security.didici.cc

[News] US: China hacking 'repeatedly raised at highest level'

2 months ago

The US says it has repeatedly raised concerns with Beijing about cyber theft, as a report linked a hacking group with a Chinese military unit. While not commenting directly on the report, a White House spokesman called cyber theft a "major challenge" in t ...

[News] New Mac malware opens secure reverse shell

2 months ago

A new backdoor Trojan for OS X is making the rounds, attempting to set up a secure connection for a remote hacker to connect through and grab private information. The malware, dubbed "Pintsized" by Intego, is suspected of using a modified implementation o ...

[News] Apple Breached by Facebook Hackers Using Java Exploit

2 months ago

Apple is the latest major American company to enter the security confessional and disclose it has been breached. The company told Reuters today it was attacked by the same crew that hit Facebook, which disclosed its breach last Friday, and that like the s ...

[News] Botnet master abuses Facebook for pocket money, researchers reveal

2 months ago

A Chinese hacker's main job may well be running a botnet of malware-clotted zombie PCs, but there's always time left in the day for selling fake Likes, apparently. It is not every day that remorseful confessions over lapsed adherence to the Five Precepts ...

[News] Apple, Facebook, Twitter hacks said to hail from Eastern Europe

2 months ago

While many security experts have been pointing the blame at China for the recent wave of cyberattacks on U.S. companies and newspapers, Bloomberg reports that some of the malware attacks actually may be coming from Eastern Europe. Investigators familiar w ...

[News] Firefox 19 Fixes HTTPS Phishing Issue, Adds Built-In PDF Viewer

2 months ago

Mozilla has released Firefox 19, the latest version of its flagship browser, which includes not only fixes for a number of serious security vulnerabilities but also a built-in PDF viewer. The native PDF viewer in Firefox could help protect against some of ...

[News] Apple patches the Java hole its own developers fell into - eventually

2 months ago

Shortly after admitting that its own techies got infected thanks to a Java hole, Apple has pushed out a Java update for the rest of us. Bit of a pity that the Fruity Ones didn't do this back at the beginning of February, when Oracle's emergency "pre-Patch ...

[News] Biometric USB password key worthy of 'Mission: Impossible'

2 months ago

I hate to use the term "sexy" to describe a gadget, but if the myIDkey isn't "sexy," at least it's "damn fine." It takes the concept of a USB drive that protects all your passwords and does it up right with voice-activated search, biometric fingerprint id ...

[News] Why encryption doesn't solve the data sovereignty debate

2 months ago

There is a long-standing argument that encrypting all data sent to the cloud could make the data sovereignty debate irrelevant, enabling Australian companies to make use of cheaper, offshore clouds. The basis of the argument is that data, once encrypted, ...

[News] McAfee finds sophisticated attacks targeting other 'critical sectors' of the economy

2 months ago

Financial services has been a favorite target for sophisticated attacks in the last few years, but cyber criminals are moving on to other "critical sectors of the economy," according to McAfee. In the security giant's fourth quarter threats report, resear ...

Circle City Con 2017 - Ichthyology: Phishing as a Science

2 months ago

Many companies view phishing as a given: employees will click links and enter credentials, and we just need to be okay with that. Phishing prevention usually takes the form of training, and a warning to be careful when reading email. But does phishing tra ...

Circle City Con 2017 - Creating Your Own Customized Metamorphic Algorithm

2 months ago

Most malware uses metamorphic code to evade Antivirus detection. These techniques also slow down security researchers when digging deeper into the malware code. On the malware side, there are many ways to generate and implements the said algorithms, yet o ...

Circle City Con 2017 - Peakaboo - I own you: Owning hundreds of thousands of devices with a broken HTTP packet

2 months ago

Imagine that you've purchased your small a cheap ip security camera to feel just a little better with your own physical security. Now imagine that the people who designed that camera know nothing about secure programming, security or programming at all. I ...

USENIX Security '17 - "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS

2 months ago

Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl, SBA Research Protecting communication content at scale is a difficult task, and TLS is the protocol most commonly used to do so. However, it has been shown that deploying it in a ...

USENIX Security '17 - Beauty and the Burst: Remote Identification of Encrypted Video Streams

2 months ago

Roei Schuster, Tel Aviv University, Cornell Tech; Vitaly Shmatikov, Cornell Tech; Eran Tromer, Tel Aviv University, Columbia University The MPEG-DASH streaming video standard contains an information leak: even if the stream is encrypted, the segmentation ...

