«
Expand/Collapse
77 items tagged "talk"
Related tags:
lightning talks [+],
lightning [+],
hardware projects [+],
google [+],
congress [+],
authors [+],
usa [+],
cisco [+],
uri [+],
tom cross [+],
security perspective [+],
security [+],
intercept technology [+],
intercept [+],
hacks [+],
gtalk [+],
core architecture [+],
black hat [+],
zack denfeld [+],
yuval adam tags [+],
whiteit [+],
vulnerability [+],
video [+],
transport protocol [+],
state of lower saxony [+],
smartcard [+],
slides [+],
security vulnerabilites [+],
rtp [+],
project [+],
pbx [+],
open source intelligence [+],
name [+],
mr schnemann [+],
molecular gastronomy [+],
lower [+],
israel [+],
international standardization [+],
identity [+],
identification [+],
handler [+],
gastronomy [+],
food [+],
felix grbert [+],
false assumptions [+],
disclosure procedures [+],
database [+],
cryptographic primitives [+],
control flow graphs [+],
configuration [+],
citizen name [+],
christopher tarnovsky [+],
christoph engemann [+],
christian bahls [+],
chip [+],
census database [+],
census [+],
anonymity on the internet [+],
agricultural biodiversity [+],
Software [+],
Hardware [+],
chaos communication congress [+],
year [+],
web [+],
visualization [+],
twitter [+],
tony hawk [+],
surface [+],
strom carlson [+],
strom [+],
special ops [+],
skilled developers [+],
sidenote [+],
robots [+],
rfid [+],
professional labs [+],
nicholas j. percoco [+],
nbsp [+],
miami [+],
marc juul [+],
malware [+],
irda [+],
freak show [+],
exploits [+],
experimental verification [+],
evil server [+],
electromagnetic radiation [+],
diybio [+],
demo effects [+],
demo [+],
data visualization tools [+],
data visualization tool [+],
citizen scientists [+],
chris sumner [+],
chaos communication camp [+],
call [+],
c64 demo [+],
bsides [+],
biology [+],
atlanta [+],
assembly [+],
adult toy store [+],
access [+],
Pentesting [+],
vulnerability scanners [+],
vijay kumar [+],
video demonstrations [+],
ubertooth [+],
tunnels [+],
tricopter [+],
tomcat [+],
test tool [+],
ted [+],
tech [+],
tags [+],
switzerland [+],
storyboard quick [+],
state [+],
stack buffer [+],
speaking engagements [+],
siddharth tags [+],
security vulnerability [+],
security environments [+],
scott [+],
schmoocon [+],
ruxcon [+],
rsa [+],
robert jason [+],
rob fuller [+],
rich internet [+],
ria [+],
research [+],
relatives [+],
protocol format [+],
protocol features [+],
protocol [+],
protection mechanism [+],
product [+],
phone [+],
part [+],
panel [+],
owasp [+],
oracle sql [+],
oracle 9i [+],
oracle [+],
open source product [+],
o.s [+],
network traffic [+],
net neutrality [+],
net [+],
natural evolution [+],
musical [+],
monopoly [+],
misc [+],
michael ossmann [+],
metasploit framework [+],
metasploit [+],
medium [+],
marc heuse [+],
management [+],
mainstream music [+],
language [+],
knowledge [+],
joe mccray [+],
java event [+],
java [+],
ipv [+],
information disclosure vulnerability [+],
hosting [+],
hollywood [+],
hacking [+],
h.d. moore tags [+],
guitar talk [+],
grasp lab [+],
gaps [+],
gaiaserver [+],
future [+],
frampton [+],
flash [+],
felix [+],
dr. kumar [+],
down [+],
dns [+],
dirty little secrets [+],
dino segovis [+],
dino dai zovi [+],
dino a. dai zovi [+],
d moore [+],
cyberattacks [+],
cyber army [+],
cyber [+],
covert channel [+],
coverage data [+],
cons [+],
code execution [+],
code coverage [+],
code [+],
class [+],
cisco shoots [+],
chinese [+],
charlie miller [+],
carnal0wnage [+],
cardboard [+],
buffer overflow [+],
brent baldwin robert jason tags [+],
box [+],
bass [+],
baldwin [+],
assume [+],
artificial intelligence [+],
applications flash [+],
apple security [+],
apple [+]
-
-
![Permalink for '[Video] Hacking DNA'](/themes/lilina/web//media/mark_off.gif)
21:34
»
SecDocs
Authors:
Marc Juul Tags:
science Event:
Chaos Communication Camp 2011 Abstract: Genetic modification is getting cheaper and biohackers are making it more accessible. This talk outlines the state of DIYbio and institutional synthetic biology; current challenges in biological programming and why you should be hacking biology. The technology to program biological self-replicating machines is here now. Synthetic biologists are reverse-engineering living cells and building bio-compilers that will facilitate abstract design of complex genetic programs. This talk will show how such a genetic program can be written using freely available parts and design tools. How the DNA can be synthesized, assembled, inserted into a cell culture and the result debugged. The tools to accomplish this exist in two spaces: The wetlab (biological) and the drylab (software). Wetlab access continues to be a limiting factor in participation by the wider community of citizen scientists, hackers and makers. Access restrictions both technological and legal are not foreign to hackers, and biohackers are currently facing obstacles such as GMO laws, expensive lab equipment and restricted access to materials, yet DIYbio groups around the world are building labs, acquiring expertise and making this technology available to everyone. This talk gives an overview of the gap in capabilities between professional labs and DIYbio labs, how it can be overcome, and the unique challenges of biosafety, ethics and intellectual property in biology.
-
21:34
»
SecDocs
Authors:
Marc Juul Tags:
science Event:
Chaos Communication Camp 2011 Abstract: Genetic modification is getting cheaper and biohackers are making it more accessible. This talk outlines the state of DIYbio and institutional synthetic biology; current challenges in biological programming and why you should be hacking biology. The technology to program biological self-replicating machines is here now. Synthetic biologists are reverse-engineering living cells and building bio-compilers that will facilitate abstract design of complex genetic programs. This talk will show how such a genetic program can be written using freely available parts and design tools. How the DNA can be synthesized, assembled, inserted into a cell culture and the result debugged. The tools to accomplish this exist in two spaces: The wetlab (biological) and the drylab (software). Wetlab access continues to be a limiting factor in participation by the wider community of citizen scientists, hackers and makers. Access restrictions both technological and legal are not foreign to hackers, and biohackers are currently facing obstacles such as GMO laws, expensive lab equipment and restricted access to materials, yet DIYbio groups around the world are building labs, acquiring expertise and making this technology available to everyone. This talk gives an overview of the gap in capabilities between professional labs and DIYbio labs, how it can be overcome, and the unique challenges of biosafety, ethics and intellectual property in biology.
