Speaker: Daniel Pistelli
This talk presents an overview of the security risks in non-executable files such as PDF, rich media and office documents. The extent and the roots of the issues (not only in terms of infection).
The approaches to store and hide, in order to avoid detection, malicious data inside these file formats and what can be done in terms of prevention. Also, ramifications for the embedded sector. The talk aims to range from global considerations to individual cases.
I know what I'm looking for
This presentation will cover techniques that can be used to control and extract data from network printers.
We will cover on how the DEF CON network team builds a network from scratch, in three days with very little budget.
This class will focus on understanding how rootkits work, and what tools can be used to help find them.
The “European Great Firewall” was the way that European civil rights organizations has addressed the proposal to create a “single European cyberspace”. This lecture will describe a vulnerability that the proposal reveals in the power structures of the European and world governance.
Learn about the security and social aspects of RFID technology
In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level.
David Litchfield is recognized as one of the world’s leading authorities on database security.
I will discuss specific design flaws in the security of “secure” Applications that promise to keep your data / password safe and sound should the device fall into the wrong hands.
This video is made by EXALT and shows a reenactment of a remote hack he did on a Damn Vulnerable Linux (DVL) box.
In this talk, the technology and capabilities of US-VISIT will be explained in detail; weaknesses in the system will be explored, and the consequences of such a system will be considered.
The presenters showed that Bluetooth is alive and kicking, exploit-wise. A new tool called Bluedriving is presented to capture and store the position and information of bluetooth devices.
This talk will discuss the past methods used for XSS defence that were only partially effective. Learning from these lessons, will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer.
This talk presents an overview of the security risks in non-executable files such as PDF, rich media and office documents. The talk aims to range from global considerations to individual cases.
Ever wondered what is in these blocks of squares on postal packages, letters and tickets?
Architects and developers often perceive threat modeling as being too difficult. During this talk, we’ll attempt to bust these myths and show how organizations can incrementally obtain better results.
After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit.
This presentation describes the technologies behind advanced static and dynamic vulnerability analysis tools. We conclude with a discussion of new ways to ensure that bugs get fixed before it’s too late.
The vlog about the fourth day of the 2011 International ICS Cybersecurity Advanced Training. This day is what it’s all about, the Blue Team / Red Team exercise.
This course is an introduction to the fundamental technologies behind Trusted Computing. You will learn what Trusted Platform Modules (TPMs) are and what capabilities they can provide both at an in-depth technical level and in an enterprise context.
We deauthenticate the victim from his own wireless network and wait until he connects to our access point. When the victim connects, he is redirected to a service page asking for the WPA-2 key.
A panel discussion with Michael Coates (Mozilla), Chris Evans (Google), Jeremiah Grossman (WhiteHat Security), Adam Mein (Google), Alex Rice (Facebook)
This talk introduces Trabbler, the first highly versatile “cross site scripting Trojan”. In the talk, we will discuss Trabbler ́s architecture and code and give practical examples of its application.
This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope.
Learn how Fortune 500 and government organizations are using Splunk to protect themselves against fraud and misuse, and as a valuable tool in their network security and compliance reporting toolboxes.
This presentation will delve into the science and process behind secure code review and will continue to discuss a simplified approach to secure code review
This talk is about the project to build the next generation IDS engine. The engine has been released under the name Suricata and can be downloaded from the Open Information Security Foundation (OISF) web site.