USENIX Security '17 - Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks

2 months ago

Tao Wang, Hong Kong University of Science and Technology; Ian Goldberg, University of Waterloo Website fingerprinting (WF) is a traffic analysis attack that allows an eavesdropper to determine the web activity of a client, even if the client is using pri ...

USENIX Security '17 - A Privacy Analysis of Cross-device Tracking

2 months ago

Sebastian Zimmeck, Carnegie Mellon University; Jie S. Li and Hyungtae Kim, unaffiliated; Steven M. Bellovin and Tony Jebara, Columbia University Online tracking is evolving from browser- and device-tracking to people-tracking. As users are increasingly a ...

USENIX Security '17 - SmartPool: Practical Decentralized Pooled Mining

2 months ago

Loi Luu, National University of Singapore; Yaron Velner, The Hebrew University of Jerusalem; Jason Teutsch, TrueBit Foundation; Prateek Saxena, National University of Singapore Cryptocurrenci
es such as Bitcoin and Ethereum are operated by a handful of mi ...

USENIX Security '17 - REM: Resource-Efficient Mining for Blockchains

2 months ago

Fan Zhang, Ittay Eyal, and Robert Escriva, Cornell University; Ari Juels, Cornell Tech; Robbert van Renesse, Cornell University Blockchains show promise as potential infrastructure for financial transaction systems. The security of blockchains today, how ...

USENIX Security '17 - Ensuring Authorized Updates in Multi-user Database-Backed Applications

2 months ago

Kevin Eykholt, Atul Prakash, and Barzan Mozafari, University of Michigan Ann Arbor Database-backed applications rely on access control policies based on views to protect sensitive data from unauthorized parties. Current techniques assume that the applica ...

USENIX Security '17 - Qapla: Policy compliance for database-backed systems

2 months ago

Aastha Mehta and Eslam Elnikety, Max Planck Institute for Software Systems (MPI-SWS); Katura Harvey, University of Maryland, College Park and Max Planck Institute for Software Systems (MPI-SWS); Deepak Garg and Peter Druschel, Max Planck Institute for Sof ...

USENIX Security '17 - Data Hemorrhage, Inequality, and You: How Technology and Data Flows are Changing the Civil Liberties Game

2 months ago

Data Hemorrhage, Inequality, and You: How Technology and Data Flows are Changing the Civil Liberties Game Shankar Narayan, Technology and Liberty Project Director, American Civil Liberties Union of Washington Rapidly growing data flows and game-changing ...

DEF CON 25 - Artem Kondratenko - Cisco Catalyst Exploitation

2 months ago

On March 17th, Cisco Systems Inc. made a public announcement that over 300 of the switches it manufactures are prone to a critical vulnerability that allows a potential attacker to take full control of the network equipment. This damaging public announce ...

DEF CON 25 Packet Hacking Village - Vivek Ramachandran,Thomas d'Otreppe - Make a 802.11AC Monitor

2 months ago

802.11ac networks present a significant challenge for scalable packet sniffing and analysis. With projected speeds in the Gigabit range, USB Wi-Fi card based solutions are now obsolete! In this workshop, we will look at how to build a custom monitoring so ...

DEF CON 25 Packet Hacking Village - Tom Sela - Fooling the Hound Deceiving Doman Admin Hunters

2 months ago

The conflict between cyber attackers and defenders is too often in favor of attackers. Recent results of graph theory research incorporated into red-team tools such as BloodHound, shift the balance even more dramatically towards attackers. Any regular dom ...

DEF CON 25 Packet Hacking Village - Tan Kean Siong - Stories from a 15 days SMB Honeypot Mum

2 months ago

WannaCry, Eternal Blue, SambaCry are the popular topic recently. During the outbreak in May 2017, we designed a 'real' Windows 7 / Samba server with the open source Dionaea honeypot and exposed the favourable SMB port to the world. There are tons of expec ...

DEF CON 25 Packet Hacking Village - Ron Taylor - Demystifying The OPM breach, WTF Really Happened

2 months ago

In September 2016 the House Committee on oversight finally released their report. Four years after the original breach, we are still asking how the f*#! did this happen. This talk with go over the key findings of the report and the impact on those who wer ...

DEF CON 25 Packet Hacking Village - Brute Logic - XSS For the win

2 months ago

Cross-site Scripting (XSS) is the most widespread plague of the web but is usually restricted to a simple popup window with the infamous vector. In this short talk we will see what can be done with XSS as an attacker or pentester and the impact of it for ...

