Skip to main content

Hack In The Box Security Conference



rss RSS

Show sorted alphabetically
Show sorted alphabetically
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 1,130
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=yAW49z4vHns Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 945
favorite 0
comment 0
IoT connected devices are being released at a staggering rate. According to Gartner it’s speculated that by the end of 2018, there will be 11.2 billion IoT devices currently connected at any given time. A large part of that connected ecosystem includes wireless speaker systems created by some of the largest manufacturers around the globe Looking closer at Sonos and Bose wireless speaker systems, this research looks to find flaws in these common household devices. This research analyzes the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, stephen hilt, trend...
Hack In The Box Security Conference
movies
eye 27
favorite 0
comment 0
Analyzing network traffic is a task that comes up often in the context of malware analysis: both before infection, in malware delivery from sites and after infection, in the communication with the C&C servers. Having this information is vital when doing dynamic analysis. However, the current solutions to this issue involve either adding a root CA (certificate authority) to the machine, splitting the traffic and resigning certificates on-the-fly or modifying crypto libraries to log extra...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, telescope,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, balazs bucsay, hitbgsec,...
Hack In The Box Security Conference
movies
eye 25
favorite 0
comment 0
WoW64 processes have a complete 32-bit subsystem inside of them, in charge of supplying the 32-bit application with everything it needs to execute on a 64-bit OS. But eventually, the communication with the 64-bit environment itself is done by the 64-bit portion of the process, often neglected by security products. Mostly, only monitoring the 32-bit subsystem is enough, but bypasses techniques such as the notorious “Heaven’s Gate” prove that this approach is far from perfect. In this talk,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, carlsbad, shafir, wow64,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 24
favorite 0
comment 0
Presentation Title Reverse Engineering Android Malware Presentation Abstract Android is growing at such an explosive rate, and users are storing an increasing amount of important data on their mobile phones, thus the platform is an attractive target for malware author. Malware author are aiming for users of Google's Android mobile operating system with a malicious application that harvests personal information, controlling the system and sends it to a remote server. By utilizing SMS toll fraud;...
Topics: Youtube, video, Science & Technology, Reverse, Engineering, Android, Malware, Mahmud, Ab, Rahman
Hack In The Box Security Conference
movies
eye 33
favorite 0
comment 0
Machine Learning (ML) is a key to develop intelligent systems. It has had some successes not only in data science and engineering but also in information security domain. While data gathered help in identifying threats, it only accounts for a small part of the whole picture. Using Natural Language Processing (NLP) to make sense of unstructured resources such as social media posts, online news articles and blog posts is what gives us the edge over the machines. === Jim Geovedi is an IT security...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, jim geovedi, machine...
Hack In The Box Security Conference
movies
eye 27
favorite 0
comment 0
SOME – “Same Origin Method Execution” is a new technique (2 years since its first big exposure) that abuses callback endpoints in order to perform a limitless number of unintended actions on a website on behalf of users, by assembling a malicious set of timed iframes and/or windows. The attack was proven against vast platforms such as WordPress and various web applications built by Google, Paypal, Microsoft and etc. This attack is not UI related nor it is confined in terms of user...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ben hayak, some, same...
