of being bugged gets more real. However, our general knowledge about mic bugs comes mostly...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Every modern computer system based on Intel architecture has Intel Management Engine (ME) – a built-in subsystem with a wide array of powerful capabilities (such as full access to operating memory, out-of-band access to a network interface, running independently of CPU even when it is in a shutdown state, etc.). On the one hand, these capabilities allow Intel to implement many features and technologies based on Intel ME. On the other hand, it makes Intel ME a tempting target for an attacker....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, maksim malyutin, dmitriy...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
This presentation will explore how the cyber kill chain can be used as a defensive framework for security engineers, network defenders, senior managers, and more. This discussion will continue to guide the community from a vulnerability-centric to a threat-centric approach to security. === Alexis Lavi is a cybersecurity technology and policy professional with experience analyzing cyber risk, planning offensive engagements, and designing cyber governance programs. Alexis is currently supporting...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, alexis lavi, closing...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Andrea Zapparoli Manzoni manages Crowdfense Limited, which he designed in 2017 with a multidisciplinary team of ethical hackers, lawyers and vulnerability researchers. The company’s main goal is to develop and apply new standards and processes to the vulnerability trading industry, which has become too strategic and complex to be managed with the old “crafts of the trade” methods. After more than two decades working in, studying in and consulting in the industry, Manzoni realized that...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, CROWDFense, closing...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Security features and improvements introduced in Windows and other Microsoft products over period of time have made it more difficult and costly to exploit software vulnerabilities. The various mitigation technologies that have been created as a result have played a key role in helping to keep people safe online and defend against state of the art in software exploitation. In this presentation, I will walk through new data driven approach used by Microsoft to tackle software security and some...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, commsec,...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Return-Oriented Programming (ROP) attacks allow to hijack the control-flow execution of a vulnerable process using instructions already present in its memory map. Thus, the attacker concatenates sequences of instructions (named ROP gadgets) redirecting the control-flow execution to perform whatever computation he/she wants. Those instruction sequences, when executed, perform a well-defined operation, such as a XOR or an addition between two registers. A Turing machine is an abstract concept to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Daniel Uroz, Ricardo J....
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
The latest version of Internet Explorer 11 running on Windows 10 comes with a plethora of exploit mitigations which try to put a spoke in an attacker’s wheel. Although Microsoft just recently introduced their new flag ship browser Edge, when it comes to exploit mitigations many of the mitigations found in Edge are also present in the latest version of Internet Explorer 11. The goal of these mitigations is to make exploit development as hard and costly as possible. Some mitigations which...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, microsoft, windows 10,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Since the first iPhone in 2007, the baseband that Apple uses for cellular communications has evolved in terms of both...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
The Age of the Radio is upon us: wireless protocols are a dime a dozen thanks to the explosion of the Internet of Things. While proprietary wireless solutions may offer performance benefits and cost savings over standards like 802.11 or Bluetooth, their security features are rarely well-exercised due to a lack of access to these interfaces. The adoption of Software Defined Radio (SDR) by the security research community has helped shift this balance, however SDR remains a boutique skillset. Join...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2017ams, marc...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Has it ever happened to you on a Friday afternoon, just before closing your laptop, tidying your desk before a long weekend? A weekend that indeed looks now very long in perspective? A server disappeared! A network device that blinks mysteriously and frantically like a Christmas tree. No clues yet to be found? Feeling like calling Watson? Call no one but become Sherlock himself to uncover the truth! This session will reveal some of Moriarty’s machinations and some cyber forensics techniques...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, nicolas collery,...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. However, when the system is compromised and requires careful forensic analysis, FDE can be quite painful to forensic analysts. Unless you deal with standard and widely supported encryption such as LUKS, Bitlocker, TrueCrypt or few others, it might really hard to get through the layers of crypto code in proprietary software. This presentation will attempt to solve this by...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, nicolas collery, vitaly...