Just roughly half a year ago joernchen was given the opportunity to rant about things and stuff[0]. The globe turned round and round in the meantime. So: it’s time for an update! This talk will surprise not only with follow-up raging about what’s changed. But also brand new topics will be considered for being railed against. Brace for some nyan cats, the BEST .gif files and hopefully there’s even a surprise guest on stage to collaboratively deliver the best rant wihtin a radius of roughly...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, joernchen, hitbgsec,...
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Over the years RFID card cloning attacks have risen steadily in Red Team activity. While card cloning can be effective, entry isn’t always gained with this method alone. As Red Team members, we often focus too much on the card and not enough on the technology that supports it. Why settle for access to one door when you can have access to them all? Physical Access Systems (PACS) have several components...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Source: https://www.youtube.com/watch?v=3F44JbkaU7k Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Has it ever happened to you on a Friday afternoon, just before closing your laptop, tidying your desk before a long weekend? A weekend that indeed looks now very long in perspective? A server disappeared! A network device that blinks mysteriously and frantically like a Christmas tree. No clues yet to be found? Feeling like calling Watson? Call no one but become Sherlock himself to uncover the truth! This session will reveal some of Moriarty’s machinations and some cyber forensics techniques...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, nicolas collery,...
PRESS RELEASE Company: Hack In The Box / HITBSecConf Date of Issue: 10th April 2013 Release Summary: Members of the @Evad3rs will hold a press conference at the fourth annual Hack In The Box Security Conference on the 11th of April at the Okura Hotel, Amsterdam. The press conference will focus on their renowned evasi0n jailbreak and will also be streamed live. URL: http://conference.hitb.org/hitbsecconf2013ams/evad3rs-press-conference/ Evad3rs Press Conference at HITBSecConf2013 -- Amsterdam...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, press conference, press...
Source: https://www.youtube.com/watch?v=Cg-_TLdfUGw Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
The Android ecosystem has a long-standing reputation of haphazard security, with regular headliner bugs. Despite its open source roots, Android security is still a black box for most users. Security patches are little understood, and users have to blindly trust their phone vendors to install patches. We find that this trust is not warranted for many Android vendors, most of which skip at least some patches. Using a novel analysis approach, we find missing Android patches on phones or from...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, karsten nohl, jakob...
“Next-Generation” firewalls provide functionality well beyond the traditional filtering capabilities. They offer deep protocol inspection, application identification, user based filtering, VPN functionality and more. While this significantly increases the attack surface of these devices, little public research is available. In this talk I will present an in-depth analysis of one of the leading NGFW solutions: PAN-OS. Besides describing the overall system architecture, I will discuss and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ernw, palo alto,...
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Being stuck below the security poverty line isn't about budget, it's about attitude, motivation, and focusing not...
Topics: Youtube, video, Science & Technology, #HITB2012AMS, #HITB, HITB, HITB2012AMS, HITB2012,...
The first ever HITB keynote panel discussion on the Future of Mobile Malware and Cloud Computing Security Source: https://www.youtube.com/watch?v=DR9lMyYxIz0 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Source: https://www.youtube.com/watch?v=DmyY2-rEIf4 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Since it’s introduction at WWDC in 2014 Swift has progressed significantly as a language and has seen increased adoption by iOS and OSX developers. Despite this, information pertaining to reverse engineering Swift applications is sparse and not openly discussed. This talk will dive into the Swift language and explore reverse engineering Swift apps from a security perspective. Topics that will be covered include quick intro to Swift from a pen testers perspective, various methods for obtaining...
Topics: Youtube, video, Science & Technology, hitb, hackinthebox, hitbgsec, singapore, swift, apple,...
Source: https://www.youtube.com/watch?v=Vdg7QQR3Gu8 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Last year we proved that the whitelist-based approach of Content Security Policy (CSP) is flawed and proposed an alternative based on ‘strict-dynamic’ in combination with nonces or hashes. This approach makes CSP radically easier to deploy and, at the same time, unleashes its full potential as an XSS mitigation mechanism. In our academic paper (CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy, ACM CCS, 2016), we demonstrated, using...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Lukas Weichselbaum,...
