Podcasts about ioactive

The “Sinkclose” bug is a critical vulnerability impacting AMD chips across hundreds of millions of PCs and servers, and – as a result – possibly gamers. In this episode, Krzysztof Okupski, Principal Security Consultant at IOActive, joins host Paul John Spaulding to discuss. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Podcast: Error Code (LS 25 · TOP 10% what is this?)Episode: EP 44: Performing Security Assessments on ICS systemsPub date: 2024-08-27Too few vulnerabilities in industrial control systems (ICS) are assigned CVEs because of client non-disclosure agreements. This results in repeatedly discovering the same vulnerabilities for different clients, especially in critical infrastructure. Don C. Weber from IOActive shares his experiences as an ICS security professional and suggests improvements, including following the SANS best practices for ICS security.. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Too few vulnerabilities in industrial control systems (ICS) are assigned CVEs because of client non-disclosure agreements. This results in repeatedly discovering the same vulnerabilities for different clients, especially in critical infrastructure. Don C. Weber from IOActive shares his experiences as an ICS security professional and suggests improvements, including following the SANS best practices for ICS security.. 

Def Con, the world's longest-running and largest underground hacking conference, once again delivered groundbreaking revelations this year. Held in Las Vegas from August 8th to 11th, the event showcased a wealth of new findings. Among the most alarming, Wired.com reports, was the disclosure of the “Sinkclose” bug: a critical vulnerability impacting AMD chips across hundreds of millions of PCs and servers. Cybercrime Magazine was in attendance when Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, broke the news. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Russia's accused of jamming a jet carrying the UK's defense minister. Senators introduce a bipartisan Section 702 compromise bill. The Cybercrime Atlas initiative seeks to dismantle cybercrime. StopCrypt ransomware grows stealthier. A Scottish healthcare provider is under cyber attack. Workers in France are at risk of data exposure. CERT-BE warns of critical vulnerabilities in Arcserve UDP software. The FCC approves IoT device labeling. Researchers snoop on AI chat responses. A MITRE-Harris poll tracks citizens' concern over critical infrastructure. On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. The FTC fines notorious tech support scammers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. Coming this weekend Tune in to the CyberWire Daily Podcast feed on Sunday for a Special Edition podcast we produced in collaboration with our partners at NICE, “Unveiling the updated NICE Framework & cybersecurity education's future.” We delve into the history of the NICE Framework, dig into its latest update, and look into the future of cybersecurity education. Selected Reading Defence Secretary jet hit by an electronic warfare attack in Poland (Security Affairs) Russia believed to have jammed signal on UK defence minister's plane - source (Reuters) Senators propose a compromise over hot-button Section 702 renewal (The Record) WEF effort to disrupt cybercrime moves into operations phase (The Register) StopCrypt: Most widely distributed ransomware now evades detection (Bleeping Computer) Scottish health service says ‘focused and ongoing cyber attack' may disrupt services (The Record) Massive Data Breach Exposes Info of 43 Million French Workers (Hack Read) WARNING: THREE VULNERABILITIES IN ARCSERVE UDP SOFTWARE DEMAND URGENT ACTION, PATCH IMMEDIATELY! (certbe) FCC approves cybersecurity label for consumer devices  (CyberScoop) Hackers can read private AI-assistant chats even though they're encrypted  (Ars Technica) MITRE-Harris poll reveals US public's concerns over critical infrastructure and perceived risks  (Industrial Cyber) Tech Support Firms Agree to $26M FTC Settlement Over Fake Services (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

En este episodio Alejandro Hernández, Associate Director of Services en IOActive, comparte su profundo conocimiento sobre cómo proteger a las empresas de ciberataques. Desde su experiencia en consultoría hasta ejemplos icónicos como el virus Stuxnet y el caso de Equifax, Alejandro enfatiza la necesidad de un enfoque holístico que combine tecnología, educación de empleados y procedimientos adecuados. Destaca los sectores más vulnerables, como la infraestructura crítica y el sector médico, y discute la importancia de la inteligencia artificial en la prevención de futuros ataques. Concluyendo con consejos prácticos sobre contraseñas y actualizaciones de software, este episodio ofrece una visión esencial y accesible para enfrentar los retos de la ciberseguridad en el mundo actual. --- Send in a voice message: https://podcasters.spotify.com/pod/show/platzi-podcast/message