-
-
21:51
»
SecDocs
Tags:
VoIP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: A lot of people are interested and involved in voice over IP security. Most of the effort is concentrated on the security of the signalling protocols. This talk is focussing on the security of the voice part involved in todays voice over IP world. It is the result of the questions that I had to ask myself while i was debugging audio quality problems of customers and implementing a RTP stack from scratch. The talk gives an introduction on the shortcomings of the Realtime Transport Protocol (RTP), how systems attempt to work around them and how they introduce security vulnerabilites. A few short demonstrations will give an idea on how they can be exploited in the real world (denial of service, man in the middle attacks, call redirection). The last part of the talk will discuss some solutions to fix those vulnerabilities.
-
14:41
»
SecDocs
Tags:
VoIP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: A lot of people are interested and involved in voice over IP security. Most of the effort is concentrated on the security of the signalling protocols. This talk is focussing on the security of the voice part involved in todays voice over IP world. It is the result of the questions that I had to ask myself while i was debugging audio quality problems of customers and implementing a RTP stack from scratch. The talk gives an introduction on the shortcomings of the Realtime Transport Protocol (RTP), how systems attempt to work around them and how they introduce security vulnerabilites. A few short demonstrations will give an idea on how they can be exploited in the real world (denial of service, man in the middle attacks, call redirection). The last part of the talk will discuss some solutions to fix those vulnerabilities.
-
14:24
»
SecDocs
Tags:
VoIP Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: A lot of people are interested and involved in voice over IP security. Most of the effort is concentrated on the security of the signalling protocols. This talk is focussing on the security of the voice part involved in todays voice over IP world. It is the result of the questions that I had to ask myself while i was debugging audio quality problems of customers and implementing a RTP stack from scratch. The talk gives an introduction on the shortcomings of the Realtime Transport Protocol (RTP), how systems attempt to work around them and how they introduce security vulnerabilites. A few short demonstrations will give an idea on how they can be exploited in the real world (denial of service, man in the middle attacks, call redirection). The last part of the talk will discuss some solutions to fix those vulnerabilities.
-
-
21:50
»
SecDocs
Authors:
Lepht Anonym Tags:
science robotics Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Lightning talk on biohacking, complete with cyborg speaker, implant demonstrations, and knowledge of how to hack your own perception of electromagnetic radiation for approximately thirty Euros. A talk on what's become my specialty - biohacking, or meathacking, whatever you wanna call it. I've got a full set of home-brewed implants, a subdermal RFID, a sort of cult on the Internet plus things like proven designs for cheap EM sensory nodes, experimental verification of that shit I'm claiming, etc. I have videos of procedures, photos of what I've been doing and the like, and will happily make gory slides for all to see. Can do demos of the EM nodes and RFID chip as well. I want to talk about the grinder movement - underground biohacking - it's my life. Thus, my article in H+ Magazine: "A call to arms for biohackers".
-
21:50
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;) Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk! Whatever you do - please practise it, and don't be boring. Or else. You have been warned!
-
21:50
»
SecDocs
Authors:
Lepht Anonym Tags:
science robotics Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: Lightning talk on biohacking, complete with cyborg speaker, implant demonstrations, and knowledge of how to hack your own perception of electromagnetic radiation for approximately thirty Euros. A talk on what's become my specialty - biohacking, or meathacking, whatever you wanna call it. I've got a full set of home-brewed implants, a subdermal RFID, a sort of cult on the Internet plus things like proven designs for cheap EM sensory nodes, experimental verification of that shit I'm claiming, etc. I have videos of procedures, photos of what I've been doing and the like, and will happily make gory slides for all to see. Can do demos of the EM nodes and RFID chip as well. I want to talk about the grinder movement - underground biohacking - it's my life. Thus, my article in H+ Magazine: "A call to arms for biohackers".
-
-
21:35
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;) Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
-
21:35
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;) Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk!
-
-
5:30
»
Carnal0wnage
Several (tm) months back I did my talk on "From LOW to PWNED" at
hashdays and
BSides Atlanta.
The slides were published
here and the video from hashdays is
here, no video for BSides ATL.
I consistently violate
presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
Post [3] JBoss/Tomcat server-status
There have been some posts/exploits/modules on hitting up unprotected jboss and tomcat servers.
http://www.nruns.com/_downloads/Whitepaper-Hacking-jBoss-using-a-Browser.pdfhttp://carnal0wnage.attackresearch.com/2009/11/hacking-unprotected-jboss-jmx-console.htmlhttp://www.notsosecure.com/folder2/2009/10/27/hacking-jboss-with-jmx-console/http://goohackle.com/jboss-security-vulnerability-jmx-management-console/http://www.metasploit.com/modules/exploit/multi/http/jboss_maindeployerhttp://www.metasploit.com/modules/exploit/multi/http/tomcat_mgr_deploySometimes even though the deployer functionality is password protected the sever-status may not be.
/web-console/status?full=true
/manager/status/all
LOW?
This can be useful to find:
- Lists of applications
- Recent URL's accessed
- sometimes with sessionids
- Find hidden services/apps
- Enabled servlets
- owned stuff :-)
Finding 0wned stuff is always fun let's see
Looking at the list of applications list one that doesnt look normal (zecmd)
Following that down leads us to zecmd.jsp that is a jsp shell
If you are interested in zecmd.jsp and jboss worm it comes from -->
this is a good write up as well as this OWASP preso
https://www.owasp.org/images/a/a9/OWASP3011_Luca.pdfthoughts?
-CG
-
-
13:21
»
Carnal0wnage
Several (tm) months back I did my talk on "From LOW to PWNED" at
hashdays and
BSides Atlanta.
The slides were published
here and the video from hashdays is
here, no video for BSides ATL.
I consistently violate
presentation zen and I try to make my slides usable after the talk but I decided to do a few blog posts covering the topics I put in the talk anyway.
Post [0] Intro/The point of the talk (sorry no pics of msf or courier new font in this one):
I had several points (I think...maybe all the same point...whatever)
1. We tend to have an over reliance on vulnerability scanners to tell us everything that is vulnerable. To be honest I have been guilty of this myself. Most of us probably have a for a variety of reasons, time, experience, level of effort required/paid for, etc. This over reliance on scanners has lead to a "no highs" == "secure environment". Most of us know this is not *always* the case and the point of the talk was to show some examples were medium and low vulnerabilities have led to a further exploitation or impact that I would consider "high" or above. Whether you call them chained exploits, magic, or the natural evolution of taking multiple smaller vulnerabilities and turning them into a significant exploit or opportunity its becoming more normal/common to have to go this route.
