Podcasts about ruxcon

Anant Shrivastava has worked on computer and open source software since 2000. He grouped Linux user groups in Bhopal and was also active in other major Linux user groups across India. Anant now working as Regional Director Asia Pacific for NotSoSecure Global Service. He has been Speaker/Trainer at various conferences including BlackHat, RuxCon, Nullcon, C0c0n, Rootconf, Clubhack, G0s, etc. He is active in information security community null and is teaching not only local but also offensive Web test framework (OWTF). In addition, he is a skilled person who actively participates in the Open Web Application Security Project (OWASP) and has contributed to reviewing and documenting various technical documents such as Mobile Security Testing Guide, Mobile ASVS, Web Testing Guide. Since 2011 Anant actively manages the open source project AndroidTamer. Anant leads both Android Tamer and CodeVigilant projects.

A complete recording of the Ruxcon Panel, from the Ruxcon 2016 information security conference in Melbourne. Continue reading →

A complete recording of the Ruxcon Panel, from the Ruxcon 2016 information security conference in Melbourne. Continue reading →

The Corrupted Nerds podcast returns with a look at the Ruxcon 2016 information security conference held in Melbourne on 22 and 23 October. Continue reading →

The Corrupted Nerds podcast returns with a look at the Ruxcon 2016 information security conference held in Melbourne on 22 and 23 October. Continue reading →

The Corrupted Nerds podcast returns with a look at the Ruxcon 2015 information security conference held in Melbourne on 24 and 25 October. Continue reading →

The Corrupted Nerds podcast returns with a look at the Ruxcon 2015 information security conference held in Melbourne on 24 and 25 October. Continue reading →

ThunderStrike 2: Sith Strike Trammel Hudson Vice President, Two Sigma Investments Xeno Kovah Co-founder, LegbaCore, LLC Corey Kallenberg Co-Founder, LegbaCore, LLC The number of vulnerabilities in firmware disclosed as affecting Wintel PC vendors has been rising over the past few years. Although several attacks have been presented against Mac firmware, unlike their PC counterparts, all of them required physical presence to perform. Interestingly, when contacted with the details of previously disclosed PC firmware attacks, Apple systematically declared themselves not vulnerable. This talk will provide conclusive evidence that Mac's are in fact vulnerable to many of the software only firmware attacks that also affect PC systems. In addition, to emphasize the consequences of successful exploitation of these attack vectors, we will demonstrate the power of the dark side by showing what Mac firmware malware is capable of. Trammell Hudsonenjoys taking things apart and understanding how they work. He presented the Thunderstrike firmware vulnerability at 31C3, created the Magic Lantern firmware for Canon cameras, and teaches classes at the Brooklyn hackerspace NYC Resistor. Twitter: @qrs Web: https://trmm.net/ Xeno Kovah's speciality area is stealth malware and its ability to hide from security software and force security software to lie. To combat such attacks he researches trusted computing systems that can provide much stronger security guarantees than normal COTS. He co-founded LegbaCore in 2014 to help improve security at the foundation of computing systems. He is also the founder and lead contributor to OpenSecurityTraining.info. He has posted 9 full days of class material material on x86 assembly, architecture, binary formats (PE and ELF), and Windows rootkits to OpenSecurityTraining.info. Twitter: @XenoKovah Twitter: @legbacore Corey Kallenberg is a co-founder of LegbaCore, a consultancy focused on evaluating and improving host security at the lowest levels. His specialty areas are trusted computing, vulnerability research and low level development. In particular, Corey has spent several years using his vulnerability research expertise to evaluate limitations in current trusted computing implementations. In addition, he has used his development experience to create and improve upon trusted computing applications. Among these are a timing based attestation agent designed to improve firmware integrity reporting, and an open source Trusted Platform Module driver for Windows. Corey is also an experienced trainer, having created and delivered several technical courses. He is an internationally recognized speaker who has presented at BlackHat USA, DEF CON, CanSecWest, Hack in the Box, NoSuchCon, SyScan, EkoParty and Ruxcon. Twitter: @CoreyKal Twitter: @legbacore

