Fwd: Next week's Security Theater
4 views
Skip to first unread message
Yossi Oren
May 11, 2013, 2:38:23 PM5/11/13
to security-theater-announcements
Hi All,
Defcon 20 talks are up! This one is really interesting and funny.
Kol tuv,
Yossi.
--
Title: Owning Bad Guys {And Mafia} With Javascript Botnets
Abstract:
Man in the middle attacks are still one of the most powerful techniques for owning machines. In this talk MITM schemas in anonymous services are going to be discussed. Then attendees will see how easily a botnet using javascript can be created to analyze that kind of connections and some of the actions people behind those services are doing... in real. It promises to be funny.
Speaker Bios:
Chema Alonso is a Security researcher with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politècnica de Madrid. During his more than eight years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including Yahoo! Security Week, Black Hat Briefings, ShmooCON, DeepSec, HackCON, Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA.
Manu has been working in all security areas since he got into Informatica64. He is a security pentester, a developer coding in projects like FOCA and a very good security research in areas such as Connection String Parameter Pollution Attacks or malware. He has the honor of being the man behind some of the most powerful "C# spaghetti lines" of FOCA.
Recorded at DEFCON 20, Las Vegas USA, July 26, 2012
http://www.defcon.org/html/defcon-20/dc-20-speakers.html#Alonso
Kol tuv,
Yossi.
--
Title: Owning Bad Guys {And Mafia} With Javascript Botnets
Abstract:
Man in the middle attacks are still one of the most powerful techniques for owning machines. In this talk MITM schemas in anonymous services are going to be discussed. Then attendees will see how easily a botnet using javascript can be created to analyze that kind of connections and some of the actions people behind those services are doing... in real. It promises to be funny.
Speaker Bios:
Chema Alonso is a Security researcher with Informatica64, a Madrid-based security firm. Chema holds respective Computer Science and System Engineering degrees from Rey Juan Carlos University and Universidad Politècnica de Madrid. During his more than eight years as a security professional, he has consistently been recognized as a Microsoft Most Valuable Professional (MVP). Chema is a frequent speaker at industry events (Microsoft Technet / Security Tour, AseguraIT) and has been invited to present at information security conferences worldwide including Yahoo! Security Week, Black Hat Briefings, ShmooCON, DeepSec, HackCON, Ekoparty and RootedCon - He is a frequent contributor on several technical magazines in Spain, where he is involved with state-of-the-art attack and defense mechanisms, web security, general ethical hacking techniques and FOCA.
Manu has been working in all security areas since he got into Informatica64. He is a security pentester, a developer coding in projects like FOCA and a very good security research in areas such as Connection String Parameter Pollution Attacks or malware. He has the honor of being the man behind some of the most powerful "C# spaghetti lines" of FOCA.
Recorded at DEFCON 20, Las Vegas USA, July 26, 2012
http://www.defcon.org/html/defcon-20/dc-20-speakers.html#Alonso
Yossi Oren
May 16, 2013, 3:16:32 AM5/16/13
to security-theater-announcements
Hi Avishai,
Another nice Defcon talk.
Kol tuv,
Yossi.
--
Title: Cryptohaze Cloud Cracking
Abstract:
Bitweasil goes through the latest developments in the Cryptohaze GPU based password cracking suite. WebTables is a new rainbow table technology that eliminates the need to download rainbow tables before using them, and the new Cryptohaze Multiforcer is an open source, GPLv2, network enabled platform for password cracking that is easy to extend with new algorithms for specific targets. The Cryptohaze Multiforcer supports CUDA, OpenCL, and CPU code (SSE, AVX, etc). All of this is aimed at either the pentester who can't spray hashes to the internet, or the hacker who would rather not broadcast what she obtained to pastebin scrapers.
Author Bio:
Bitweasil is the primary developer on the open source Cryptohaze tool suite, which implements network-clustered GPU accelerated password cracking (both brute force & rainbow tables). He has been working with CUDA for over 4 years (since the first public release on an 8800GTX), OpenCL for the past 2 years, and enjoys SSE2 as well. Bitweasil also rescues ferrets.
Recorded at DEFCON 20, Las Vegas USA, July 26, 2012
Yossi Oren
May 22, 2013, 3:42:30 PM5/22/13
to security-theater-announcements, Avishai Wool
Hello!
Here is next week's Security Theater talk.
Kol tuv,
Yossi.
==
Title: Into the Droid: Gaining Access to Android User Data
Abstract:
This talk details a selection of techniques for getting the data out of an Android device in order to perform forensic analysis. It covers cracking lockscreen passwords, creating custom forensic ramdisks, bypassing bootloader protections and stealth real-time data acquisition. We’ll even cover some crazy techniques - they may get you that crucial data when nothing else will work, or they may destroy the evidence!
Forensic practitioners are well acquainted with push-button forensics software. They are an essential tool to keep on top of high case loads – plug in the device and it pulls out the data. Gaining access to that data is a constant challenge against sophisticated protection being built into modern smartphones. Combined with the diversity of firmware and hardware on the Android platform it is not uncommon to require some manual methods and advanced tools to get the data you need.
This talk will reveal some of the techniques forensic software uses behind the scenes, and will give some insight into what methods and processes blackhats and law enforcement have at their disposal to get at your data. Free and Open Source tools will be released along with this talk to help you experiment with the techniques discussed.
Speaker Bio:
Thomas Cannon is the Director of Research and Development for viaForensics, a Chicago based digital forensics and security company. Thomas spends the majority of his time researching new mobile security, malware and forensics techniques and getting them into the hands of customers for commercial, research or military application. He conducts penetration testing and code analysis of mobile applications for clients in industries such as banking/finance and retail.
Thomas is known for his research on Android having published advisories for new vulnerabilities and demonstrated attacks on the platform as well as providing some early guides on reverse engineering Android applications. Thomas has spoken at international conferences and presented to law enforcement on the topic of mobile forensics. Thomas has had a number of articles published in industry magazines and also been interviewed on national news programmes regarding vulnerabilities in payment systems and mobile technology.
Recorded at DEFCON 20, Las Vegas USA, July 26, 2012
Reply all
Reply to author
Forward
0 new messages