Home
Videos uploaded by user “Christiaan008”
DEFCON 17: That Awesome Time I Was Sued For Two Billion Dollars
 
31:28
Speaker: Jason Scott Textfiles.com In a world where scams are now considered as commonplace as functioning websites and cell phones, it's sometimes too easy to forget the insidiousness and complicated preparation that can go into a well-honed misleading attempt to gain financially from unknowing people. It also helps if you're this side of crazy. For over a decade, Jason Scott (and a group of others) were plagued by one such artist of misdirection, and he will present an dismaying, tragic, but hilarious recounting of what he learned along the way and what you yourself might find yourself confronted with as you go about your business. The story is true, the two billion dollars was demanded but not awarded, and the case got to court. Come hear a legal yarn with a side order of fried conspiracy theory, and walk away a little wiser. For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 1139032 Christiaan008
DEFCON 18: How I Met Your Girlfriend 3/3
 
07:57
Speaker: Samy Kamkar How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 132866 Christiaan008
DEFCON 18: Pwned By The Owner: What Happens When You Steal a Hackers Computer 1/2
 
14:58
Speaker: Zoz Having your place broken into and your computer stolen can be a nightmare. Getting revenge on the fucker who has your machine can be a dream come true. I had the opportunity to experience both of these when my machine was stolen in Boston and then showed up in Las Vegas 2 years later. Come share some laughs at a lamer's expense, participate in the pwnage, and learn some resulting insights into the implications of certain security decisions. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 84647 Christiaan008
DEFCON 18: Pwned By The Owner: What Happens When You Steal a Hackers Computer 2/2
 
06:49
Speaker: Zoz Having your place broken into and your computer stolen can be a nightmare. Getting revenge on the fucker who has your machine can be a dream come true. I had the opportunity to experience both of these when my machine was stolen in Boston and then showed up in Las Vegas 2 years later. Come share some laughs at a lamer's expense, participate in the pwnage, and learn some resulting insights into the implications of certain security decisions. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 136545 Christiaan008
DEFCON 17: Failure
 
55:03
Speaker: Adam Savage Co-Host, MythBusters A meditation on how I've screwed things up, lost friends and clients, and learned about myself in the process. Adam Savage has spent his life gathering skills that allow him to take what's in his brain, and make it real. He's built everything from ancient Buddhas to futuristic weapons, from spaceships to dancing vegetables, from fine art sculptures to animated chocolate -- and just about anything else you can think of. The son of a filmmaker/painter and a psychotherapist, Adam has been making his own toys since he was allowed to hold scissors. Having held positions as a projectionist, animator, graphic designer, carpenter, interior and stage designer, toy designer, welder, scenic painter, he's worked with every material and process he could get his hands on -- metal, paper, glass, plastic, rubber, foam, plaster, pneumatics, hydraulics, animatronics, neon, glassblowing, moldmaking and injection molding to name just a few. Since 1993, Adam has concentrated on the special effects industry, honing his skills through more than 100 television commercials and a dozen feature films, including Star Wars Episode I: The Phantom Menace and Episode II: Attack of the Clones, Galaxy Quest, Terminator 3, A.I. and the Matrix sequels. He's also designed props and sets for Coca-Cola, Hershey's, Lexus and a host of New York and San Francisco theater companies. Not only has he worked and consulted in the research and development division for toy companies and made several short films, but Adam has also acted in several films and commercials -- including a Charmin ad, in which he played Mr. Whipple's stock boy, and a Billy Joel music video, "Second Wind", in which he drowns. Today, in addition to co-hosting Discovery Channel's MYTHBUSTERS, Adam teaches advanced model making, most recently in the industrial design department at the San Francisco Academy of Art. Somehow he also finds time to devote to his own art -- his sculptures have been showcased in over 40 shows in San Francisco, New York and Charleston, West Virginia. Look for Adam on Twitter at http://twitter.com/donttrythis. For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 309145 Christiaan008
DEFCON 18: My Life as a Spyware Developer 1/3
 
14:58
Speaker: Garry Pejski Behold! Billions of computers are infected with spyware every decade! But how! And why! Let's join our host as he takes you behind the curtain of the mysterious spyware industry. This will be a high level discussion with no technical knowledge needed. I'll be covering how I ended up writing spyware, what the software was capable of, how it was deployed onto millions of machines, how all the money was made (not how you'd expect) and how it all fell apart (of course). After seeing this talk, all your dreams will come true and you will never die! For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 12712 Christiaan008
DEFCON 17: Stealing Profits from Spammers or: How I learned to Stop Worrying and Love the Spam
 