RFIDiggity: Pentester Guide to Hacking HF/NFC and UHF RFID Francis Brown Partner - Bishop Fox Shubham Shah Security Analyst at Bishop Fox Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz). This includes Near Field Communication (NFC), which also operates at 13.56 MHz and can be found in things like mobile payment technologies, e.g., Apple Pay and Google Wallet. We'll also be releasing a slew of new and free RFID hacking tools using Arduino microcontrollers, Raspberry Pis, phone/tablet apps, and even 3D printing. This presentation will NOT weigh you down with theoretical details or discussions of radio frequencies and modulation schemes. It WILL serve as a practical guide for penetration testers to better understand the attack tools and techniques available to them for stealing and using RFID tag information, specifically for HF and UHF systems. We will showcase the best-of-breed in hardware and software that you'll need to build an RFID penetration toolkit. Our goal is to eliminate pervasive myths and accurately illustrate RFID risks via live attack DEMOS: High Frequency / NFC – Attack Demos: HF physical access control systems (e.g., iCLASS and MIFARE DESFire 'contactless smart card' product families) Credit cards, public transit cards, passports (book), mobile payment systems (e.g., Apple Pay, Google Wallet), NFC loyalty cards (e.g., MyCoke Rewards), new hotel room keys, smart home door locks, and more Ultra-High Frequency – Attack Demos: Ski passes, enhanced driver's licenses, passports (card), U.S. Permanent Resident Card ('green card'), trusted traveler cards Schematics and Arduino code will be released, and 100 lucky audience members will receive one of a handful of new flavors of our Tastic RFID Thief custom PCB, which they can insert into almost any commercial RFID reader to steal badge info or use as a MITM backdoor device capable of card replay attacks. New versions include extended control capabilities via Arduino add-on modules such as Bluetooth low energy (BLE) and GSM/GPRS (SMS messaging) modules. This DEMO-rich presentation will benefit both newcomers to RFID penetration testing as well as seasoned professionals. Francis Brown, CISA, CISSP, MCSE, is a Managing Partner at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 1000 and global financial institutions as well as U.S. and foreign governments. Before joining Stach & Liu, Francis served as an IT Security Specialist with the Global Risk Assessment team of Honeywell International where he performed network and application penetration testing, product security evaluations, incident response, and risk assessments of critical infrastructure. Prior to that, Francis was a consultant with the Ernst & Young Advanced Security Centers and conducted network, application, wireless, and remote access penetration tests for Fortune 500 clients. Francis has presented his research at leading conferences such as Black Hat USA, DEF CON, RSA, InfoSec World, ToorCon, and HackCon and has been cited in numerous industry and academic publications. Francis holds a Bachelor of Science and Engineering from the University of Pennsylvania with a major in Computer Science and Engineering and a minor in Psychology. While at Penn, Francis taught operating system implementation, C programming, and participated in DARPA-funded research into advanced intrusion prevention system techniques. Shubham Shah is a Security Analyst at Bishop Fox (formerly Stach & Liu), a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups. Shubham's primary areas of expertise are application security assessment, source code review, and mobile application security. Shubham is a former bug bounty hunter who has submitted medium-high risk bugs to the bug bounties of large corporations such as PayPal, Facebook, and Microsoft. He regularly conducts web application security research and frequently contributes to the security of open-source projects. He has presented at Ruxcon and is known in Australia for his identification of high-profile vulnerabilities in the infrastructures of major mobile telecommunication companies. Prior to joining Bishop Fox, Shubham worked at EY. At EY, he performed web application security assessments and application penetration tests. Additionally, Shubham has been a contractor for companies such as Atlassian. As a contractor, he conducted external web application security penetration tests. Shubham also develops and maintains open-source projects such as Websec Weekly that assist the web application security industry. Twitter: @bishopfox Facebook: https://www.facebook.com/BishopFoxConsulting LinkedIn: https://www.linkedin.com/company/bishop-fox