 On today's episode of our Women in Tech spin-off series, our host Libby Stein was joined by Kim Crawley, Cybersecurity Writer at IOActive.   During today's episode, Kim shares with us what her typical day looks like at IOActive and some interesting projects she's working on.   Kim talks to us about something she wishes she knew before starting her career in the cybersecurity space and some of the struggles she faced getting to where she is now.   Learn more from Kim:  https://www.linkedin.com/in/kimcrawley/   Want to stay up to date with new episodes? Follow our LinkedIn page for all the latest podcast updates!Head to: https://www.linkedin.com/company/the-route-to-networking-podcast/Interested in following a similar career path? Why don't you take a look at our jobs page, where you can find your next job opportunity? Head to: www.hamilton-barnes.com/jobs/

With the push toward electrification and automation of the nation's over the road trucks, is there an increased risk of hacking or other nebulous activity by cybercriminals?  While no commercial vehicle in the United States has been directly hacked, it doesn't mean that it won't happen.  We take a look. 

TechSpective Podcast Episode 070 How do you know where the weak spots are in your cybersecurity defenses? One of the best ways is to engage a third-party–an external set of eyes and skills–to conduct a penetration test and try to find them. John Sawyer, Director of Services, Red Team at IOActive, joins me on this [...] The post John Sawyer Chats about Value of Red and Purple Team Engagements appeared first on TechSpective.

Alejandro es Senior Security Consultant en IOActive, ha sido ponente en eventos internacionales de ciberseguridad como defcon y blackhat, también es un investigador apasionado por el trading entre muchas otras cosas más que platicaremos el día de hoy.

In this episode of the Hack the Planet Podcast: We are joined by a master of C code audit, Ilja van Sprundel, Director of PenTest at IOActive and prolific public … Continue reading "Interview with Ilja van Sprundel"

13/01/2020. El pasado lunes 13 de enero nos visitaron en CiberAfterWork, el espacio de ciberseguridad del AfterWork de Capital Radio, Daniel Martinez, especialista en pentesting en el Lab de Madrid de IOActive y Javier Rodriguez, Director del departamento de ciberseguridad y riesgos globales de Tarlogic. Anteriormente desarrolló su trabajo en el Grupo de Delitos Telemáticos de la Guardia Civil. Junto a Eduardo y Mónica hablamos de la importancia de la ciberseguridad en las empresas y ciudadanos. +info: https://psaneme.com/2020/02/10/pentest-y-ciberinteligencia-para-empresas/ +info: https://psaneme.com/radio/

Interview With Cesar Cerrudo & Agustin Arias (IOActive Labs) by The Things Industries

A Their Story interview with Sean Martin and Marco Ciappelli Guests: David Baker, Bugcrowd | Pete Beck, IOactive Hosts: Sean Martin | Marco Ciappelli The organization telling us their story today is Bugcrowd. If you think about it, most painters won't select only a brush or a roller to paint a whole house. The same can be said for IT security managers looking to paint a robust security management picture for their organization. In most cases, they need the breadth and scale that a crowd-enabled research team can provide coupled with the precision of a very focused research team. “ Attack security is a fundamental part of any security program. — David Baker, CSO, Bugcrowd During the Infosecurity Europe event in London, Bugcrowd and IOactive announced a new partnership that's designed to provide the brush and the roller and everything between — bringing the right security researcher talent to the right projects at the right time. David Baker from Bugcrowd and Pete Beck from IOactive join Marco and me from the Olympia show floor to tell us more about the partnership and the direct benefits it can have for their customers. As usual, we like to peel back the onion a bit and, in doing so, we uncover a few indirect benefits the partnership has on Bugcrowd's and IOactive's business that then translate into additional benefits for their combined customer base. Have a listen! Learn more about Bugcrowd on ITSPmagazine here: https://www.itspmagazine.com/company-directory/bugcrowd Learn more about Their Story podcasts here: https://www.itspmagazine.com/their-infosec-story

Ruben Santamarta, a cyber security researcher with IOACTIVE, used a "backdoor" vulnerability to demonstrate his ability to hack into an in-flight commercial airplane's satellite internet modem. We discuss the demonstration with Ruben and his IOACTIVE colleague Josep Pi Rodriguez. The cyber experts discuss how the flaw that allowed the hack to occur was resolved by the industry.

It's never been easier to trade stocks; just a few taps or clicks will do the trick. But most of the platforms that millions of market participants rely on to move their money suffer from cybersecurity shortcomings, new research warns. As if stocks weren't risky enough already. A new report from Alejandro Hernández, a security consultant at IOActive, found that nearly all of the 40 major online trading platforms he investigated had at least some form of vulnerability.

