Lo mejor de… Def Con


Def Con es una de las convenciones de hackers más antiguas, que se celebra todos los veranos en la ciudad estadounidense de Las Vegas.
 

TítuloIntervieneDescripciónPublicaciónDuración 
Maelstrom: Are you
playing with a full deck? [DC24]
Shane SteigerWouldn’t it be great to have an open source way to pick strategies? Build out your own defensive campaigns based on research, taxonomies and gameification. We have plenty of research here to talk about that point of view. Defenders can use this as a defensive ‘compliment’ to begin a legitimate defensive campaign. Build out rules, much like real life, then bring on the attackers, bring on the defenders and play a little game to educate, demonstrate and evangelize.2016-07-0400:41:28Ficha
Vídeo
Youtube
The Grid - A Multiplayer Game of Destruction [DC23 @IoT]Kenneth ShawThe game is composed of compromised portions of an electric grid, which players can control with the end goal of destroying parts of the electric grid system. It will require cooperation or cunning from players to bring it down. He will explain the details of how the game was created, how realistic the simulations are, and what a well-positioned attacker could hope to achieve2015-08-0900:37:39Sin Ficha

VídeoYoutube
A Hacker's Guide to Risk [DC23]Bruce PotterUnderstanding risk can be tricky, especially in an industry that often works on gut feelings and values quantity over quality. But risk and risk management doesn’t need to be complicated. With a few basic formulas and access to some simple models, understanding risk can be a straightforward process. This talk will discuss risk, why its important, and the poor job the hacker community has done when it comes to properly assessing risk. It will also touch on some existing risk assessment and management systems, as well as provide worked examples of real world vulnerabilities and systems and the risks they pose. Finally, this talk will examine some practical guidance on how you, as hackers, security researchers, and security practitioners can better measure risk in your day to day life2015-08-0800:53:29Ficha
Vídeo
Youtube
Yes You Can Walk on Water [DC23 @IoT]Brian KnopfUsing small or almost non-existent budgets as an excuse for not running application and product security programs is not acceptable. Instead, leverage external researchers by incentivising them with free products, thanking and embracing researchers for their help, and promising transparency into our direction and enhancements, with the goal of secure consumer devices for everyone.

This talk will walk through the creation of two successful application and product security teams built in organizations without many resources or large budgets. A model any startup company can adopt to deliver solid products, rather than using excuses to defer action.

2015-08-0700:44:47Ficha
Vídeo
Youtube
Applied Intelligence: Using Information That's Not There [DC23]Michael SchrenkOrganizations continue to unknowingly leak trade secrets on the Internet. To those in the know, these leaks are a valuable source of competitive intelligence. This talk describes how the speaker collects competitive intelligence for his own online retail business. Specifically, you learn how he combines, trends, and analyzes information within specific contexts to manufacture useful data that is real, but technically doesn't exist on it's own. For example, you will learn about the trade secrets that are hidden within sequential numbers, how he uses collected intelligence to procure inventory, and how and why he gauges the ongoing health of his industry and that of his competitors. And on a related note, you'll also learn how the federal government nearly exposed an entire generation to identity fraud.2015-08-0700:38:30Ficha
Vídeo
Youtube
Yellow Means Proceed with Caution [DC23 @Soc. Eng]Noah BeddomeDirecting the nature and dynamic of social interactions is at the heart of social engineering. One of the most impactful forms of this is being able to make a functional interaction out of a hostile or uncomfortable one. During this talk we will look at the different levels of intensity within interactions and ways to manage them.
2015-08-0700:55:37Ficha
Vídeo
Youtube
Understanding End-User Attacks [DC23 @Soc. Eng]Dave KennedyFrom our own analysis, phishing attacks for the first time are the number one attack vector superseding direct compromises of perimeter devices. Endpoints are now subjective to a number of different types of attacks and it’s all around targeting the user. This talk will walk through a number of targeted attacks that elicit social engineering aspects in order to gain a higher percentage of success against the victims. Additionally, we’ll be covering newer techniques used by attackers to further their efforts to move laterally in environments. Social engineering is here to stay and the largest risk we face as an industry – this talk will focus on how we can get better.2015-08-0700:51:17Ficha
Vídeo

Youtube
Impressioning [DC23 @Lockp]Jos WeyersMany hackers are familiar with the art of lockpicking... manipulating open a lock with small tools when you don't have a key. Many locks can indeed be opened in this fashion... in the end you still have a lock (albeit an open one) with no key. What if you WANT the key itself? Impressioning is the art of generating a working key from whole cloth... from the OUTSIDE of a locked door without any access to the internals or the original key.2015-08-0?00:33:44Sin Ficha
Youtube
DNS May Be Hazardous to Your Health [DC21]Robert StuckeHis research explores many self-inflicted gaps that continue to plague even the largest companies. These gaps are often seen as trivial and ignored, thus making all of their DNS investments lead to a false sense of security. Before we harden our resolvers to prevent poisoning, maybe we should ensure our clients are querying what is expected. Before we make operational decisions about how client resolver settings should be configured, maybe should consider the consequences to DNS behavior. Before we call DNS secure, maybe we should understand what it is doing.2013-08-0300:37:01Ficha
Vídeo
Youtube
Evil DoS Attacks and Strong Defenses [DC21]Sam Bowne & Matthew PrinceOn the attack side, this talk will explain and demonstrate attacks which crash Mac OS X, Windows 8, Windows Server 2012, and Web servers; causing a BSOD or complete system freeze. The Mac and Windows systems fall to the new IPv6 Router Advertisement flood in thc-ipv6-2.1, but only after creating a vulnerable state with some "priming" router advertisements. Servers fail from Sockstress--a brutal TCP attack which was invented in 2008, but still remains effective today.

On the defense side: the inside story of the DDoS that almost Broke the Internet. In March 2013, attackers launched an attack against Spamhaus that topped 300Gbps. While CloudFlare was able to fend off the attack, it exposed some vulnerabilities in the Internet's infrastructure that attackers will inevitably exploit. If an Internet-crippling attack happens, this is what it will look like. And here's what the network needs to do in order to protect itself.
2013-08-0200:41:19Ficha
Vídeo
Youtube