Materials Available here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Rickey-Lawshae-Lets-Talk-About-SOAP.pdf Extras here:https://media.defcon.org/DEF%20CON%2023/DEF%20CON%2023%20presentations/DEFCON-23-Rickey-Lawshae-Extras.rar Let's Talk About SOAP, Baby. Let's Talk About UPNP Ricky "HeadlessZeke" Lawshae Security Researcher, HP TippingPoint Whether we want it to be or not, the Internet of Things is upon us. Network interfaces are the racing stripes of today's consumer device market. And if you put a network interface on a device, you have to make it do something right? That's where a Simple Object Access Protocol (SOAP) service comes in. SOAP services are designed with ease-of-access in mind, many times at the expense of security. Ludicrous amounts of control over device functionality, just about every category of vulnerability you can think of, and an all-around lack of good security practice about sums it up. In this talk, I will discuss this growing attack surface, demonstrate different methods for attacking/fuzzing it, and provide plenty of examples of the many dangers of insecure SOAP/ UPnP interfaces on embedded and "smart" devices along the way. Ricky "HeadlessZeke" Lawshae is a Security Researcher for DVLabs at HP TippingPoint with a medium-sized number of years' experience in professionally voiding warranties. He has spoken at the DEF CON, Recon, Insomni'hack, and Ruxcon security conferences, and is an active participant in the extensive Austin, TX hacker community. In his meager spare time, he enjoys picking locks, reading comic books, and drinking expensive beers. Twitter: @HeadlessZeke

My computer is dying. It's dying fast. It's not going to make it much longer, and certainly not through to when I'll be able to afford a replacement. I need your help.Previously I've had success with my Pozible crowdfunding campaigns to resurrect The 9pm Edict podcast, and to get me to Breakpoint and Ruxcon. So in a few days from now I'll be launching The 9pm Urgent Hardware Refresh, a Pozible campaign based around a special podcast episode. The “rewards” for you contributions will help shape the content for that podcast.More information and full audio credits are at:https://stilgherrian.com/edict/00045b/

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Kallenberg/DEFCON-22-Corey-Kallenberg-Extreme-Privilage-Escalation.pdf Additional Materials available here: https://defcon.org/images/defcon-22/dc-22-presentations/Kallenberg/DEFCON-22-Corey-Kallenberg-Extreme-Privilage-Escalation-WP-UPDATED.pdf Extreme Privilege Escalation On Windows 8/UEFI Systems Corey Kallenberg MITRE Xeno Kovah MITRE It has come to light that state actors install implants in the BIOS. Let no one ever again question whether BIOS malware is practical or present in the wild. However, in practice attackers can install such implants without ever having physical access to the box. Exploits against the BIOS can allow an attacker to inject arbitrary code into the platform firmware. This talk will describe two such exploits we developed against the latest UEFI firmware. The UEFI specification has more tightly coupled the bonds of the operating system and the platform firmware by providing the well-defined "runtime services" interface between the OS and the firmware. This interface is more expansive than the interface that existed in the days of conventional BIOS, which has inadvertently increased the attack surface against the platform firmware. Furthermore, Windows 8 has introduced APIs that allow accessing this UEFI interface from a userland process. Vulnerabilities in this interface can potentially allow a userland process to escalate its privileges from "ring 3" all the way up to that of the platform firmware, which includes permanently attaining control of the very-powerful System Management Mode (SMM). This talk will disclose two vulnerabilities that were discovered in the Intel provided UEFI reference implementation, and detail the unusual techniques needed to successfully exploit them. Corey Kallenberg is a security researcher for The MITRE Corporation who has spent several years investigating operating system and firmware security on Intel computers. In 2012 he coauthored work presented at DEF CON and IEEE S&P on using timing based attestation to detect Windows kernel hooks. In 2013 he helped discover critical problems with current implementations of the Trusted Computing Group's "Static Root of Trust for Measurement" and co-presented this work at NoSuchCon and Blackhat USA. Later, he discovered several vulnerabilities which allowed bypassing of "signed BIOS enforcement" on a number of systems, allowing an attacker to make malicious modifications to the platform firmware. These attacks were presented at EkoParty, HITB, and PacSec. Recently, Corey has presented attacks against the UEFI "Secure Boot" feature. Corey is currently continuing to research the security of UEFI and the Intel architecture. twitter: @coreykal Xeno Kovah is a Lead InfoSec Engineer at The MITRE Corporation, a non-profit company that runs 6 federally funded research and development centers (FFRDCs) as well as manages CVE. He is the team lead for the BIOS Analysis for Detection of Advanced System Subversion project. On the predecessor project, Checkmate, he investigated kernel/userspace memory integrity verification & timing-based attestation. Both projects have a special emphasis on how to make it so that the measurement agent can't just be made to lie by an attacker. Xeno is also the founder and leading contributor to OpenSecurityTraining.info. twitter: @xenokovah Special thanks to the contributing researchers for their help in co-authoring: John Butterworth is a security researcher at The MITRE Corporation who currently specializes in Intel firmware security. In 2012 he co-authored the whitepaper "New Results for Timing-Based Attestation" which used timing based attestation to detect Windows kernel hooks. This research was presented at DEF CON and the 2012 IEEE Symposium on Security and Policy. In 2013 he and his colleagues authored "BIOS Chronomancy:Fixing the Static Root of Trust for Measurement" which proposed using Timing-Based Attestation during the BIOS boot process to resolve critical problems which they had found with current implementations of the Trusted Computing Group's "Static Root of Trust for Measurement". He has presented this research at NoSuchCon, Black Hat USA, SecTor, SEC-T, Breakpoint, and Ruxcon. Following this he has created a tool called Copernicus designed to determine just how prevalent vulnerable BIOS is in industry. John is currently continuing to research the security of BIOS/UEFI and the Intel architecture. Sam Cornwell is a Sr. InfoSec Engineer at The MITRE Corporation, a not-for-profit company that runs 6 federally funded research and development centers (FFRDCs) as well as manages CVE. Since 2011 he has been working on projects such as Checkmate (a kernel and userspace memory integrity verification & timing-based attestation tool), Copernicus, a (BIOS extractor and configuration checker), and several other private security sensors designed to combat sophisticated threats. He has also researched and developed attacks against UEFI SecureBoot.