Welcome to Episode 23 of the Digital Guardian Podcast! On this episode our hosts Will Gragido and Chris Brook chat with Gunter Ollmann, CTO, Security (Cloud and AI) at Microsoft. Gunter discusses how he got his start in the infosec world, including stints at IOActive, NCC Group, Damballa, and IBM Internet Security Systems, the recent drive around cloud security adoption, threats CISOs need to be aware of while transitioning from network to the cloud, and more.

Zach Schlumpf is the Recruiting Coordinator for IOActive. An Army Veteran, former Red Teamer, and Seattle Locksport volunteer, Zach joins us to discuss recruiting, social engineering, and the balance between technical and soft skills! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64 Visit http://securityweekly.com/category/ssw for all the latest episodes!

Zach Schlumpf of IOActive joins us. In our article discussion, we talk about winning arguments, turning insight into execution, and avoiding the "Yes" dilemma. In the news, we have updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, ReversingLabs, and more on this episode of Startup Security Weekly! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64 Visit https://www.securityweekly.com/ssw for all the latest episodes!

Zach Schlumpf of IOActive joins us. In our article discussion, we talk about winning arguments, turning insight into execution, and avoiding the "Yes" dilemma. In the news, we have updates from Bitdefender, McAfee, Barracuda Networks, Pwnie Express, ReversingLabs, and more on this episode of Startup Security Weekly! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64 Visit https://www.securityweekly.com/ssw for all the latest episodes!

Zach Schlumpf is the Recruiting Coordinator for IOActive. An Army Veteran, former Red Teamer, and Seattle Locksport volunteer, Zach joins us to discuss recruiting, social engineering, and the balance between technical and soft skills! Full Show Notes: https://wiki.securityweekly.com/SSWEpisode64 Visit http://securityweekly.com/category/ssw for all the latest episodes!

Het gebruik van robots thuis en op werk is dan misschien nog niet heel gebruikelijk, onveilig zijn die robots wel. Dat blijkt uit onderzoek van het Amerikaanse beveiligingsbedrijf IOActive. Hoe zorgelijk dat is, vragen we aan beveiligingsconsultant Jan Terpstra van HP. Backup is Boris van de Ven, bedenker en oprichter van Gamekings.

In today's podcast, we hear about Ukraine's investigation of Saturday's power outages around Kiev—speculation says it was either a demonstration or misdirection. German police track terrorists' spoor online. Pakistani hackers hit Google's Bangladesh domain, possibly for the lulz. (Speaking of the lulz, OurMine is back and messing with Twitter accounts.) Panasonic and IOActive disagree over reports of airline vulnerabilities. Verizon mulls its Yahoo! acquisition plans, post-breach. NIST is looking for some post-quantum standards. Google's Project Wycheproof gets good early reviews. Joe Carrigan from the Johns Hopkins University Information Security Institute discusses the utility of burner email addresses. Sam McLane from Arctic Wolf reviews your incident response plan. Wassenaar renegotiation goes on hold. And the ShadowBrokers offer a low, low price, for Equation Group code, if you act now. (But we say "pass.")

