Defcon19 2011 Aug. 5, 2011 to Aug. 7, 2011, Las Vegas,USA
Tell us about missing data
Tell us about missing data
Title | Speakers | Summary | Topic Types |
---|---|---|---|
Bosses love Excel, Hackers too. | Chema Alonso , Juan Garrido "silverhack" | Remote applications published in companies are around us in the cloud. In this talk we ... | |
Dust: Your Feed RSS Belongs To You! Avoid Censorship! | Chema Alonso , Juan Garrido "silverhack" | Law around the world is trying to control what is published on the Internet. After ... | |
IP4 TRUTH: The IPocalypse is a LIE | Sterling Archer , Freaksworth | There is a long tradition of researchers presenting at security conferences on topics that are ... | |
Security When Nano Seconds Count | James "Myrcurial" Arlen | There's a brave new frontier for IT Security - a place where "best practices" does ... | |
Beat to 1337: Creating A Successful University Cyber Defense Organization | Mike Arpaia , Ted Reed | A university with no prior CTF experience and no students with significant prior information security ... | |
Pillaging DVCS Repos For Fun And Profit | Adam evilpacket Baldwin | Distributed Version Control Systems, like git are becoming an increasingly popular way to deploy web ... | |
Chip & PIN is Definitely Broken | Andrea Barisani , Daniele Bianco , Zac Franken , Adam ( Major Malfunction ) Laurie | The EMV global standard for electronic payments is widely used for inter-operation between chip equipped ... | |
Deceptive Hacking: How Misdirection Can Be Used To Steal Information Without Being Detected | Bruce "grymoire" Barnett | There are many similarities between professional hackers and professional magicians. Magicians are experts in creating ... | |
Fingerbank — Open DHCP Fingerprints Database | Olivier Bilodeau | The presentation will first take a step back and offer a basic reminder of what ... | |
PacketFence, The Open Source Nac: What We've Done In The Last Two Years | Olivier Bilodeau | Ever heard of PacketFence? It's a free and open source Network Access Control (NAC) software ... | |
Federation and Empire | Emmanuel Bouillon | Federated Identity is getting prevalent in corporate environments. True, solving cross domain access control to ... | |
Three Generations of DoS Attacks (with Audience Participation, as Victims) | Sam Bowne | Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or ... | |
Building The DEF CON Network, Making A Sandbox For 10,000 Hackers | Luiz 'effffn' Eduardo , David "videoman" Bryan | We will cover on how the DEF CON network team builds a network from scratch, ... | |
Kinectasploit: Metasploit Meets Kinect | Jeff Bryner | We've all seen hackers in movies flying through 3D worlds as they hack the gibson. ... | |
Physical Memory Forensics for Cache | Jamie Butler | Physical memory forensics has gained a lot of traction over the past five or six ... | |
Metasploit vSploit Modules | Will Vandevanter , Marcus j. Carey , David Rude | This talk is for security practitioners who are responsible for and need to test enterprise ... | |
Lives On The Line: Securing Crisis Maps In Libya, Sudan, And Pakistan | George Chamales | Crisis maps collect and present open source intelligence (Twitter, Facebook, YouTube, news reports) and direct ... | |
Abusing HTML5 | Ming Chow | The spike of i{Phone, Pod Touch, Pad}, Android, and other mobile devices that do not ... | |
Familiarity Breeds Contempt | Brad "Renderman" Haines , Sandy "mouse" Clark | "Good programmers write code, great programmers reuse" is one of the most well known truisms ... | |
Operational Use of Offensive Cyber | Christopher Cleary | This session will discuss the "Art of the Possible" when it comes to "Offensive Cyber ... | |
Look At What My Car Can Do | Tyler Cohen | This presentation is an introduction to the new world of automobile communication, data and entertainment ... | |
Kernel Exploitation Via Uninitialized Stack | Kees Cook | Leveraging uninitialized stack memory into a full-blown root escalation is easier than it sounds. See ... | |
The Art and Science of Security Research | Greg Conti | Research is a tricky thing, full of pitfalls, blind alleys, and rich rewards for the ... | |
Internet Kiosk Terminals : The Redux | Paul Craig | Paul Craig is the self-proclaimed "King of Kiosk Hacking" You have likely heard of him ... | |
Cipherspaces/Darknets: An Overview Of Attack Strategies | Adrian Crenshaw | Darknets/Cipherspaces such as Tor and I2P have been covered before in great detail. Sometimes it ... | |