The number of vulnerabilities in open source libraries is increasing rapidly. However, the majority of them do not go through public disclosure. These unidentified vulnerabilities put developers’ products at risk of being hacked since they are increasingly relying on open source libraries to assemble and build software quickly. To find unidentified vulnerabilities in open source libraries and secure modern software development, we describe an efficient automatic vulnerability identification...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, asankhaya sharma,...
Presentation Title Post Memory Corruption Analysis Presentation Abstract In this presentation, we introduce a new exploitation methodology of invalid memory reads and writes, based on dataflow analysis after a memory corruption bug has occured inside a running process. We will expose a methodology which shall help with writing a reliable exploit out of a PoC triggering an invalid memory write, in presence of security defense mechanism such as compiler enhancements (full RELRO, SSP) or kernel...
Topics: Youtube, video, Science & Technology, Post, Memory, Corruption, Analysis, Exploitation,...
Source: https://www.youtube.com/watch?v=ao-DcP6jvvs Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Over the years, ring-0 vulnerabilities in mobile devices have become increasingly difficult to find and exploit. Attackers and defenders alike must find new attack vectors, as well as develop tools to expedite the research process and increase coverage. One significant challenge is a more confining sandbox. While vendors usually put less emphasis on the security of mechanisms which are not operable from within the sandbox, sandboxing applications appropriately is not always that easy. This talk...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, adam donenfeld, ios,...
The first ever HITB keynote panel discussion on the Future of Mobile Malware and Cloud Computing Security Source: https://www.youtube.com/watch?v=IyVRqDWxvwI Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: What does it take to do quality research? What stops you from being a one-hit wonder? Is there an age limit to productive hackery? What are the key ingredients needed and how can you up your chances of doing great work? In a talk unabashedly stolen from far greater minds we hope to answer these questions and discuss their repercussions. ABOUT HAROON MEER Haroon Meer is the founder of Thinkst,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, research, security,...
For the past ten years the KARMA attack has been the industry standard for causing a Wi-Fi client to automatically connect to an attacker-controlled Access Point. In the KARMA attack the attacker introduces an access point that bares the same characteristics as a (open) network which the client has connected to in the past (and will continue to connect to if given the chance, due to automatic association rules). Information about such networks were leaked to nearby stations during the Wi-Fi...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, George Chatzisofroniou,...
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: As social engineering has become the dominant method of malware distribution, browsers makers started to design more robust and recognizable UIs in order to help users in making aware choices while surfing the web. In this process, creating trusted UIs notification mechanisms played a crucial role: today any modern browser is able to identify potentially dangerous/sensitive actions requested...
Topics: Youtube, video, Science & Technology, Safari (Software), internet explorer, notification,...
KEYNOTE MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ KEYNOTE ABSTRACT: Reading the headlines today, we see that security issues frequently involve employees, their accounts, and their machines. And yet many security professionals view their employees as a lost cause. Between bad passwords, phishing, and lost machines, these users seem to present unbounded risk. And managing that risk often creates tensions between business needs and security needs. In this keynote I'll...
Topics: Youtube, video, Science & Technology, bob lord, twitter, phishing, experimental results, hitb,...
Tegra is a system on a chip (SoC) series developed by Nvidia for mobile devices such as smartphones, personal digital assistants, and mobile Internet devices. Nvidia targeted Tegra as the fastest mobile processor in the world. Although Tegra platform is not famous as Qualcomm platform in smart phone field, but Tegra platforms are used in many important devices. For example, Google Nexus 9 Tablet is using Tegra K1 platform, Tesla moto is using Tegra 3 platform in its cars. Chromebooks are also...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, trend micro, nvidia,...
Recently, malicious mining using CPUs has become a trend – mining where the task is not detected by the user is even more of a threat. We have worked to discover IA-32 vulnerabilities over the last couple of months and have found that by using hardware task switching method, we can execute another task that is undetectable by the OS from the normal user perspective. Currently hardware task switching method is not used but exists on modern computers as current task switching methods are...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Kyeong Joo Jung,...
With security as one of its design fundamentals, Microsoft Edge browser is one of the most secure browsers around. How difficult is it to find remote code execution exploits in the Edge browser? To answer this question we spent time researching various attack surfaces in the Edge browser and came away with an answer – go in through the ChakraCore engine. ChakraCore is the core of Microsoft’s next generation Javascript Engine that powers Microsoft Edge. Since it is open sourced, we can...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Long Liu, linan hao,...