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: If you want to believe popular movies or worse yet popular news, a hacker's perfect habitat is either a riverside apartment in the tropics, an ominous apartment in Eastern Europe or an unsuspecting mother's basement in the United States. Obviously, neither movie directors nor reporters have ever worked security in the Far East. In this presentation, we will shine a light on how security...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, paul sebastian ziegler,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=EDdogBjZRvs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Fuzzing is one of the hardest and simplest things in computer security at the same time. It’s really easy to start fuzz something and it’s really hard to understand what else you can fuzz after obvious methods like bitflip, walking byte flips, etc, etc, etc. For the complex data formats, it’s required to learn hard and drill into this format description like BNF to be able to apply the payload in a right place. Some times ago genetic (~2012) algorithms were suggested as a new approach for...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ivan novikov, neural...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
The upcoming era of hyper connectivity is characterized by technologies like IoT, wearables, drones, software agents, artificial intelligence, data analytics etc. Whilst looking for needles in a haystack we create an overkill of information which is virtually impossible to digest. How to resolve these paradoxical challenges? In my presentation I will illuminate the challenges at hand from a joint legal and technical perspective. ====== Elisabeth is a thought leader, strategist, innovator,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Machine Learning (ML) is a key to develop intelligent systems. It has had some successes not only in data science and engineering but also in information security domain. While data gathered help in identifying threats, it only accounts for a small part of the whole picture. Using Natural Language Processing (NLP) to make sense of unstructured resources such as social media posts, online news articles and blog posts is what gives us the edge over the machines. === Jim Geovedi is an IT security...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jim geovedi, machine...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
In this talk I will be discussing the tactics used by APTs and Nation State threat actors. Starting with the basics of who is responsible for attacks we will move swiftly on to the top 2% of attacks which can be classed as APTs: State Sponsored Hackers, Organised Crime and Intelligence Services. I will briefly cover the history of industrial espionage starting with the theft of Lockheed Martin’s jet designs and the subsequent suspiciously similar MIG which was produced in 1998. Moving on I...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec, apt
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Ever since the arrest of the Silk Road administrator in 2013, the internet has been buzzing around the terms deep and dark web yet as time passes by, more and more articles, reports and publications by researchers, professionals and even journalists have classified the deep and dark web as the same thing. An image search on the term dark web and you get mostly pictures of an iceberg classifying the internet as having three layers – the surface, the deep and the dark web. But what exactly are...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, fadli b sidek, hitbgsec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
The security of Internet of Things (IoT) is becoming a hot topic, but this talk is not a typical IoT presentation. It will discuss and demonstrate in-depth research and a solid forensics approach including data, account information and configuration retrieval from IoT devices like routers, IP cameras or Smart TVs. Last year, Wikileaks revealed a new CIA wireless hacking tool called “Cherry Blossom” which could allow for remotely compromising network devices using MITM attacks, however only...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, kelvin wong, iot, chip...
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Every few weeks a new security company is born. No matter what the brand or the segment, the data flow looks the same from on high: let's get smart people and write some smart software, suck in all kinds of telemetry and samples, and produce threat feeds and reputation feeds, and then... profit! This plan works more often than not, since the problem space and therefore the market continues to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hackers, hacking,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Presentation Title Reverse Engineering Android Malware Presentation Abstract Android is growing at such an explosive rate, and users are storing an increasing amount of important data on their mobile phones, thus the platform is an attractive target for malware author. Malware author are aiming for users of Google's Android mobile operating system with a malicious application that harvests personal information, controlling the system and sends it to a remote server. By utilizing SMS toll fraud;...
Topics: Youtube, video, Science & Technology, Reverse, Engineering, Android, Malware, Mahmud, Ab, Rahman
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks have in common? Vulnerable wireless protocols. Exploitation of wireless devices is growing increasingly common, thanks to the proliferation of RF protocols driven by mobile and IoT. While non-Wi-Fi and non-Bluetooth RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. Join us as we walk through the fundamentals of radio exploitation. After...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, matt knight, marc...