49:42
Speaker: Grant Jordan WiseCrack Tools Every time you look at your inbox, there it is... SPAM! Your penis needs enlargement, a horny single girl from Russia "accidentally" emailed you, and a former Nigerian prince knows that you're just the man to safeguard his millions. But in 2007, while still a student at MIT, one particular kind caught my eye: stock spam. Those bizarre stock market "tips" that claim you should buy a particular stock because it's "about to go through the roof!!!!" Like most people, I initially thought nothing of these ridiculous emails. That was until Kyle Vogt (now of Justin.tv) proposed the stupidest idea I had ever heard: "There has to be some way we can make money off these spammers". After trying, and failing, to prove Kyle wrong, the two of us embarked on a 4-month study into the dark depths of stock spam. In this talk, I'll explain how we went from hand-sorting tens of thousands of spam emails to developing a trading strategy able to take a piece of the spammers' profits. And how, in the process, our work produced data that disproved the results of nearly all the existing stock spam research. For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 706866 Christiaan008
DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)
 
40:47
Speaker: Jayson E. Street CIO of Stratagem 1 Solutions This is not a presentation where I talk about how I would get in or the things I might be able to do. This is a talk where I am already in and I show you pictures from actual engagements that I have been on. They say one picture is worth a thousand words I show you how one picture cost a company a million dollars and maybe even a few lives. In a community where we focus so much on the offensive I also make sure with every attack I highlight. I spend time discussing what would have stopped me. We need to know the problems but we need more talks providing solutions and that is what I hope people will get from this. I show the dangers of Social engineering and how even an employee with no SE experience can be an eBay James Bond which can cause total financial ruin to a company. These Security threats are real. So are these stories! For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 660478 Christiaan008
DEFCON 20: Beyond the War on General Purpose Computing: What's Inside the Box?
 
49:51
Speaker: CORY DOCOTOROW AUTHOR, ACTIVIST, BLOGGER, CO-EDITOR OF BOINGBOING.NET Assuming the failure of all the calls to regulate PCs and the Internet because people might do bad things with them, what then? Civil war, that's what. The su/user split we inherited from multiuser systems has given us a false intuition: that owners of computers, and not their users, should set policy on them. How will that play out when your car, house, legs, ears and heart are driven by computers that you don't own? Cory Doctorow (craphound.com) is a science fiction author, activist, journalist and blogger -- the co-editor of BoingBoing (boingboing.net) and the author of Tor Teens/HarperCollins UK novels like FOR THE WIN and the bestselling LITTLE BROTHER. He is the former European director of the Electronic Frontier Foundation and co-founded the UK Open Rights Group. Born in Toronto, Canada, he now lives in London. For more information visit: http://bit.ly/defcon20_information To download the video visit: http://bit.ly/defcon20_videos Playlist DEFCON 20: http://bit.ly/defcon20_playlist
Views: 5539 Christiaan008
DEFCON 18: Crawling BitTorrent DHTs for Fun 1/2
 
14:58
Speaker: Scott Wolchok This talk describes how crawling BitTorrent's DHTs used for distributed tracking can be used for two opposing goals. First, pirates can crawl the DHTs to build BitTorrent search engines in just a few hours without relying on the survival of any existing search engines or trackers. Second, content owners can crawl the DHTs to monitor users' behavior at large scale. The talk will start by explaining what BitTorrent DHTs are and how they work. Then, it will describe the design of our attacks, how we validated them, and how many torrents and IPs we monitored (over 1 million each). Finally, we'll look at the impact that shifting from centralized BitTorrent tracking to DHTs, as The Pirate Bay has started to do, will have on the BitTorrent arms race. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 10231 Christiaan008
DEFCON 18: How I Met Your Girlfriend 1/3
 
14:58
Speaker: Samy Kamkar How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 336723 Christiaan008
BBC: How cyber criminals attack websites
 
02:38
The BBC has acquired control of 22,000 home computers as part of an investigation into hi-tech crime. Click's Spencer Kelly speaks to Jacques Erasmus from security firm Prevx who said high-traffic sites are a "massive target" for hackers. Source: BBC News For more information go to: http://bit.ly/bUHfRF
Views: 24432 Christiaan008
DEFCON 18: How to Hack Millions of Routers 1/3
 
14:58
Speaker: Craig Heffner This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections. A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR). Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 85416 Christiaan008
Password Sniffing with Wireshark (Laura Chappell)
 
04:30
Found this one on securitytube: http://www.securitytube.net/Password-Sniffing-with-Wireshark-(Laura-Chappell)-video.aspx Laura (Founder of Wireshark University) shows how to capture traffic and reassemble the TCP stream to easily see the FTP username and password in clear text.
Views: 132627 Christiaan008
DEFCON 20: Bruce Schneier Answers Your Questions
 
47:52
Speaker: BRUCE SCHNEIER Bruce Schneier will answer questions topics ranging from the SHA-3 competition to the TSA to trust and society to squid. Internationally renowned security technologist Bruce Schneier has authored twelve books -- most recently Liars and Outliers -- and hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram," and his blog "Schneier on Security," are read by over 250,000 people. Schneier is the Chief Security Technology Officer of BT. http://www.schneier.com For more information visit: http://bit.ly/defcon20_information To download the video visit: http://bit.ly/defcon20_videos Playlist DEFCON 20: http://bit.ly/defcon20_playlist
Views: 14734 Christiaan008
DEFCON 18: Practical Cellphone Spying 1/4
 