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Unified Extensible Firmware Interface or UEFI, is the result of a common effort from several manufacturers and industry stakeholders based on an initiative from Intel. It is a new software component or 'middleware' interposed between the hardware and the operating system designed to replace the traditional aka old BIOS. This presentation is a study of the overall architecture of UEFI from a...
Topics: Youtube, video, Science & Technology, esx, kaczmarek, hitbsecconf, sebastien kaczmarek,...
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Windows 8 will come with lots of change compared to Windows 7, not only with the new Metro interface, ARM support, but...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Source: https://www.youtube.com/watch?v=XE-woojOSq0 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
The security community is trying to solve insecurity caused by bugs and flaws in software for many years now, but with what success? We almost never look in successes and failures experiences in other areas, but we could really learn from. This talk is inspired by Ernesto Sirolli’s TED talk “Want to help someone? Shut up and listen” about failures in the aid program’s around the world. Listening to Ernesto Sirolli, you cannot miss the similarity with the security community trying to...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
In the past few years hackerspaces came to the world to create a creative and hacky environment for the people but we need something for the younger ones. Let’s call them mini-hackers, junior-nerds, the techchilds or the coding-kids. Most kids aren’t exposed to interesting hacking stuff at their schools and the situation is pretty much the same here in The Netherlands – the main subject is always general studies. These junior-nerds and techchilds don’t fit in to this square hole and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
Since I started working in the larger security field, I’ve worked as a scripting monkey, as a malware analyst, as a reverse engineer, as a threat detection specialist; I analyzed nation state threats, did incident response for hospitals, wrote tools and looked into CPU bugs. I taught non-intentional male-only reverse engineering classes, and fully-intentional women-only reverse engineering classes. I tried to build projects on top of broken tools, got upset about it, and calmed down again....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, marion marschalek,...
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: I've been in the home computing industry ever since it started. From the IBM-360 Main frame through a college course, to a small mini-computer operated by a private individual, Call Computer. Having lived in Silicon valley, the center of all this activity, I managed to be in the right spots most of the time, and have a knack for putting people together -- Steve Wozniak with Alex from Call...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, john draper, captain...
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: Starting with the earliest Chromium Security Reward Program, we'll look at the evolution from $500 in 2010 to $60000 in 2012. Along the way, we'll look at the events and motivations that directed the growth of the program, as well as celebrate some of the more interesting and quirky bugs and individuals involved. Most excitingly, we'll end with results and updates from the previous day's...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, disclosure, responsible...
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Amazon Web Services has emerged as one of the fastest growing companies in the past five years, and is increasingly...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Dhillon 'L33tdawg' Kannabhiran Founder/Chief Executive Officer, Hack In The Box ======= Time flies when you’re having fun! It flies even faster when you’re having fun with friends! From the back alleys of Kuala Lumpur, to the sand dunes of the UAE – from the pristine streets of Singapore to the picturesque canals of Amsterdam, we’ve come a long way baby – and we’ve got a long way more to go! Join me in this look back at over a decade of running this ‘thing’ called the Hack In...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: If you want to believe popular movies or worse yet popular news, a hacker's perfect habitat is either a riverside apartment in the tropics, an ominous apartment in Eastern Europe or an unsuspecting mother's basement in the United States. Obviously, neither movie directors nor reporters have ever worked security in the Far East. In this presentation, we will shine a light on how security...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, paul sebastian ziegler,...
It’s 2016. WiFi is more widespread than ever. Every average household has one or several WiFi access points, often provided by their Internet Service Provider. Sadly, after many years.. many of these router/modem/access points ship with a default set of WiFi credentials (that is unique to the specific box) that can be recovered by clever attackers. In this talk we’ll walk you through how the algorithm for generating ESSID and WPA2-PSK keys for a widespread modem was recovered and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, ctf,...