2. Given the "no highs" == "secure environment" mentality some clients have been conditioned that anything that is not a high is not exploitable and therefore not a priority for fixing (sometimes ever). This of course is not the outcome most people would recommend. Nevertheless some people take that approach.
3. How many IDS/IPS signatures exist for low and medium vulns and how often do we ignore/disable those? Feedback welcome here.
4. Clients should pay attention to low/medium vulns as much as they do high+ vulns and in turn pentesters/VA people/security teams should also pay attention to low/medium vulns. Does that mean ever SSLv2 enabled should be full out emergency? Hell no, but *someone* needs to be able to vet that those low/medium findings cant be turned into something more.
5. Keep in a human in the mix. Tools/scanner are great for automating tasks but I don't think we are there yet with the technology of taking multiple less severe vulnerabilities and turning them into something significant. Bottom line, the scanner wont find all your ownable stuff, you need a person(s) to do this.
Thoughts?
-CG
-
-
21:27
»
SecDocs
Authors:
Marc Heuse Tags:
IPv6 Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: New protocol features have been proposed and implemented in the last 5 years and ISPs are now slowly starting to deploy IPv6. This talk starts with a brief summary of the issues presented five years ago, and then expands on the new risks. Discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Comes with a GPL'ed toolkit: thc-ipv6 Five years have past since my initial talk on IPv6 insecurities at the CCC Congress. New protocol features have been proposed and implemented since then and ISPs are now slowly starting to deploy IPv6. Few changes have led to a better security of the protocol, several increase the risk instead. This talk starts with a brief summary of the issues presented 5 years ago, and then expands on the new risks especially in multicast scenarios. As an add-on, discovered implemention security issues in Windows 7/2008, Linux and Cisco will be shown too. Lets hope patches are out until the conference, if not - they had enough time. All accompanied with GPL'ed tools to and a library: the new thc-ipv6 package. rewritten, expanded, enhanced.
-
-
21:41
»
SecDocs
Authors:
Ilja van Sprundel Tags:
phone Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: There's been a fair bit written and presented about smartphone's, and yet, when it comes to the attack surface of the operating systems running on them, and the applications running on top of those, much still has to be explorer. This talk will dive a bit deeper into that attack surface. This talk will take a look at the smart phone attack surface, only from and end-to-end point of view. the baseband type stuff and things owned by the telco's will not be covered. Basically, it'll cover 5 major areas: identifying operating systems (through for example the user-agent with mms) identifying entrypoints identifying trust boundaries identifying bugs exploiting bugs There has been a fair amount of cellphone and smartphone reseach done in the past, and yet, when it comes to attack surface, we've barely scratched the surface. SMS alone allows for a dozen or so different types of messages, there's mms, all sorts of media codecs are build into smart phones. The entrypoints can be roughly categorized as: primary entypoints: - zero-click remote attacks over default communication network (sms, mms, ...) secondary entrypoints: - zero-click remote attacks over non-default communication network (email, ...) tertiary entrypoints: - proximity attacks (wifi, bluetooth, irda, mitm wifi connection, ...) - not-zero click remote attacks (e.g. start application XYZ and connect to my evil server) The main focus in this talk will be on the primary entrypoints, however some of the secondary and tertiary entrypoints will be talked about aswell, in particular irda, since unlike bluetooth and wifi, very little security research has ever been done with irda, which on itself is weird, since after less than a day of poking around it became quite clear most irda stacks are pretty weak (as a hilarious irda sidenote which got me started to look at idra, one should read the following microsoft bulletin http://www.microsoft.com/technet/security/bulletin/ms01-046.mspx). once's the interesting entrypoints for various smartphones are explored the talk will dive into some of the trust boundaries on different smartphones, things their sandboxes allow, things they don't, wether or not it's documented and wether or not the documentation is actually accurate. in the spirit of keeping the best for last, some of the bugs discovered during the smartphone research will be discussed, both the details of them, as well as the pains the speaker had to go through to make exploits for them.
-
21:41
»
SecDocs
Authors:
Ilja van Sprundel Tags:
phone Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: There's been a fair bit written and presented about smartphone's, and yet, when it comes to the attack surface of the operating systems running on them, and the applications running on top of those, much still has to be explorer. This talk will dive a bit deeper into that attack surface. This talk will take a look at the smart phone attack surface, only from and end-to-end point of view. the baseband type stuff and things owned by the telco's will not be covered. Basically, it'll cover 5 major areas: identifying operating systems (through for example the user-agent with mms) identifying entrypoints identifying trust boundaries identifying bugs exploiting bugs There has been a fair amount of cellphone and smartphone reseach done in the past, and yet, when it comes to attack surface, we've barely scratched the surface. SMS alone allows for a dozen or so different types of messages, there's mms, all sorts of media codecs are build into smart phones. The entrypoints can be roughly categorized as: primary entypoints: - zero-click remote attacks over default communication network (sms, mms, ...) secondary entrypoints: - zero-click remote attacks over non-default communication network (email, ...) tertiary entrypoints: - proximity attacks (wifi, bluetooth, irda, mitm wifi connection, ...) - not-zero click remote attacks (e.g. start application XYZ and connect to my evil server) The main focus in this talk will be on the primary entrypoints, however some of the secondary and tertiary entrypoints will be talked about aswell, in particular irda, since unlike bluetooth and wifi, very little security research has ever been done with irda, which on itself is weird, since after less than a day of poking around it became quite clear most irda stacks are pretty weak (as a hilarious irda sidenote which got me started to look at idra, one should read the following microsoft bulletin http://www.microsoft.com/technet/security/bulletin/ms01-046.mspx). once's the interesting entrypoints for various smartphones are explored the talk will dive into some of the trust boundaries on different smartphones, things their sandboxes allow, things they don't, wether or not it's documented and wether or not the documentation is actually accurate. in the spirit of keeping the best for last, some of the bugs discovered during the smartphone research will be discussed, both the details of them, as well as the pains the speaker had to go through to make exploits for them.
-
-
21:33
»
SecDocs
Authors:
Felix Gröbert Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: In this talk I demonstrate our research and the implementation of methods to detect cryptographic algorithms and their parameters in software. Based on our observations on cryptographic code, I will point out several inherent characteristics to design signature-based and generic identification methods. Using dynamic binary instrumentation, we record instructions of a program during runtime and create a fine-grained trace. We implement a trace analysis tool, which also provides methods to reconstruct high-level information from a trace, for example control flow graphs or loops, to detect cryptographic algorithms and their parameters. With the results of this work, encrypted data, sent by a malicious program for example, may be decrypted and used by an analyst to gain further insight on the behavior of the analyzed binary executable. Applications include de-DRM'ing, security auditing, and malware C&C analysis. After the talk we will demonstrate the functionality with a ransomware which uses cryptographic primitives and release the implementation to the public.