14:58
Speaker: Chris Paget It's widely accepted that the cryptoscheme in GSM can be broken, but did you know that if you're within radio range of your target you can intercept all of their cellphone calls by bypassing the cryptoscheme entirely? This talk discusses the practical aspects of operating an "IMSI catcher", a fake GSM base station designed to trick the target handset into sending you its voice traffic. Band jamming, rolling LACs, Neighbour advertisements and a wide range of radio trickery will be covered, as well as all the RF gear you'll need to start listening in on your neighbours. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 15880 Christiaan008
DEFCON 18: How to Hack Millions of Routers 3/3
 
05:24
Speaker: Craig Heffner This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections. A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR). Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 19331 Christiaan008
DEFCON 18: How to Hack Millions of Routers 2/3
 
14:58
Speaker: Craig Heffner This talk will demonstrate how many consumer routers can be exploited via DNS rebinding to gain interactive access to the router's internal-facing administrative interface. Unlike other DNS rebinding techniques, this attack does not require prior knowledge of the target router or the router's configuration settings such as make, model, internal IP address, host name, etc, and does not rely on any anti-DNS pinning techniques, thus circumventing existing DNS rebinding protections. A tool release will accompany the presentation that completely automates the described attack and allows an external attacker to browse the Web-based interface of a victim's router in real time, just as if the attacker were sitting on the victim's LAN. This can be used to exploit vulnerabilities in the router, or to simply log in with the router's default credentials. A live demonstration will show how to pop a remote root shell on Verizon FIOS routers (ActionTec MI424-WR). Confirmed affected routers include models manufactured by Linksys, Belkin, ActionTec, Thompson, Asus and Dell, as well as those running third-party firmware such as OpenWRT, DD-WRT and PFSense. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 27374 Christiaan008
DEFCON 18: Crawling BitTorrent DHTs for Fun 2/2
 
04:46
Speaker: Scott Wolchok This talk describes how crawling BitTorrent's DHTs used for distributed tracking can be used for two opposing goals. First, pirates can crawl the DHTs to build BitTorrent search engines in just a few hours without relying on the survival of any existing search engines or trackers. Second, content owners can crawl the DHTs to monitor users' behavior at large scale. The talk will start by explaining what BitTorrent DHTs are and how they work. Then, it will describe the design of our attacks, how we validated them, and how many torrents and IPs we monitored (over 1 million each). Finally, we'll look at the impact that shifting from centralized BitTorrent tracking to DHTs, as The Pirate Bay has started to do, will have on the BitTorrent arms race. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 3969 Christiaan008
DEFCON 18: Using the 36 Stratagems for Social Engineering 1/4
 
14:58
Speaker: Jayson E. Street There are new threats arising every day. The problem is there has been a vulnerability in the system that has not been patched since the first computer was created by Humans! As the network perimeter hardens and the controls on the desktop tightens. Hackers are going back to the basics and getting through the firewall by going through the front door. They are bypassing the IPS and IDS simply by bypassing the receptionist. We look at this topic with a different viewpoint. We look at the history of social engineering from Amenhotep 3 to Sinon of Greece as well as how the culture of the country you're in dictates the strategy to use. All this shown in an offbeat way showing how 1st century strategies can still be used to break into 21st century networks. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 15318 Christiaan008
25c3: The Ultimate Commodore 64 Talk
 
01:01:15
Speaker: Michael Steil Everything about the C64 in 64 Minutes Retrocomputing is cool as never before. People play C64 games in emulators and listen to SID music, but few people know much about the C64 architecture. This talk attempts to communicate "everything about the C64" to the listener, including its internals and quirks, as well as the tricks that have been used in the demoscene, trying to revive the spirit of times when programmers counted clock cycles and hardware limitations were seen as a challenge. The Commodore 64 was released in 1982 as an entry- and hobby-level machine competing against the Atari 8 bit series and the Apple II. Compared to other systems on the market, it had a lot of RAM (64 KB), and very sophisticated video and audio hardware. While it was quickly forgotten in the US, it reached its peak in the late 80s in Europe, being a very affordable hobby and game computer. Being the longest running computer of all time, being produced for 12 years, programmers understood the hardware very well, and continued finding new tricks how to create even better graphics effects. "AGSP" for example, a very sophisticated trick that makes it possible to arbitrarily scroll "multicolor bitmaps", e.g. for platform games, wasn't used in games until about 1993. This talk explains all the hardware details of the C64: The programming model of the 6502 CPU family, the Complex Interface Adapters (CIA), the Sound Interface Device, and the programming details as well as common ticks involving the Video Interface Controller (VIC-II). The disk interface will be discussed just as well as the design of the 1541 drive. The listener will get a good understanding of 8 bit programming and creative programming on extremely limited hardware, as well as common tricks that can be generalized to other systems. More information about the 25th Chaos Communication Congress can be found via the Chaos Communication Congress website: http://bit.ly/25c3_program Source: http://bit.ly/25c3_videos
Views: 90155 Christiaan008
DEFCON 18: How I Met Your Girlfriend 2/3
 