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Since cookies store sensitive data (session ID, CSRF token, etc.) they are interesting from attacker’s point of view. As it turns out, quite many web applications (including sensitive ones like bitcoin platforms) have cookie related vulnerabilities that lead for example to user impersonation, remote cookie tampering, XSS and more. Developers tend to forget that multi-factor authentication will not help when...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Exploit kits are one of the threats that is ever present on the Internet. Indiscriminately compromising users that are simply surfing websites. As ransomware has exploded so has the proliferation of these exploit kits. This combination of ransomware, tor, and bitcoin has created a financially lucrative monster. One of the challenges with investigating exploit kits is how quickly they move and pivot to other systems. For the last year Talos has been systematically diving into each exploit kit...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, cisco, talos,...
------------------------------------------------------------------------------------------------------ #HITB2012KUL (OCT 10-11) REGISTRATION NOW OPEN http://conference.hitb.org/hitbsecconf2012kul/ ------------------------------------------------------------------------------------------------------ Presentation Materials: http://conference.hitb.org/hitbsecconf2012ams/materials/ Web browsers have become part of everyday life, and are relied upon by millions of internet citizens each day. The...
Topics: Youtube, video, Science & Technology, hitb, hitb2012ams, hitbsecconf, hackinthebox, hack in the...
Attacks targeting connected cars have already been presented in several conferences, as well as different tools to spy on CAN buses. However, there have been only a few attempts to create “something similar” to a useful backdoor for the CAN bus. Moreover, some of those proofs of concept were built upon Bluetooth technology, limiting the attack range and therefore tampering its effects. Now we are happy to say, “those things are old”! We have successfully developed a hardware backdoor...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, sheila ayelan berta,...
The first ever HITB keynote panel discussion on the Future of Mobile Malware and Cloud Computing Security Source: https://www.youtube.com/watch?v=O10uN87Dxes Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
SOME – “Same Origin Method Execution” is a new technique (2 years since its first big exposure) that abuses callback endpoints in order to perform a limitless number of unintended actions on a website on behalf of users, by assembling a malicious set of timed iframes and/or windows. The attack was proven against vast platforms such as WordPress and various web applications built by Google, Paypal, Microsoft and etc. This attack is not UI related nor it is confined in terms of user...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, ben hayak, some, same...
In this presentation, we show promising new defense-in-depth techniques to protect modern web applications from old and new classes of bugs: Suborigins to have finer-grained control over origin boundaries, Site Isolation and XSDB against Spectre and Meltdown attacks, and last but not least Origin and Feature Policy. In addition to that, we explain new features of the upcoming CSP 3 specification like ‘unsafe-hashed-attributes’ and give an overview of how we were able to enforce CSP as a...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Lukas Weichselbaum,...
Keynote 1 @ HITB2010 Malaysia presented by Chris 'weldpond' Wysopal on The Perpetual Insecurity Machine Source: https://www.youtube.com/watch?v=h82EDVOyeXQ Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
KEYNOTE PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ CLOSING KEYNOTE ABSTRACT: Join Winn Schwartau as he looks into his crystal ball and predicts the future of information security, information warfare, cyberterrorism and the coming technologies we will be facing and it's not going to be pleasant either. Bumblebots and nanotechnology. High Energy RF Weapons. Deception. Wireless? What are the impacts on business and productivity? When law enforcement won't...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2013ams, winn...
The first ever HITB keynote panel discussion on the Future of Mobile Malware and Cloud Computing Security Source: https://www.youtube.com/watch?v=cZx2_lSynr8 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, People & Blogs, hitb2010kul
Ok, parking meters, they’ve been discussed, hacked, torn down, even had EEPROM data read off of them with the use of electron microscope and aid of neural-network image processing. What makes my talk different? The talk will cover the background of the manufacturer, some initial communications with them, and of course the hardware itself. The hardware portion includes a tear down of a “smart” parking meter, as seen in San Francisco and many other US metropolitan cities, with mobile...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, commsec,...
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2013ams/materials/ PRESENTATION ABSTRACT: Server request forgery attacks -- SSRF (Server Side Request Forgery) has been known since 2008, but only recently used in practical information security work. Vulnerabilities of this class gives the attacker the ability to send different requests on behalf of the server, which in turn allows you to bypass various network perimeter restrictions giving the attacker the ability to create...
Topics: Youtube, video, Science & Technology, vulnerability, fastcgi, pwn, vladimir vorontsov, http,...