DEF CON 25 Packet Hacking Village - Sam Erb - You're Going to Connect to the Wrong Domain Name

2 months ago

Can you tell the difference between gооgle.com and google.com? How about xn--ggle-55da.com and google.com? Both domain names are valid and show up in the Certificate Transparency log. This talk will be a fun and frustrating look at typosquatting, bitsqu ...

DEF CON 25 Packet Hacking Village - Peter Ewane - Cloudy With A Chance of Persistence

2 months ago

The use of Amazon Cloud as a base of operations for businesses is increasing at a rapid rate. Everyone from 2 person start-ups to major companies have been migrating to the cloud. Because of this migration, cloud vendors have become the focus of potential ...

DEF CON 25 Packet Hacking Village - Mike Raggo, Chet Hosmer - Covert TCP with a Twist

2 months ago

Taking a modern day look on the 20 year anniversary of Craig Rowland's article on Covert TCP, we explore current day methods of covert communications and demonstrate that we are not much better off at stopping these exploits as we were 20 years ago. With ...

DEF CON 25 Packet Hacking Village - Michael Gianarakis ,Keith Lee - Portia

2 months ago

Portia: it's a new tool we have written at SpiderLabs to aid in internal penetration testing test engagements. The tool allows you to supply a username and password that you have captured and cracked from Responder or other sources as well as an IP ranges ...

DEF CON 25 Packet Hacking Village - Megan Roddie - Strengthen Secops By Leveraging Neurodiversity

2 months ago

High productivity, extreme attention to detail, logical/calculated, passionate, and hyper-focused. These are all characteristics considered valuable in the information security industry. However, a certain group of people who exceed expectations in these ...

DEF CON 25 Packet Hacking Village - Marek Majkowski - IP Spoofing

2 months ago

At Cloudflare we deal with DDoS attacks every day. Over the years, we've gained a lot of experience in defending from all different kinds of threats. We have found that the largest attacks that cause the internet infrastructure to burn are only possible d ...

The Tool Box | SessionGopher

2 months ago

Today's episode of The Tool Box features SessionGopher. We breakdown everything you need to know! Including what it does, who it was developed by, and the best ways to use it! Check out Session Gopher here: Github - https://github.com/fireey
e/SessionGo ...

GrrCon 2017 - Dissecting Destructive Malware and Recovering from Catastrophe

2 months ago

An in depth look into the NotPetya malware outbreak from a boots-on-ground incident responder with first-hand experience assisting organizations through response, recovery and investigation. This talk will cover how NotPetya operates, the geopolitical sig ...

GrrCon 2017 - Infosec State of Affairs: Too much Kim Kardashian - not enough Malcolm Gladwel

2 months ago

GrrCon 2017 - Infosec State of Affairs: Too much Kim Kardashian - not enough Malcolm Gladwel For More Information Please Visit:- http://www.grrcon.com/ ht
tp://www.irongeek.com/i.p
hp?page=videos/grrcon2017
/mainlist

GrrCon 2017 - How do you POC? Are you really testing a product

2 months ago

We have all read the reports from the successful breaches from Target to Equifax. Have you ever questioned the nature of the security products not preventing or alerting earlier to breach? Trend Micro,s presentation will focus on the Proof-of-Concept phas ...

GrrCon 2017 - Tales From The Trenches: Practical Information Security Lessons

2 months ago

In this talk, Michael Belton discusses his past experiences delivering penetration testing services. The format for this talk is conversational and audience participation is encouraged. Michael will provide background on the situation, discuss the actual ...

GrrCon 2017 - Securing the Internet of Things (IoT) -Through Security Research and Vulnerability Analysis

2 months ago

GrrCon 2017 - Securing the Internet of Things (IoT) -Through Security Research and Vulnerability Analysis For More Information Please Visit:- http://www.grrcon.com/ ht
tp://www.irongeek.com/i.p
hp?page=videos/grrcon2017
/mainlist

GrrCon 2017 - The Future of Cyber Security

2 months ago

GrrCon 2017 - The Future of Cyber Security For More Information Please Visit:- http://www.grrcon.com/ ht
tp://www.irongeek.com/i.p
hp?page=videos/grrcon2017
/mainlist

GrrCon 2017 - Building a Usable Mobile Data Protection Strategy

2 months ago

Mobile smart devices from the consumer perspective are easy to activate for a enriched user experience. Enable smart devices in the enterprise, after the basics, the user experience they know drops while users and InfoSec demand more with competing agenda ...