14:58
Speaker: Samy Kamkar How I Met Your Girlfriend: The discovery and execution of entirely new classes of Web attacks in order to meet your girlfriend. This includes newly discovered attacks including HTML5 client-side XSS (without XSS hitting the server!), PHP session hijacking and random numbers (accurately guessing PHP session cookies), browser protocol confusion (turning a browser into an SMTP server), firewall and NAT penetration via Javascript (turning your router against you), remote iPhone Google Maps hijacking (iPhone penetration combined with HTTP man-in-the-middle), extracting extremely accurate geolocation information from a Web browser (not using IP geolocation), and more. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 157042 Christiaan008
27c3: Reverse Engineering the MOS 6502 CPU (en)
 
51:57
Speaker: Michael Steil 3510 transistors in 60 minutes The MOS 6502 CPU, which was designed in 1975 and powered systems like the Apple II, the Atari 2600, the Nintendo NES and the Commodore 64 for two decades, has always been subject to intense reverse engineering of its inner workings. Only recently, the Visual6502.org project has converted a hi-res die-shot of the 6502 into a polygon model suitable for visually simulating the original mask at the transistor level. This talk will present the way from a chip package to a digital representation, how to simulate transistors in software, and new insights gained form this research about 6502 internals, like "illegal" opcodes. The presentation only requires a basic understanding of assembly programming and electronics, and is meant to teach, among other things, the methods of efficient and elegant chip design used in the early years of integrated CPUs. The talk consists of three parts. The first part, "6502 from top down", describes the programmer's model, as well as the basic layout of the components of the CPU. In the second part, "6502 from bottom up", we describe how to decap and photograph chips, convert each physical layer of the chip into a polygon model, and how to finally convert this into a network of wires and transistors suitable for logic simulation. The third part, "6502 from the inside out", explains the inner workings of the CPU: how the logic blocks work together, how an instruction is decoded by the PLA ROM into controlling these blocks and busses, and how details like interrupt delivery work. Finally, this information can be used to describe and explain undocumented behaviour, like illegal opcodes and crash instructions, and explain bugs like the BRK/IRQ race, the ROR bug and spurious reads and writes in certain situations. For more information visit:http://bit.ly/27c3_information To download the video visit: http://bit.ly/27c3_videos
Views: 96343 Christiaan008
DEFCON 19: Three Generations of DoS Attacks (with Audience Participation, as Victims)
 
48:25
Speaker: Sam Bowne Instructor, City College San Francisco Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or just LULz. Most of them use old, inefficient methods like UDP Floods, which require thousands of attackers to bring down a Web server. The newer Layer 7 attacks like Slowloris and Rudy are more powerful, and can stop a Web server from a single attacker with incomplete Http requests. The newest and most powerful attack uses IPv6 multicasts, and can bring down all the Windows machines on an entire network from a single attacker. I will explain and demonstrate these tools: Low Orbit Ion Cannon, OWASP Http DoS Tool, and flood_router6 from the thc-ipv6 attack suite. This deadly IPv6 Router Advertisement Flood attack is a zero-day attack--Microsoft has known about it since June 2010 but has not patched it yet (as of May 4, 2011). Audience Participation: Bring a device to test for vulnerability to the Router Advertisement Flood! Some cell phones and game consoles have been reported to be vulnerable--let's find out! If your device crashes, please come to the Q&A room so we can video-record it and arrange disclosure to the vendor. For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 323886 Christiaan008
DEFCON 17: Advanced SQL Injection
 
44:20
Speaker: Joseph McCray Founder of Learn Security Online SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited. Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible. The key areas are: •IDS Evasion, Web Application Firewall Bypass •Privilege Escalation •Re-Enabling stored procedures •Obtaining an interactive command-shell •Data Exfiltration via DNS For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 221071 Christiaan008
DEFCON 17: Cracking 400,000 Passwords, or How to Explain to Your Roommate why Power Bill is a High
 
49:00
Speakers: Matt Weir PhD Student, Florida State University Professor Sudhir Aggarwal Florida State University Remember when phpbb.com was hacked in January and over 300,000 usernames and passwords were disclosed? Don't worry though, the hacker only tried to crack a third of them, (dealing with big password lists is a pain), and of those he/she only broke 24%. Of course the cracked password weren't very surprising. Yes, we already know people use "password123". What's interesting though is figuring out what the other 76% of the users were doing. In this talk I'll discuss some of my experiences cracking passwords, from dealing with large password lists, (89% of the phpbb.com list cracked so far), salted lists, (Web Hosting Talk), and individual passwords, (TrueCrypt is a pain). I'll also be releasing the tools and scripts I've developed along the way. For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 268801 Christiaan008
DEFCON 18: Using the 36 Stratagems for Social Engineering 2/4
 