Hack In The Box Security Conference
movies
eye 7
favorite 0
comment 0
Data-center security has been forced to reinvent itself as software complexity increases, networking capabilities grow more agile, and attack complexity turns unmanageable. With this change, the need for security policy enforcement to be handled at the edge has pushed functionality onto host compute systems, resulting in inherent performance loss and security weakness due to consolidation of resources. We will be presenting a SmartNIC-based model for data-center security that solves both the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ofir arkin, smartnic,...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
The past decade has taught us that there are quite some attacks vectors on USB. These vary from hardware key-logging to driver fuzzing and from power surge injection to network traffic re-routing. In addition to addressing these issues, the security community has also tried to fix some of these. Several defensive hard- and software tools focus on a particular piece of the puzzle. However none, is able to completely mitigate the risks that involves the everyday use of USB in our lives. Key...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, keynterceptor,...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
As Control Flow Integrity (CFI) enforcement solutions are widely adapted by major applications, traditional memory vulnerability exploitation techniques aiming to hijack the control flow have become increasingly difficult. For example, Microsoft’s Control Flow Guard (CFG) is an effective CFI solution against traditional memory exploits. However, due to the CFG implementation limitations, we have seen new exploitation techniques such as using the unprotected ret instruction to bypass CFG. We...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, bing sun, memory...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 18
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Global Fortune 1000 companies, large governmental organizations and defense entities have something in common -- they...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
Perf has been added into Linux kernel since 2.6.3x to provide a framework for all things performance analysis. It covers hardware level (CPU/PMU, Performance Monitoring Unit) features and software features (software counters, trace points) as well. Among the supported perf measurable event list, there is a small set of common hardware events monikers which get mapped onto an actual events provided by the CPU, if they exists, otherwise the event cannot be used. So there is no surprise CPU...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, perf,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
Monitoring the radio spectrum usage is an important way to keep track of wireless devices in your organisation. Whether it’s an unauthorised IoT device or an implanted device exfiltrating data, we want to keep an eye on RF devices within out infrastructure. Over the past few months a group of open source software developers have been working on tools to allow low cost SDR platforms to rapidly sweep frequencies in order to monitor the spectrum around us. Our base platform is HackRF and we are...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, dominic spill,...
Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Shortly after the release of Corona, @xvolks came to @pod2g with an interesting observation. He noticed it was...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Windows 7 introduced many new security mechanisms regarding the use of the front end allocator. In an attempt to...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
In this talk Miika will be discussing the steps it took to own a bank’s infrastructure years ago. He will be describing how he gained the initial foothold in DMZ, what it took to get past the forbidding firewall and AV into the internal network and how he finally ended up in the DC. Along the way he will be reflecting on the features (weaknesses), tools and techniques and discuss how they have changed over the years. === Miika has worked as a technical security specialist in Nixu for almost...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, miika turkia,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: As part of a research activity on a classification framework we have encountered problems with packed executables and the need for a generic unpacker with the following features arose naturally: • It should work on bare metal as long as inside a virtual machine • The unpacking tool must be as stealthy as possible • It must at least rebuild a valid PE for static analysis and optionally a functional...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 126
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Drawing on lessons gleaned from recent hacker indictments, research on surveillance, espionage and counter-intelligence, this talk focuses on practical operational security (OPSEC) measures to avoid detection and prevent arrest by Law Enforcement Officials. The target audience for this talk are hacktivists whose primary mission requires strong online anonymity in the face of intense scrutiny...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, opsec, grugq, security,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
This talk will give researchers insight into a program’s perspective on bug bounty. First, we identify characteristics of a successful bug bounty researcher. Then we’ll dive into some specific example reports with the goal of understanding why some reports are more valuable than others – researchers should expect to understand which types of reports are highest ROI for their time and effort. Finally, we will give researchers insight into the why/how around our recent program updates....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, rob fletcher, uber, bug...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
KEYNOTE MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ KEYNOTE ABSTRACT: Reading the headlines today, we see that security issues frequently involve employees, their accounts, and their machines. And yet many security professionals view their employees as a lost cause. Between bad passwords, phishing, and lost machines, these users seem to present unbounded risk. And managing that risk often creates tensions between business needs and security needs. In this keynote I'll...
Topics: Youtube, video, Science & Technology, bob lord, twitter, phishing, experimental results, hitb,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=Cg-_TLdfUGw Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: As social engineering has become the dominant method of malware distribution, browsers makers started to design more robust and recognizable UIs in order to help users in making aware choices while surfing the web. In this process, creating trusted UIs notification mechanisms played a crucial role: today any modern browser is able to identify potentially dangerous/sensitive actions requested...