GrrCon 2017 - Software Defined Segmentation

2 months ago

Acquisitions, partnerships, BYOD, IoT are just some business demands that increase security headaches for businesses and place demand on IT. Come explore segmentation as a mechanism to combat compromises of one system to another. For More Information Pl ...

GrrCon 2017 - The Shuttle Columbia Disaster: Lessons That Were Not Learned

2 months ago

When the shuttle Challenger was destroyed in 1986, poor NASA culture was significant in the events the led to the disaster. NASA made serious changes to their space program to ensure human life was at the least risk possible. But in 2003, the shuttle Colu ...

GrrCon 2017 - Infrastructure Based Security

2 months ago

As the enterprise continues to be bombarded with advanced and increasingly more sophisticated attacks, the CISO must shift to accomplish three critical objectives: Gain Superior Visibility and Control over their environment, Automate tasks that enhance se ...

DEF CON 25 Crypto and Privacy Village - Lauren Rucker - Have You Seen My Naked Selfies Neither Has M

2 months ago

Privacy is fairly cut and dry when it’s US verses THEM, but what if it’s ME verses YOU within US? What are YOUR Privacy Rights, in the context of OUR relationship? Am I your non-trusting girlfriend? Am I your controlling boyfriend? Am I your snoopi ...

RouterSploit - Find Router Exploitation on Kali Linux 2018.2 (Router Exploitation Framework)

2 months ago

Find Vulnerability of any router exploitation. The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

SocialFish - The Ultimate Phishing Tool (Ngrok Integration) on Kali Linux

2 months ago

Ultimate phishing tool. Socialize with the credentials.

Black Hat Asia 2019: Keynote: The Next Arms Race

2 months ago

The Internet is not supposed to have borders, but it does. Countries fight and spy on each other on the Internet every day. So, borders still exist on the Internet, and almost all countries are investing into offensive use of cyber power. The new weapons ...

Black Hat Asia 2019: CQTools: The New Ultimate Hacking Toolkit

2 months ago

CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose the top 39 tools and pack them in a toolkit called CQTools. We are going to announce 5 new tools at Black Hat Asia, allowing the ultimate privilege elevation an ...

Black Hat Asia 2019: Investigating Malware Using Memory Forensics - A Practical Approach

2 months ago

The number of cyber attacks is undoubtedly on the rise targeting government, military, public and private sectors. Most of these cyber attacks make use of malicious programs (Malware) for financial theft, espionage, intellectual property theft, and politi ...

Black Hat Asia 2019: Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All

2 months ago

HTTPS is the backbone for online privacy and commerce – yet, for two decades, the underlying TLS protocol received little more than a series of band-aid fixes. Rather than deprecating cryptographic techniques with known weakness, the TLSv1.2 specificati ...

Black Hat Asia 2019: Return of the Insecure Brazilian Voting Machines

2 months ago

This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the ...

DNSAdmin To DC Compromise

2 months ago

This is an feature abuse where in a user who is a member of DNSAdmins group can load arbitary dll on the DNS server. Lets try to first find the users which are a part of DNSAdmins group. we will be using DNSadmin cmd to load dll on the DC server where the ...

Analysis of memory from a system infected with Zeus bot

2 months ago

Quick analysis with Volatility of a memory image from a system that was infected with zeus bot malware.

XOR ECX, 0x00 - What The ShellCode (Part 1) - Billy Meyers

2 months ago

In this presentation titled What The Shellcode, Billy Meyers (@_hAxel) gives a quick primer for Assembly language, and then goes over some quick analysis of shellcode for x86 Linux. XOR ECX (named so for the combination of the company name and the genera ...

XOR ECX 0x00 What The ShellCode (Part 2) - James Haughom Jr.

2 months ago

In this presentation titled What The Shellcode, James Haughom Jr. (@rnranalysis) continues from the Part 1 of the talk and gives a deep dive into analyzing Windows x86 shellcode. Unfortunately the lighting was not great for this presentation and James's ...