14:58
Speaker: Jayson E. Street There are new threats arising every day. The problem is there has been a vulnerability in the system that has not been patched since the first computer was created by Humans! As the network perimeter hardens and the controls on the desktop tightens. Hackers are going back to the basics and getting through the firewall by going through the front door. They are bypassing the IPS and IDS simply by bypassing the receptionist. We look at this topic with a different viewpoint. We look at the history of social engineering from Amenhotep 3 to Sinon of Greece as well as how the culture of the country you're in dictates the strategy to use. All this shown in an offbeat way showing how 1st century strategies can still be used to break into 21st century networks. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 6182 Christiaan008
DEFCON 17: More Tricks For Defeating SSL
 
47:50
Speaker: Moxie Marlinspike This talk aims to pick up where SSL stripping left off. While sslstrip ultimately remains quite deadly in practice, this talk will demonstrate some new tricks for defeating SSL/TLS in places where sslstrip does not reach. Cautious users, for example, have been advised to explicitly visit https URLs or to use bookmarks in order to protect themselves from sslstrip, while other SSL/TLS based protocols such as imaps, pop3s, smtps, ssl/irc, and SSL-based VPNs never present an opportunity for stripping. This talk will outline some new tools and tricks aimed at these points of communication, ultimately providing highly effective attacks on SSL/TLS connections themselves. For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 87451 Christiaan008
DEFCON 17: WarGamez Redux
 
43:55
Speaker: Kenshote For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 4266 Christiaan008
DEFCON 19: Bosses love Excel, Hackers too. (w speaker)
 
38:04
Speakers: Chema Alonso | Juan Garrido "Silverhack" Remote applications published in companies are around us in the cloud. In this talk we are going to add ICA and Terminal Server Apps to fingerprinting process, automating data analysis using FOCA. It will allow attacker to fingerprinting internal software, internal networks and combine the info in PTR Scanning, evil-grade attacks and command execution trough Excel files. In the end, we are going to play with a tricky feature in security policies about remote excel that will allow hackers to bypass macro restrictions. For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 108485 Christiaan008
DEFCON 16: Nmap: Scanning the Internet
 
45:22
Speaker: Fyodor, Hacker, Insecure.Org The Nmap Security Scanner was built to efficiently scan large networks, but Nmap's author Fyodor has taken this to a new level by scanning millions of Internet hosts as part of the Worldscan project. He will present the most interesting findings and empirical statistics from these scans, along with practical advice for improving your own scan performance. Additional topics include detecting and subverting firewall and intrusion detection systems, dealing with quirky network configurations, and advanced host discovery and port scanning techniques. A quick overview of new Nmap features will also be provided. For more information visit: http://bit.ly/defcon16_information To download the video visit: http://bit.ly/defcon16_videos
Views: 144836 Christiaan008
DEFCON 20: Hacker + Airplanes = No Good Can Come Of This
 
50:56
Speaker: RENDERMAN CHIEF RESEARCHER What happens when a hacker gets bored and starts looking at an aircraft tracking systems? This talk will look at ADS-B (Automatic Dependent Surveillance-Broadcast), a common technology installed or being installed on a vast majority of commercial airliners that involves an unencrypted and unauthenticated radio broadcast. This technology has some interesting features and weaknesses that are a useful lesson in failures when security is not built in from the beginning. This talk constitutes a work in progress and hopes to spur more research and investigation into this field. Brad Haines (RenderMan) CISSP, is a Whitehat by trade, Blackhat by fashion. A very visible and well known member of the wardriving and hacker community, he does whatever he can to learn how things work, how to make them better and to teach people the same. A firm believer in the hacker ethic of openness, sharing, and collaboration. Never afraid to try something new, he can usually be found taking unnecessary risks for the sake of the experience. Twitter: @ihackedwhat For more information visit: http://bit.ly/defcon20_information To download the video visit: http://bit.ly/defcon20_videos Playlist DEFCON 20: http://bit.ly/defcon20_playlist
Views: 147188 Christiaan008
DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin!
 
40:47
Speaker: Jayson E. Street CIO of Stratagem 1 Solutions This is not a presentation where I talk about how I would get in or the things I might be able to do. This is a talk where I am already in and I show you pictures from actual engagements that I have been on. They say one picture is worth a thousand words I show you how one picture cost a company a million dollars and maybe even a few lives. In a community where we focus so much on the offensive I also make sure with every attack I highlight. I spend time discussing what would have stopped me. We need to know the problems but we need more talks providing solutions and that is what I hope people will get from this. I show the dangers of Social engineering and how even an employee with no SE experience can be an eBay James Bond which can cause total financial ruin to a company. These Security threats are real. So are these stories! For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 65447 Christiaan008
DEFCON 19: WTF Happened to the Constitution?! The Right to Privacy in the Digital Age (w speaker)
 
43:04
Speaker: Michael "theprez98" Schearer Leverage Consulting & Associates There is no explicit right to privacy in the Constitution, but some aspects of privacy are protected by the First, Third, Fourth and Fifth Amendments. This presentation will discuss the historical development of the right to privacy, and in particular, the development of the Fourth Amendment; and then compares this historical development to the current digital age. The development of the right to privacy (especially given the historical context of the Fourth Amendment) to our current age requires us to deal with technologically invasive personal searches as airports, searches and seizures of laptops and other computing devices, and how to handle stored communications. It becomes evident very quickly that searches and seizures are not so clear when it comes to bits and bytes...so where do we go from here? For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 2571 Christiaan008
DEFCON 17: The Projects of "Prototype This!"
 