Slides Here: https://defcon.org/images/defcon-22/dc-22-presentations/Ozavci/DEFCON-22-Fatih-Ozavci-VoIP-Wars-Attack-of-the-Cisco-Phones-UPDATED.pdf VoIP Wars: Attack of the Cisco Phones Fatih Ozavci SENIOR SECURITY CONSULTANT, SENSE OF SECURITY Many hosted VoIP service providers are using Cisco hosted collaboration suite and Cisco VoIP solutions. These Cisco hosted VoIP implementations are very similar; they have Cisco Unified Communication services, SIP protocol for IP Phones of tenants, common conference solutions, Skinny protocol for compliance, generic RTP implementation, VOSS Solutions product family for management services for tenants. Cisco hosted VoIP implementations are vulnerable to many attacks, including: VLAN attacks SIP trust hacking Skinny based signalling attacks Bypassing authentication and authorisation Call spoofing Eavesdropping Attacks against IP Phone management services Web based vulnerabilities of the products The presentation covers Skinny and SIP signalling attacks, 0day bypass technique for call spoofing and billing bypass, LAN attacks against supportive services for IP Phones, practical 0day attacks against IP Phone management and tenant services. Attacking Cisco VoIP services requires limited knowledge today with the Viproy Penetration Testing Kit (written by the presenter). It has a dozen modules to test trust hacking issues, signalling attacks against SIP services and Skinny services, gaining unauthorised access, call spoofing, brute-forcing VoIP accounts and debugging services using as MITM. Furthermore, Viproy provides these attack modules in a penetration testing environment and full integration. The presentation contains live demonstration of practical VoIP attacks and usage of new Viproy modules. Fatih Ozavci is a Security Researcher and Senior Consultant with Sense of Security. He is the author of the Viproy VoIP Penetration and Exploitation Testing Kit and MBFuzzer Mobile Application MITM Fuzzer tool, he has also published a paper about Hacking SIP Trust Relationships. Fatih has discovered many unknown security vulnerabilities and design and protocol flaws in VoIP environments for his customers, and analyses VoIP design and implementation flaws which help to improve VoIP infrastructures. Additionally, he has completed numerous mobile application penetration testing services including but not limited to reverse engineering of mobile applications, exploiting mobile services level vulnerabilities, attacking data transporting and storing features of mobile applications. His current researches are based on attacking mobile VoIP clients, VoIP service level vulnerabilities, web based VoIP and video conference systems, decrypting custom mobile application protocols and MITM attacks for mobile applications. While Fatih is passionate about VoIP penetration testing, mobile application testing and IPTV testing, he is also well versed at network penetration testing, web application testing, reverse engineering, fuzzing and exploit development. Fatih presented his VoIP research and tool in 2013 at DEF CON 21 (USA), Blackhat Arsenal USA 2013, Cluecon 2013 (USA), Athcon 2013 (Greece), and Ruxcon 2013. Also Fatih will present 2 training sessions at Auscert 2014 as well, "Next Generation Attacks and Countermeasures for VoIP" and "Penetration Testing of Mobile Applications and Services". http://viproy.com/fozavci/ http://fozavci.blogspot.com/ http://tr.linkedin.com/pub/fatih-ozavci/54/a71/a94 https://twitter.com/fozavci http://packetstormsecurity.com/files/author/5820 http://www.exploit-db.com/author/?a=5425 http://www.github.com/fozavci

SecuraBit Episode 69: Picking Locks and Messing up Podcasts, Welcome to Gringo Village! November 3, 2010 Hosts: Christopher Mills – @thechrisam Andrew Borel –  @andrew_secbit Anthony Gartner – @anthonygartner http://anthonygartner.com Jason Mueller – @securabit_jay Rob Fuller – @mubix Tim Krabec – @tkrabec http://www.SMBMinute.com Guests: Deviant Ollum - http://deviating.net/ - Author of Syngress Practical Lock Picking General topics: Practical Lock Picking By Deviant Ollam http://www.syngress.com/hacking-and-penetration-testing/Practical-Lock-Picking/ Review submitted by a coworker: Practical Lock Picking by Deviant Ollum was an enjoyable read. The author does a good job of covering the art and science of picking locks. He chose two of the most common types of locks for the bulk of his material which helps keep the focus of the book tight. He leads the reader from the basic operational principles of the locks, to flaws in the design & manufacture and finally how to pick the locks. The coverage of pick types and other tools of the trade round out the readers knowledge of the subject. His down to earth style and simple language help the reader understand the material and develop the skills to pick these types of locks. His logical progression of starting with one pin and working your way up to all the pins in the lock will help the reader build confidence in their skills. The final sections on bypassing the door reminds the reader that locks are part of a system and sometimes the way to defeat a system is not the direct approach. Overall I would give this book 4 out of 4 stars. Shmoocon Tickets?? The Open Organization Of Lockpickers http://toool.us/ Lock Picking Videos - http://www.youtube.com/deviantollam General Information http://deviating.net/lockpicking/ IE Zero Day Microsoft Security Advisory (2458511) Vulnerability in Internet Explorer Could Allow Remote Code Execution http://www.microsoft.com/technet/security/advisory/2458511.mspx Enhanced Mitigation Experience Toolkit v2.0 http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c6f0a6ee-05ac-4eb6-acd0-362559fd2f04 SpyEye v. ZeuS Rivalry Ends in Quiet Merger http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/ Use our discount code "Connect_SecuraBit10" to get 10% off of ANY training course. The discount code is0 good for all SANS courses in all formats. Upcoming events #BSidesDFW November 6, 2010 #BSidesDE November 6, 2010 AppSec DC 2010 November 8-12, 2010 #BSidesOttawa November 12-13, 2010 RUXCON 2010 December 4-5, 2010 DojoCon December 11-12, 2010 #BSidesBerlin December 28-30, 2010 ShmooCon January 28-31, 2010 Links: http://securabit.com Chat with us on IRC at irc.freenode.net #securabit iTunes Podcast - http://itunes.apple.com/us/podcast/securabit/id280048405 iPhone App Now Available - http://itunes.apple.com/us/app/securabit-mobile/id382484512?mt=8