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Marina-Krotofil-Jason-Larsen-Rocking-the-Pocketbook-Hacking-Chemical-Plants-UPDATED.pdf Whitepaper here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Marina-Krotofil-Jason-Larsen-Rocking-the-Pocketbook-Hacking-Chemical-Plants-WP-UPDATED.pdf Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion Marina Krotofil Senior Security Consultant. European Network for Cyber Security Jason Larsen Principal Security Consultant, IOActive The appeal of hacking a physical process is dreaming about physical damage attacks lighting up the sky in a shower of goodness. Let’s face it, after such elite hacking action nobody is going to let one present it even at a conference like DEF CON. As a poor substitute, this presentation will get as close as using a simulated plant for Vinyl Acetate production for demonstrating a complete attack, from start to end, directed at persistent economic damage to a production site while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack. Picking up a paper these days it’s easy to find an article on all the “SCADA insecurity” out there associated with an unstoppable attacker with unsophisticated goal of kicking up another apocalypse. Sorry to disappoint excited crowd but formula “Your wish is my command” does not work for control systems. The target plant is not designed in a hacker friendly way. Hopefully by the end of the presentation, the audience will understand the difference between breaking into the system and breaking the system, obtaining control and being in control. An attacker targeting a remote process is not immediately gifted with complete knowledge of the process and the means to manipulate it. In general, an attacker follows a series of stages before getting to the final attack. Designing an attack scenario is a matter of art as much as economic consideration. The cost of attack can quickly exceed damage worth. Also, the attacker has to find the way to compare between competing attack scenarios. In traditional IT hacking, a goal is to go undetected. In OT (operational technologies) hacking this is not an option. An attack will change things in the real world that cannot be removed by simply erasing the log files. If a piece of equipment is damaged or if a plant suddenly becomes less profitable, it will be investigated. The attacker has to create forensic footprint for investigators by manipulating the process and the logs in such a way that the analysts draw the wrong conclusions. Exploiting physical process is an exotic and hard to develop skill which have so far kept a high barrier to entry. Therefore real-world control system exploitation has remained in the hands of a few. To help the community mastering new skills we have developed „Damn Vulnerable Chemical Process“ – first open source framework for cyber-physical experimentation based on two realistic models of chemical plants. Come to the session and take your first master class on complex physical hacking. Marina is Senior Security Consultant at European Network for Cyber Security. Through her life she has accumulated vast hands-on experience in several engineering fields. Most recently she completed her doctoral degree in ICS security at Hamburg University of Technology, Germany. Her research over the last few years has been focused on the bits and peac.hes of the design and implementation of cyber-physical attacks aiming at both physical and economic damage. Marina used her pioneering destructive knowledge for designing process-aware defensive solutions and risk assessment approaches. During her PhD she collaborated with several industrial partners, participated in EU projects and collaborated with cool dudes from the hacking community. She has written more than a dozen papers on the subject of cyber-physical exploitation. Marina gives workshops on cyber-physical exploitation and is a frequent speaker at the leading ICS security and hacking venues around the world. She holds MBA in Technology Management, MSc in Telecommunications and MSc in Information and Communication Systems. Jason Larsen is a professional hacker that specializes in critical infrastructure and process control systems. Over the last several years he has been doing focused research into remote physical damage. Jason graduated from Idaho State University where he worked doing Monte Carlo and pharmacokinetic modeling for Boron-Neutron Capture Therapy. He was one of the founding members of the Cyber-Security department at the Idaho National Labs, which hosts the ICS -CERT and the National SCADA Tested .Jason has audited most of the major process control and SCADA systems as well as having extensive experience doing penetration tests against live systems. His other activities include two years on the Window 7 penetration testing team, designing the anti-malware system for a very large auction site, and building anonymous relay networks. He is currently a Principle Security Consultant for IOActive in Seattle.

Remote Exploitation of an Unaltered Passenger Vehicle Charlie Miller Security engineer at Twitter Chris Valasek Director of Vehicle Security Research at IOActive Although the hacking of automobiles is a topic often discussed, details regarding successful attacks, if ever made public, are non-comprehensive at best. The ambiguous nature of automotive security leads to narratives that are polar opposites: either we’re all going to die or our cars are perfectly safe. In this talk, we will show the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. Starting with remote exploitation, we will show how to pivot through different pieces of the vehicle’s hardware in order to be able to send messages on the CAN bus to critical electronic control units. We will conclude by showing several CAN messages that affect physical systems of the vehicle. By chaining these elements together, we will demonstrate the reality and limitations of remote car attacks. Charlie Miller is a security engineer at Twitter, a hacker, and a gentleman. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as "It's complicated". Twitter: @0xcharlie Christopher Valasek is the Director of Vehicle Security Research at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation's oldest hacker conference. He holds a B.S. in Computer Science from the University of Pittsburgh. Twitter: @nudehaberdasher

Dissecting the Design of SCADA Web Human Machine Interfaces (HMIs) - Hunting Vulnerabilities Aditya K Sood Architect - Threat Research Labs, Elastica inc. Human Machine Interfaces (HMIs) are the subsets of the Supervisory Control and Data Acquisition (SCADA) systems. HMIs are control panels that provide interfaces for humans to interact with machines and to manage operations of various types of SCADA systems. HMIs have direct access to SCADA databases including critical software programs. The majority of SCADA systems have web-based HMIs that allow the humans to control the SCADA operations remotely through Internet. This talk unveils various flavors of undisclosed vulnerabilities in web-based SCADA HMIs including but not limited to remote or local file inclusions, insecure authentication through clients, weak password hashing mechanisms, firmware discrepancies, hardcoded credentials, insecure web-services, weak cryptographic design, cross-site request forgery, and many others. This talk digs deeper into the design models of various SCADA systems to highlight security deficiencies in the existing SCADA HMI deployments. The research is driven with a motivation to secure SCADA devices and to build more intelligent solutions by hunting vulnerabilities in SCADA HMIs. The vulnerabilities presented in this talk are completely undisclosed and will be revealed for the first time with live demonstrations. Aditya K Sood (Ph.D) is a senior security researcher and consultant. Dr. Sood has research interests in malware automation and analysis, application security, secure software design and cybercrime. He has worked on a number of projects pertaining to penetration testing specializing in product/appliance security, networks, mobile and web applications while serving Fortune 500 clients for IOActive, KPMG and others. He is also a founder of SecNiche Security Labs, an independent web portal for sharing research with security community. He has authored several papers for various magazines and journals including IEEE, Elsevier, CrossTalk, ISACA, Virus Bulletin, Usenix and others. His work has been featured in several media outlets including Associated Press, Fox News, Guardian, Business Insider, CBC and others. He has been an active speaker at industry conferences and presented at BlackHat, DEF CON, HackInTheBox, RSA, Virus Bulletin, OWASP and many others. Dr. Sood obtained his Ph.D from Michigan State University in Computer Sciences. Dr. Sood is also an author of "Targeted Cyber Attacks" book published by Syngress. Company Website: http://www.elastica.net Personal website: http://adityaksood.secniche.org Twitter: @AdityaKSood

