DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

Speakers: Svetlana Gaivoronski | Dennis Gamayunov

One of the most effective techniques used in CTF is the usage of various exploits, written with the help of well-known tools or even manually during the game.

Experience in CTF participation shows that the mechanism for detecting such exploits is able to significantly increase the defense level of the team.

In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level.

Be surprised

I know what I'm looking for

Related videos

RFID hacking

RFID hacking

Learn about the security and social aspects of RFID technology

ShmooCon 2014: ISP’s unauthenticated SOAP service

ShmooCon 2014: ISP’s unauthenticated SOAP service

This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope.

NOTACON 3: Network printer hacking

NOTACON 3: Network printer hacking

This presentation will cover techniques that can be used to control and extract data from network printers.

DEF CON 13: Google hacking for penetration testers

DEF CON 13: Google hacking for penetration testers

Johnny Long reveals basic and advanced search techniques, basic and advanced hacking techniques, multi-engine attack query morphing, and zero-packet target foot printing and recon techniques.

Remote hack on Damn Vulnerable Linux

Remote hack on Damn Vulnerable Linux

This video is made by EXALT and shows a reenactment of a remote hack he did on a Damn Vulnerable Linux (DVL) box.

Rootkits: What they are, and how to find them

Rootkits: What they are, and how to find them

This class will focus on understanding how rootkits work, and what tools can be used to help find them.

28C3: Towards a single secure European cyberspace?

28C3: Towards a single secure European cyberspace?

The “European Great Firewall” was the way that European civil rights organizations has addressed the proposal to create a “single European cyberspace”. This lecture will describe a vulnerability that the proposal reveals in the power structures of the European and world governance.

DEF CON 19: Defeating wired 802.1x with a transparent bridge using Linux

DEF CON 19: Defeating wired 802.1x with a transparent bridge using Linux

Using Linux and a device with 2 network cards, I will demonstrate how to configure an undetectable transparent bridge to inject a rogue device onto a wired network that is secured via 802.1x using an existing authorized connection.

DEF CON 14: US-VISIT: Raping personal privacy since 2004

DEF CON 14: US-VISIT: Raping personal privacy since 2004

In this talk, the technology and capabilities of US-VISIT will be explained in detail; weaknesses in the system will be explored, and the consequences of such a system will be considered.

Building the DEF CON Network

Building the DEF CON Network

We will cover on how the DEF CON network team builds a network from scratch, in three days with very little budget.

DeepSec 2009: Building the next generation IDS engine

DeepSec 2009: Building the next generation IDS engine

This talk is about the project to build the next generation IDS engine. The engine has been released under the name Suricata and can be downloaded from the Open Information Security Foundation (OISF) web site.

DEF CON 17: Hijacking web 2.0 sites with SSLstrip

DEF CON 17: Hijacking web 2.0 sites with SSLstrip

Many websites mix secure and insecure content on the same page this makes it possible to steal all the data entered on such a page easily, using Moxie Marlinspike’s new SSLstrip tool. I will give a brief explanation and demonstration of the technique.

22C3: Attacking the IPv6 protocol suite

22C3: Attacking the IPv6 protocol suite

After a short introduction on the differences of IPv4 to IPv6, the weaknesses in IPv6 will be shown. Highlight of the talk is the presentation of the THC-IPV6 Attack Toolkit.

DeepSec 2013: Uncovering your trails

DeepSec 2013: Uncovering your trails

The presenters showed that Bluetooth is alive and kicking, exploit-wise. A new tool called Bluedriving is presented to capture and store the position and information of bluetooth devices.

The Honey project and CIC News Engine

The Honey project and CIC News Engine

An update about the Honey project and the development of the CIC News engine.

Battery firmware hacking

Battery firmware hacking

Charlie Miller will take an in depth look at a common embedded controller used in a battery and reverse engineer the firmware.

Embed trojan into a JPG Format

Embed trojan into a JPG Format

Black Hat USA 2010: Jackpotting automated teller machines redux 1/5

Black Hat USA 2010: Jackpotting automated teller machines redux 1/5

I will demonstrate both local and remote attacks on ATMs, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks.

DEF CON 19: Hacking and forensicating an Oracle database server

DEF CON 19: Hacking and forensicating an Oracle database server

David Litchfield is recognized as one of the world’s leading authorities on database security.

DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

DEF CON 20: Demorpheus: Getting rid of polymorphic shellcodes in your network

In this presentation we propose an approach and hybrid shellcode detection method, aimed at early detection and filtering of unknown 0-day exploits at the network level.

Pyrit demonstration (GPU cracking)

Pyrit demonstration (GPU cracking)

Short demo using the passthrough option of Pyrit which eliminates the need for giant tables taking up all your hard drive space.

OWASP AppSecUSA 2011: Simplifying threat modelling

OWASP AppSecUSA 2011: Simplifying threat modelling

Architects and developers often perceive threat modeling as being too difficult. During this talk, we’ll attempt to bust these myths and show how organizations can incrementally obtain better results.

Hacking WPA2 key: Evil Twin method

Hacking WPA2 key: Evil Twin method

We deauthenticate the victim from his own wireless network and wait until he connects to our access point. When the victim connects, he is redirected to a service page asking for the WPA-2 key.

SOURCE Boston 2009: Splunk

SOURCE Boston 2009: Splunk

Learn how Fortune 500 and government organizations are using Splunk to protect themselves against fraud and misuse, and as a valuable tool in their network security and compliance reporting toolboxes.

Toying with barcodes

Toying with barcodes

Ever wondered what is in these blocks of squares on postal packages, letters and tickets?

DEF CON 17: Abusing Firefox Addons

DEF CON 17: Abusing Firefox Addons

This talk details how we have abused some of the most popular and recommended Firefox addons, with previously unreleased vulnerabilities. Demos will cover remote code execution, local file disclosure and other tailored Firefox Addon exploits.

DeepSec 2013: Mobile Fail: Cracking open “secure” Android containers

DeepSec 2013: Mobile Fail: Cracking open “secure” Android containers

I will discuss specific design flaws in the security of “secure” Applications that promise to keep your data / password safe and sound should the device fall into the wrong hands.

SOURCE Barcelona 2010: Carders.cc, the rise and fall of an underground forum

SOURCE Barcelona 2010: Carders.cc, the rise and fall of an underground forum

DEF CON 17: MetaPhish

DEF CON 17: MetaPhish

This talk will focus on building a phishing framework on top of Metasploit that pentesters can use to automate phishing and increase their overall capabilities.

Share This