46:34
Speakers: Joe Grand (Kingpin), Zoz Designing and building projects is hard. Designing and building projects of things that have never been done before is harder. Designing and building projects of things that have never been done before with the financial and time constraints of TV is ridiculous. For 18 months, Joe Grand and Zoz were co-hosts of Prototype This! on Discovery Channel, an engineering entertainment program that followed the real-life design process of a unique prototype every episode. Comprised of an electrical engineer (Joe), a roboticist (Zoz), a material scientist, and special effects guy, we had the major bases covered. A total of thirteen episodes were produced, each with their share of challenges and drama. Sometimes the prototypes worked, sometimes they didn't. In this mostly visual presentation, we'll go through design details and show never-before-seen pictures and videos related to some of our favorite episodes, including the Traffic Busting Truck, Fire Fighter PyroPack, Virtual Sea Adventure, Waterslide Simulator, and Flying Lifeguard, each of which had to be designed and built in a matter of weeks. For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 3982 Christiaan008
30C3: Keine Anhaltspunkte für flächendeckende Überwachung (DE)
 
01:06:25
For more information and to download the video visit: http://bit.ly/30C3_info Playlist 30C3: http://bit.ly/30c3_pl Speakers: khamacher | Martin Haase/maha Die Diskussion um NSA, PRISM, Tempora sprachlich und logisch aufgearbeitet Die Enthüllungen Edward Snowdens haben die deutsche Politik für kurze Zeit in Aufregung gebracht. Für eine Beruhigung reichte es bereits aus, die Enthüllungen in sprachlich-logisch cleverer Weise zu verarbeiten, sie teilweise in ein anderen Kontext zu stellen und so schließlich Entwarnung geben zu können: Die Bundesregierung hat „keine Anhaltspunkte für flächendeckende Überwachung". Bei diesem Vorgehen handelt sich um ein Paradebeispiel dafür, wie mit einfachen sprachlich-rhetorischen Tricks die politisch Verantwortlichen die Öffentlichkeit und sich selbst so weit täuschten, dass es ihnen nicht mehr nötig erschien, sich mit den eigentlichen Problemen auseinanderzusetzen, und so das leidige Thema aus dem Wahlkampf herausgehalten werden konnte. Neben den mittlerweile zum Standard gehörenden „Basta"-Floskeln spielte das Phänomen der Modalisierung eine besondere Rolle, wie die genauere Analyse zeigt. Auch logische Fehler wie Zirkelschlüssel und (zu) strikte Einschränkung des thematischen Bezugs erlaubten diese „Flucht-nach-vorne"-Strategie. Die Häufung sprachlicher Tricks und des logisch-inhaltlichen Ausweichens legen eine Inszenierung nahe. Die im Bundestag vertretenen Parteien äußerten sich alle zu den Snowden-Enthüllungen. Erwartungsgemäß griff die Opposition die Regierung scharf an, während die Regierung sehr schnell dabei war abzuwiegeln -- zunächst eher ungeschickt. Dann trat eine überraschende Wende ein: Plötzlich waren sich alle einig, dass die NSA-Affäre vorbei sei. Selbst die Opposition beruhigte sich, die zunächst davon gesprochen hatte, Merkel habe ihren Amtseid gebrochen. Interessant ist, dass die Wende vor allem sprachlich vollzogen wurde, wie sich an den Äußerungen sehr schön zeigen lässt. Vor allem die Verwendung auffälliger Adverbien, von Zirkelschlüssen und die teilweise drastische Einschränkung der Bezüge sind entlarvend. Zu Wort kommen neben Angela Merkel, Ronald Pofalla, Thomas Oppermann und andere Protagonisten dieser besonderen Art von Imagepolitik.
Views: 2432 Christiaan008
DEFCON 19: Introduction to Tamper Evident Devices (w speaker)
 
52:43
datagram Lockwiki.com Tamper evident technologies are quickly becoming an interesting topic for hackers around the world. DEF CON 18 (2010) held the first ever "Tamper Evident" contest, where contestants were given a box sealed with a variety of tamper evident devices, many of which purport to be "tamper proof." All of these devices were defeated, even by those with little experience and a limited toolkit. Like the computer world, many of these devices are overmarketed and it is difficult for the average person to compare different tamper evident technologies. This talk covers the design and uses of tamper evident devices used in the commercial and government sectors. We'll dig into the nitty gritty of how many of these devices work, the methods by which they can be defeated, and live demonstrations of defeats against common tamper evident devices. Be advised: this talk is for only the stealthiest of ninjas; pirates need not apply. For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 8072 Christiaan008
ShmooCon 2014: ISP's Unauthenticated SOAP Service = Find (Almost) All The Things!
 