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Cassidy-Leverett-Lee-Switches-Get-Stitches.pdf Switches Get Stitches Colin Cassidy Senior Security Consultant at IOActive Éireann Leverett Robert M. Lee This talk will introduce you to Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other homes of industrial automation. In other words: DCS, PCS, ICS & SCADA switches. The researchers focus on attacking the management plane of these switches, because we all know that industrial system protocols lack authentication or cryptographic integrity. Thus, compromising any switch allows the creation of malicious firmwares for further MITM manipulation of a live process. Such MITM manipulation can lead to the plant or process shutting down (think: nuclear reactor SCRAM) or getting into a unknown and hazardous state (think: damaging a blast furnace at a steel mill) Not only will vulnerabilities be disclosed for the first time, but the methods of finding those vulnerabilities will be shared. All vulnerabilities disclosed will be in the default configuration state of the devices. While these vulnerabilities have been responsibly disclosed to the vendors, SCADA/ICS patching in live environments tends to take 1-3 years. Because of this patching lag, the researchers will also be providing live mitigations that owner/operators can use immediately to protect themselves. At least four vendors switches will be examined: Siemens, GE, Garrettcom and Opengear. Colin Cassidy is a security consultant for IOActive where he focuses on Industrial Control Systems. He has a strong development and software engineering background. He is also a seasoned leader in the areas of security and software engineering. Before joining IOActive, Cassidy served for a number of years as Technical Manager and Security Technical Lead for IGE Energy Services, Ltd, part of GE Energy. He has hands-on experience with PowerOn Fusion, a leading Outage Management System/Distribution Management System (OMS/DMS) solution for electricity distribution management. He also led a team of developers in producing new functionality within the core product and worked with customers to understand their requirements. Colin Cassidy has a BSc (Hons) in Computing Science from the University of Glasgow. Twitter: @parttimesecguy Éireann Leverett hates writing bios in the third person. He once placed second in an Eireann Leverett impersonation contest. He likes teaching the basics, and learning the obscure. He is sometimes jealous of his own moustache for being more famous than he is. If he could sum up his life in one sentence; he wouldn't. That would be a life-sentence! He is primarily known for smashing the myth of the air-gap in industrial systems with his master's thesis, finding authentication bypasses for industrial ethernet switches, and working with incident response teams to improve their understanding of industrial control systems security. He believes security takes an awful lot more than penetration-testing and speaks often about the wider effects of embedded system insecurity. Twitter: @blackswanburst Robert M. Lee is a co-founder of Dragos Security LLC where he has a passion for control system protocol analysis, digital forensics, and threat intelligence research. He is also an active-duty U.S. Air Force Cyber Warfare Operations Officer where he has been a member of multiple computer network defense teams including his establishing and leading of a first-of-its-kind ICS/SCADA threat intelligence and intrusion analysis mission. Robert received his BS from the United States Air Force Academy and his MS in Cybersecurity Digital Forensics from Utica College. He is a passionate educator and teaches in the ICS and Forensics programs at SANS and is an Adjunct Lecturer at Utica College where he teaches in their MS Cybersecurity program. Robert is also the author of 'SCADA and Me' and is currently pursuing his PhD at Kings College London with research in control system cyber security. He routinely publishes academic and industry focused works in a wide variety of journals and publications; additionally he has presented at conferences around the world. Twitter: @RobertMLee

