DEF CON 23 [Audio] Speeches from the Hacker Convention

DEF CON

The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org

  1. 11/03/2015

    Rob Bathurst (evilrob) & Jeff Thomas (xaphan) - Canary: Keeping Your Dick Pics Safe(r)

    Materials Available here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Evilrob-Xaphan-TLS-Canary-Keeping-Your-Dick-Pics-Safer.pdf Canary: Keeping Your Dick Pics Safe(r) Rob Bathurst (evilrob) Security Engineer and Penetration Tester Jeff Thomas (xaphan) Senior Cyber Security Penetration Testing Specialist The security of SSL/TLS is built on a rickety scaffolding of trust. At the core of this system is an ever growing number of Certificate Authorities that most people (and software) take for granted. Recent attacks have exploited this inherent trust to covertly intercept, monitor and manipulate supposedly secure communications. These types of attack endanger everyone, especially when they remain undetected. Unfortunately, there are few tools that non-technical humans can use to verify that their HTTPS traffic is actually secure. We will present our research into the technical and political problems underlying SSL/TLS. We will also demonstrate a tool, currently called “Canary”, that will allow all types users to validate the digital certificates presented by services on the Internet. Evilrob is a Security Engineer and Penetration Tester with over 14 years of experience with large network architecture and engineering. His current focus is on network security architecture, tool development, and high-assurance encryption devices. He currently spends his days contemplating new and exciting ways to do terrible things to all manner of healthcare related systems in the name of safety. Twitter: @knomes xaphan is a "Senior Cyber Security Penetration Testing Specialist" for a happy, non-threatening US government agency. He has been a penetration tester for 17 years, but maintains his sanity with a variety of distractions. He is the author of several ancient and obsolete security tools and the creator of DEFCOIN. Twitter: @slugbait

  2. 10/30/2015

    Zoz - And That's How I Lost My Other Eye: Further Explorations In Data Destruction

    And That's How I Lost My Other Eye: Further Explorations In Data Destruction Zoz Robotics Engineer and Security Researcher How much more paranoid are you now than you were four years ago? Warrantless surveillance and large-scale data confiscation have brought fear of the feds filching your files from black helicopter territory into the mainstream. Recent government snatch-and-grabs have run the gamut from remotely imaging foreign servers to straight up domestic coffeeshop muggings, so if you think you might need to discard a lot of data in hurry you're probably right. In their legendary DEF CON 19 presentation Shane Lawson, Bruce Potter and Deviant Ollam kicked off the discussion, and now it's time for another installment. While purging incriminating material residing on spinning disks remains the focus, the research has been expanded to encompass solid state storage and mobile solutions to your terabyte trashing needs. With best efforts to comply with the original constraints, the 2015 update features more analysis of the efficacy of kinetic projectiles, energetic materials and high voltages for saving your freedom at the potential cost of only a redundant body part... or two. Zoz is a robotics engineer, rapid prototyping specialist and lifelong enthusiast of the pyrotechnic arts. Once he learned you could use a flamethrower and a coffee creamer bomb to fake a crop circle for TV he realized there are really no limits to creative destruction.

  3. 10/30/2015

    Zack Fasel - Seeing through the Fog

    Seeing through the Fog Zack Fasel Urbane Security Yes. "The Cloud" (drink). Even though many of us would much like to see use of public clouds decline, they're not going away any time soon. And with such, a plethora of companies now have revolutionary new solutions to solve your "cloud problems". From crypto to single sign on with two step auth, proxies to monitoring and DLP, every vendor has a solution, even cloud based for the cloud! What we haven't seen is much of an open source or community lead solution to these problems. So let's change that. Zack will review the laundry list of security problems with various cloud providers (and their pluthera of APIs), provide some easy fixes to the common issues seen, and introduce a few new open source tools to help monitor and defend the data and access in the wild. Zack Fasel is a Founding Partner at Urbane Security, a solutions-focused vendor-agnostic information security services firm focusing on providing innovative defense, sophisticated offense and refined compliance services. Heading up Urbane's Research and Security Services divisions, Zack brings his years of diverse internal and external experience to drive Urbane's technical solutions to organizations top pain points. His previous research and presentations at conferences have spread across numerous domains including Windows authentication flaws, femtocells, open source defensive security solutions and unique network and application attack vectors. When not selling out, he can be found lost in the untz unce wubs, dabbling in instagram food photography, or eating scotch and drinking gummy bears (that's right, right?). More information on him can be found at zfasel.com and on Urbane Security at UrbaneSecurity.com. Twitter: @zfasel