Presentation Title Air Travel Hacking: Understanding and (Ab)Using the Global Distribution System Presentation Abstract In the recent years air travel has become a commodity and generally cheaper thanks to good acess to booking engines over the internet. This presentation introduces the attendees to basics of air travel booking systems. The main part is spent on showing shortcomings of the online systems. A more direct access to the booking systems thanks to the Internet allows to search for...
Topics: Youtube, video, Science & Technology, Air, Travel, Hacking, Understanding, and, Ab, Using, the,...
Six years ago a tweet about a broken elevator was the starting point of endless rumors and a gigantic hype in the jailbreak scene about a miraculous iOS jailbreak called elevat0r. While the name was originally a joke by some people who wanted to fool the jailbreaking scene since then it has been my goto name for all my private jailbreaks. Since then a long time has passed and all the vulnerabilities used in the original incarnation of the first elevat0r have been fixed by Apple. But their story...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, stefan esser, ionic,...
Source: https://www.youtube.com/watch?v=5F81wlbzG60 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Source: https://www.youtube.com/watch?v=5c_1vZxZvuc Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
You don’t end up working over a decade without seeing some crazy stuff. From defense to finance to startups, my journey through the wilds of information security has been a wild ride. Join me as I go through the biggest challenges I’ve faced throughout my career. We’ll laugh, we’ll cry, we’ll probably want to punch something. === Kelly Lum has has used her 12 plus years knowledge of both defensive and offensive security in a wide range of industries, including military, finance, and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, kelly lum, 13 years of...
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: The traditional security models are failing as they become obsolete in a world where the environment and technology are constantly changing and advancing. As the use of personal devices and applications is on the rise such is the demand for broader access to enterprise resources wherever these are. The need to allow anytime anywhere access to enterprise resources from any user, including external users, and...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Source: https://www.youtube.com/watch?v=PNt1ZZbPOxM Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Source: https://www.youtube.com/watch?v=kVzXTT8oNIQ Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Presentation Title Privacy, Secrecy, Freedom and Power Presentation Abstract Technological advances have both diminished and enhanced the ability to keep information private, but on balance have challenged privacy more than strengthened it. As a result, the law has been under pressure to play an increasing role in protecting secrecy, whether in class action lawsuits or national security prosecutions. But the law is a dull tool, so we are living through a kind of information anarchy now where...
Topics: Youtube, video, Science & Technology, Privacy, Secrecy
The observer effect (commonly confused with Heisenberg’s Uncertainty principle) tells us that in particle physics, the act of observing an event changes its behavior. This is true in computer systems as well, and can be used by an attacker to determine if they are being monitored or introspected upon from on high. This talk will begin by examining architectural “tells” that can be utilized to detect the presence of analysis tools, even those with higher privilege/stealth capabilities than...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitb2016ams, pufs, cots,...
What do the Dallas tornado siren attack, hacked electric skateboards, and insecure smart door locks have in common? Vulnerable wireless protocols. Exploitation of wireless devices is growing increasingly common, thanks to the proliferation of RF protocols driven by mobile and IoT. While non-Wi-Fi and non-Bluetooth RF protocols remain a mystery to many security practitioners, exploiting them is easier than one might think. Join us as we walk through the fundamentals of radio exploitation. After...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, matt knight, marc...
HITB2011AMS Post Conference Reception (organized by HITB and Elevator Passion and made possible thanks to support from Microsoft) with 3 hacker filled boats cruising down the canals of Amsterdam with live DJs on each boat plus a special set by Articflmen Source: https://www.youtube.com/watch?v=KXWKJ-tcYdY Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Entertainment, hitb, hitb2011ams, microsoft, hackers, op, de, gracht, hackinthebox,...
Source: https://www.youtube.com/watch?v=R-RP0BZGCQ4 Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Have you ever cared for the security of the place where you usually live? Have you ever felt that you live in a city that is not taking care of the secure implementations of new technologies and therefore potentially threatening citizens’ life? The aim of this panel discussion is to share thoughts, problems and solutions regarding the communication between users, hackers, vendors and governments or administrative offices. This comes along with the discussion of technical challenges and the...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, smart city, smart...