-
21:33
»
SecDocs
Authors:
Felix Gröbert Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: In this talk I demonstrate our research and the implementation of methods to detect cryptographic algorithms and their parameters in software. Based on our observations on cryptographic code, I will point out several inherent characteristics to design signature-based and generic identification methods. Using dynamic binary instrumentation, we record instructions of a program during runtime and create a fine-grained trace. We implement a trace analysis tool, which also provides methods to reconstruct high-level information from a trace, for example control flow graphs or loops, to detect cryptographic algorithms and their parameters. With the results of this work, encrypted data, sent by a malicious program for example, may be decrypted and used by an analyst to gain further insight on the behavior of the analyzed binary executable. Applications include de-DRM'ing, security auditing, and malware C&C analysis. After the talk we will demonstrate the functionality with a ransomware which uses cryptographic primitives and release the implementation to the public.
-
21:33
»
SecDocs
Authors:
Felix Gröbert Tags:
cryptography Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: In this talk I demonstrate our research and the implementation of methods to detect cryptographic algorithms and their parameters in software. Based on our observations on cryptographic code, I will point out several inherent characteristics to design signature-based and generic identification methods. Using dynamic binary instrumentation, we record instructions of a program during runtime and create a fine-grained trace. We implement a trace analysis tool, which also provides methods to reconstruct high-level information from a trace, for example control flow graphs or loops, to detect cryptographic algorithms and their parameters. With the results of this work, encrypted data, sent by a malicious program for example, may be decrypted and used by an analyst to gain further insight on the behavior of the analyzed binary executable. Applications include de-DRM'ing, security auditing, and malware C&C analysis. After the talk we will demonstrate the functionality with a ransomware which uses cryptographic primitives and release the implementation to the public.
-
-
21:29
»
SecDocs
Tags:
retrocomputing Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: C64 "demos" were the root of the whole demo-scene-thing and they are still the main force keeping the C64 alive today. Audiovisual pleasure, still pushing hardware limits, still exploring different ways of expression. But what is typically happening inside the machine when you watch a demo? What effort is needed to entertain the audience? This talk will give you an inside look at the steps taken for the award winning demo "Error 23" given first hand by one of its main programmers. This talk extends previous talks and documentation about the Commodore 64 and its demo effects by adding real-life challenges and experiences to it. What were the basic ideas? What obstacles were on the way? How did they get solved? 6502 assembly knowledge is really not required, some general understanding about assembly and low-level computing will be useful, though (think of stack, timer, cycles...). This isn't about theory, this is for real ;)
-
21:29
»
SecDocs
Tags:
retrocomputing Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: C64 "demos" were the root of the whole demo-scene-thing and they are still the main force keeping the C64 alive today. Audiovisual pleasure, still pushing hardware limits, still exploring different ways of expression. But what is typically happening inside the machine when you watch a demo? What effort is needed to entertain the audience? This talk will give you an inside look at the steps taken for the award winning demo "Error 23" given first hand by one of its main programmers. This talk extends previous talks and documentation about the Commodore 64 and its demo effects by adding real-life challenges and experiences to it. What were the basic ideas? What obstacles were on the way? How did they get solved? 6502 assembly knowledge is really not required, some general understanding about assembly and low-level computing will be useful, though (think of stack, timer, cycles...). This isn't about theory, this is for real ;)
-
-
21:46
»
SecDocs
Tags:
PBX VoIP Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk is cautionary tale about developers forgetting to remove debug interfaces from finished products and the need of repetitive system reviews. A midrange PBX systems (non web) configuration interface is used as an example of what flaws you can actually find in commercial systems. The Idea behind this talk is to give you an idea what can happen when developers do not audit their code on regular basis. It is not meant to make anybody laugh at another ones stupidity but as a reminder what could happen to YOU if you're a developer. As an example of what could possibly go wrong, a problem in the way the configuration interface is authenticating its administrators on a PBX is used. It is about dissecting a proprietary TCP/IP based protocol used to configure telephones with system integration through the PBX and unexpectedly finding a flaw which not only allows to modify configuration of phones but also manipulate the PBX. The even bigger oversight was that all communication is possible without using any authentication. It is also a little bit about protocol design and some (false) assumptions still made when when preparing an impending product launch. But for the sake of honesty: No names and no brands will be given, the talk is based upon a true example but because of responsible disclosure procedures not all information will be released to the public.
-
21:46
»
SecDocs
Tags:
PBX VoIP Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk is cautionary tale about developers forgetting to remove debug interfaces from finished products and the need of repetitive system reviews. A midrange PBX systems (non web) configuration interface is used as an example of what flaws you can actually find in commercial systems. The Idea behind this talk is to give you an idea what can happen when developers do not audit their code on regular basis. It is not meant to make anybody laugh at another ones stupidity but as a reminder what could happen to YOU if you're a developer. As an example of what could possibly go wrong, a problem in the way the configuration interface is authenticating its administrators on a PBX is used. It is about dissecting a proprietary TCP/IP based protocol used to configure telephones with system integration through the PBX and unexpectedly finding a flaw which not only allows to modify configuration of phones but also manipulate the PBX. The even bigger oversight was that all communication is possible without using any authentication. It is also a little bit about protocol design and some (false) assumptions still made when when preparing an impending product launch. But for the sake of honesty: No names and no brands will be given, the talk is based upon a true example but because of responsible disclosure procedures not all information will be released to the public.
-
21:46
»
SecDocs
Tags:
PBX VoIP Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk is cautionary tale about developers forgetting to remove debug interfaces from finished products and the need of repetitive system reviews. A midrange PBX systems (non web) configuration interface is used as an example of what flaws you can actually find in commercial systems. The Idea behind this talk is to give you an idea what can happen when developers do not audit their code on regular basis. It is not meant to make anybody laugh at another ones stupidity but as a reminder what could happen to YOU if you're a developer. As an example of what could possibly go wrong, a problem in the way the configuration interface is authenticating its administrators on a PBX is used. It is about dissecting a proprietary TCP/IP based protocol used to configure telephones with system integration through the PBX and unexpectedly finding a flaw which not only allows to modify configuration of phones but also manipulate the PBX. The even bigger oversight was that all communication is possible without using any authentication. It is also a little bit about protocol design and some (false) assumptions still made when when preparing an impending product launch. But for the sake of honesty: No names and no brands will be given, the talk is based upon a true example but because of responsible disclosure procedures not all information will be released to the public.