43:42
For more information visit: http://bit.ly/shmooc14 To download the video visit: http://bit.ly/shmooc14_down Playlist Shmoocon 2014: http://bit.ly/shmooc14_pl Speaker: Nicholas Popovich This presentation is meant to encourage individuals to put the applications and software that they may use on their own home or small business networks under the research microscope. This will be a discussion of a recent independent research project that eventually led to an information disclosure vulnerability by a major U.S. ISP. This is also an example of when a coordinated disclosure goes right. What began with simple curiosity into the inner workings of an application lead to the ability to list wireless network names and wireless encryption keys (among other things) armed only with a WAN IP address.
Views: 3064 Christiaan008
Black Hat USA 2010: Jackpotting Automated Teller Machines Redux 4/5
 
10:01
Clip 4/5 Speaker: Barnaby Jack The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009. Due to circumstances beyond my control, the talk was pulled at the last minute. The upside to this is that there has been an additional year to research ATM attacks, and I'm armed with a whole new bag of tricks. I've always liked the scene in Terminator 2 where John Connor walks up to an ATM, interfaces his Atari to the card reader and retrieves cash from the machine. I think I've got that kid beat. The most prevalent attacks on Automated Teller Machines typically involve the use of card skimmers, or the physical theft of the machines themselves. Rarely do we see any targeted attacks on the underlying software. Last year, there was one ATM; this year, I'm doubling down and bringing two new model ATMs from two major vendors. I will demonstrate both local and remote attacks, and I will reveal a multi-platform ATM rootkit. Finally, I will discuss protection mechanisms that ATM manufacturers can implement to safeguard against these attacks. For more information look at blackhat.com (http://bit.ly/dwlBpJ)
Views: 189252 Christiaan008
DEFCON 17: Screen Scraper Tricks: Extracting Data from Difficult Websites
 
42:41
Speaker: Michael Schrenk Screen scrapers and data mining bots often encounter problems when extracting data from modern websites. Obstacles like AJAX discourage many bot writers from completing screen scraping projects. The good news is that you can overcome most challenges if you learn a few tricks. This session describes the (sometimes mind numbing) roadblocks that can come between you and your ability to apply a screen scraper to a website. You'll discover simple techniques for extracting data from websites that freely employ DHTML, AJAX, complex cookie management as well as other techniques. Additionally, you will also learn how "agencies" create large scale CAPTCHA solutions. All the tools discussed in this talk are available for free, offer complete customization and run on multiple platforms. For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 56139 Christiaan008
DEFCON 19: Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes (w speaker)
 
38:10
Speaker: Deviant Ollam Cluebat Quartermaster Hackers like guns. Hackers like locks. Hackers like to tinker with guns and locks. And, most of the time, hackers protect their guns with high-quality locks. However, while it's one thing to own a nice gun safe protected by a high security dial, that sort of solution tends to be best for the firearms that one doesn't have in daily use. Many of us who wear a firearm as part of our daily routine opt to store and secure our carry piece in a separate, more easily-accessible way at the end of the day. This talk is an in-depth evaluation of some of the most popular small firearm lockboxes in-use today. Some rely on mechanical locks, others on biometric locks, and some offer a combination of both. But overall, they tend to fail miserably in the face of any dedicated attacker. Come and learn how your favorite gun lockbox might be preventing your toddler from having an accidental discharge, but why it's not at all likely to repel a criminal or even perhaps a curious teenager. Means of both attacking as well as improving upon the lockboxes you already may own will be demonstrated, and audience members will be invited to participate in all sorts of attacks... live and on stage! For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 122644 Christiaan008
DEFCON 19: Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud
 
14:59
Speaker: Brian Kennish Founder of Disconnect What companies and organizations are collecting our web-browsing activity? How complete is their data? Do they have personally-identifiable information? What do they do with the data? The speaker, an ex--Google and DoubleClick engineer, will answer these questions by detailing the research he did for The Wall Street Journal (http://j.mp/tttwsj) and CNN (http://j.mp/tttcnn), talking about the crawler he built to collect reverse-tracking data, and launching a tool you can use to do your own research. For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 43091 Christiaan008
ShmooCon 2014: The NSA: Capabilities and Countermeasures
 
52:37
For more information visit: http://bit.ly/shmooc14 To download the video visit: http://bit.ly/shmooc14_down Playlist Shmoocon 2014: http://bit.ly/shmooc14_pl Speaker: Bruce Schneier Edward Snowden has given us an unprecedented window into the NSA's surveillance activities. Drawing from both the Snowden documents and revelations from previous whistleblowers, I will describe the sorts of surveillance the NSA does and how it does it. The emphasis is on the technical capabilities of the NSA, not the politics of their actions. This includes how it conducts Internet surveillance on the backbone, but is primarily focused on their offensive capabilities: packet injection attacks from the Internet backbone, exploits against endpoint computers and implants to exfiltrate information, fingerprinting computers through cookies and other means, and so on. I will then talk about what sorts of countermeasures are likely to frustrate the NSA. Basically, these are techniques to raise the cost of wholesale surveillance in favor of targeted surveillance: encryption, target hardening, dispersal, and so on.
Views: 20611 Christiaan008
DEFCON 17: Search And Seizure Explained - They Took My Laptop!
 