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Fernando-Arnaboldi-Abusing-XSLT-for-Practical-Attacks-UPDATED.pdf Whitepaper Here: https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Fernando-Arnaboldi-Abusing-XSLT-for-Practical-Attacks-WP-UPDATED.pdf Abusing XSLT for Practical Attacks Fernando Arnaboldi Senior Security Consultant at IOActive White paper available here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/Fernando Arnaboldi - UPDATED/DEFCON-23-Fernando-Arnaboldi-Abusing-XSLT-for-Practical-Attacks-WP-UPDATED.pdf Over the years, XML has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. In this talk, I will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. XSLT can be leveraged to affect the integrity of arithmetic operations, lead to code logic failure, or cause random values to use the same initialization vector. Error disclosure has always provided valuable information, but thanks to XSLT, it is possible to partially read system files that could disclose service or system's passwords. Finally, XSLT can be used to compromise end-user confidentiality by abusing the same-origin policy concept present in web browsers. This presentation includes proof-of-concept attacks demonstrating XSLT’s potential to affect production systems, along with recommendations for safe development. Fernando Arnaboldi is a senior security researcher and consultant at IOActive, Inc. He has over 10 years of experience in the security research space (Deloitte, Core Security Technologies and IOActive) and holds a Bachelor's degree in Computer Science.

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Macaulay/DEFCON-22-Shane-Macaulay-Weird-Machine-Motivated-Practical-Page-Table-Shellcode-UPDATED.pdf Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What's Running on Your System Shane Macaulay DIRECTOR OF CLOUD SECURITY, IOACTIVE Windows7 & Server 2008R2 and earlier kernels contain significant executable regions available for abuse. These regions are great hiding places and more; e.g. Using PTE shellcode from ring3 to induce code into ring0. Hiding rootkits with encoded and decoded page table entries. Additional ranges/vectors, Kernel Shim Engine, ACPI/AML, boot-up resources & artifacts will also be shown to be useful for code gadgets. Understanding the state of affairs with the changes between Win7/8 and what exposures were closed and which may remain. APT threats abuse many of these areas to avoid inspection. By the end of this session will also show you how to walk a page table, why Windows8 makes life easier, what to look for and how to obtain a comprehensive understanding of what possible code is hiding/running on your computer. Final thoughts on using a VM memory snapshot to fully describe/understand any possible code running on a Windows system. Shane “K2” Macaulay last DEF CON presentation was an offensive tool ADMmutate during DEF CON 9 but has more recently been focused on defensive techniques and helped develop an APT detection service (http://blockwatch.ioactive.com) used to protect Microsoft OS platforms. Shane has spent time finding ways to fully understand the state of system code to understand “What is actually running on your computer?” to aid in forensic analysis, incident response and enterprise protection capacities. Shane is currently employed by IOActive as Directory of Cloud Security and has presented at many previous security conferences/venues.

A Survey of Remote Automotive Attack Surfaces Charlie Miller Security Engineer, Twitter Chris Valasek Director of Threat Intelligence, IOActive Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes. Last year, we discussed 2 particular vehicles. However, since each manufacturer designs their fleets differently; analysis of remote threats must avoid generalities. This talk takes a step back and examines the automotive network of a large number of different manufacturers from a security perspective. From this larger dataset we can begin to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last 5 years? What does the future of automotive security hold and how can we protect our vehicles from attack moving forward? Charlie Miller is a security engineer at Twitter. Back when he still had time to research, he was the first with a public remote exploit for both the iPhone and the G1 Android phone. He is a four time winner of the CanSecWest Pwn2Own competition. He has authored three information security books and holds a PhD from the University of Notre Dame. He has hacked browsers, phones, cars, and batteries. Charlie spends his free time trying to get back together with Apple, but sadly they still list their relationship status as "It's complicated". Twitter: @0xcharlie Christopher Valasek is the Director of Security Intelligence at IOActive, an industry leader in comprehensive computer security services. Valasek specializes in offensive research methodologies with a focus in reverse engineering and exploitation. Valasek is known for his extensive research in the automotive field and his exploitation and reverse engineering of Windows. Valasek is also the Chairman of SummerCon, the nation's oldest hacker conference. Twitter: @nudehaberdasher