-
-
10:15
»
Hack a Day
Talk about reducing the costs of a build, this tricopter uses cardboard as a frame and has one less motor than its quadcopter relatives. There are almost no details other than those shared in the video after the break so we’re just going to guess based on what we see (feel free to share your [...]
-
-
22:41
»
SecDocs
Authors:
Yuval Adam Tags:
data mining Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database. The Israeli census database has been freely available on the Internet since 2001. The database has been illegally leaked due to incompetent data security policies in the Ministry of Interior of Israel, which is responsible for the management of the Israeli census. The data available includes all personal data of every Israeli citizen: name, ID number, date and location of birth, address, phone number and marital status, as well as linkage to parents and spouses. In this talk we discuss various statistics, trends and anomalies that such data provides us with insight to. Personal details will obviously be left out of the talk, though it is important to note that any person who wishes to retrieve such details can easily do so. We will end the talk with a discussion about upcoming and relevant privacy issues in light of Israel's soon-to-be biometric database.
-
22:41
»
SecDocs
Authors:
Yuval Adam Tags:
data mining Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database. The Israeli census database has been freely available on the Internet since 2001. The database has been illegally leaked due to incompetent data security policies in the Ministry of Interior of Israel, which is responsible for the management of the Israeli census. The data available includes all personal data of every Israeli citizen: name, ID number, date and location of birth, address, phone number and marital status, as well as linkage to parents and spouses. In this talk we discuss various statistics, trends and anomalies that such data provides us with insight to. Personal details will obviously be left out of the talk, though it is important to note that any person who wishes to retrieve such details can easily do so. We will end the talk with a discussion about upcoming and relevant privacy issues in light of Israel's soon-to-be biometric database.
-
22:41
»
SecDocs
Authors:
Yuval Adam Tags:
data mining Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: The entire Israeli civil registry database has been leaked to the internet several times over the past decade. In this talk, we examine interesting data that can be mined and extracted from such database. Additionally, we will review the implications of such data being publicly available in light of the upcoming biometric database. The Israeli census database has been freely available on the Internet since 2001. The database has been illegally leaked due to incompetent data security policies in the Ministry of Interior of Israel, which is responsible for the management of the Israeli census. The data available includes all personal data of every Israeli citizen: name, ID number, date and location of birth, address, phone number and marital status, as well as linkage to parents and spouses. In this talk we discuss various statistics, trends and anomalies that such data provides us with insight to. Personal details will obviously be left out of the talk, though it is important to note that any person who wishes to retrieve such details can easily do so. We will end the talk with a discussion about upcoming and relevant privacy issues in light of Israel's soon-to-be biometric database.
-
22:41
»
SecDocs
Authors:
Cathrine Kramer Zack Denfeld Tags:
hacking Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Over the last few years hackers have begun to take a larger interest in food, gastronomy and agriculture. For many in the community the ability to create DIY molecular gastronomy hardware and recipes is an obvious entry point. This talk extends some of these early investigations beyond the kitchen and the chemical properties of food by looking at specific cultivars, food technology organizations, and connections between food systems, ecosystems and planetary change. Part 1 of the talk explores some of the more bizarre and interesting biotechnologies and genomes that make up the human food system on planet earth, including Chinese Space Potatoes, Mutagenic Grapefruits and Glowing Sushi. Pat 2 of the talk presents ideas of food system redesign particularly relevant to hackers and food explorers: utopian cuisines, resilient biotechnologies and eaters as agents of selection. In Part 3 we provide access to resources and propose interesting projects for black hat food hackers, DIY BIO foodies, and prospective food security researchers, such as mining the IAEA's database of radiation breeding, eating things that weren't meant to be eaten and defending agricultural biodiversity. By introducing less known stories from the history of food and technology, and providing access to resources we hope to get more hackers curious about exploring, questioning and redesigning our human food systems.
-
22:41
»
SecDocs
Authors:
Cathrine Kramer Zack Denfeld Tags:
hacking Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Over the last few years hackers have begun to take a larger interest in food, gastronomy and agriculture. For many in the community the ability to create DIY molecular gastronomy hardware and recipes is an obvious entry point. This talk extends some of these early investigations beyond the kitchen and the chemical properties of food by looking at specific cultivars, food technology organizations, and connections between food systems, ecosystems and planetary change. Part 1 of the talk explores some of the more bizarre and interesting biotechnologies and genomes that make up the human food system on planet earth, including Chinese Space Potatoes, Mutagenic Grapefruits and Glowing Sushi. Pat 2 of the talk presents ideas of food system redesign particularly relevant to hackers and food explorers: utopian cuisines, resilient biotechnologies and eaters as agents of selection. In Part 3 we provide access to resources and propose interesting projects for black hat food hackers, DIY BIO foodies, and prospective food security researchers, such as mining the IAEA's database of radiation breeding, eating things that weren't meant to be eaten and defending agricultural biodiversity. By introducing less known stories from the history of food and technology, and providing access to resources we hope to get more hackers curious about exploring, questioning and redesigning our human food systems.
-
22:41
»
SecDocs
Authors:
Cathrine Kramer Zack Denfeld Tags:
hacking Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Over the last few years hackers have begun to take a larger interest in food, gastronomy and agriculture. For many in the community the ability to create DIY molecular gastronomy hardware and recipes is an obvious entry point. This talk extends some of these early investigations beyond the kitchen and the chemical properties of food by looking at specific cultivars, food technology organizations, and connections between food systems, ecosystems and planetary change. Part 1 of the talk explores some of the more bizarre and interesting biotechnologies and genomes that make up the human food system on planet earth, including Chinese Space Potatoes, Mutagenic Grapefruits and Glowing Sushi. Pat 2 of the talk presents ideas of food system redesign particularly relevant to hackers and food explorers: utopian cuisines, resilient biotechnologies and eaters as agents of selection. In Part 3 we provide access to resources and propose interesting projects for black hat food hackers, DIY BIO foodies, and prospective food security researchers, such as mining the IAEA's database of radiation breeding, eating things that weren't meant to be eaten and defending agricultural biodiversity. By introducing less known stories from the history of food and technology, and providing access to resources we hope to get more hackers curious about exploring, questioning and redesigning our human food systems.
-
-
15:01
»
Hack a Day
[Vijay Kumar] is a professor at the University of Pennsylvania and the director of the GRASP lab where research centering around autonomous quadcopters is being met with great success. If you were intrigued by the video demonstrations seen over the last few years, you won’t want to miss the TED talk [Dr. Kumar] recently gave [...]
