Speaker: Sam Bowne Instructor
Many Websites mix secure and insecure content on the same page, like Facebook. This makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s new SSLstrip tool.
First I will give a brief explanation and demonstration of the technique, and then I will help audience members set up the attack themselves on their own laptops.
Detailed instructions and all required software will be provided. Audience members should bring a laptop computer to participate in the hands-on training.
I know what I'm looking for
Many websites mix secure and insecure content on the same page this makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s new SSLstrip tool. I will give a brief explanation and demonstration of the technique.
Using Linux and a device with 2 network cards, I will demonstrate how to configure an undetectable transparent bridge to inject a rogue device onto a wired network that is secured via 802.1x using an existing authorized connection.
Johnny Long reveals basic and advanced search techniques, basic and advanced hacking techniques, multi-engine attack query morphing, and zero-packet target foot printing and recon techniques.
This talk is about the project to build the next generation IDS engine. The engine has been released under the name Suricata and can be downloaded from the Open Information Security Foundation (OISF) web site.
We will cover on how the DEF CON network team builds a network from scratch, in three days with very little budget.
The “European Great Firewall” was the way that European civil rights organizations has addressed the proposal to create a “single European cyberspace”. This lecture will describe a vulnerability that the proposal reveals in the power structures of the European and world governance.
After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit.
Charlie Miller will take an in depth look at a common embedded controller used in a battery and reverse engineer the firmware.
Learn about the security and social aspects of RFID technology
In this talk, the technology and capabilities of US-VISIT will be explained in detail; weaknesses in the system will be explored, and the consequences of such a system will be considered.
Learn how Fortune 500 and government organizations are using Splunk to protect themselves against fraud and misuse, and as a valuable tool in their network security and compliance reporting toolboxes.
This video is made by EXALT and shows a reenactment of a remote hack he did on a Damn Vulnerable Linux (DVL) box.
Architects and developers often perceive threat modeling as being too difficult. During this talk, we’ll attempt to bust these myths and show how organizations can incrementally obtain better results.
This class will focus on understanding how rootkits work, and what tools can be used to help find them.
This presentation will cover techniques that can be used to control and extract data from network printers.
Ever wondered what is in these blocks of squares on postal packages, letters and tickets?
We analyzed the hardware of the Mifare tags and found weaknesses in several parts of the cipher.
In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level.
This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope.
Short demo using the passthrough option of Pyrit which eliminates the need for giant tables taking up all your hard drive space.
I will discuss specific design flaws in the security of “secure” Applications that promise to keep your data / password safe and sound should the device fall into the wrong hands.
Tom Scott explains the insecure ways in which some websites deal with passwords.
David Litchfield is recognized as one of the world’s leading authorities on database security.
An update about the Honey project and the development of the CIC News engine.
I will demonstrate both local and remote attacks on ATMs, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.
The talk uses fresh examples of application cryptography successes and failures, and also incorporates the new OWASP ESAPI.
The presenters showed that Bluetooth is alive and kicking, exploit-wise. A new tool called Bluedriving is presented to capture and store the position and information of bluetooth devices.
We deauthenticate the victim from his own wireless network and wait until he connects to our access point. When the victim connects, he is redirected to a service page asking for the WPA-2 key.