Speaker: David Litchfield
David Litchfield is recognized as one of the world’s leading authorities on database security. He is the author of Oracle Forensics, the Oracle Hacker’s Handbook, the Database Hacker’s Handbook and SQL Server Security and is the co-author of the Shellcoder’s Handbook.
I know what I'm looking for
This video is made by EXALT and shows a reenactment of a remote hack he did on a Damn Vulnerable Linux (DVL) box.
This talk presents an overview of the security risks in non-executable files such as PDF, rich media and office documents. The talk aims to range from global considerations to individual cases.
Charlie Miller will take an in depth look at a common embedded controller used in a battery and reverse engineer the firmware.
This presentation describes the technologies behind advanced static and dynamic vulnerability analysis tools. We conclude with a discussion of new ways to ensure that bugs get fixed before it’s too late.
This talk will conclude with a proof-of-concept web application demo that demonstrates the techniques and issues mentioned as well as thoughts for solving the next generation of spam.
This course is an introduction to the fundamental technologies behind Trusted Computing. You will learn what Trusted Platform Modules (TPMs) are and what capabilities they can provide both at an in-depth technical level and in an enterprise context.
Sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications.
Ever wondered what is in these blocks of squares on postal packages, letters and tickets?
Tom Scott explains the insecure ways in which some websites deal with passwords.
Short demo using the passthrough option of Pyrit which eliminates the need for giant tables taking up all your hard drive space.
After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit.
Many websites mix secure and insecure content on the same page this makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s new SSLstrip tool. I will give a brief explanation and demonstration of the technique.
We describe the design of the Xbox 360 security system from a very high-legel point of view. In the second part we will discuss the details of the Xbox 360 system and security architecture.
In several European countries proposals for vast expansion of the powers of law enforcement in the digital realm are floating about. The panel focuses on the pros and cons of such powers.
An update about the Honey project and the development of the CIC News engine.
We analyzed the hardware of the Mifare tags and found weaknesses in several parts of the cipher.
In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level.
Johnny Long reveals basic and advanced search techniques, basic and advanced hacking techniques, multi-engine attack query morphing, and zero-packet target foot printing and recon techniques.
This is a talk about the struggles of becoming a Private Investigator and what the laws are for computer forensics going forward.
The talk discusses a GSM debugging tool that consists entirely of open source software and open radio hardware. We will demonstrate how to record and decode GSM calls, even encrypted ones.
A panel discussion with Michael Coates (Mozilla), Chris Evans (Google), Jeremiah Grossman (WhiteHat Security), Adam Mein (Google), Alex Rice (Facebook)
Vladimir Katalov Vladimir Katalov presents the results of analysing the Apple iCloud protocol and its impact on iCloud services.
Privacy International, Agentura.Ru and Citizen Lab have joined forces to launch a new project ‘Russia’s Surveillance State’. The project aims to undertake research and investigation into surveillance practices in Russia.
The vlog about the fourth day of the 2011 International ICS Cybersecurity Advanced Training. This day is what it’s all about, the Blue Team / Red Team exercise.
Using Linux and a device with 2 network cards, I will demonstrate how to configure an undetectable transparent bridge to inject a rogue device onto a wired network that is secured via 802.1x using an existing authorized connection.
This talk will summarize what we have learned about the internal architecture of the iPhone platform, its security, and the ways we have found to defeat these security measures.
David Litchfield is recognized as one of the world’s leading authorities on database security.
Although many companies claim to care about end-user privacy, none seem to be willing to compete on the extent to which they assist or resist the government in its surveillance activities. This talk will pierce the veil of secrecy surrounding these practices.
This talk evenly distributes technical knowledge and humor to present the funniest discoveries related to malware authors and the fight against their code.
I will demonstrate both local and remote attacks on ATMs, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.
We deauthenticate the victim from his own wireless network and wait until he connects to our access point. When the victim connects, he is redirected to a service page asking for the WPA-2 key.