-
-
21:41
»
SecDocs
Authors:
Christoph Engemann Tags:
biometric identity management Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Starting with the history of birth-registration an overview on the historical regimes of naming and identifying people from the 15th to the 20th century is given. the talk will show examples of the different identity media through time and their standardization with the rise of the Westphalian nation state and the subsequent developments after the French Revolution and during the 20th century. The goal of the talk is to show the complexity of the phenomenon of personal names and their media and the need for an informed debate on who and how naming and identification in the digital age is achieved. In July 2011 Google opened the social network named Google+, immediately spawning a fierce debate about its real-name policy barring users from opening accounts with pseudonyms. Just a few days later Facebooks Vice President Randi Zuckerberg echoed Google's sentiment, asserting: “(…) anonymity on the Internet has to go away.” Finally in early August Germanys minister of the interior demanded an end of anonymity on the Internet. My proposed talk is not concerned with the relation of anonymity and pseudonymity and free speech, discrimination and empowerment that dominated the ‘real-name’ “nymwars” on the internet. Instead it seeks to de-familiarize the notion of the ‘real name’ by exposing central aspects of the media-history of names, situating personal names in relation to the development of statehood and capitalism between the 1500 and the 2000s. I thus will outline the history and function of birth-registration as introduced in the wake of the reformation in 1543 and its subsequent secularization during the rise of the Westaphalian nation state. This includes an overview of the international standardization of both identity papers and personal naming regimes during the 19th century in the context of post-1789 development of statehood and colonization. Moving to the 2oth century I will provide examples of the development and standardization of the passport-system after WWI, and conclude my talk with a synopsis of administrative digital identity vision of the early nineties. The goal of the talk is first de-familiarize the notion of the personal-name by showing its complex historical and material background, secondly to contextualize the current developments of digital identity regimes (Neuer Personalausweis, Google+, NSTIC etc) within the larger and longer-term developments of statehood and capitalist societies. Thirdly my talk will show that a name never was ones own but always an intersection of administrative, media-technical and personal interventions and as such is currently becoming a contested phenomenon again, requiring an informed debate about what is in a name. Duration 40 mins, presentation style will be slides and accompanying talk, discussion afterwards.
-
-
21:42
»
SecDocs
Authors:
Christoph Engemann Tags:
biometric identity management Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Starting with the history of birth-registration an overview on the historical regimes of naming and identifying people from the 15th to the 20th century is given. the talk will show examples of the different identity media through time and their standardization with the rise of the Westphalian nation state and the subsequent developments after the French Revolution and during the 20th century. The goal of the talk is to show the complexity of the phenomenon of personal names and their media and the need for an informed debate on who and how naming and identification in the digital age is achieved. In July 2011 Google opened the social network named Google+, immediately spawning a fierce debate about its real-name policy barring users from opening accounts with pseudonyms. Just a few days later Facebooks Vice President Randi Zuckerberg echoed Google's sentiment, asserting: “(…) anonymity on the Internet has to go away.” Finally in early August Germanys minister of the interior demanded an end of anonymity on the Internet. My proposed talk is not concerned with the relation of anonymity and pseudonymity and free speech, discrimination and empowerment that dominated the ‘real-name’ “nymwars” on the internet. Instead it seeks to de-familiarize the notion of the ‘real name’ by exposing central aspects of the media-history of names, situating personal names in relation to the development of statehood and capitalism between the 1500 and the 2000s. I thus will outline the history and function of birth-registration as introduced in the wake of the reformation in 1543 and its subsequent secularization during the rise of the Westaphalian nation state. This includes an overview of the international standardization of both identity papers and personal naming regimes during the 19th century in the context of post-1789 development of statehood and colonization. Moving to the 2oth century I will provide examples of the development and standardization of the passport-system after WWI, and conclude my talk with a synopsis of administrative digital identity vision of the early nineties. The goal of the talk is first de-familiarize the notion of the personal-name by showing its complex historical and material background, secondly to contextualize the current developments of digital identity regimes (Neuer Personalausweis, Google+, NSTIC etc) within the larger and longer-term developments of statehood and capitalist societies. Thirdly my talk will show that a name never was ones own but always an intersection of administrative, media-technical and personal interventions and as such is currently becoming a contested phenomenon again, requiring an informed debate about what is in a name. Duration 40 mins, presentation style will be slides and accompanying talk, discussion afterwards.
-
21:42
»
SecDocs
Authors:
Christoph Engemann Tags:
biometric identity management Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: Starting with the history of birth-registration an overview on the historical regimes of naming and identifying people from the 15th to the 20th century is given. the talk will show examples of the different identity media through time and their standardization with the rise of the Westphalian nation state and the subsequent developments after the French Revolution and during the 20th century. The goal of the talk is to show the complexity of the phenomenon of personal names and their media and the need for an informed debate on who and how naming and identification in the digital age is achieved. In July 2011 Google opened the social network named Google+, immediately spawning a fierce debate about its real-name policy barring users from opening accounts with pseudonyms. Just a few days later Facebooks Vice President Randi Zuckerberg echoed Google's sentiment, asserting: “(…) anonymity on the Internet has to go away.” Finally in early August Germanys minister of the interior demanded an end of anonymity on the Internet. My proposed talk is not concerned with the relation of anonymity and pseudonymity and free speech, discrimination and empowerment that dominated the ‘real-name’ “nymwars” on the internet. Instead it seeks to de-familiarize the notion of the ‘real name’ by exposing central aspects of the media-history of names, situating personal names in relation to the development of statehood and capitalism between the 1500 and the 2000s. I thus will outline the history and function of birth-registration as introduced in the wake of the reformation in 1543 and its subsequent secularization during the rise of the Westaphalian nation state. This includes an overview of the international standardization of both identity papers and personal naming regimes during the 19th century in the context of post-1789 development of statehood and colonization. Moving to the 2oth century I will provide examples of the development and standardization of the passport-system after WWI, and conclude my talk with a synopsis of administrative digital identity vision of the early nineties. The goal of the talk is first de-familiarize the notion of the personal-name by showing its complex historical and material background, secondly to contextualize the current developments of digital identity regimes (Neuer Personalausweis, Google+, NSTIC etc) within the larger and longer-term developments of statehood and capitalist societies. Thirdly my talk will show that a name never was ones own but always an intersection of administrative, media-technical and personal interventions and as such is currently becoming a contested phenomenon again, requiring an informed debate about what is in a name. Duration 40 mins, presentation style will be slides and accompanying talk, discussion afterwards.
