Keep your eyes on this space, we’ll be adding new talks frequently! DEF CON has changed for the better since the days at the Alexis Park. It has evolved from a few speaking tracks to an event that still offers the speakers, but also Villages, where you can get hands-on experience and Demo Labs where you brainwallets: Just Say No! see tools in action.
Of course, there is still the entertainment and Contest Area, as well as, Capture The Flag. Mike Petruzzi has been hacking managers for over 25 years. Mike is a Senior Cyber Security Penetration Testing Specialist working at various Federal Civil Agencies for the last 15 years. Yup, that’s the title he was given.
Naturally, he got all his IT experience as the result of selling beer, wine and liquor. He has tricked everyone into believing that he can do anything at all. Nikita works full time for DEF CON doing stuff, and things. She is DEF CON’s administrator, director of the CFP review board, speaker liaison, workshop manager, and overall cat herder. Helping out over the past decade she has been involved in some capacity for over a dozen departments, activities, contests, and events. He can neither confirm nor deny working for any of the three letter agencies that oversee WMDs, high energy weapons , and play around with other countries.
Plug is a Mexican immigrant that immigrated to the States at age 18. While learning to read English found a 2600 magazine that lead him to his first LA2600 meeting in 1998, from that point forward he has been a computer security enthusiast. Over the years he has worked a System’s Administrator with a focus in security, eventually moving full time to work in information security. This is Russ’ 17th year as a DEF CON goon, and he has over 25 years experience in hacking. Russ first learned to program around the 1982 timeframe, when he received a Timex Sinclair, which used only programs keyed in via BASIC.
Font Letter changes when saved in .svg format in xmgrace
He’s been involved in a numbers of aspects of DEF CON over the years, including the vendors, contests, DEF CON Groups, security, Hardware Hacking Village, and planning. Senior American officials routinely hold dialogues with foreign officials to discuss cyber espionage. Yet we often see newspaper headlines clearly identifying that one country is hacking another country through state-sponsored, cyber criminal, or hacktivist means. Two major roadblocks in cyber diplomacy are the “attribution problem,” and the related “disclosure dilemma. If there is indeed an attribution problem–when a country cannot be sure which other state is hacking it because a third country could be using it as a proxy–then a country could never accuse another countries of state-sponsored cyber attacks.
My presentation identifies how government-to-government cyber diplomacy works, examines the attribution problem and disclosure dilemma more fully, and shows how the U. This is not a technical presentation, but rather it is a policy presentation on cyber diplomacy drawing from political science and my diplomatic experience. At the State Department, he was the senior political-military affairs officer covering the East Asia region and his responsibilities included coordinating diplomatic dialogues, formulating plans with the Pentagon, notifying Congress of U. Obligatory disclaimer: The comments are his own, and do not represent the U. David emphasizes that he is no longer a fed. Fooling around with some ideas we found ourselves creating a hacker magnet. Game of Hacks, built using the node.
A multiplayer option makes the challenge even more attractive and the leaderboard spices up things when players compete for a seat on the iron throne. Within 24 hours we had 35K players test their hacking skillswe weren’t surprised when users started breaking the rules. Learn how to avoid vulnerabilities in your code and how to go about designing a secure application Hear what to watch out for on the ultra-popular node. He has been with the security community for more than a decade where he has taken on multiple tasks and responsibilities over the years, including technical and Senior Product lead positions. Amit adds valuable product knowledge including experience with a wide range of security platforms and familiarity with emerging threats and the hi-tech security industry. Maty is the CTO and founder of Checkmarx.
Maty has more than a decade of experience in software development, IT security and source-code analysis. Prior to founding Checkmarx, Maty worked for two years at the Israeli Prime Minister’s Office as a senior IT security expert and project manager. Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same initialization vector. This presentation includes proof-of-concept attacks demonstrating XSLT’s potential to affect production systems, along with recommendations for safe development. Fernando Arnaboldi is a senior security researcher and consultant at IOActive, Inc.
Have you ever attended an RFID hacking presentation and walked away with more questions than answers? 56 MHz and can be found in things like mobile payment technologies, e. This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you’ll need to build an RFID penetration toolkit.
Have you heard of Bitcoins before?
This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals. IT security services to the Fortune 1000 and global financial institutions as well as U. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques. IT security services to the Fortune 500, global financial institutions, and high-tech startups. Shubham’s primary areas of expertise are application security assessment, source code review, and mobile application security.