Speaking with Cryptographic Oracles | Daniel Crowley | Cryptography is often used to secure data, but few people have a solid understanding of ... | |
Taking Your Ball And Going Home; Building Your Own Secure Storage Space That Mirrors Dropbox's Functionality | Phil Cryer | When for-profit companies offer a free app, there is always going to be strings attached. ... | |
PCI 2.0: Still Compromising Controls and Compromising Security | James Arlen , Jack Daniel , Joshua Corman , Dave Shackleford , Martin Mckeay , Alex Hutton | Building on last year's panel discussion of PCI and its impact on the world of ... | |
Former Keynotes - The Future | Rod Beckstrom , Jerry Dixon , Linton Wells , Tony Sager , Dark Tangent | Former keynotes keep coming back to DEFCON. Join The Dark Tangent, Rod Beckstrom, Jerry Dixon, ... | |
Introduction to Tamper Evident Devices | Datagram | Tamper evident technologies are quickly becoming an interesting topic for hackers around the world. DEF ... | |
VDLDS — All Your Voice Are Belong To Us | Ganesh Devarajan , Don Lebert | Anytime you want to bypass the system, you tend to have a telephone conversation instead ... | |
Safe to Armed in Seconds: A Study of Epic Fails of Popular Gun Safes | Deviant Ollam | Hackers like guns. Hackers like locks. Hackers like to tinker with guns and locks. And, ... | |
Whitfield Diffie and Moxie Marlinspike | Whitfield Diffie , Moxie Marlinspike | Come watch Whitfield Diffie and Moxie Marlinspike talk about certificate authorities, DNSSEC, SSL, dane, trust ... | |
Bit-squatting: DNS Hijacking Without Exploitation | Artem Dinaburg | We are generally accustomed to assuming that computer hardware will work as described, barring deliberate ... | |
A Bridge Too Far: Defeating Wired 802.1x with a Transparent Bridge Using Linux | Alva 'skip' Duckwall | Using Linux and a device with 2 network cards, I will demonstrate how to configure ... | |
Virtualization under attack: Breaking out of KVM | Nelson Elhage | KVM, the Linux Kernel Virtual Machine, seems destined to become the dominant open-source virtualization solution ... | |
I Am Not a Doctor but I Play One on Your Network | Tim Elrod , Stefan Morris | How secure is your Protected Health Information? This talk will expose the world of Health ... | |
Mamma Don't Let Your Babies Grow Up to be Pen Testers - (a.k.a. Everything Your Guidance Counselor Forgot to Tell You About Pen Testing) | Patrick Engebretson , Josh Pauli | Always wanted to be a 1337 penetration tester capable of deciphering Kryptos while simultaneously developing ... | |
Steganography and Cryptography 101 | Eskimo | There are a lot of great ways to hide your data from prying eyes this ... | |
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers | Kevin Johnson , Tom Eston , Josh Abraham | Over the years web services have become an integral part of web and mobile applications. ... | |
"Get Off of My Cloud": Cloud Credential Compromise and Exposure | Ben Feinstein , Jeff Jarmoc | An Amazon Machine Image (AMI) is a virtual appliance container used to create virtual machines ... | |
Handicapping the US Supreme Court: Can We Get Rich by Forceful Browsing? | Foofus | Using only script-kiddie skills, it may be possible to handicap the outcome of decisions of ... | |
Getting F***** On the River | Gus Fritschie , Mike Wright | Online poker is a multi-million dollar industry that is rapidly growing, but is not highly ... | |
Cellular Privacy: A Forensic Analysis of Android Network Traffic | Eric Fulton | People inherently trust their phones, but should they? "Cellular Privacy: A Forensic Analysis of Android ... | |
UPnP Mapping | Daniel Garcia | Universal Plug and Play(UPnP) is a technology developed by Microsoft in 1999, as a solution ... | |
Gone in 60 Minutes: Stealing Sensitive Data from Thousands of Systems Simultaneously with OpenDLP | Andrew Gavin | Got domain admin to a couple of thousand Windows systems? Got an hour to spare? ... | |
Strategic Cyber Security: An Evaluation of Nation-State Cyber Attack Mitigation Strategies | Kenneth Geers | This presentation argues that computer security has evolved from a technical discipline to a strategic ... | |
Bulletproofing The Cloud: Are We Any Closer To Security? | Ramon Gomez | Cloud security has come into focus in the last few years; while many ways to ... | |