[Wi-Fi Attack-Defense] Preferred Network List (Basics)

2 months ago

Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracad
emy.com/onlinelabs Pente
sterAcademy courses library: https://www.pentesteracad
emy.com/topics

[Wi-Fi Attack-Defense] Wi-Fi Network Reconnaissance

2 months ago

Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracad
emy.com/onlinelabs Pente
sterAcademy courses library: https://www.pentesteracad
emy.com/topics

[Wi-Fi Attack-Defense] Wi-Fi Network Reconnaissance II

2 months ago

Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracad
emy.com/onlinelabs Pente
sterAcademy courses library: https://www.pentesteracad
emy.com/topics

[Wi-Fi Attack-Defense] Preferred Network List (Basics)

1 year ago

Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracad
emy.com/onlinelabs Pente
sterAcademy courses library: https://www.pentesteracad
emy.com/topics

[Wi-Fi Attack-Defense] Wi-Fi Network Reconnaissance

1 year ago

Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracad
emy.com/onlinelabs Pente
sterAcademy courses library: https://www.pentesteracad
emy.com/topics

[Wi-Fi Attack-Defense] Wi-Fi Network Reconnaissance II

1 year ago

Learn cybersecurity with our hands-on, practical online labs like the one in this video: https://www.pentesteracad
emy.com/onlinelabs Pente
sterAcademy courses library: https://www.pentesteracad
emy.com/topics

RouterSploit - Find Router Exploitation on Kali Linux 2018.2 (Router Exploitation Framework)

2 years ago

Find Vulnerability of any router exploitation. The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

SocialFish - The Ultimate Phishing Tool (Ngrok Integration) on Kali Linux

2 years ago

Ultimate phishing tool. Socialize with the credentials.

DNSAdmin To DC Compromise

2 years ago

This is an feature abuse where in a user who is a member of DNSAdmins group can load arbitary dll on the DNS server. Lets try to first find the users which are a part of DNSAdmins group. we will be using DNSadmin cmd to load dll on the DC server where the ...

Analysis of memory from a system infected with Zeus bot

2 years ago

Quick analysis with Volatility of a memory image from a system that was infected with zeus bot malware.

XOR ECX, 0x00 - What The ShellCode (Part 1) - Billy Meyers

2 years ago

In this presentation titled What The Shellcode, Billy Meyers (@_hAxel) gives a quick primer for Assembly language, and then goes over some quick analysis of shellcode for x86 Linux. XOR ECX (named so for the combination of the company name and the genera ...

XOR ECX 0x00 What The ShellCode (Part 2) - James Haughom Jr.

2 years ago

In this presentation titled What The Shellcode, James Haughom Jr. (@rnranalysis) continues from the Part 1 of the talk and gives a deep dive into analyzing Windows x86 shellcode. Unfortunately the lighting was not great for this presentation and James's ...

DEF CON 25 Crypto and Privacy Village - Lauren Rucker - Have You Seen My Naked Selfies Neither Has M

2 years ago

Privacy is fairly cut and dry when it’s US verses THEM, but what if it’s ME verses YOU within US? What are YOUR Privacy Rights, in the context of OUR relationship? Am I your non-trusting girlfriend? Am I your controlling boyfriend? Am I your snoopi ...

Black Hat Asia 2019: Keynote: The Next Arms Race

2 years ago

The Internet is not supposed to have borders, but it does. Countries fight and spy on each other on the Internet every day. So, borders still exist on the Internet, and almost all countries are investing into offensive use of cyber power. The new weapons ...

Black Hat Asia 2019: CQTools: The New Ultimate Hacking Toolkit

2 years ago

CQURE Team has written over 200 hacking tools during penetration testing. We decided to choose the top 39 tools and pack them in a toolkit called CQTools. We are going to announce 5 new tools at Black Hat Asia, allowing the ultimate privilege elevation an ...

Black Hat Asia 2019: Investigating Malware Using Memory Forensics - A Practical Approach

2 years ago

The number of cyber attacks is undoubtedly on the rise targeting government, military, public and private sectors. Most of these cyber attacks make use of malicious programs (Malware) for financial theft, espionage, intellectual property theft, and politi ...

Black Hat Asia 2019: Return of the Insecure Brazilian Voting Machines

2 years ago

This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the ...

Black Hat Asia 2019: Zombie POODLE, GOLDENDOODLE, and How TLSv1.3 Can Save Us All

2 years ago

HTTPS is the backbone for online privacy and commerce – yet, for two decades, the underlying TLS protocol received little more than a series of band-aid fixes. Rather than deprecating cryptographic techniques with known weakness, the TLSv1.2 specificati ...