Slides here: https://defcon.org/images/defcon-22/dc-22-presentations/Cerrudo/DEFCON-22-Cesar-Cerrudo-Hacking-Traffic-Control-Systems-UPDATED.pdf Hacking US (and UK, Australia, France, etc.) traffic control systems Cesar Cerrudo CTO, IOACTIVE LABS Probably many of us have seen that scene from "Live Free or Die Hard" (Die Hard 4) were the "terrorist hackers" manipulate traffic signals by just hitting Enter key or typing a few keys, I wanted to do that! so I started to look around and of course I couldn't get to do the same, that's too Hollywood style! but I got pretty close. I found some interesting devices used by traffic control systems on important cities such as Washington DC, Seattle, New York, San Francisco, Los Angeles, etc. and I could hack them :) I also found that these devices are also used in cities from UK, France, Australia, China, etc. making them even more interesting. This presentation will tell the whole story from how the devices were acquired, the research, on site testing demos (at Seattle, New York and Washington DC), vulnerabilities found and how they can be exploited, and finally some possible NSA style attacks (or should I say cyberwar style attacks?) Oh, I almost forgot, after this presentation anyone will be able to hack these devices and mess traffic control systems since there is no patch available (sorry didn't want to say 0day ;)) I hope that after this I still be allowed to enter (or leave?) the US Cesar Cerrudo is CTO at IOActive Labs where he leads the team in producing ongoing cutting edge research in the areas of SCADA, mobile device, application security and more. Formerly the founder and CEO of Argeniss Consulting, acquired by IOActive, Cesar is a world renown security researcher and specialist in application security. Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft BizTalk Server, Microsoft Commerce Server, Microsoft Windows, Yahoo! Messenger, etc. In addition, Cesar has authored several white papers on database, application security, attacks and exploitation techniques and he has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Defcon, Infiltrate, etc. Cesar collaborates with and is regularly quoted in print and online publications including eWeek, ComputerWorld, and other leading journals. Twitter: @cesarcer

El consultor de seguridad informática de IOActive, Rubén Santamarta, manifestó que sería posible acceder a la plataforma de un avión a través de... See omnystudio.com/listener for privacy information.

Ian Iamit is currently serving as a Director of Services at the leading boutique security consulting company IOActive, where he leads the services practice in the EMEA region. He is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew. Rob Lee is an entrepreneur and consultant in the Washington, DC area, specializing in information security, incident response, and digital forensics. Rob is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm.

Ian is currently serving as a Director of Services at the leading boutique security consulting company IOActive, where he leads the services practice in the EMEA region. He is one of the founders of the Penetration Testing Execution Standard (PTES), its counterpart – the SexyDefense initiative, and a core member of the DirtySecurity crew.

Google+ Hangout Show Notes Hosts Preston Wiley, CISSP, CCNA Mike Hill, CISSP Keith Watson, CISSP-ISSAP, CISA Articles Nintendo cracks after month-long, 15.5 million-strong hacker bombardment by Lisa Vaas (nakedsecurity blog), Nintendo’s fan site hit by illicit logins, 24,000 accounts accessed by Jay Alabaster (Network World) IOActive Security Advisory: DASDEC Vulnerabilities by IOActive and Mike Davis, Monroe Electronics DASDEC Compromised Root SSH Key by ICS-CERT, Did brainless flaw in US Emergency Alert System lead to epic zombie attack warning? by Lisa Vaas (nakedsecurity blog), Root SSH Key Compromised in Emergency Alerting Systems by Steve Ragan (Security Week)

Join our host Chris John Riley as he chats SCADA and ICS with Eireann Leverett, Security Researcher at IOActive. Integrity of data; security of data; what kind of threats await for us in the world of increasingly connected industrial control systems? Listen in to the interview in progress… Eireann has a BEng in Artificial Intelligence and Software Engineering from Edinburgh University and MPhil in Advanced Computer Science from Cambridge University. He presents regularly to academics and government agencies on the security of industrial systems on behalf of IOActive and has shared his research with ICS-CERT and other global CERT teams. Eireann presents, "Industrial Owner's Manual: Case studies in publicly accessible ICS," on Monday the 17th of June at 14:25.

Overview: Our seventh installment of the Black Hat Webcast Series arrives next week with an in-depth and fascinating look into the world of Mac Security. As the Mac platform grows in popularity both with the general public and the enterprise, we've seen an increase both in attacks and reasearcher interest in the topic of OS X Security. Black Hat Speaker Jesse D'Aguanno will be presenting on the topic of "Crafting OS X Kernel Rootkits – Fundamentals." We'll also have a presentation by Tiller Beauchamp of IOActive will be making a presentation called "OS X Security - A year in Review". Please join me and our guests for what is sure to be a fascinat

Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a talk on the basic mechanisms of operation used by RFID tags. Legal pressure forced the talk to be curtailed, with only 25% of the material being presented. The remainder was replaced with a Panel debate involving IOActive, US-CERT, ACLU, Blackhat, and Grand Idea Studio. After spending far too much time and money dealing with lawyers and consulting with some strategic allies, IOActive has made some relatively minor tweaks to the original presentation, which will be presented as the first part of this talk. The second part of the talk introduces Cloner 2.0. The first Cloner was designed to be as simplistic as possible, and succeeded at the cost of read range, flexibility, and overall sophistication. Cloner 2.0 aims to address these concerns with a significantly enhanced read range, a "passive" mode to sniff the exchange between tags and legitimate readers, multi-tag storage capability, multiple RF frontends and an enhanced software backend to support many different type of Proximity tags, and overall improvements in reliability and flexibility. While we won't be able to give you full schematics or the names of any vendors whose tags can be cloned, we will be including significant information (including useful snippets of source and circuit diagram fragments) that will allow you to more deeply understand the significant flaws in older RFID technologies. This talk will give you th information you need to make informed decisions about the use and mis-use of the most common RFID implementations available today. Abstract for the original "RFID for Beginners" talk: RFID tags are becoming more and more prevalent. From access badges to implantable Verichips, RFID tags are finding more and more uses. Few people in the security world actually understand RFID though; the "radio" stuff gets in the way. This presentation aims to bridge that gap, by delivering sufficient information to design and build a working RFID cloner based around a single chip - the PIC16F628A. Assuming no initial knowledge of electronics, I'll explain everything you need to know in order to build a working cloner, understand how it works, and see exactly why RFID is so insecure and untrustworthy. Covering everything from Magnetic Fields to Manchester Encoding, this presentation is suitable for anyone who is considering implementing an RFID system, considering hacking an RFID system, or who just wants to know a little more about the inductively coupled, ASK modulated, backscattering system known as RFID.

The simple decision by a researcher to tell what he or she has discovered about a software product or website can be very complicated both legally and ethically. The applicable legal rules are complicated, there isn?t necessarily any precedent, and what rules there are may be in flux. In this presentation, I will use Cisco and ISS's lawsuit against Michael Lynn (from Black Hat 2005) and HID's cease and desist letter to IOActive (from Black Hat 2006) to discuss major intellectual property law doctrines that regulate security research and disclosure. I will give the audience some practical tips for avoiding claims of illegal activity.

Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a talk on the basic mechanisms of operation used by RFID tags. Legal pressure forced the talk to be curtailed, with only 25% of the material being presented. The remainder was replaced with a Panel debate involving IOActive, US-CERT, ACLU, Blackhat, and Grand Idea Studio. After spending far too much time and money dealing with lawyers and consulting with some strategic allies, IOActive has made some relatively minor tweaks to the original presentation, which will be presented as the first part of this talk. The second part of the talk introduces Cloner 2.0. The first Cloner was designed to be as simplistic as possible, and succeeded at the cost of read range, flexibility, and overall sophistication. Cloner 2.0 aims to address these concerns with a significantly enhanced read range, a "passive" mode to sniff the exchange between tags and legitimate readers, multi-tag storage capability, multiple RF frontends and an enhanced software backend to support many different type of Proximity tags, and overall improvements in reliability and flexibility. While we won't be able to give you full schematics or the names of any vendors whose tags can be cloned, we will be including significant information (including useful snippets of source and circuit diagram fragments) that will allow you to more deeply understand the significant flaws in older RFID technologies. This talk will give you th information you need to make informed decisions about the use and mis-use of the most common RFID implementations available today. Abstract for the original "RFID for Beginners" talk: RFID tags are becoming more and more prevalent. From access badges to implantable Verichips, RFID tags are finding more and more uses. Few people in the security world actually understand RFID though; the "radio" stuff gets in the way. This presentation aims to bridge that gap, by delivering sufficient information to design and build a working RFID cloner based around a single chip - the PIC16F628A. Assuming no initial knowledge of electronics, I'll explain everything you need to know in order to build a working cloner, understand how it works, and see exactly why RFID is so insecure and untrustworthy. Covering everything from Magnetic Fields to Manchester Encoding, this presentation is suitable for anyone who is considering implementing an RFID system, considering hacking an RFID system, or who just wants to know a little more about the inductively coupled, ASK modulated, backscattering system known as RFID.

The simple decision by a researcher to tell what he or she has discovered about a software product or website can be very complicated both legally and ethically. The applicable legal rules are complicated, there isn?t necessarily any precedent, and what rules there are may be in flux. In this presentation, I will use Cisco and ISS's lawsuit against Michael Lynn (from Black Hat 2005) and HID's cease and desist letter to IOActive (from Black Hat 2006) to discuss major intellectual property law doctrines that regulate security research and disclosure. I will give the audience some practical tips for avoiding claims of illegal activity.