Smile for the Grenade! "Camera Go Bang!" | Vlad Gostom , Joshua Marpet | Cameras are hugely important to urban and suburban battlefields. Reconnaissance is a must-have for commanders, ... | |
Represent! Defcon Groups, Hackerspaces, and You. | Itzik Kotler , Anarchy Angel , Anch , Blakdayz , Ngharo , Jake "genericsuperhero" Black , Converge | Fabricating, circumventing, forging, partying, milling, crafting, building breaking — Defcon Groups have risen, fallen, and ... | |
Smartfuzzing The Web: Carpe Vestra Foramina | Nathan Hamiel , Gregory Fleischer , Justin Engler , Seth Law | It can be scary to think about how little of the modern attack surface many ... | |
Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests | Wendel Guglielmetti Henrique , Rob Havelt | Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests brings the DEF ... | |
From Printer To Pwnd: Leveraging Multifunction Printers During Penetration Testing | Deral Heiland | In this presentation we go beyond the common printer issues and focus on harvesting data ... | |
Assessing Civilian Willingness to Participate in On-Line Political and Social Conflict | Max Kilger , Thomas J. Holt | Changes in the social dynamics and motivations of the hacking community are a potential catalyst ... | |
An Insider's Look at International Cyber Security Threats and Trends | Rick Howard | Verisign iDefense General Manager, Rick Howard, will provide an inside look into current cyber security ... | |
Anonymous Cyber War | Hubris , A5h3r4h | This talk will educate listeners on best practices for safety and privacy on the Internet.It ... | |
Economics of Password Cracking in the GPU Era | Robert "hackajar" Imhoff-dousharm | As this shift to "General Computing" and working in the cloud has accelerated in the ... | |
Jugaad – Linux Thread Injection Kit | Aseem | Windows malware conveniently use the CreateRemoteThread() api to delegate critical tasks inside of other processes. ... | |
The Art of Trolling | Matt 'openfly' Joyce | Trolling is something that today has a very negative connotation on the Internet and in ... | |
Black Ops of TCP/IP 2011 | Dan Kaminsky | Remember when networks represented interesting targets, when TCP/IP was itself a vector for messiness, when ... | |
Hacking Your Victims Over Power Lines | Dave Kennedy | When performing penetration tests on the internal network in conjunction with physical pentests your always ... | |
Tracking the Trackers: How Our Browsing History Is Leaking into the Cloud | Brian Kennish | What companies and organizations are collecting our web-browsing activity? How complete is their data? Do ... | |
Hacking and Securing DB2 LUW Databases | Alexander Kornbrust | DB2 for Linux, Unix and Windows is one of the databases where only little bit ... | |
Sounds Like Botnet | Iftach Ian Amit , Itzik Kotler | VoIP is one of the most widely-used technologies among businesses and, increasingly, in households. It ... | |
DCFluX in: License to Transmit | Matt "DCFluX" Krick | When cell phones, land lines and the internet break down in a disaster, Amateur radio ... | |
Balancing The Pwn Trade Deficit – APT Secrets in Asia | Jeremy Chiu , Anthony ( darkfloyd ) Lai , Benson Wu , Pk | In last year, we have given a talk over China-made malware in both Blackhat and ... | |
And That's How I Lost My Eye: Exploring Emergency Data Destruction | Deviant Ollam , Shane Lawson , Bruce Potter | Are you concerned that you have become a subject of unwarranted scrutiny? Convinced that the ... | |
I'm Your MAC(b)Daddy | Grayson Lenik | The field of Computer Forensics moves more and more in the direction of rapid response ... | |
Don't Fix It In Software | Katy Levinson | At Defcon 17 when a speaker didn't show a bottle of vodka was offered to ... | |
PIG: Finding Truffles Without Leaving A Trace | Ryan Linn | When we connect to a network we leak information. Whether obtaining an IP address, finding ... | |
Hacking and Forensicating an Oracle Database Server | David Litchfield | N/A | |
Johnny Long and Hackers for Charity | Johnny Long | Picking on charities is just plain rude. Thankfully, that's not what we're about. We're about ... | |
Pervasive Cloaking | William Manning | What Cloak? Recent policy proposals from the US Executive seem to call for government support ... | |
We're (The Government) Here To Help: A Look At How FIPS 140 Helps (And Hurts) Security | Joey Maresca | Many standards, especially those provided by the government, are often viewed as more trouble the ... | |