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Everything must be connected right now! Go! Do it! It’ll be great…. Then I’ll be able to order my Iced Half Caff Ristretto Venti 4-Pump Sugar Free Cinnamon Dolce Soy Skinny Latte so I can pick it up on the way to work as I cycle past the coffeee shop without breaking a sweat… Marvelous! Wait, did I say “I’ll be able to order”? Sorry, what I meant was: “My bicycle will be able to order”, because, obviously, my bicycle saddle is connected to my home WiFi, so when it detects my...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, keynote
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Richard Thieme, Founder, ThiemeWorks ======== Beware lest staring into the abyss turns into the abyss staring into you, Nietzsche warned. But once we are committed to seeing clearly and saying clearly what we see, it is hard to turn away. Richard Thieme has spent 25+ years in this “infosec space,” and the phase changes of the industry have taken him and all of us beyond the beginning of the end to the end itself – the end of what we thought we were doing by hacking in the spirit of the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Since it’s introduction at WWDC in 2014 Swift has progressed significantly as a language and has seen increased adoption by iOS and OSX developers. Despite this, information pertaining to reverse engineering Swift applications is sparse and not openly discussed. This talk will dive into the Swift language and explore reverse engineering Swift apps from a security perspective. Topics that will be covered include quick intro to Swift from a pen testers perspective, various methods for obtaining...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, swift, apple,...
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Web browsers have become part of everyday life, and are relied upon by millions of internet citizens each day. The...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
In recent years, there has been a rapid growth in smartphone sales and adoption. According to Gartner there was 379,977.3 thousand smartphones sold in the first quarter of 2017, representing 9 percent year over year (YoY) growth over the first quarter of 2016. On the other hand, according to IDC, the PC market only experience a tepid year-over-year growth of 0.6%, resulting in a 60,328 thousands of units being shipped in the same period. Of all smartphones being sold in the first quarter of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, minh tran, machine...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Honeypot is not simply a piece of cybersecurity technology. I view it as a concept which value lies heavily on education rather than simply operations. I’ve been conducting research and development with students from polytechnics to experiment with honeypots to learn more about “the more interesting stuff” (i.e. the topics cited above) rather than honeypots itself. Many aspiring cybersecurity professionals chooses the path of red team by default because it’s something they can do on...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, emil tan, smurf,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Over 30 years ago, when the movie WarGames was released, the only thing the US Government seemed to want to do with hackers was lock them up and throw away the key. But our power to transform the world, both positively and negatively, could not be contained. Today, the Department of Defense has successfully completed the first ever bug bounty program in the US government, paying hackers money to Hack the Pentagon. We as hackers specialize in understanding how things work, and transforming the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Presentation Title Post Memory Corruption Analysis Presentation Abstract In this presentation, we introduce a new exploitation methodology of invalid memory reads and writes, based on dataflow analysis after a memory corruption bug has occured inside a running process. We will expose a methodology which shall help with writing a reliable exploit out of a PoC triggering an invalid memory write, in presence of security defense mechanism such as compiler enhancements (full RELRO, SSP) or kernel...