  4. 10/30/2015

    Terrell McSweeny & Ashkan Soltani - How to Hack Government: Technologists as Policy Makers

    How to Hack Government: Technologists as Policy Makers Terrell McSweeny Commissioner, Federal Trade Commission Ashkan Soltani Chief Technologist, Federal Trade Commission As the leading federal agency responsible for protecting your privacy rights online, technology is at the core of the Federal Trade Commission's work. You may be familiar with the agency's enforcement actions against some of the world's biggest tech companies for privacy/data security violations - but you may not know how your research skills can inform its investigations and policy. Come hear about some of the Commission's recent tech-related actions, research and reports, plus how its work impacts both consumers and businesses. You'll also learn how you can directly or indirectly help the agency protect consumers, guide businesses to develop better/strong data security, and much more. Terrell McSweeny serves as a Commissioner of the Federal Trade Commission - sometimes referred to as the Federal Technology Commission. This year marks her second DEF CON adventure. When it comes to tech issues, Commissioner McSweeny wants companies to implement security by design, to be transparent about their data collection practices, and to give consumers as much control as possible. Twitter: @TMcSweenyFTC Ashkan Soltani serves as the FTC's fourth Chief Technologist. He is a privacy and security researcher whose work draws attention to privacy problems online, demystifies technology for the non-technically inclined, and provides data-driven insights to help inform policy. Ashkan was recognized as part of the 2014 Pulitzer winning team at the Washington Post and was the primary technical consultant on the Wall Street Journal's "What They Know" investigative series on online privacy. Twitter: @TechFTC

  5. 10/30/2015

    Sean Pierce - Abusing native Shims for Post Exploitation

    Abusing native Shims for Post Exploitation Sean Pierce Technical Intelligence Analyst for iSIGHT Partners Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as in-memory patching, malware obfuscation, evasion, and system integrity subversion. For defenders, I am releasing 6 open source tools to prevent, detect, and block malicious shims. Sean Pierce is a Technical Intelligence Analyst for iSIGHT Partners. Sean currently specializes in reverse engineering malware & threat emulation and in the past has worked on incident response, botnet tracking, security research, automation, and quality control. Prior working at iSIGHT Partners, he was an academic researcher and part time lecturer at the University of Texas at Arlington where he earned a Bachelors of Computer Engineering with a minor in Math. Sean also does freelance consulting, penetration testing, forensics, and computer security education. He is an Eagle Scout and enjoys learning how things work. Twitter: @secure_sean

  6. 10/30/2015

    Scott Erven and Mark Collao - Medical Devices - Pwnage and Honeypots

    Medical Devices: Pwnage and Honeypots Scott Erven Associate Director, Protiviti Mark Collao Security Consultant, Protiviti We know medical devices are exposed to the Internet both directly and indirectly, so just how hard is it to take it to the next step in an attack and gain remote administrative access to these critical life saving devices? We will discuss over 20 CVEís Scott has reported over the last year that will demonstrate how an attacker can gain remote administrative access to medical devices and supporting systems. Over 100 remote service and support credentials for medical devices will be presented. So is an attack against medical devices a reality or just a myth? Now that we know these devices have Internet facing exposure and are vulnerable to exploit, are they being targeted? We will release and present six months of medical device honeypot research showing the implications of these patient care devices increasing their connectivity. Scott Erven is an Associate Director at Protiviti. He has over 15 years of information security and information technology experience with subject matter expertise in medical device and healthcare security. Scott has consulted with the Department of Homeland Security, Food and Drug Administration and advised national policymakers. His research on medical device security has been featured in Wired and numerous media outlets worldwide. Mr. Erven has presented his research and expertise in the field internationally. Scott also has served as a subject matter expert and exam writer for numerous industry certifications. His current focus is on research that affects human life and public safety issues inside todayís healthcare landscape. Mark Collao is a Security Consultant at Protiviti. He has over 5 years of experience in information security consulting, primarily in network and application penetration tests, red team assessments, and social engineering exercises. Mark also researches botnet activity and maintains several custom protocol and application honeypots on the net. He holds an Offensive Security Certified Professional (OSCP) certification, is a member of the MWCCDC red team, and graduated from DePaul University.