Topics: Youtube, video, Science & Technology, Safari (Software), internet explorer, notification,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=ao-DcP6jvvs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Securing vehicles is a complex challenge. Their increased connectivity leave them to a wide attack surface. The diversity in the technologies used also requires to develop different security assessment techniques. From an attacker’s point of view, one difficulty is the manufacturer-specific nature of the technologies used. The automotive industry is a complex ecosystem, composed of different OEMs and suppliers, at different levels of the production chain. This variety of actors lead to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, keisuke hirata, autosec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 16
favorite 0
comment 0
Keynote 2 @ HITB2010 Malaysia presented by Paul Vixie on Taking Back the DNS Source: https://www.youtube.com/watch?v=ejlLHc2NFM4 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 17
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Documenting more than a year of research in XML technologies, this talk will detail security implications of the XML...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: For more than two years, ThreatGRID has been building a threat intelligence service where samples and content are cross-indexed and related. This allows for tremendous amounts of derived analysis, building relationships based on timing, behavioral, structural, and communications characteristics. We are able to determine origin, aims, and targets of specific samples via second and third order...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, security, hackers,...
Hack In The Box Security Conference
movies
eye 25
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=sTb5EXhJJ-Q Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Every few weeks a new security company is born. No matter what the brand or the segment, the data flow looks the same from on high: let's get smart people and write some smart software, suck in all kinds of telemetry and samples, and produce threat feeds and reputation feeds, and then... profit! This plan works more often than not, since the problem space and therefore the market continues to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hackers, hacking,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 34
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Huawei routers are no longer devices only seen in China. Entire countries run their Internet infrastructure exclusively on these products and established tier 1 ISPs make increasing use of them. However, very little is known of Huawei's Software Platform and its security. This presentation will introduce the architecture, special properties of configurations and services as well as how to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, 0day, hackers, hacking,...
Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
KVM-Qemu and Docker containers are important components of virtualization technology and are widely used by mainstream cloud vendors. KVM-Qemu is a full virtualization solution for Linux on x86 hardware which contains virtualization extensions (Intel VT or AMD-V) and devices emulated by QEMU in user components. Docker is an open-source and light-weight project that automates the development of applications inside software containers by providing an additional layer of abstraction and automation...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, qihoo360,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
ChatOps, a concept originating from Github, is chatroom-driven DevOps for distributed teams, using chatbots (like Hubot) to execute custom scripts and plugins. We have applied the concept of ChatOps to the penetration testing workflow, and found that it fits outstandingly – for everything from routine scanning to spearphishing to pentest gamification. This talk discusses the tools that we use (RocketChat, Hubot, Gitlab, pentesting tools), and provides battle stories of using Pentesting...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
Hack In The Box Security Conference
movies
eye 14
favorite 0
comment 0
With the growth of data traffic and data volumetric analysis needs, “Big Data” has become one of the most popular fields in IT and many companies are currently working on this topic, by deploying Hadoop clusters, which is the current most popular Big Data framework. As every new domain in computer science, Hadoop comes (by default) with truly no security. During the past years we dug into Hadoop and tried to understand Hadoop infrastructure and security. This talks aims to present in a...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, singapore, hitbgsec,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 23
favorite 0
comment 0
We have witnessed many kernel vulnerabilities of Android devices. They have already been utilized by underground businesses in malware and APTs. Unfortunately, some of these vulnerabilities remain unfixed for years, partly due to the time-consuming patching and verification procedures, or probably because the vendors care more about innovating new products than securing existing devices. As such, there are still a lot devices all over the world subject to root attacks. In this talk, we will...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, kernel, live patching,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
The Women In Cyber Security Woman Of The Year 2016 award ceremony held at the Hack In The Box security conference on 26th May 2016. Twitter: @WomenInCyber @Platform_ECP Source: https://www.youtube.com/watch?v=HNMhbB0PsnY Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, wics, womanoftheyear,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Welcome Note by Dhillon ‘l33tdawg’ Kannabhiran, Founder / CEO @ Hack In The Box Source: https://www.youtube.com/watch?v=n95FX_73r2k Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
movies
eye 27
favorite 0
comment 0
In the era of cyberwarfare, it becomes a norm to see cyber criminals use multi-level attacks to penetrate a multi-layered protected network infrastructure. We often see APT attackers manipulate 0-day or N-day Windows kernel vulnerabilities in order to guarantee a successful full system compromise. It would be a surprise if we do not see Windows kernel exploit involved in such targeted attacks. It is also worth noting that beside APT attackers, the botnet operators also seize the opportunity to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, exploit,...
Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
There are different policies for the generation of secure passwords. However, one of the biggest challenges is to memorize all these complex passwords. Password manager applications are a promising way of storing all sensitive passwords cryptographically secure. Accessing these passwords is only possible if the user enters the correct master password, which is the only password that he needs to remember. At first, the requirements for a password manager application seem simple: Storing the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Steven Arzt, Siegfried...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 16
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=ZAXJWOD8HyE Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Over the years numerous exploit mitigations have been developed and many are shipped with common operating systems or third party security software. Yet, we still see weaponized exploits used effectively to infiltrate systems and bypass all existing mitigations. In this presentation a novel hardware-assisted approach will be presented for detecting and stopping exploits using Hardware-Based CPU tracing and a practical fine-grained CFI approach. Some recent work has shown hardware-assisted...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, shlomi oberman, ron...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 16
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Cuckoo Sandbox is an open source automated malware analysis system. It started as a Google Summer of Code 2010 project...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Hack In The Box Security Conference
movies
eye 29
favorite 0
comment 0
LTE is a more advanced mobile network but not absolutely secure. In this presentation, we will introduce a method which jointly exploits the vulnerabilities in tracking area update procedure, attach procedure, and RRC redirection procedure in LTE networks resulting in the ability to force a targeted LTE cellphone to downgrade into a malicious GSM network where an attacker can subsequently eavesdrop its voice calls and GPRS data. We used LTE software plus USRP to verify this attack. Some open...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, lte,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 15
favorite 0
comment 0
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Human societies run on trust. Every day, we all trust millions of people, organizations, and systems — and we do it so easily that we barely notice. But in any system of trust, there is an...
Topics: Youtube, video, Science & Technology, hitb2012ams, hitb, hitbsecconf, amsterdam, netherlands,...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Sandboxing is a popular modern technique used by vendors to minimize the damages that attackers might inflict on a compromised system by restricting the application’s trust boundaries. Sandboxing raises the bar for exploitation because the compromised application is now “contained”, and typically need at least another vulnerability to escape the sandbox container to achieve the same level of system compromise. As a testament of its effectiveness, popular applications that have adopted...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, yong chuan koh, mwr,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 26
favorite 0
comment 0
Today’s attacks succeed because the defense is reactive”. I have been researching attacks and offensive techniques since the past 16 years. As the defenses kept catching up and closing open doors, we attackers looked for new avenues and vectors. Upon looking back on the state of defenses during my days of One-Way Web Hacking in 2001 to Stegosploit in 2016, a common pattern emerges. Defense boils down to reacting to new attacks and then playing catch-up. It is time to transition defense from...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, saumil shah,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 22
favorite 0
comment 0
From a functional programming perspective, Erlang is an excellent language that substantially reduces risk when writing code. What many developers don’t understand is that Erlang is built on an architecture and within ecosystem that contains many subtle security flaws. One such set of flaws allows anyone with the ability to interact with a remote Erlang node to compromise that node by abusing the underlying BEAM Virtual Machine and the services required to run Erlang. The author’s previous...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, don bailey, erlang,...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Presentation Title iPhone Exploitation: One ROPe to Bind Them All? Presentation Abstract Exploitation of iPhones and other devices based on iOS requires very sophisticated ROP payloads because of the code signing and non executable memory protections. The trouble with generating ROP payloads for iDevices is that every device class and every firmware version comes with its libraries at a different base address. And newer firmwares even have ASLR built in. Choosing the right ROPe without any help...
Topics: Youtube, video, Science & Technology, IPhone, Exploitation, One, ROPe, to, Bind, Them, All,...
Hack In The Box Security Conference
movies
eye 22
favorite 0
comment 0
Robots are going mainstream. In the very near future robots will be everywhere, on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, as sex partners, cooking in homes, and interacting with our families. While robot ecosystems grow and become more of a disrupting force in our society and economy, they pose more of a significant threat to people, animals, and organizations if the technology is not secure....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
movies
eye 22
favorite 0
comment 0
Blog Post: https://www.vantagepoint.sg/blog/73-does-security-by-obscurity-work Cloning a VASCO DIGIPASS instance using config file and device data. 1. The attack requires root access to the device 2. The version shown is a demo version of DIGIPASS available on the Play Store. According to the vendor, the production version contains additional security measures not included in the demo. For the full analysis and vendor response please read the paper. To prevent this kind of attack: 1. Always...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, banking tokens,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: In recent years, iOS security has become a hot topic, largely due to the unprecedented popularity of Apple iDevices. One of the major exploitation targets within iOS that has received a significant amount of public scrutiny is the kernel, as it encapsulates the security extensions that govern access to the device. A variety of kernel exploits have been publicly released that employ relatively...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, iOS6, apple, iPhone,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 13
favorite 0
comment 0
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Security is a property of human outcomes, not technical systems. The security community understands how to think about the security of code and is learning how to think about the security of large systems, but has barely begun to start to think about how to improve security outcomes for humans. Security for humans affects the entire software development and deployment lifecycle, but it’s most strongly...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 22
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: The backbones of our digital lives, the ISPs and Telecom operators, have never been secure. Their "closed garden" security model has always been a fallacy and the reality on the ground paints a much bleaker picture. Why are they constantly getting hacked, and sometimes discovering it many years later or not at all? This presentation will give a broad perspective on the security of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, telco, hackers, hacking,...
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Android Fragmentation has been recognized as a significant cause of booming Android security issues. In this talk, we will demonstrate our deep analysis of this infamous problem by using Samsung which is a major manufacturer of Android phones as a case study. We will present more than 200 security vulnerabilities we have found in our research. These vulnerabilities commonly exist in Samsung phones such as s8+, S7, S7 edage and Galaxy C9 Pro. Most vulnerabilities take Samsung a long time to fix,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, bai guangdong, zhang...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Presentation Title Privacy, Secrecy, Freedom and Power Presentation Abstract Technological advances have both diminished and enhanced the ability to keep information private, but on balance have challenged privacy more than strengthened it. As a result, the law has been under pressure to play an increasing role in protecting secrecy, whether in class action lawsuits or national security prosecutions. But the law is a dull tool, so we are living through a kind of information anarchy now where...
Topics: Youtube, video, Science & Technology, Privacy, Secrecy
Hack In The Box Security Conference
movies
eye 22
favorite 0
comment 0
Halcyon is the first IDE specifically focused on Nmap Script (NSE) Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts (NSE) was the lack of a development environment that gives easiness in building custom scripts for real world scanning, at the same time fast enough to develop such custom scripts. Halcyon is free to use, java based application that comes with code...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, nullcon, singapore, sanoop thomas,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Keynote 2 @ HITB2010 Malaysia presented by Paul Vixie on Taking Back the DNS Source: https://www.youtube.com/watch?v=l4hqtA9L-eA Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
movies
eye 17
favorite 0
comment 0
In this presentation, i will share my findings on how the social networking platform Facebook is exploited by cyber criminals and cyber hacktivists to conduct, plan and organise their activities. I will touch on the following questions: 1) Why is Facebook the platform of choice? 2) How is it similar to the deep and dark web? 3) What kind of cyber criminal businesses can be found on both the dark web and Facebook? 4) How do hackers organise cyber operations ‘loudly’ but without attracting...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, facebook, darkweb,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=5c_1vZxZvuc Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=yPW7HgU10lU Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
This talk will present a new disarming flaw that can be used to prevent all anti-ROP checks in EMET 5.5x from ever being performed. The disarming condition is caused by the fact that references to the read-only CONFIG_STRUCT are always retrieved from the process heap (which has a PAGE_READWRITE protection). This is obfuscated by the usage of DecodePointer throughout EMET. Presentation Outline Short introduction of EMET Short introduction of info leak / RW-primitive requirement Recap of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2017ams, emet
Hack In The Box Security Conference
movies
eye 20
favorite 0
comment 0
In a world where governments are demanding exceptional (and unprecedented) access to systems under the guise of national security and the looming specter of terrorism, recent events have resurfaced the conflict between privacy and security. While some believe this to be a new battle of the Internet age, it’s just a continuation of the unending crypto war between technologists and law enforcement. Mr Adams will give a brief overview of the recent FBI vs. Apple debate, how companies with large...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, keynote
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 10
favorite 0
comment 0
Presentation Title Hacking Androids for Profit Presentation Abstract We will reveal new threats to Android Apps, and discuss known and unknown weaknesses in the Android OS and Android Market. This presentation will offer insight into the inner working of Android apps and the risks any user faces when installing and using apps from the marketplace. We will reveal previously undisclosed vulnerabilities in vendor apps installed on millions of US mobile phones and techniques to evade all available...