Topics: Youtube, video, Science & Technology, Post, Memory, Corruption, Analysis, Exploitation,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which aims to be a stateless OS that leaves no trace on the computer of its presence, Heads is intended for the case where you need to store data and state on the computer. It targets specific models of commodity hardware and takes advantage of lessons learned from several years of vulnerability research....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, trammel hudson,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Andrea Zapparoli Manzoni manages Crowdfense Limited, which he designed in 2017 with a multidisciplinary team of ethical hackers, lawyers and vulnerability researchers. The company’s main goal is to develop and apply new standards and processes to the vulnerability trading industry, which has become too strategic and complex to be managed with the old “crafts of the trade” methods. After more than two decades working in, studying in and consulting in the industry, Manzoni realized that...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
IoT is an emerging field and exploding with new products and innovation. The security of IoT products is still lagging behind for various reasons. One of the important reasons from security researcher’s perspective is the availability of security tools. If you have been pen testing IoT products you would agree that there are too many different tools required for the job and there is no single silver bullet. And when it comes to Smart Infrastructure, we do not have any existing solution...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Aseem Jakhar, iot,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: What could be insecure about charging an electric car? Just plug in to a power outlet and off you go... Nothing can be further from the truth. The vision of electric cars call for charge stations to perform smart charging as part of a global smart grid. As a result, a charge station is a sophisticated computer that communicates with the electric grid on one side and the car on the other. To...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2013ams, ofer...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
This presentation will tackle both red teaming methodologies and threat modeling for industrial control system and the presenter will showcase security-in-depth where “air-gap” is not possible to implement within the organization to battle against both insider and cyber threats’ using sophisticated tools, techniques, and procedures. Along with this, various industries best practices and compliance will be shared on this talk to ensure nothing will be miss-out in addressing the OT network...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, mike rebultan, ics,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
EnCase Forensic Imager is a tool used by forensic investigators to gather evidence from storage media. We used a custom tool to fuzz the file system parser code of this product and found a buffer overflow vulnerability in the LVM2 parser. We demonstrate our approach we used to fuzz EnCase Forensic Imager, describe the technical details of the vulnerability and show how this vulnerability can be exploited to execute arbitrary code on the investigator’s machine. We wrap up our talk by...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, pwnrensics, forensics,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
We have built (a prototype of) a passive listing ransomware detector that is able to guard network data shares against ransomware in real world operation. Ransomware is a variation of malware that takes partial or full control of the victim’s computer, often through encryption or locking the computer itself behind an alternative desktop. The end goal is to extort the owner of the computer into paying a ransom in order to undo or avoid further damage. In contrary to most malware-practices,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2017ams, don muders,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Halcyon is the first IDE specifically focused on Nmap Script (NSE) Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts (NSE) was the lack of a development environment that gives easiness in building custom scripts for real world scanning, at the same time fast enough to develop such custom scripts. Halcyon is free to use, java based application that comes with code...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, nullcon, singapore, sanoop thomas,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
LTE is a more advanced mobile network but not absolutely secure. In this presentation, we will introduce a method which jointly exploits the vulnerabilities in tracking area update procedure, attach procedure, and RRC redirection procedure in LTE networks resulting in the ability to force a targeted LTE cellphone to downgrade into a malicious GSM network where an attacker can subsequently eavesdrop its voice calls and GPRS data. We used LTE software plus USRP to verify this attack. Some open...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, lte,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
In a world where governments are demanding exceptional (and unprecedented) access to systems under the guise of national security and the looming specter of terrorism, recent events have resurfaced the conflict between privacy and security. While some believe this to be a new battle of the Internet age, it’s just a continuation of the unending crypto war between technologists and law enforcement. Mr Adams will give a brief overview of the recent FBI vs. Apple debate, how companies with large...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, keynote
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
This talk is based on results of R&D project aimed to build a solution for user behavior security analytics. I will describe various methods and ideas for anomaly detection solutions built to understand user behavior trends and find abnormal activity using state-of-the-art neural networks. The talk covers things like: Empowering a feature selection process with clustering algorithms Checking the quality of data with a serial correlation algorithm Implementing a behavioral whitelisting with...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, eugene neyolov, machine...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Listening to the network traffic and detecting network attacks are always exciting experiences. In this session, we will explore the emerging threat landscape brought about by the explosion of IoT (Internet of Things) devices and showcase an IoT honeypot developed for fun (and profit?). === Tan Kean Siong is an independent security researcher and Hack In The Box.my Core Crew. As the member of The Honeynet Project (Malaysian Chapter), he enjoys reading the backlog of various honeypot sensors...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, iot, honeypot,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=3cFCs6YkwMs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=Dn3jb2BBBCE Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox