«
Expand/Collapse
39 items tagged "presentation"
Related tags:
chaos communication congress [+],
security [+],
presentation slides [+],
windows [+],
time [+],
robert bhme [+],
pdf [+],
lunar [+],
ipv [+],
fault tolerant systems [+],
communications developments [+],
abu dhabi [+],
zerodays [+],
x prize [+],
windows operating systems [+],
whitepaper [+],
usa [+],
uncovering [+],
token [+],
time scientists [+],
tgz [+],
team [+],
subverting [+],
steganography [+],
steganographic software [+],
slides [+],
sid [+],
science event [+],
ruxcon [+],
revolution [+],
proof of concept [+],
per [+],
part [+],
networks [+],
microsoft patch [+],
microsoft [+],
mainstream tv [+],
jpeg [+],
introduction [+],
industrial [+],
impersonation [+],
hollywood studios [+],
hollywood [+],
hacking [+],
hack [+],
from [+],
forensic analysts [+],
elements [+],
diamond age [+],
design workshop [+],
design mistakes [+],
cross application [+],
computer security issues [+],
code [+],
cesar cerrudo [+],
boston [+],
analysis presentation [+],
year [+],
wxf [+],
wifi [+],
vulnerability analysis [+],
vince [+],
video presentation [+],
video [+],
victim [+],
transistors [+],
stephen a. ridley tags [+],
seth law [+],
seth [+],
seh all at once attack [+],
security presentation [+],
security mechanisms [+],
scavenger hunt [+],
sandbox [+],
runtime environments [+],
rootkits [+],
rootkit [+],
rfid tag [+],
rfid [+],
reprapped [+],
race [+],
presentation pdf [+],
powerpoint [+],
poetry authors [+],
organic field [+],
open source security tools [+],
open source security [+],
ngwsp [+],
news [+],
network trace [+],
mr. kim [+],
matt conover [+],
mark bristow [+],
level functionality [+],
legal threats [+],
kernel mode [+],
ken johnson [+],
john sarik [+],
ipv6 security [+],
ipad [+],
intensive task [+],
hacks [+],
gui objects [+],
generic methods [+],
generation web [+],
fishnet security [+],
file [+],
field effect transistors [+],
exploitation techniques [+],
evasion and escape [+],
doug wilson [+],
david byrne rohini sulatycki [+],
dan crowley [+],
cray supercomputer [+],
concept demonstrations [+],
classic [+],
chris gates [+],
beta group [+],
atm [+],
asp [+],
application variables [+],
application [+],
apache myfaces [+],
andrzej dereszowski [+],
analysis [+],
access control mechanisms [+],
abstract presentation [+]
-
-
8:17
»
Packet Storm Security Recent Files
This is a presentation called Uncovering ZeroDays and Advanced Fuzzing. It has one PDF of the presentation and one of the full script used during the presentation. This was presented at AthCon 2012.
-
8:17
»
Packet Storm Security Misc. Files
This is a presentation called Uncovering ZeroDays and Advanced Fuzzing. It has one PDF of the presentation and one of the full script used during the presentation. This was presented at AthCon 2012.
-
-
14:01
»
Hack a Day
When [Vince] saw a coworker give a presentation with an iPad, he thought to himself what a tremendous waste of computing resources he was witnessing; an iPad is just as powerful as an early Cray supercomputer, and displaying slides isn’t a computationally intensive task. We’re assuming [Vince]‘s train of thought went off the rails at [...]
-
-
21:51
»
SecDocs
Authors:
Karsten Becker Robert Böhme Tags:
science robotics Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The Part-Time Scientists is an international team of Scientists and Engineers participating in the first private race to the moon, the Google Lunar X-Prize. Our approach to win this competition is quite unique as everyone involved really is a part-time scientist. In our presentation we will present our latest lunar rover, lander, electronic and communications developments. The presentation will feature: our self developed embedded systems, how we designed radiation hardened and fault tolerant systems, the production of our second rover generation and their first tests, our prototype real world testings, what we've done in 2010, what we've planning for 2011, and a lot more interesting topics! Our presentation will be focused on actual hardware with a rather short introduction to the topic in general.
-
21:51
»
SecDocs
Authors:
Karsten Becker Robert Böhme Tags:
science robotics Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The Part-Time Scientists is an international team of Scientists and Engineers participating in the first private race to the moon, the Google Lunar X-Prize. Our approach to win this competition is quite unique as everyone involved really is a part-time scientist. In our presentation we will present our latest lunar rover, lander, electronic and communications developments. The presentation will feature: our self developed embedded systems, how we designed radiation hardened and fault tolerant systems, the production of our second rover generation and their first tests, our prototype real world testings, what we've done in 2010, what we've planning for 2011, and a lot more interesting topics! Our presentation will be focused on actual hardware with a rather short introduction to the topic in general.
-
21:51
»
SecDocs
Authors:
Karsten Becker Robert Böhme Tags:
science robotics Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: The Part-Time Scientists is an international team of Scientists and Engineers participating in the first private race to the moon, the Google Lunar X-Prize. Our approach to win this competition is quite unique as everyone involved really is a part-time scientist. In our presentation we will present our latest lunar rover, lander, electronic and communications developments. The presentation will feature: our self developed embedded systems, how we designed radiation hardened and fault tolerant systems, the production of our second rover generation and their first tests, our prototype real world testings, what we've done in 2010, what we've planning for 2011, and a lot more interesting topics! Our presentation will be focused on actual hardware with a rather short introduction to the topic in general.
-
-
21:48
»
SecDocs
Tags:
steganography Event:
Black Hat Abu Dhabi 2011 Abstract: Steganography has advanced tremendously in the last few years and simple concepts have even been presented on mainstream TV. However, more sophisticated techniques are less well-known and may be overlooked by forensic analysts and even Steganalysis software. This presentation will showcase several more advanced (and some unpublished) steganographic techniques, some with a very high data hiding capacities. One technique successfully hides 15% to 20% of data in a jpeg and YOU can't tell! That means your 8 MB jpeg image may contain 1.6 MB of covert data! An audio CD contains about 700 MB of data – even a modest 1% capacity allows for 7 MB of data. The presentation embeds working demonstrations of several steganographic software programs so YOU can decide the effectiveness for yourself. Can you see or hear it? Will it be flagged by Steganalysis programs? We shall see … or not!
-
21:48
»
SecDocs
Tags:
steganography Event:
Black Hat Abu Dhabi 2011 Abstract: Steganography has advanced tremendously in the last few years and simple concepts have even been presented on mainstream TV. However, more sophisticated techniques are less well-known and may be overlooked by forensic analysts and even Steganalysis software. This presentation will showcase several more advanced (and some unpublished) steganographic techniques, some with a very high data hiding capacities. One technique successfully hides 15% to 20% of data in a jpeg and YOU can't tell! That means your 8 MB jpeg image may contain 1.6 MB of covert data! An audio CD contains about 700 MB of data – even a modest 1% capacity allows for 7 MB of data. The presentation embeds working demonstrations of several steganographic software programs so YOU can decide the effectiveness for yourself. Can you see or hear it? Will it be flagged by Steganalysis programs? We shall see … or not!
-
-
17:46
»
Packet Storm Security Recent Files
These are the slides from the Hacking Hollywood presentation given at Ruxcon 2011. It documents vulnerabilities that the researcher discovered in various pieces of software in use by large Hollywood studios. Be sure to check out the related files for this presentation as there are multiple proof of concept exploits and advisories.
-
17:46
»
Packet Storm Security Misc. Files
These are the slides from the Hacking Hollywood presentation given at Ruxcon 2011. It documents vulnerabilities that the researcher discovered in various pieces of software in use by large Hollywood studios. Be sure to check out the related files for this presentation as there are multiple proof of concept exploits and advisories.
-
-
10:04
»
SecDocs
Authors:
Cesar Cerrudo Tags:
Windows exploiting Event:
Black Hat USA 2010 Abstract: On April 14, 2009 Microsoft released a patch (documented here) to fix the issues detailed in my previous Token Kidnapping presentation (download PDF). The patch properly fixed the issues but... This new presentation will detail new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7. These new attacks allow to bypass new Windows services protections such as Per service SID, Write restricted token, etc. It will be demonstrated that almost any process with impersonation rights can elevate privileges to Local System account and completely compromise Windows OSs. While the issues are not critical in nature since impersonation rights are required, they allow to exploit services such as IIS 6, IIS 7, SQL Server, etc. in some specific scenarios. Exploits code for those services will be released. The presentation will be given in a very practical way showing how the new issues were found, with what tools, techniques, etc. allowing the participants to learn how to easily find these kind security issues in Windows operating systems.
-
10:04
»
SecDocs
Authors:
Cesar Cerrudo Tags:
Windows exploiting Event:
Black Hat USA 2010 Abstract: On April 14, 2009 Microsoft released a patch (documented here) to fix the issues detailed in my previous Token Kidnapping presentation (download PDF). The patch properly fixed the issues but... This new presentation will detail new design mistakes and security issues that can be exploited to elevate privileges on all Windows versions including the brand new Windows 2008 R2 and Windows 7. These new attacks allow to bypass new Windows services protections such as Per service SID, Write restricted token, etc. It will be demonstrated that almost any process with impersonation rights can elevate privileges to Local System account and completely compromise Windows OSs. While the issues are not critical in nature since impersonation rights are required, they allow to exploit services such as IIS 6, IIS 7, SQL Server, etc. in some specific scenarios. Exploits code for those services will be released. The presentation will be given in a very practical way showing how the new issues were found, with what tools, techniques, etc. allowing the participants to learn how to easily find these kind security issues in Windows operating systems.
-
-
0:46
»
SecDocs
Authors:
Stephen A. Ridley Tags:
exploiting Event:
Black Hat Abu Dhabi 2010 Abstract: As many have predicted, 2010 will be the “Year of the Sandbox”. We will probably see many Commercial Off-The- Shelf (COTS) products using these sand-boxing technologies in the very near future starting this year. This presentation will discuss and demonstrate practical techniques for the evasion and escape of “Sand-boxing” technologies. Many techniques have been discussed but only vaguely at popular security conferences. Very little *actual* code and demonstrations have been performed. This presentation will consist mostly of demonstrations and review of actual code. I believe that most technical security talks these days don’t need to be longer than 20 minutes, so I only want to use my time to talk about real things and demonstrate real tools. I will demonstrate tools and techniques using Chromium and custom written “sandbox” examples. Some such subversion techniques discussed will be: * Injecting Interpreters into Sandboxes to test from the inside out * Using Kernel Mode debuggers to assist you (token exchange, IO, handle creation, IPC) windbg scripts incl. * Token Sniping/Stealing (whatever you call it) * Token inspection tools (includes a .h’d and dll’d version of Matt Conover’s dumptoken.c modified to include more Native API helpers) * Handle Sniping/Stealing (whatever you call it) * User32 Messaging tricks (no, not just SetWindowsHook ;-) None of these above techniques in this talk will be without example code or demonstrations! In addition to the above, this presentation will try to “fill in the gaps” where there seems to be a lot of vagaries around tokens and DACLs. Additionally I will talk about some of the practical considerations that makes deploying a sandbox with COTS products impractical on WindowsXP. There will be some other “goodies” that were also discovered in the course of this research such as: how to detect kernel mode debuggers from userspace, how userspace debugging works under the hood, (yet) undisclosed Chrome bugs, etc. I will also talk a bit about some areas of interest I wish to focus on in the future regarding these topics.
-
-
13:18
»
Carnal0wnage
As an update, wXf is almost ready to move forward with it's first release. Hopefully the software is what folks expected as we are still learning from and adapting to the beta group's feedback.
In the meantime, if you couldn't attend AppSec DC 2010, here is the video of the presentation Chris Gates, Seth Law and I put together. Unfortunately Seth Law could not make it due to a prior engagement but nevertheless contributed to the content.
Make sure to check out all of the great presentations that AppSec DC had under the asdc10 group on vimeo. Doug Wilson and Mark Bristow did a fantastic job organizing this conference and my hat goes off to them.
wxf: Web Exploitation Framework with Ken Johnson, Fishnet Security and Chris Gates, No Affiliation. from
OWASP DC on
Vimeo.
-
-
6:30
»
Hack a Day
[Mr. Kim] and [John Sarik] made a presentation(pdf) at last weekend’s Botacon conference on how they made organic field-effect transistors (OFETs). A wooden RepRap, the fancifully named Unicorn from Makerbot (or printed from Thingiverse), hacked felt pen, a handful of chemicals, and a couple of pieces of lab equipment were needed to print (plot) out [...]
-
-
3:45
»
SecDocs
Tags:
WiFi Event:
PhreakNIC 11 Abstract: Presentation of awards for the Wifi Race and the Scavenger Hunt at PhreakNIC 0x0b.
-
-
23:49
»
SecDocs
Tags:
RFID Event:
PhreakNIC 11 Abstract: Last year's presentation was high level functionality and basic knowledge of what RFID is. The year they will present the low level technical specs on different communication types, the physics behind RFID reading and transmitting, and the actual circuitry of an RFID tag and what it takes to make them operate more consistently. The presentation will also cover actual tag data and coding schemes with standardization including EPC Gen 2 and other ISO standards such as PayPass RFID enabled credit cards. There will be reader/writer demonstrations as well as other proof of concept demonstrations.
-
-
2:00
»
SecDocs
Authors:
Andrzej Dereszowski Tags:
malware exploiting browser malware analysis Event:
Black Hat EU 2010 Abstract: This presentation is an analysis of a common sort of targeted attacks performed nowadays against many organizations. As it turns out, publicly available remote access tools - RAT (which we usually call trojans) are frequently used to maintain control over the victim after a successful penetration. The presentation and the white paper do not focus on a particular exploitation techniques used in these attacks. Instead, they aim to get a closer look at one of the most popular remote access trojans. The presentation describes a way to figure out which particular trojan has been used. It shows the architecture, capabilities and techniques employed by developers of the identified trojan, including mechanisms to hide its presence in the system, and to cover its network trace. It speaks about tools and techniques used to perform this analysis. Finally, it presents a vulnerability analysis and a proof of concept exploit to show that the intruders could also be an object of an attack.
-
-
4:52
»
SecDocs
Authors:
Erez Metula Tags:
rootkit Event:
Source Conference Boston 2010 Abstract: This presentation introduces an underestimated threat of application level rootkit attacks on managed code environments, enabling an attacker to change the language runtime implementation, and to hide malicious code inside its core. We'll be covering generic methods of malware development (rootkits,backdoors,logic manipulation, etc.) for application VM such as Java, .NET, Dalvik, and other managed code platforms by changing their internal behavior. The presentation will include attack scenarios and demos of information logging, reverse shells, backdoors, encryption keys fixation, and other nasty things. This presentation will introduce the new version of "ReFrameworker" (previously known as .NET-Sploit) - a generic language modification tool, that can be used to implement the application level rootkit concept. More information on Managed Code Rootkits (MCR) can be found here: http://www.AppSec.co.il
-
-
21:03
»
SecDocs
Authors:
Dan Crowley Tags:
Windows exploiting Event:
Source Conference Boston 2010 Abstract: In Windows systems, path and filename normalization routines have some interesting quirks. One file can be referred to with many different filepaths; some are well known, and some are not. The lesser known ways to refer to files are not often considered when designing security mechanisms. By referring to files in these strange ways one can, in many circumstances, cause unexpected behaviour in systems which do not account for alternate prefixes, aliases and mangled versions of filenames. In this presentation, I will show some of these quirks with a live demonstration on real products and how techniques based on these quirks can be used to bypass filters and access control mechanisms, evade IDS detection, alter the way that files are handled and processed, and make brute force attacks to enumerate files easier. This presentation will also feature the release of the a new tool.
-
-
9:31
»
SecDocs
Authors:
David Byrne Rohini Sulatycki Tags:
web application ASP.NET Event:
Black Hat DC 2010 Abstract: This presentation will highlight 0-days in Apache MyFaces and Sun Mojarra that allow an attacker to access all server-side session data, as well as some globally-scoped application variables. This presentation will provide a live demonstration of the flaws. The tool used to exploit the vulnerability will also be released. A similar vulnerability is present in Microsoft's ASP.Net view state. This may not technically be an 0-day, but it is a poorly known flaw that has been present since the beginning days of .Net. A live demonstration of this will also be performed.
-
-
22:00
»
Packet Storm Security Misc. Files
This is the Next Generation Web Scanning Presentation. It includes a methodology to scan the webspace of an entire nation using some new tools and techniques. WhatWeb, bing-ip2hosts, gggooglescan and basedomainname are open source security tools developed by MorningStar Security that were published during the first presentation of this at the KIWICON III conference in December, 2009.
-
-
17:00
»
Packet Storm Security Misc. Files
This is a presentation called the Introduction to Phishing 3.0 through Cross Application Scripting. Written in Italian.
-
-
21:13
»
SecDocs
Tags:
engineering Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: The future of manufacturing will purring next to your computer and plasticizing digital designs into 3D objects. We're at the dawn of the diamond age with portable 3D printers, decentralized manufacturing, digital design and the rise of personal fabrication. Now is the time to join Industrial Revolution 2 and make that dream a reality. Accompanying this presentation will be a digital design workshop to show designers how to go from digital designs to physical objects. Cupcakes, lasers, digital designs, open source, 3D objects, and MakerBots will join forces in this presentation to illustrate Industrial Revolution 2. A mix of stories from the past year of developing an affordable, open source 3D printer and footnotes from cultural rise of personal fabricating machines among tinkers, designers and people who live in the future. If you've have ideas for things that don't exist yet, this presentation will layout the blueprint for making those ideas make the transition to from the world of imagination to the world of tangible physical objects. Accompanying this presentation will be a digital design workshop to enable participants to go from digital designs to physical objects.
-
21:13
»
SecDocs
Tags:
engineering Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: The future of manufacturing will purring next to your computer and plasticizing digital designs into 3D objects. We're at the dawn of the diamond age with portable 3D printers, decentralized manufacturing, digital design and the rise of personal fabrication. Now is the time to join Industrial Revolution 2 and make that dream a reality. Accompanying this presentation will be a digital design workshop to show designers how to go from digital designs to physical objects. Cupcakes, lasers, digital designs, open source, 3D objects, and MakerBots will join forces in this presentation to illustrate Industrial Revolution 2. A mix of stories from the past year of developing an affordable, open source 3D printer and footnotes from cultural rise of personal fabricating machines among tinkers, designers and people who live in the future. If you've have ideas for things that don't exist yet, this presentation will layout the blueprint for making those ideas make the transition to from the world of imagination to the world of tangible physical objects. Accompanying this presentation will be a digital design workshop to enable participants to go from digital designs to physical objects.
-
-
21:04
»
SecDocs
Tags:
engineering science Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: We want to use the opportunity the 26C3 presents as a venue to introduce our team. The Part-Time-Scientists are the first German team participating in the Google Lunar X PRIZE. Our presentation would kick off with a quick explanation of what the X PRIZE is, the challenges and gains. The main part of the presentation will then focus on our progress. That includes a showcase of some hard- and software we're using. Additionally pictures and videos specifically created for the 26C3. And a brief overview of the GoogleLunarXPrize and it's overall progress. The main part of the presentation will then focus on our progress. That includes a showcase of some hard- and software we're using. Additionally pictures and videos specifically created for the 26C3. Some examples of interesting hardware appliance: Xilinx FPGA * Self designed Boardcomputer (Linux based) * Special HD CCMOS sensors * HiRel certified components * CAD/CAM designs The presentation will be held by 1-3 members of our team. So that we have someone from every area of expertise available for possible questions from the audience. The following Q&A part should prove to be very interesting.
-
21:04
»
SecDocs
Tags:
engineering science Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: We want to use the opportunity the 26C3 presents as a venue to introduce our team. The Part-Time-Scientists are the first German team participating in the Google Lunar X PRIZE. Our presentation would kick off with a quick explanation of what the X PRIZE is, the challenges and gains. The main part of the presentation will then focus on our progress. That includes a showcase of some hard- and software we're using. Additionally pictures and videos specifically created for the 26C3. And a brief overview of the GoogleLunarXPrize and it's overall progress. The main part of the presentation will then focus on our progress. That includes a showcase of some hard- and software we're using. Additionally pictures and videos specifically created for the 26C3. Some examples of interesting hardware appliance: Xilinx FPGA * Self designed Boardcomputer (Linux based) * Special HD CCMOS sensors * HiRel certified components * CAD/CAM designs The presentation will be held by 1-3 members of our team. So that we have someone from every area of expertise available for possible questions from the audience. The following Q&A part should prove to be very interesting.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Darknet
The Exploitant
Wirevolution