  7. 10/30/2015

    Runa A. Sandvik & Michael Auger - When IoT attacks - Hacking a Linux-powered Rifle

    When IoT attacks: hacking a Linux-powered rifle Runa A. Sandvik Michael Auger TrackingPoint is an Austin startup known for making precision-guided firearms. These firearms ship with a tightly integrated system coupling a rifle, an ARM-powered scope running a modified version of Linux, and a linked trigger mechanism. The scope can follow targets, calculate ballistics and drastically increase its user's first shot accuracy. The scope can also record Audio and audio, as well as stream Audio to other devices using its own wireless network and mobile applications. In this talk, we will demonstrate how the TrackingPoint long range tactical rifle works. We will discuss how we reverse engineered the scope, the firmware, and three of TrackingPoint's mobile applications. We will discuss different use cases and attack surfaces. We will also discuss the security and privacy implications of network-connected firearms. Runa A. Sandvik is a privacy and security researcher, working at the intersection of technology, law and policy. She is a technical advisor to both the Freedom of the Press Foundation and the TrueCrypt Audit Project, and a member of the review board for Black Hat Europe. Twitter: @runasand Michael Auger is an experienced IT Security specialist with extensive experience in integrating and leveraging IT security tools. He has leveraged a wide range of IT security solutions, integrating them, to deliver leading edge incident response and security operations capabilities. His 15+ year career includes: · Supporting security incidents during the event and the subsequent remediation phases · Implementing and managing IT security infrastructures for public and private organizations. · Design and implement global SIEM infrastructure for F100 organizations · Delivering training on advanced SIEM solutions and network discovery tools · Presenting and publishing security articles on security vulnerabilities and best practices

  8. 10/30/2015

    Robert Graham and David Maynor - HamSammich – long distance proxying over radio

    HamSammich – long distance proxying over radio Robert Graham Erratasec.com David Maynor Erratasec.com The ProxyHam talk was mysteriously canceled. However, it’s easy to replicate the talk from the press coverage. In this talk, we propose “HamSammich”, creating a point-to-point link in order to access WiFi from many miles away, as a means to avoid detection. We show how off-the-shelf devices can be configured to do this for less than $200. After demonstrating the working system, we’ll talk about radio signals. This includes both the FCC regulatory issues which may have caused the cancelation of the original talk, as well as signals-intelligence, and the practicalities of being detected and caught. Finally, we’ll talk about hiding signals with SDR, a more complicated and expensive technique, but one that hides better in the electromagnetic spectrum. We’ll demonstrate not only a working system, but what the 900MHz spectrum looks like, and how to track down a working system. Robert Graham is the CEO of Errata Security, a pentest/consulting firm. He's known for creating the first IPS, the BlackICE series of products, sidejacking, and masscan. In his spare time, he scans the Internet. He has been speaking at several conferences a year for the past decade. Twitter: @ErrataRob David Maynor is the CTO of Errata Security, and chief pentester. He’s a frequent speaker at conferences, most infamously in the Apple WiFi scandal. In his spare time, he builds weapons for Skynet’s domination of the planet. Twitter: @Dave_Maynor

See All (133)

Ratings & Reviews

3.3
out of 5
4 Ratings

About

The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org

Information