He regularly conducts web application security research and frequently contributes to the security of open-source projects. He has presented at Ruxcon and is known in Australia for his identification of high-profile vulnerabilities in the infrastructures of major mobile telecommunication companies. Prior to joining Bishop Fox, Shubham worked at EY. At EY, he performed web application security assessments and application penetration tests. Additionally, Shubham has been a contractor for companies such as Atlassian.
As a contractor, he conducted external web application security penetration tests. Shubham also develops and maintains open-source projects such as Websec Weekly that assist the web application security industry. When a Windows domain is compromised, an attacker has several options to create backdoors, obscure his tracks, and make his access difficult to detect and remove. In this talk, I discuss ways that an attacker who has obtained domain administrator privileges can extend, persist, and maintain control, as well as how a forensic examiner or incident responder could detect these activities and root out an attacker.
Grant Bugher has been hacking and coding since the early 90’s and working professionally in information security for the last 11 years. He is currently a security consultant and engineer for a cloud service provider, and has previously been an architect, program manager and software engineer on a variety of online services, developer tools and platforms. Satanklawz has been in the information security realm for 15 years. He built and sold a wireless ISP, worked info sec in the financial services industry and now is a public servant of sorts. His hobbies and interests have always involved radio in some sort of fashion. When he has spare time, he is completing his PhD, teaches, create mischief, and is working on his dad jokes. Wi-Fi is a pervasive part of everyone’s everyday life.
r/NiceHash – Mining on vps 2018! best solution to choose?
Whether it be home networks, open hotspots at cafés, corporate networks or corporate guest networks they can be found virtually everywhere. Fortunately, for the security minded, some steps are taken to secure these weak points in one’s infrastructure. Usually this is done through some form of registration page which is common in the case of guest networks. In the most paranoid of cases, companies will generally attempt to isolate Wi-Fi networks from their official networks in order to protect their own assets from attacks, while still ensuring that Wi-Fi is convenient for end users. But there is another way to attack a company that could be damaging to the host company and harmful to other targets. During the presentation we will cover the findings through our tests along with a list of recommendations for what can be done to mitigate this risk. This is a must attend session to all security professionals and high level management.
Peter Desfigies is a Security Consultant at TELUS Communications Inc. Security Analyst at TELUS Communications Inc. SIEM specialists to provide customers with a cloud SIEM service offering. Primarily working on rule development and user work flows his other interests in the field includes developing tools to help automate and expedite repetitive work to increase user efficiency. Managing Consultant at TELUS and Security Intelligence architect within the TELUS Cyber Security Investigation Unit.
Naveed’s other interests are in application forensics and enterprise security architecture. Naveed’s prior duties with TELUS include securing of then world’s largest PKI infrastructure known as Secure Channel. It will issue certificates for free, using a new automated protocol called ACME for verification of domain control and issuance. We will also update our place on the roadmap to a Web that uses HTTPS by default. Peter Eckersley is Chief Computer Scientist for the Electronic Frontier Foundation. He leads a team of technologists who watch for technologies that, by accident or design, pose a risk to computer users’ freedoms—and then look for ways to fix them.
They write code to make the Internet more secure, more open, and safer against surveillance and censorship. They explain gadgets to lawyers and policymakers, and law and policy to gadgets. Comcast was using forged reset packets to interfere with P2P protocols. Peter holds a PhD in computer science and law from the University of Melbourne. James Kasten is a PhD candidate in Computer Science and Engineering at the University of Michgan and a STIET fellow.
James is also a contractor at the Electronic Frontier Foundation. His research focuses on practical network security and PKI. James has published on the state of TLS, its certificate ecosystem and its vulnerabilities. Most notably, James has helped design the protocol and launch the technology behind Let’s Encrypt. Yan is a security engineer at Yahoo, mostly working on End-to-End email encryption and improving TLS usage.
Yan has held a variety of jobs in the past, ranging from hacking web apps to composing modern orchestra music. MIT in 2012 and is a proud PhD dropout from Stanford. You can access your email, documents, contacts, browsing history, notes, keychains, photos, and more all with just a click of the mouse or a tap of the finger – on any device, all synced within seconds. Much of this data gets cached on your devices, this presentation will explore the forensic artifacts related to this cached data. Sarah is an digital forensic analyst who has worked with various federal law enforcement agencies. Sarah’s research and analytical interests include Mac forensics, mobile device forensics, digital profiling, and malware reverse engineering.
