Como ya os comenté en mi anterior post, ya están disponibles los vídeos de la pasada edición de Defcon.
Además de encontrar Building an Android IDS on Network Level, os recomiendo echéis un vistazo al resto de las charlas, que tuvieron un altísimo nivel técnico y fueron francamente muy interesantes.
Entre ellas, me gustaría destacar la charla Dude, WTF in my car?, protagonizada por mis amigos y compañeros de aventuras Alberto García Illera y Javier Vázquez Vidal. En ella hablaron de las ECUs Bosch EDC15 y EDC16, de cómo se comunican, qué protocolos que utilizan, su seguridad etc.
Además, realizaron una demostración práctica de una hardware propio, cuyo precio es inferior a los 25 dólares. No os la perdáis:
El resto de las charlas las tenéis aquí:
- Proliferation
- Torturing Open Government Systems for Fun, Profit and Time Travel
- Backdoors, Government Hacking and The Next Crypto Wars
- ACL Steganography – Permissions to Hide Your Porn
- Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust
- Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot
- A Password is Not Enough: Why Disk Encryption is Broken and How We Might Fix It
- From Nukes to Cyber— Alternative Approaches for Proactive Defense and Mission Assurance
- The Politics of Privacy and Technology: Fighting an Uphill Battle
- Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine
- Privacy In DSRC Connected Vehicles
- Phantom Network Surveillance UAV / Drone
- Safety of Tor Network Look at Network Diversity, Relay Operators & Malicious Relays
- De-Anonymizing Alt.Anonymous. Messages
- The DEF CON 21 Badge
- The Growing Irrelevance of US Government Cybersecurity Intelligence Information
- The Dirty South – Getting Justified with Technology
- Prowling Peer-to-Peer Botnets After Dark
- Evil DoS Attacks and Strong Defenses
- Kill ‘em All— DDoS Protection Total Annihilation!
- VoIP Wars: Return of the SIP
- Unexpected Stories – From a Hacker Who Made It Inside the Government
- Dude, WTF in my car?
- The Road Less Surreptitiously Traveled
- Home Invasion 2.0 – Attacking Network-Controlled Consumer Devices
- RFID Hacking: Live Free or RFID Hard
- Stalking a City for Fun and Frivolity
- Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks
- BYO-Disaster and Why Corporate Wireless Security Still Sucks
- The Cavalry Isn’t Coming: Starting the Revolution to Fsck it All!
- The Dark Arts of OSINT
- EMET 4.0 PKI Mitigation
- Stepping P3wns: Adventures in Full Spectrum Embedded Exploitation (and defense!)
- EDS: Exploitation Detection System
- Conducting Massive Attacks with Open Source Distributed Computing
- Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions
- Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell
- The Secret Life of SIM Cards
- DragonLady: An Investigation of SMS Fraud Operations in Russia
- Offensive Forensics: CSI for the Bad Guy
- Pwn’ing Your® Cyber Offenders
- MITM All The IPv6 Things
- HTTP Time Bandit
- How to use CSP to Stop XSS
- So You think Your Domain Controller is Secure?
- Getting The Goods With smbexec
- Abusing NoSQL Databases
- Examining the Bitsquatting Attack Surface
- Please Insert Inject More Coins
- Do-It-Yourself Cellular IDS
- BoutiqueKit: Playing WarGames with Expensive Rootkits and Malware
- Android WebLogin: Google’s Skeleton Key
- Building an Android IDS on Network Level
- Defeating SEAndroid
- Doing Bad Things to “Good” Security Appliances
- Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)
- Data Evaporation from SSDs
- GoPro or GTFO: A Tale of Reversing an Embedded System
- JTAGulator: Assisted Discovery of On-Chip Debug Interfaces
- gitDigger: Creating useful wordlists from public GitHub repositories
- Made Open: Hacking Capitalism
- The Dawn of Web 3.0: Website Mapping and Vulnerability Scanning in 3D
- Combatting Mac OSX/iOS Malware with Data Visualization
- A Thorny Piece of Malware (And Me): The Nastiness of SHE, VFTables & Multi-Threading
- Transcending Cloud Limitations by Obtaining Inner Piece
- Utilizing Popular Websites for Malicious Purposes Using RDI
- Open Public Sensors, Trend Monitoring and Data Fusion
- Collaborative Penetration Testing With Lair
- PowerPwning: Post-Exploiting By Overpowering PowerShell
- Evolving Exploits Through Genetic Algorithms
- Adventures in Automotive Networks and Control Units
- Hacking Driverless Vehicles
- 10000 Yen into the Sea
- Business Logic Flaws In Mobile Operators Services
- Meet the VCs
- The ACLU Presents: NSA Surveillance and More
- The Government and UFOs: A Historical Analysis
- How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers
- Fear the Evil FOCA: IPv6 attacks in Internet Connections
- Legal Aspects of Full Spectrum Computer Network (Active) Defense
- We are Legion: Pentesting with an Army of Low-power Low-cost Devices
- Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices
- DC Awards
- PowerPreter: Post Exploitation Like a Boss
- DNS May Be Hazardous to Your Health
- Exploiting Music Streaming with JavaScript
- Java Every-Days: Exploiting Software Running on 3 Billion Devices
- HiveMind: Distributed File Storage Using JavaScript Bonets
- Defending Networks with Incomplete Information: A Machine Learning Approach
- Blucat: Netcat For Bluetooth
- BYOD PEAP Show
- Closing Ceremonies
- All Your RFz Are Belong to Me – Hacking the Wireless World with Software Defined Radio
- Making Of The DEF CON Documentary
- Ask the EFF: The Year in Digital Civil Liberties
- Decapping Chips The Strike Easy Hard Way
- Insecurity – A Failure of Imagination
- Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock
- DEF CON Comedy Jam Part VI, Return of the Fail
- Hardware Hacking with Microcontrollers: A Panel Discussion
- An Open Letter The White Hat’s Dilemma
- Suicide Risk Assessment and Intervention Tactics
- OTP, It won’t save you from free rides!
- How to Disclose or Sell an Exploit Without Getting in Trouble
- Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys
- Social Engineering: The Gentleman Thief
- This Presentation Will Self-Destruct in 45 Minutes
- Fast Forensics Using Simple Statistics and Cool Tools
- Forensic Fails – Shift + Delete Won’t Help You Here
- C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood
Espero que los disfrutéis!
No hay comentarios:
Publicar un comentario