POPULARITY
//Coinscrum Markets EP67 Segment - Market Spotlight with Cesar Cerrudo from CTO IOActive Labs //Segment Overview:: What exactly happened in the biggest hack in DeFi? Can it happen again? As the ecosystem grows, its market has also experienced a huge pump with a current market capitalization of over $121 billion. However, this growth has also shined a light on cybersecurity issues. In the last month, 3 major cyberattacks have happened to DeFi services, including the biggest hack in crypto so far to the exchange Polygon. In this interview, Cesar Cerrudo, CTO of IOActive Labs joins host Paul Gordon to analyze the reasons and impact of security hacks in DeFi. //Read on Coinscrum Website www.coinscrum.com or watch the video version on our Youtube Channel. //Follow our Social Media:: www.linkedin.com/company/coinscrum www.twitter.com/coinscrum www.facebook.com/Coinscrum //Join our Facebook Community:: https://www.facebook.com/groups/Coinscrum //Our sponsors:: Buy & HODL BTC/ETH/LTC/XRP on Luno - http://www.coinscrum.com/luno-exchange/ Analyse on-chain data at ByteTree - http://www.coinscrum.com/bytetree-terminal/ The world's most popular way to buy, sell, and trade crypto - https://www.blockchain.com/
En este episodio tuvimos la suerte de poder contar con un gran profesional!: Cesar Cerrudo @cesarcer. Aprovechamos y le preguntamos todo lo referente a IoT, 5G y Smart Cities. No se lo pierdan!Staff:Maxi Soler@MaxiSolerCarlos "Chicho" Garay @ChgarayMarcos "Situ" Garcia @ArtsWebEmiliano Piscitelli @emilianox
Interview With Cesar Cerrudo & Agustin Arias (IOActive Labs) by The Things Industries
Slides here: https://defcon.org/images/defcon-22/dc-22-presentations/Cerrudo/DEFCON-22-Cesar-Cerrudo-Hacking-Traffic-Control-Systems-UPDATED.pdf Hacking US (and UK, Australia, France, etc.) traffic control systems Cesar Cerrudo CTO, IOACTIVE LABS Probably many of us have seen that scene from "Live Free or Die Hard" (Die Hard 4) were the "terrorist hackers" manipulate traffic signals by just hitting Enter key or typing a few keys, I wanted to do that! so I started to look around and of course I couldn't get to do the same, that's too Hollywood style! but I got pretty close. I found some interesting devices used by traffic control systems on important cities such as Washington DC, Seattle, New York, San Francisco, Los Angeles, etc. and I could hack them :) I also found that these devices are also used in cities from UK, France, Australia, China, etc. making them even more interesting. This presentation will tell the whole story from how the devices were acquired, the research, on site testing demos (at Seattle, New York and Washington DC), vulnerabilities found and how they can be exploited, and finally some possible NSA style attacks (or should I say cyberwar style attacks?) Oh, I almost forgot, after this presentation anyone will be able to hack these devices and mess traffic control systems since there is no patch available (sorry didn't want to say 0day ;)) I hope that after this I still be allowed to enter (or leave?) the US Cesar Cerrudo is CTO at IOActive Labs where he leads the team in producing ongoing cutting edge research in the areas of SCADA, mobile device, application security and more. Formerly the founder and CEO of Argeniss Consulting, acquired by IOActive, Cesar is a world renown security researcher and specialist in application security. Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. In addition, Cesar has authored several white papers on database, application security, attacks and exploitation techniques and he has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Defcon, Infiltrate, etc. Cesar collaborates with and is regularly quoted in print and online publications including eWeek, ComputerWorld, and other leading journals. Twitter: @cesarcer
Cesar Cerrudo is this weeks interview concerning by passing windows protection mechanisms. Episode 244 Show Notes Episode 244 part 1 Direct Audio Download All the Paul's Security Weekly episodes on our Bliptv archives. Hosts: Paul Asadoorian,Carlos Perez,Larry Pesce Audio Feeds:
Black Hat Briefings, Las Vegas 2005 [Audio] Presentations from the security conference
Databases are where your most valuable data rest, when you use a database server you implicitly trust the vendor, because you think you bought a good and secure product. This presentation will compare MS SQL Server and Oracle Database Server from security standpoint, comparison will include product quality, holes, patches, etc. This presentation will also show how both vendors manage security issues and how they have evolved over time. The main goal of this presentation is to kill the myths surrounding both products and let people know the truth about how secure these products are. Cesar Cerrudo is a security researcher specialized in application security. Cesar is running his own company, Argeniss. Regarded as a leading application security researcher, Cesar is credited with discovering and helping fix dozens of vulnerabilities in applications including Microsoft SQL Server, Oracle database server, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. Cesar has authored several white papers on database and application security and has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua and CanSecWest.