49:41
Speaker: Tyler Pitchford, Esq. C.T.O. - Digome, LLC. An overview of recent developments surrounding the Fourth and Fifth Amendments of the United States Constitution and their impact upon privacy conscious computer professionals. The presentation includes discussions on the United States Constitution, Federal Statutes, Administrative decisions, and, most importantly, the case laws that interpret and define the Fourth Amendment and Fifth Amendments. Special attention is given to topics affecting computer professionals, including border crossings, foreign nationals, encryption, forced disclosures, the Crist decision, and the Boucher decisions. For more information visit: http://bit.ly/defcon17_information To download the video visit: http://bit.ly/defcon17_videos
Views: 89057 Christiaan008
BlackHat USA 2011: SSL And The Future Of Authenticity
 
48:02
Speaker: MOXIE MARLINSPIKE In the early 90's, at the dawn of the World Wide Web, some engineers at Netscape developed a protocol for making secure HTTP requests, and what they came up with was called SSL. Given the relatively scarce body of knowledge concerning secure protocols at the time, as well the intense pressure that everyone at Netscape was working under, their efforts can only be seen as incredibly heroic. But while it's amazing that SSL has endured for as long as it has, some parts of it -- particularly those concerning Certificate Authorities -- have always caused some friction, and have more recently started to cause real problems. This talk will provide an in-depth examination of the current problems with authenticity in SSL, discuss some of the recent high-profile SSL infrastructure attacks in detail, and cover some potential strategies for the future. It will conclude with a software release that aims to definitively fix the disintegrating trust relationships at the core of this fundamental protocol. For more information or download the video visit: http://bit.ly/BlackHat_USA_2011_information
Views: 89880 Christiaan008
DEFCON 18: Practical Cellphone Spying 3/4
 
15:10
Speaker: Chris Paget It's widely accepted that the cryptoscheme in GSM can be broken, but did you know that if you're within radio range of your target you can intercept all of their cellphone calls by bypassing the cryptoscheme entirely? This talk discusses the practical aspects of operating an "IMSI catcher", a fake GSM base station designed to trick the target handset into sending you its voice traffic. Band jamming, rolling LACs, Neighbour advertisements and a wide range of radio trickery will be covered, as well as all the RF gear you'll need to start listening in on your neighbours. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 8474 Christiaan008
DEFCON 19: The History and the Evolution of Computer Viruses
 
49:45
Speaker: Mikko Hypponen For more information visit: http://bit.ly/defcon19_information To download the video visit: http://bit.ly/defcon19_videos Playlist Defcon 19: http://bit.ly/defcon19_playlist
Views: 247523 Christiaan008
DEFCON 16: BackTrack Foo - From bug to 0day
 
37:49
Speaker: Mati Aharoni, Owner, Offensive Security As pentesters and hackers we often find the need to create our exploits on the fly. Doing this always presents a challenge. But one challenge took us to a new limit and a new level. We want to share the method with you. From Bug to 0Day will show the audience the process of fuzzing, locating the bug, using egghunters then figuring out to build a pure alphanumeric shellcode to exploit it. This will truly be the most mind bending 60 mins you will spend in exploit development. For more information visit: http://bit.ly/defcon16_information To download the video visit: http://bit.ly/defcon16_videos
Views: 17817 Christiaan008
DEFCON 14: Safecracking Without a Trace
 
33:07
Speaker: Eric Schmiedl Abstract: Despite many appearances in film and television, fairly little is widely known about how safes can be opened without the proper combination or key. This talk will attempt to address some of the questions commonly asked about the craft, such as -- is it really possible to have a safe open in a minute or two using just a stethoscope and some clever finger-work? (Yes, but it will take a bit more time than a few minutes.) Are the gadgets used by secret agents in the movies ever based on reality? (Some of them.) The talk will cover several different ways that safes are opened without damage, as well as the design of one lock that is considered completely secure. For more information visit: http://bit.ly/defcon14_information To download the video visit: http://bit.ly/defcon14_videos
Views: 144602 Christiaan008
DEFCON 18: FOCA2: The FOCA Strikes Back 1/3
 
14:57
Speakers: Chema Alonso, José Palazón "Palako FOCA is a tool to extract information in footprinting and fingerprinting phases during a penetration test. It helps auditors to extract and analyze information from metadata, hidden info and lost data in published files. This new release of FOCA, version 2, adds tools to scans internal domains using PTR Scanning, Software recognition through installation paths, etc. The idea of FOCA is to give as much info as can be discovered automatically starting from a public domain name. For presentations, whitepapers or audio version of the Defcon 18 presentations visit: http://defcon.org/html/links/dc-archives/dc-18-archive.html
Views: 18559 Christiaan008