Topics: Youtube, video, Science & Technology, Hacking, Androids, for, Profit, Riley, Hassell
Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Web browser security is a hot and important research area. If a web browser is vulnerable, users can be affected by malware without their knowledge, or give the attacker control over their machines. In this presentation, we will introduce methods to find vulnerabilities in Javascript Engines for web browsers via fuzzing. We will talk about creating components for the fuzzer, and generating Javascript syntax efficiently. We will also reveal our own crash classification method and parallel...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Jeonghoon Shin, areum...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Keynote 1 @ HITB2010 Malaysia presented by Chris 'weldpond' Wysopal on The Perpetual Insecurity Machine Source: https://www.youtube.com/watch?v=Sgy8Tj1LfjA Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Hack In The Box Security Conference
movies
eye 8
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=agSPx_p-KI8 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 9
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=EO0DxgZhz_g Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=-KWZ-m_l4Jc Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
The Internet and the security industry have been on fire for the last several months with threats that are plaguing the Internet: worms and SMB vulnerabilities. Wait is it 2017 or 2003? It’s obvious that we are failing at basic security. Case in point: 991,812. That’s how many internet-connected hosts were listening on port 445 as of May 19th 2017. This talk will discuss how everything is cyclical and the last handful of years we have regressed from strong security controls to one of data...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec, singapore,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 5
favorite 0
comment 0
The zero-day market has recently experienced an exponential growth with top exploit prices reaching the seven figures. Together with “standard” exploits affecting IT and end-users’ technologies, the black market is nowadays offering a new, widely-wanted and refined product: cyber weapons to target Industrial Control Systems (ICS), Critical Infrastructures, and Smart Cities environments. Objective of this panel will be discussing the impact of exploits leveraging unpublished...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, SAM GOH, Andrea...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 25
favorite 0
comment 0
The history of hacking both new and old will be presented in music in this serious all-singing musical revue. Your favorite new hacks, long forgotten hacks, 0days, and computer security lessons will be told in song. It’s all happened before, and it will all happen again. These cautionary tales of hacking, crypto, computer security, reverse engineering, and pen testing will reawaken your passion for getting things right both at work and at home. Think you know all about your servers? Do you...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, fbz, fabienne serriere,...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 19
favorite 0
comment 0
This presentation will explore how the cyber kill chain can be used as a defensive framework for security engineers, network defenders, senior managers, and more. This discussion will continue to guide the community from a vulnerability-centric to a threat-centric approach to security. === Alexis Lavi is a cybersecurity technology and policy professional with experience analyzing cyber risk, planning offensive engagements, and designing cyber governance programs. Alexis is currently supporting...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, alexis lavi, closing...
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 12
favorite 0
comment 0
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Malware is widely acknowledged as a growing threat with hundreds of thousands of new samples reported each week. Analysis of these malware samples has to deal with this significant quantity but also with the defensive capabilities built into malware. Malware authors use a range of evasion techniques to harden their creations against accurate analysis. The evasion techniques aim to disrupt...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, bsdaemon, rodrigo rubira...
Hack In The Box Security Conference
movies
eye 11
favorite 0
comment 0
Source: https://www.youtube.com/watch?v=WXBT79figGg Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Hack In The Box Security Conference
by Hack In The Box Security Conference
movies
eye 19
favorite 0
comment 0
In this talk I will be discussing the tactics used by APTs and Nation State threat actors. Starting with the basics of who is responsible for attacks we will move swiftly on to the top 2% of attacks which can be classed as APTs: State Sponsored Hackers, Organised Crime and Intelligence Services. I will briefly cover the history of industrial espionage starting with the theft of Lockheed Martin’s jet designs and the subsequent suspiciously similar MIG which was produced in 1998. Moving on I...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec, apt