German Stock Exchange Eyes Bitcoin and Cryptocurrencies – Bitcoin Magazine
It takes passion, dedication, and an unwavering attention to detail. Hacking requires a breadth of knowledge spread across many domains. We need to have experience with different platforms, operating systems, software packages, tools, programming languages, and technology trends. Being overly deficient in any one of these areas can add hours to our hack, or even worse, bring us total failure. And while all of these things are important for a well-rounded hacker, one of the key areas that is often overlooked is cryptography. In an era dominated by security breaches, an understanding of encryption and hashing algorithms provides a tremendous advantage. We can better hone our attack vectors, especially when looking for security holes.
This presentation is an overview of the most common crypto routines helpful to hackers. We’ll review the strengths and weaknesses of each algorithm, which ones to embrace, and which ones to avoid. We’ll even talk about creative ways to merge algorithms to further increase entropy and key strength. Eijah is the founder of demonsaw, a secure and anonymous content sharing platform, and a Senior Programmer at a world-renowned game development studio. He has over 15 years of software development and IT Security experience. His career has covered a broad range of Internet and mid-range technologies, core security, and system architecture. Fuzzing is a well-established technique for finding bugs, hopefully exploitable ones, by brute forcing inputs to explore code paths in an application.
In recent years, fuzzing has become a near mandatory part of any major application’s security team efforts. Despite this, our improved fuzzing approach was able to find four confirmed bugs within Google Chrome and two within Microsoft Internet Explorer 11. The bugs had varying potential exploitability. Interestingly, some had been independently discovered indicating others are active in this field.
The work is on going, and we hope to have more before the presentation. Something we hope to help address. The first part is an introduction to fuzzing for the security practitioner. Saif is the body double for Borat, but couldn’t pull off a mankini and ended up in information security. His focus is on fuzzing and vulnerability research. Etienne hopes he will outlive his beard, but in the meantime, this hacking schtick pays for beard oil.
His other interests lie in mobile applications and no-sql databases. Secure” messaging programs and protocols continue to proliferate, and crypto experts can debate their minutiae, but there is very little information available to help the rest of the world differentiate between the different programs and their features. This talk will discuss the types of attacks various secure messaging features can defend against so those who are tech-savvy but not crypto-experts can make informed decisions on which crypto applications to use. This talk is intended for people with no preexisting cryptography knowledge. There will be no math or programming knowledge required.
XeCurrency With AdMob
The goal is to explain secure messaging concepts such as PKI, PFS, and key validation without diving into heavier crypto, math, or programming content. Justin Engler is a Principal Security Engineer with NCC Group. Justin has been involved in application security assessments of many open and closed source messaging applications and other related technologies. Justin has 5 years of security consulting experience and has been involved in security, software development, and IT professionally for over 10 years.
Even though many of us would much like to see use of public clouds decline, they’re not going away any time soon. And with such, a plethora of companies now have revolutionary new solutions to solve your “cloud problems”. From crypto to single sign on with two step auth, proxies to monitoring and DLP, every vendor has a solution, even cloud based for the cloud! What we haven’t seen is much of an open source or community lead solution to these problems.
Zack Fasel is a Founding Partner at Urbane Security, a solutions-focused vendor-agnostic information security services firm focusing on providing innovative defense, sophisticated offense and refined compliance services. Heading up Urbane’s Research and Security Services divisions, Zack brings his years of diverse internal and external experience to drive Urbane’s technical solutions to organizations top pain points. Containers, a pinnacle of fast and secure deployment or a panacea of false security? In recent years Linux containers have developed from an insecure and loose collection of Linux kernel namespaces to a production-ready OS virtualization stack.
Leveraging container technologies is rapidly becoming popular within the modern PaaS and devops world but little has been publicly discussed in terms of actual security risks or guarantees. Understanding prior container vulnerabilities or escapes, and current risks or pitfalls in major public platforms will be explored in this talk. I’ll cover methods to harden containers against future attacks and common mistakes to avoid when using systems such as LXC and Docker. A jack-of-all-security, Aaron leads projects dealing with complex system analysis, mobile and web application security to network, protocol, and design reviews to red teams and other hybrid testing.