Radio timing service, such as GPS, BPC, JJY, WWVB, DCF77, WWVH have been widely used as a basic time source for industry or individual systems. These signals are used by millions of people to synchronize consumer electronic products like wall clocks, clock radios, and wristwatches. NTP sever also use these signals to get a precise time. In this presentation we show how these signals can be forged with a low cost circuit. If hackers take this device to the target region and emit the fake signal,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, sdr, ntp, hitb2016ams
A little over ten years ago, a friend of ours returned to his hotel room to find that his laptop was gone. The door to his room showed no signs of forced entry; there was no record that the electronic lock had been accessed while he was away; and there was certainly no evidence that this electronic lock, deployed on millions of doors in more than 150 countries worldwide, could have been hacked. Sometimes hacking boils down to spending more time on something than anyone could reasonably expect....
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, timo hirovinen, tomi...
Source: https://www.youtube.com/watch?v=Dn3jb2BBBCE Uploader: Hack In The Box Security Conference
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox
Healthcare organizations typically have many different computer systems used for everything from billing records to patient tracking. All of these systems should communicate with each other (or “interface”) when they receive new information, or when they wish to retrieve information. In order to facilitate this, Health Level-7 or HL7 was developed – a set of international standards for transfer of clinical and administrative data between software applications used by various healthcare...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, anirudh duggal,...
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Security is a property of human outcomes, not technical systems. The security community understands how to think about the security of code and is learning how to think about the security of large systems, but has barely begun to start to think about how to improve security outcomes for humans. Security for humans affects the entire software development and deployment lifecycle, but it’s most strongly...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
PRESENTATION MATERIALS: http://conference.hitb.org/hitbsecconf2012kul/materials/ PRESENTATION ABSTRACT: The backbones of our digital lives, the ISPs and Telecom operators, have never been secure. Their "closed garden" security model has always been a fallacy and the reality on the ground paints a much bleaker picture. Why are they constantly getting hacked, and sometimes discovering it many years later or not at all? This presentation will give a broad perspective on the security of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, telco, hackers, hacking,...
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: In this talk we will look into how a series of 0-day vulnerabilities can be used to hack into tens of thousands of SOHO Routers. We will elaborate on the techniques that were used in this research to locate exploitable routers, discover 0day vulnerabilities and successfully exploit them on both the MIPS and ARM platforms. The talk will cover the following topics: – Dumping and analyzing router firmware from...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Protection mechanisms running in the kernel-level (Ring 0) cannot completely prevent security threats such as rootkits and kernel exploits, because the threats can subvert the protections with the same privileges. Protections need to be provided with higher privileges. Creating Ring -1 is plausible using VT such as ARM TrustZone, Intel VT-x, and AMD AMD-v. The existing VT (Virtualization Technologies) has support to separate worlds in a host (secure world, ring -1) and a guest (normal world,...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, seunghun han, shadow...
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: Zero-day vulnerabilities are gaining a prominent role in the modern-day intelligence, national security, and law enforcement operations. At the same time, trading vulnerability information or zero-day exploits is considered a risky ordeal. Players in the secretive zero-day market face some inherent obstacles related to time-sensitiveness of traded commodities, trust, price fairness, and possibility of...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
IoT is an emerging field and exploding with new products and innovation. The security of IoT products is still lagging behind for various reasons. One of the important reasons from security researcher’s perspective is the availability of security tools. If you have been pen testing IoT products you would agree that there are too many different tools required for the job and there is no single silver bullet. And when it comes to Smart Infrastructure, we do not have any existing solution...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, Aseem Jakhar, iot,...
PRESENTATION MATERIALS: http://gsec.hitb.org/materials/sg2015/ PRESENTATION ABSTRACT: This talk is about applying analogue thinking to Network Security. It’s about a different way of approaching our defenses, understanding the attackers and hopefully will inspire others. It’s about a mélange of concepts, many analogue, that when combined in various ways, I hope will help our industry. My goal is to introduce some ideas more conventionally thought of as ‘analogue’ than digital, then...
Topics: Youtube, video, Science & Technology, hitb, hitbsecconf, hackinthebox, hitbgsec
Live Music Archive
Librivox Free Audio
Metropolitan Museum
Cleveland Museum of Art
Internet Arcade
Console Living Room
Books to Borrow
Open Library
TV News
Understanding 9/11