-
-
3:43
»
SecDocs
Authors:
Christian Bahls Tags:
law Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk will be about the WhiteIT project, initiated by Mr Schünemann, German Minister of Interior in the state of Lower Saxony. The WhiteIT project is concerned with combating the online-distribution of child abuse material. WhiteIT tries to develop tools and processes to cooperatively suppress the disemination and (re-)distribution of said material. During the Talk the lecturer will try to encourage some open source intelligence. So please consider bringing a laptop, netbook or tablet with you to help gather and collect certain informations right away. Being involved with the WhiteIT project, the lecturer will use this opportunity to speak freely about his concerns regarding certain aspects of the endeavour. The talk will try to explain some of the projects aims as well as technical tools and processes developed and why he thinks this also concerns you as well. Although the talk will mainly be concerned with WhiteIT and its members, it will also be of concern for other nationals as there are some global players involved. The Talk will be somewhat interactive asking you to crowdsource certain information that the lecturer could not get hold off, so please bring a laptop, netbook or tablet with you to be able access a wiki/etherpad.
-
3:42
»
SecDocs
Authors:
Christian Bahls Tags:
law Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk will be about the WhiteIT project, initiated by Mr Schünemann, German Minister of Interior in the state of Lower Saxony. The WhiteIT project is concerned with combating the online-distribution of child abuse material. WhiteIT tries to develop tools and processes to cooperatively suppress the disemination and (re-)distribution of said material. During the Talk the lecturer will try to encourage some open source intelligence. So please consider bringing a laptop, netbook or tablet with you to help gather and collect certain informations right away. Being involved with the WhiteIT project, the lecturer will use this opportunity to speak freely about his concerns regarding certain aspects of the endeavour. The talk will try to explain some of the projects aims as well as technical tools and processes developed and why he thinks this also concerns you as well. Although the talk will mainly be concerned with WhiteIT and its members, it will also be of concern for other nationals as there are some global players involved. The Talk will be somewhat interactive asking you to crowdsource certain information that the lecturer could not get hold off, so please bring a laptop, netbook or tablet with you to be able access a wiki/etherpad.
-
3:41
»
SecDocs
Authors:
Christian Bahls Tags:
law Event:
Chaos Communication Congress 28th (28C3) 2011 Abstract: This talk will be about the WhiteIT project, initiated by Mr Schünemann, German Minister of Interior in the state of Lower Saxony. The WhiteIT project is concerned with combating the online-distribution of child abuse material. WhiteIT tries to develop tools and processes to cooperatively suppress the disemination and (re-)distribution of said material. During the Talk the lecturer will try to encourage some open source intelligence. So please consider bringing a laptop, netbook or tablet with you to help gather and collect certain informations right away. Being involved with the WhiteIT project, the lecturer will use this opportunity to speak freely about his concerns regarding certain aspects of the endeavour. The talk will try to explain some of the projects aims as well as technical tools and processes developed and why he thinks this also concerns you as well. Although the talk will mainly be concerned with WhiteIT and its members, it will also be of concern for other nationals as there are some global players involved. The Talk will be somewhat interactive asking you to crowdsource certain information that the lecturer could not get hold off, so please bring a laptop, netbook or tablet with you to be able access a wiki/etherpad.
-
-
20:09
»
Packet Storm Security Recent Files
StoryBoard Quick version 6 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
-
-
14:06
»
SecDocs
Authors:
Chris Sumner Tags:
intelligence social social engineering Event:
Black Hat USA 2010 Abstract: If you’re ever in a position when you need to pwn criminals via social networks or see where Tony Hawk likes to hide skateboards around the world, this talk is for you. The talk is delivered in two parts, both of which are intended to shine a fun light on visual social network analysis. The first part introduces how you can extend the powerful data visualization tool, Maltego to speed up and automate the data mining and analysis of social networks. I’ll show how I analyzed skateboard legend, Tony Hawk’s twitter hunt and highlight how you could use the same techniques to set up your very own backyard miniature ECHELON. The second part illustrates how these techniques have been used to enumerate a 419 scam, infiltrate the scammers social network and expose deeper, more sinister links to organized crime. I focus specifically on Twitter and Facebook, demonstrating how you can graphically map and analyze social relationships using the Twitter API's, publicly available Facebook profiles, screen scraping and some clunky regex.
-
14:05
»
SecDocs
Authors:
Chris Sumner Tags:
intelligence social social engineering Event:
Black Hat USA 2010 Abstract: If you’re ever in a position when you need to pwn criminals via social networks or see where Tony Hawk likes to hide skateboards around the world, this talk is for you. The talk is delivered in two parts, both of which are intended to shine a fun light on visual social network analysis. The first part introduces how you can extend the powerful data visualization tool, Maltego to speed up and automate the data mining and analysis of social networks. I’ll show how I analyzed skateboard legend, Tony Hawk’s twitter hunt and highlight how you could use the same techniques to set up your very own backyard miniature ECHELON. The second part illustrates how these techniques have been used to enumerate a 419 scam, infiltrate the scammers social network and expose deeper, more sinister links to organized crime. I focus specifically on Twitter and Facebook, demonstrating how you can graphically map and analyze social relationships using the Twitter API's, publicly available Facebook profiles, screen scraping and some clunky regex.
-
-
13:47
»
SecDocs
Authors:
Sumit Siddharth Tags:
Oracle Event:
Black Hat USA 2010 Abstract: This talk will focus on exploiting SQL injections in web applications with oracle back-end and will discuss all old/new techniques. The talk will target Oracle 9i,10g and 11g (R1 and R2) It is widely considered that the impact of SQL Injection in web apps with Oracle back-end is limited to extraction of data with the privileges of user mentioned in connection string. Oracle database does not offer hacker friendly functionalities such as openrowset or xp_cmdshell for privilege escalation and O.S code execution. Further, as Oracle by design do not support execution of multiple query in single SQL statement, the exploitation is further restricted. The Talk will highlight attack vector to achieve privilege escalation (from Scott to SYS) and O.S code execution, all by exploiting Oracle SQL injections from web applications. As a number of organizations move to compliances like PCI thereby ensuring that the Card data is always stored encrypted with the private key never stored inside the database. The talk will focus on what hackers are doing in the wild to bypass these and to obtain clear text card data when its only stored encrypted or even when its never stored at all.
-
-
11:15
»
SecDocs
Authors:
Jibran Ilyas Nicholas J. Percoco Tags:
malware cybercrime malware analysis Event:
Black Hat USA 2010 Abstract: We had a busy year. We investigated over 200 incidents in 24 different countries. We ended up collecting enough malware freaks [samples] to fill up Kunstkammer a few times over. Building upon last year's DEFCON talk, we want to dive deeper and bring you the most interesting samples from around the world - including one that made international headlines and the rest we're positive no one's ever seen before (outside of us and the kids who wrote them). This talk will bring you 4 new freaks and 4 new victims including: a Sports Bar in Miami, Online Adult Toy Store, US Defense Contractor, and an International VoiP Provider. The malware we are going to demo are very advanced pieces of software written by very skilled developers. The complexity in their propagation, control channels, anti-forensic techniques and data exporting properties will be very interesting to anyone interested in this topic.