Black Hat Briefings, Las Vegas 2005 [Video] Presentations from the security conference
Databases are where your most valuable data rest, when you use a database server you implicitly trust the vendor, because you think you bought a good and secure product. This presentation will compare MS SQL Server and Oracle Database Server from security standpoint, comparison will include product quality, holes, patches, etc. This presentation will also show how both vendors manage security issues and how they have evolved over time. The main goal of this presentation is to kill the myths surrounding both products and let people know the truth about how secure these products are. Cesar Cerrudo is a security researcher specialized in application security. Cesar is running his own company, Argeniss. Regarded as a leading application security researcher, Cesar is credited with discovering and helping fix dozens of vulnerabilities in applications including Microsoft SQL Server, Oracle database server, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. Cesar has authored several white papers on database and application security and has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua and CanSecWest.
Black Hat Briefings, Europe 2007 [Audio] Presentations from the security conference.
"Data theft is becoming a major threat, criminals have identified where the money is, In the lafrom fortune 500 companies were compromised causing lots of money losses. This talk will discuss the Data Theft problem st years many databases focusing on database attacks, we will show actual information about how serious the data theft problem is, we will explain why you should care about database security and common attacks will be described, the main part of the talk will be the demostration of unknown and not well known attacks that can be used or are being used by criminals teasily steal data from your databases, we will focus on most used database servers: MS SQL Server and Oracle Database, it will be showed how to steal a complete database from Internet, how tsteal data using a database rootkit and backdoor and some advanced database 0day exploits. We will demostrate that compromising databases is not big deal if they haven't been properly secured. Alsit will be discussed how tprotect against attacks syou can improve database security at your site." "Cesar Cerrudis a security researcher & consultant specialized in application security. Cesar is running his own company, Argeniss (www.argeniss.com). Regarded as a leading application security researcher, Cesar is credited with discovering and helping fix dozens of vulnerabilities in applications including Microsoft SQL Server, Oracle database server, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. Cesar has authored several white papers on database and application security and has been invited tpresent at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest and WebSec."
Black Hat Briefings, USA 2007 [Audio] Presentations from the security conference.
Kernel vulnerabilities are often deemed unexploitable or at least unlikely to be exploited reliably. Although it's true that kernel-mode exploitation often presents some new challenges for exploit developers, it still all boils down to ""creative debugging"" and knowledge about the target in question. This talk intends to demystify kernel-mode exploitation by demonstrating the analysis and reliable exploitation of three different kernel vulnerabilities without public exploits. From a defenders point of view this could hopefully serve as an eye-opener, as it demonstrates the ineffectiveness of HIDS, NX, ASLR and other protective measures when the kernel itself is being exploited. The entire process will be discussed, including how the vulnerabilities were found, how they were analyzed to determine if and how they can be reliably exploited and of course the exploits will be demonstrated in practice. The vulnerabilities that will be discussed are: - FreeBSD 802.11 Management Frame Integer Overflow Found and exploited by Karl Janmar. Advisory: http://www.signedness.org/advisories/sps-0x1.txt - NetBSD Local Kernel Heap Overflow Found by Christer ?berg, exploited by Christer ?berg and Joel Eriksson. - Windows (2000 & XP) Local GDI Memory Overwrite Found by Cesar Cerrudo, exploited by Joel Eriksson. Advisory: http://projects.info-pull.com/mokb/MOKB-06-11-2006.html More information about the vulnerabilities can be found at: http://kernelwars.blogspot.com/
Black Hat Briefings, USA 2007 [Video] Presentations from the security conference.
Kernel vulnerabilities are often deemed unexploitable or at least unlikely to be exploited reliably. Although it's true that kernel-mode exploitation often presents some new challenges for exploit developers, it still all boils down to ""creative debugging"" and knowledge about the target in question. This talk intends to demystify kernel-mode exploitation by demonstrating the analysis and reliable exploitation of three different kernel vulnerabilities without public exploits. From a defenders point of view this could hopefully serve as an eye-opener, as it demonstrates the ineffectiveness of HIDS, NX, ASLR and other protective measures when the kernel itself is being exploited. The entire process will be discussed, including how the vulnerabilities were found, how they were analyzed to determine if and how they can be reliably exploited and of course the exploits will be demonstrated in practice. The vulnerabilities that will be discussed are: - FreeBSD 802.11 Management Frame Integer Overflow Found and exploited by Karl Janmar. Advisory: http://www.signedness.org/advisories/sps-0x1.txt - NetBSD Local Kernel Heap Overflow Found by Christer ?berg, exploited by Christer ?berg and Joel Eriksson. - Windows (2000 & XP) Local GDI Memory Overwrite Found by Cesar Cerrudo, exploited by Joel Eriksson. Advisory: http://projects.info-pull.com/mokb/MOKB-06-11-2006.html More information about the vulnerabilities can be found at: http://kernelwars.blogspot.com/