TekThing 161 – Bitcoin Sucks For Gaming PCs!!! Our Video Gear, Fingbox Home Network Security

3 years ago

—— Thank You Patrons! Without your support via patreon.com/tekthing, we wouldn’t be able to make the show for you every week! https://www.patreon
.com/tekthing EMAIL US! [email protected] SUPPORT: Amazon Associates: http://amzn.to/2xbnsUa Su
bscribe: ...

FISA Lives On & The NSA Keeps Surveillance Authority – ThreatWire

3 years ago

The NSA can legally monitor some communications, some google chrome extensions were found to be malicious, and OnePlus had a credit card hack. All that coming up now on ThreatWire. ————
—————- Shop: http://www.hakshop.com Su
pport: http ...

How to setup Metasploitable 3 – Metasploit Minute

3 years ago

Metasploit Minute – the break down on breaking in. Join Mubix (aka Rob Fuller) every Monday here on Hak5. Thank you for supporting this ad free programming. Sponsored by Hak5 and the HakShop – http://hakshop.com :: Subscribe and learn more at http://m ...

TekThing 160 – Anker Roav VIVA Alexa Car Charger, 33 More CES 2018 Products, Razer Linda vs. Sentio Superbook

4 years ago

CES Trends, 33 More CES 2018 Products! Anker Roav VIVA Alexa Enabled Car Charger, Razer Linda vs. Sentio Superbook —— 01:14 CES TRENDS What was driving CES 2018 this year? AI that’s not so I, Voice Assistance and Commands (Google Assistant was every ...

Meltdown and Spectre – Everything You Need To Know – ThreatWire

4 years ago

Everything you need to know about Spectre and Meltdown. All that coming up now on ThreatWire. ————
—————- Shop: http://www.hakshop.com Su
pport: http://www.patreon.com/th
reatwire Subscribe: http://www.youtube.com/ha
k5 Our Site: http://w ...

Hak5 2319 – [[ PAYLOAD ]] – OS Detection Payload

4 years ago

————————
—- Shop: http://www.hakshop.com Su
pport: http://www.patreon.com/th
reatwire Subscribe: http://www.youtube.com/ha
k5 Our Site: http://www.hak5.org Conta
ct Us: http://www.twitter.com/ha
k5 Threat Wire RSS: https://shannonmorse.podb ...

TekThing 159 – CES 2018! New TVs From LG, Samsung, TCL, HiSense, Virtual Reality, 1TB Flash Drives, and more!

4 years ago

For those that requested it, here are each of our CES 2018 segments exported into one long video! These are the same segments already uploaded to Youtube, just clumped into one video. Thank you for supporting our coverage of CES! —— Luggage That Follo ...

Hak5 2318 – [[ PAYLOAD ]] – Best Payload Practices

4 years ago

————————
—- Shop: http://www.hakshop.com Su
pport: http://www.patreon.com/th
reatwire Subscribe: http://www.youtube.com/ha
k5 Our Site: http://www.hak5.org Conta
ct Us: http://www.twitter.com/ha
k5 Threat Wire RSS: https://shannonmorse.podb ...

TekThing 158 – New Dell XPS 13, HP Chromebooks, CES 2018, More Reasons Your Computer Gets Fried, Kill-A-Watt!!!

4 years ago

New Laptops! Dell XPS 13, HP HP Chromebook 14 G5 and 11 G6 Education Edition! CES 2018, Floating Neutral, Kill-A-Watt —— 00:56 TekThing Meetup Las Vegas Happy New Year!!! If you’re in Las Vegas for CES, live in Las Vegas, or feel like getting yourse ...

Hak5 2317 – [[ PAYLOAD ]] – The Situation Response Payload

4 years ago

————————
—- Shop: http://www.hakshop.com Su
pport: http://www.patreon.com/th
reatwire Subscribe: http://www.youtube.com/ha
k5 Our Site: http://www.hak5.org Conta
ct Us: http://www.twitter.com/ha
k5 Threat Wire RSS: https://shannonmorse.podb ...

Snowden’s New Security System; Browsing Tracked By Login Forms – ThreatWire

4 years ago

Your browsing data could be tracked by login forms, Forever21 got hacked, and Snowden released his very own mobile security system. All that coming up now on ThreatWire. ————
—————- Shop: http://www.hakshop.com Su
pport: http://www.patr ...

Hak5 2316 – The Hak5 Annual Blooper Reel!