SSL And The Future Of Authenticity | Moxie Marlinspike | In the early 90's, at the dawn of the World Wide Web, some engineers at ... | |
Hacking .Net Applications: The Black Arts | Jon Mccoy | This presentation will cover the Black Arts of making Cracks, KeyGens, Malware, and more. The ... | |
Covert Post-Exploitation Forensics With Metasploit | Wesley Mcgrew | In digital forensics, most examinations take place after the hardware has been physically seized (in ... | |
Vulnerabilities of Wireless Water Meter Networks | John Mcnabb | Why research wireless water meters? Because they are a potential security hole in a critical ... | |
Battery Firmware Hacking | Charlie Miller | Ever wonder how your laptop battery knows when to stop charging when it is plugged ... | |
DEF CON Comedy Jam IV, A New Hope For The Fail Whale | James Arlen , David Mortman , Rich Mogull , Chris Hoff , Rob Graham , Larry Pesce , Dave Maynor | We're baaaaaack! The most talked about panel at DEF CON! Nearly two hours of non-stop ... | |
Blinkie Lights: Network Monitoring with Arduino | Steve Ocepek | Remember the good old days, when you'd stare at Rx and Tx on your shiny ... | |
Ask EFF: The Year in Digital Civil Liberties | Marcia Hofmann , Peter Eckersley , Kevin Bankston , Kurt Opsahl , Hanni Fakhoury , Rebecca Reagan | Get the latest information about how the law is racing to catch up with technological ... | |
Hacking Google Chrome OS | Kyle 'kos' Osborn , Matt Johanson | Google recently announced Chrome OS powered computers, called Chromebooks, at Google I/O and the company ... | |
VoIP Hopping the Hotel: Attacking the Crown Jewels through VoIP | Jason Ostrom | This presentation is about the security of VoIP deployed in hotel guest rooms. What it ... | |
Big Brother on the Big Screen: Fact/Fiction? | Nicole Ozer | Can the NSA really do that? Um, yes. Join me at the movies to take ... | |
Getting SSLizzard | Nicholas J. Percoco , Paul Kehrer | The world has seen a seismic shift from browser-based web applications to GUI-rich semi-thick client ... | |
Malware Freak Show 3: They're pwning er'body out there! | Nicholas J. Percoco , Jibran Ilyas | Well There's malware on the interwebs. They're pwning all your systems, snatching your data up. ... | |
This is REALLY not the droid you're looking for... | Nicholas J. Percoco , Sean Schulte | Last year, we presented a talk on the implication of malware and rootkits on mobile ... | |
Hacking MMORPGs for Fun and Mostly Profit | Josh Phillips | Online games, such as MMORPG's, are the most complex multi-user applications ever created. The security ... | |
Port Scanning Without Sending Packets | Gregory Pickett | With auto-configuration protocols now being added to operating systems and implemented by default in your ... | |
My password is: #FullOfFail! — The Core Problem with Authentication and How We Can Overcome It | Jason M. Pittman | Authentication is an integral part of our modern, digital lifestyle. It is a universal means ... | |
Sneaky PDF | Mahmud ab Rahman | Being a most prevalent document exchange format on the Internet, Portable Document Format (PDF) is ... | |
Why Airport Security Can't Be Done FAST | Semon Rezchikov , Morgan Wang , Joshua Engelman | Eight years after 9/11 TSA finally decided to fix their security system. But what has ... | |
"Whoever Fights Monsters..." Aaron Barr, Anonymous, and Ourselves | Joshua Corman , Paul Roberts , Jericho , Aaron Barr | "Whoever fights monsters should see to it that in the process he does not become ... | |
What Time Are You Anyway? | Michael Robinson | Computer forensic examiners rely heavily on timestamps during investigations. Timeline analysis is a critical technique ... | |
Owned Over Amateur Radio: Remote Kernel Exploitation in 2011 | Dan Rosenberg | Originally considered to be the stuff of myth, remote kernel exploits allow attackers to bypass ... | |
Build your own Synthetic Aperture Radar | Michael Scarito | Radar is used extensively by the military, police, weather, air travel, and maritime industries - ... | |
Net Neutrality Panel | Michael "theprez98" Schearer , Abigail Phillips , Deborah Salons , Todd Kimball | Over the last five years, network neutrality has moved from an abstract buzzword to FCC-enacted ... | |
WTF Happened to the Constitution?! The Right to Privacy in the Digital Age | Michael "theprez98" Schearer | There is no explicit right to privacy in the Constitution, but some aspects of privacy ... | |
