Speakers: Karsten Nohl | Henryk Plötz
Mifare are the most widely deployed brand of secure RFID chips, but their security relies on proprietary and secret cryptographic primitives. We analyzed the hardware of the Mifare tags and found weaknesses in several parts of the cipher.
I know what I'm looking for
This class will focus on understanding how rootkits work, and what tools can be used to help find them.
This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope.
This presentation will cover techniques that can be used to control and extract data from network printers.
Tom Scott explains the insecure ways in which some websites deal with passwords.
David Litchfield is recognized as one of the world’s leading authorities on database security.
Many websites mix secure and insecure content on the same page this makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s new SSLstrip tool. I will give a brief explanation and demonstration of the technique.
Architects and developers often perceive threat modeling as being too difficult. During this talk, we’ll attempt to bust these myths and show how organizations can incrementally obtain better results.
In this talk, the technology and capabilities of US-VISIT will be explained in detail; weaknesses in the system will be explored, and the consequences of such a system will be considered.
This talk is about the project to build the next generation IDS engine. The engine has been released under the name Suricata and can be downloaded from the Open Information Security Foundation (OISF) web site.
In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level.
We deauthenticate the victim from his own wireless network and wait until he connects to our access point. When the victim connects, he is redirected to a service page asking for the WPA-2 key.
The presenters showed that Bluetooth is alive and kicking, exploit-wise. A new tool called Bluedriving is presented to capture and store the position and information of bluetooth devices.
Learn how Fortune 500 and government organizations are using Splunk to protect themselves against fraud and misuse, and as a valuable tool in their network security and compliance reporting toolboxes.
This video is made by EXALT and shows a reenactment of a remote hack he did on a Damn Vulnerable Linux (DVL) box.
Ever wondered what is in these blocks of squares on postal packages, letters and tickets?
We will cover on how the DEF CON network team builds a network from scratch, in three days with very little budget.
I will discuss specific design flaws in the security of “secure” Applications that promise to keep your data / password safe and sound should the device fall into the wrong hands.
We will describe the process of setting up the test network we operate at 29C3, what legal and technical challenges we have faced, and we will describe the actual installation at the CCH.
Learn about the security and social aspects of RFID technology
The “European Great Firewall” was the way that European civil rights organizations has addressed the proposal to create a “single European cyberspace”. This lecture will describe a vulnerability that the proposal reveals in the power structures of the European and world governance.
The talk uses fresh examples of application cryptography successes and failures, and also incorporates the new OWASP ESAPI.
We analyzed the hardware of the Mifare tags and found weaknesses in several parts of the cipher.