4 years ago

Celebrate another year of craziness with us by checking out some of our favorite bloopers from 2017! Happy New Year and we’ll see ya next week! ——————
———- Shop: http://www.hakshop.com Su
pport: http://www.patreon.com/th
reatwire Subs ...

TekThing 157 – Amazon Echo Spot Review, Best Gear of 2017, Can You Speed Up Your VPN???

4 years ago

Best of 2017: TVs, Phones, Headphones, More. The Perfect Alarm Clock? Amazon Echo Spot Review. Two Fast VPNs Tested! —— 00:50 BEST OF 2017!!! What were the products that really stood out in 2017??? AMD’s Ryzen CPUs and Nvidia’s Switch are definite ...

The Biggest Hacks of 2017 – ThreatWire

4 years ago

The biggest, baddest, worst hacks and vulnerabilities of 2017! All that coming up now on ThreatWire. ————
—————- Shop: http://www.hakshop.com Su
pport: http://www.patreon.com/th
reatwire Subscribe: http://www.youtube.com/ha
k5 Our Site: h ...

USENIX Security '17 - Walkie-Talkie: An Efficient Defense Against Passive Website Fingerprinting Attacks

4 years ago

Tao Wang, Hong Kong University of Science and Technology; Ian Goldberg, University of Waterloo Website fingerprinting (WF) is a traffic analysis attack that allows an eavesdropper to determine the web activity of a client, even if the client is using pri ...

USENIX Security '17 - Beauty and the Burst: Remote Identification of Encrypted Video Streams

4 years ago

Roei Schuster, Tel Aviv University, Cornell Tech; Vitaly Shmatikov, Cornell Tech; Eran Tromer, Tel Aviv University, Columbia University The MPEG-DASH streaming video standard contains an information leak: even if the stream is encrypted, the segmentation ...

USENIX Security '17 - "I Have No Idea What I'm Doing" - On the Usability of Deploying HTTPS

4 years ago

Katharina Krombholz, Wilfried Mayer, Martin Schmiedecker, and Edgar Weippl, SBA Research Protecting communication content at scale is a difficult task, and TLS is the protocol most commonly used to do so. However, it has been shown that deploying it in a ...

Circle City Con 2017 - Peakaboo - I own you: Owning hundreds of thousands of devices with a broken HTTP packet

4 years ago

Imagine that you've purchased your small a cheap ip security camera to feel just a little better with your own physical security. Now imagine that the people who designed that camera know nothing about secure programming, security or programming at all. I ...

Circle City Con 2017 - Creating Your Own Customized Metamorphic Algorithm

4 years ago

Most malware uses metamorphic code to evade Antivirus detection. These techniques also slow down security researchers when digging deeper into the malware code. On the malware side, there are many ways to generate and implements the said algorithms, yet o ...

Circle City Con 2017 - Ichthyology: Phishing as a Science

4 years ago

Many companies view phishing as a given: employees will click links and enter credentials, and we just need to be okay with that. Phishing prevention usually takes the form of training, and a warning to be careful when reading email. But does phishing tra ...

Circle City Con 2017 - We Don't Always Go Lights and Sirens

4 years ago

One of the most critical steps to Incident Response is the initial triage phase. The same can be said of the decision Paramedics make when responding to emergency calls. During this presentation we will review how to properly triage an incident based on t ...

Circle City Con 2017 - You're not old enough for that: A TLS extension to put the past behind us

4 years ago

TLS evolves rapidly. We don't all have the luxury of upgrading with it, unfortunately; new versions, extensions, cipher suites, and protocols require mutual support. This poses a serious problem for those who have legacy systems that cannot be upgraded (t ...

Circle City Con 2017 - Changing our future with 3D Printing

4 years ago

3D Printing represents the last tool that will be necessary is shifting into our new 21st century economy, as we finally break ourselves free from the shackles of the wealth inequality generated during the first three and a half industrial revolutions and ...

Circle City Con 2017 - See beyond the veil: Automating malicious javascript deobfuscation

4 years ago

Exploit kits use javascript to direct victim browsers to hosted exploits. These javascript are highly obfuscated to mask their intent and make analysis more difficult. Deobfuscating it manually is time consuming and does not scale. This talk with discuss ...

Circle City Con 2017 - Open Sesamee

4 years ago

Resettable combination locks are popular because they can be set to user-chosen codes. Multiple locks can be set alike to one another. Authorized users don't have to keep track of key or other physical credentials. These locks are often used to control ac ...