-
11:15
»
SecDocs
Authors:
Jibran Ilyas Nicholas J. Percoco Tags:
malware cybercrime malware analysis Event:
Black Hat USA 2010 Abstract: We had a busy year. We investigated over 200 incidents in 24 different countries. We ended up collecting enough malware freaks [samples] to fill up Kunstkammer a few times over. Building upon last year's DEFCON talk, we want to dive deeper and bring you the most interesting samples from around the world - including one that made international headlines and the rest we're positive no one's ever seen before (outside of us and the kids who wrote them). This talk will bring you 4 new freaks and 4 new victims including: a Sports Bar in Miami, Online Adult Toy Store, US Defense Contractor, and an International VoiP Provider. The malware we are going to demo are very advanced pieces of software written by very skilled developers. The complexity in their propagation, control channels, anti-forensic techniques and data exporting properties will be very interesting to anyone interested in this topic.
-
-
12:19
»
Hack a Day
Hacker [Dino Segovis] wrote in to share the latest hack from his HackAWeek series, and this time around he has constructed a talk box for his bass guitar. Providing you are old enough, you probably remember when the talk box made its way into mainstream music, on the “Frampton Comes Alive” album. The concept of [...]
-
-
11:03
»
Hack a Day
[Michael Ossmann's] talk from Schmoocon about his open source Bluetooth test tool called Ubertooth is now available to watch online. The video really fills in the gaps from the first time we looked at the project, as he covers why he took on the challenge, and what has happened since. He talks about how his [...]
-
-
10:35
»
Hack a Day
[Dino A. Dai Zovi] gave a talk in the earlier part of 2010 where he shares his thoughts on the future of malicious exploits. You can watch it on Ustream and he’s also posted a set of slides (PDF) that goes along with it. We find the 48 minute video to be quite interested. Instead of [...]
-
-
21:03
»
SecDocs
Authors:
Christopher Tarnovsky Tags:
microcontroller Event:
Black Hat DC 2010 Abstract: From start to finish, we will walk through how a current generation smartcard was successfully compromised. The talk will discuss everything that was required in the order the events took place. We will cram several months into an hour! PS- The talk will be very technical mixed hardware and software (60% hardware, 40% software).
-
21:03
»
SecDocs
Authors:
Christopher Tarnovsky Tags:
microcontroller Event:
Black Hat DC 2010 Abstract: From start to finish, we will walk through how a current generation smartcard was successfully compromised. The talk will discuss everything that was required in the order the events took place. We will cram several months into an hour! PS- The talk will be very technical mixed hardware and software (60% hardware, 40% software).
-
-
21:02
»
SecDocs
Authors:
Christopher Tarnovsky Tags:
microcontroller Event:
Black Hat DC 2010 Abstract: From start to finish, we will walk through how a current generation smartcard was successfully compromised. The talk will discuss everything that was required in the order the events took place. We will cram several months into an hour! PS- The talk will be very technical mixed hardware and software (60% hardware, 40% software).
-
-
4:20
»
SecDocs
Authors:
H.D. Moore Tags:
Metasploit Event:
Black Hat DC 2010 Abstract: In 2008 Metasploit expanded from a community-run project to a corporate product managed by Rapid7. This talk focuses on the transition, the lessons learned during the acquisition process, the challenges of maintaining a community, and the latest improvements to the Metasploit Framework. The points covered in this talk are valuable for anyone building an open-source product, contemplating the purchase of one, or considering using an open source product to build a commercial application.
-
4:05
»
SecDocs
Authors:
Vincenzo Iozzo Tags:
fuzzing Event:
Black Hat DC 2010 Abstract: Nowadays fuzzing is a pretty common technique used both by attackers and software developers. Currently known techniques usually involve knowing the protocol/format that needs to be fuzzed and having a basic understanding of how the user input is processed inside the binary. In the past since fuzzing was little-used obtaining good results with a small amount of effort was possible. Today finding bugs requires digging a lot inside the code and the user-input as common vulnerabilies are already identified and fixed by developers. This talk will present an idea on how to effectively fuzz with no knowledge of the user-input and the binary. Specifically the talk will demonstrate how techniques like code coverage, data tainting and in-memory fuzzing allow to build a smart fuzzer with no need to instrument it.
-
-
21:04
»
SecDocs
Authors:
Tom Cross Tags:
forensic network Cisco sniffer Event:
Black Hat DC 2010 Abstract: Many governments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides. This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.
-
21:04
»
SecDocs
Authors:
Tom Cross Tags:
forensic network Cisco sniffer Event:
Black Hat DC 2010 Abstract: Many governments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides. This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.
-
21:04
»
SecDocs
Authors:
Tom Cross Tags:
forensic network Cisco sniffer Event:
Black Hat DC 2010 Abstract: Many governments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides. This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.
-
21:04
»
SecDocs
Authors:
Tom Cross Tags:
forensic network Cisco sniffer Event:
Black Hat DC 2010 Abstract: Many governments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides. This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.
-
-
3:43
»
SecDocs
-
-
21:14
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;) Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk! Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-P
-
21:14
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;) Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk! Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-P
-
21:14
»
SecDocs
Tags:
hacking Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: 4 minutes for every speaker. Learn about the good, the bad, and the ugly - in software, hardware, projects, and more. Give a lightning fast talk about your favourite project, program, system - and thereby find people with the same interest to proceed and promote it. Alternatively - give us a good rant about something and give us some good reasons why it should die. ;) Get right at it, don't waste time by explaining too much, get the main points across, and then let us know how to contact you on the congress for a talk! Whatever you do - please practise it, and don't be boring. Or else. You have been warned! :-P
-
-
21:04
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Rich Internet Applications Flash Event:
Chaos Communication Congress 26th (26C3) 2009 Abstract: The talk will discuss a class of in-the-wild malware and exploits, reasons for it's success as well as reasons why protecting against it in common ways is not effective. This will be done by examining the internals of the attacked subject. Following this, the second part of the talk will present an alternative protection mechanism, which the presenter believes prevents large parts of this class of attacks. The mechanisms and code to do this will be presented and released. The talk presents a simple but effective approach for securing Rich Internet Application (RIA) content before using it. Focusing on Adobe Flash content, the security threats presented by Flash movies are discussed, as well as their inner workings that allow such attacks to happen. Some of those details will make you laugh, some will make you wince. Based on the properties discussed, the idea behind the defense approach will be presented, as well as the code implementing it and the results of using it in the real world.