Archive Team: A Distributed Preservation of Service Attack | Jason Scott | For the last few years, historian and archivist Jason Scott has been involved with a ... | |
Attacking and Defending the Smart Grid | Justin Searle | The Smart Grid brings greater benefits for utilities and customer alike, however these benefits come ... | |
Mobile App Moolah: Profit taking with Mobile Malware | Jimmy Shah | Smartphones are a hot new market for software developers. Millions of potential customers, and a ... | |
Are You In Yet? The CISO's View of Pentesting | Shrdlu | When a CISO pays good money for a thorough pentesting, she wants results. Not necessarily ... | |
Hacking the Global Economy with GPUs or How I Learned to Stop Worrying and Love Bitcoin | Skunkworks | In the post 9/11 era when it's nearly impossible to buy a pack of gum ... | |
How Haunters Void Warranties | Reeves Smith | Halloween makers or how haunters void warranties, social engineer and find the joy of creativity. ... | |
SCADA & PLCs in Correctional Facilities: The Nightmare Before Christmas | Tiffany Rad , Teague Newman , John J. Strauchs | On Christmas Eve, a call was made from a prison warden: all of the cells ... | |
Steal Everything, Kill Everyone, Cause Total Financial Ruin! (Or How I Walked In And Misbehaved) | Jayson E. Street | This is not a presentation where I talk about how I would get in or ... | |
Weaponizing Cyberpsychology and Subverting Cybervetting for Fun, Profit and Subterfuge | Chris "thesuggmeister" Sumner , Alien , Alison B | Almost everything we do in life leaves a personality footprint and what we do on ... | |
How To Get Your Message Out When Your Government Turns Off The Internet | Bruce Sutherland | How would you communicate with the world if your government turned off the Internet? Sound ... | |
Web Application Analysis With Owasp Hatkit | Patrik Karlsson , Martin Holst | The presentation will take a deep dive into two newly released Owasp tools; the Owasp ... | |
Wireless Aerial Surveillance Platform | Mike Tassey , Rich Perkins | Tired of theory? This session has everything you want, big yellow aircraft flown by computers, ... | |
Staring into the Abyss: The Dark Side of Crime-fighting, Security, and Professional Intelligence | Richard Thieme | Nothing is harder to see than things we believe so deeply we don't even see ... | |
Insecurity: An Analysis Of Current Commercial And Government Security Lock Designs | Marc Weber Tobias , Tobias Bluzmanis , Matt Fiddler | Lock manufacturers continue to produce insecure designs in both mechanical and electro-mechanical locks. While these ... | |
DIY Non-Destructive Entry | Schuyler Towne | Ever leave the house without your picks only to find yourself in a situation where ... | |
The Future of Cybertravel: Legal Implications of the Evasion of Geolocation | Marketa Trimble | This presentation discusses the current legal status of evasion of geolocation and the potential liability ... | |
Runtime Process Insemination | Shawn "lattera" Webb | Injecting arbitrary code during runtime in linux is a painful process. This presentation discusses current ... | |
Network Nightmare: Ruling The Nightlife Between Shutdown And Boot With Pxesploit | Matt | The best techniques for exploitation, maintaining access, and owning in general move down the stack, ... | |
Seven Ways to Hang Yourself with Google Android | Erika Chin , Yekaterina Tsipenyuk O'neil | According to Google, Android was designed to give mobile developers "an excellent software platform for ... | |
Key Impressioning | Jos Weyers | We've all seen lockpicking explained on several security venues. You might even have tried it ... | |
Staying Connected during a Revolution or Disaster | Thomas Wilhelm | During the recent revolutions in Africa and the Middle East, governments have shut down both ... | |
Traps of Gold | Michael Brooks , Andrew Wilson | The only thing worse than no security is a false sense of security. And though ... | |
Network Application Firewalls: Exploits and Defense | Brad Woodberg | In the last few years, a so called whole new generation of firewalls have been ... | |
Phishing and Online Scam in China | Joey Zhu | Today, Ebay, Paypal and WOW are all popular targets of global phishing. However, phishing in ... | |
Vanquishing Voyeurs: Secure Ways To Authenticate Insecurely | Zoz Cannytrophic , Andrea Bianchi | Observation is one of the principal means of compromise of authentication methods relying on secret ... |