1 hora e quase nove minutos Eventos Chamada de apresentações para a Reunião GTS-11. ------- GTER - Grupo de Trabalho de Engenharia e Operação de Redes - 25ª Reunião GTS - Grupo de Trabalho em Segurança de Redes - 11ª Reunião Salvador - 31 de Maio e 1 de Junho de 2008 http://gter.nic.br/ http://gts.nic.br/ --- Call for Papers: First IEEE International Workitorial on Steganography - "Vision of the Unseen" http://www.liv.ic.unicamp.br/wvu/ in Anchorage, Alaska on June 23rd --- RUXCON 2008 CALL FOR PAPERS RuxCon would like to announce the call for papers for the fifth annual RuxCon conference. --- Sector - Call for Speaker October 7-8, 2008 MTCC, Toronto, ON, Canada --- Toorcon Seattle - April 18th-20th CFP opened --- DefCon CPF Call for Papers Opens March 1st! --- ekoparty 4th edition Information Security/Insecurity Conference. October 2 and 3, 2008 Argentina - Ciudad Autonoma de Buenos Aires --- WOOT '08 Call for Papers 2nd USENIX Workshop on Offensive Technologies (WOOT '08) July 28, 2008 San Jose, CA --- Materiais ucon disponiveis Notícias State of the wireless security http://it.slashdot.org/article.pl?sid=08/02/17/1628210&from=rss http://www.codenomicon.com/resources/whitepapers/Codenomicon_Wireless_WP_v1_0.pdf Blog do Gustavo Bittencount --- Ukrainian Hacker Makes a Killing in Stock Market Fraud http://blog.wired.com/27bstroke6/2008/02/ukrainian-hacke.html Pesquisa aponta futuro do crime online no mundo http://www.alexandreatheniense.com.br/2008/02/pesquisa-aponta.html Gmail captcha http://www.websense.com/securitylabs/blog/blog.php?BlogID=174 Google as hacking tools http://www.goolag.org/ http://www.gnucitizen.org/ghdb/application.htm Estatísticas de invasões 2007 - Zone-H Chinese backdoors "hidden in router firmware" Assunto 1 DNS Inventor Warns of Next Big Threat Assunto 2 Shmoocon 2008

"Introduction:The following presentation is twparts, the first covers aspects of Microsoft's GS implementation and usage. The second is a complementary section dealing with ASLR in Windows Vista, its implementation and some surprising results... Part I Synopsis: GS is a Visual Studicompiler option that was introduced in Visual Studi2002 tmitigate the local stack variable overflows that resulted in arbitrary code execution. The following paper details the methods Symantec used tassess which binaries within Windows Vista 32bit leveraged GS as a defensive mechanism. This paper presents the results of this analysis, the techniques that have been developed, and supporting material. The results in this paper are from the 32bit RTM release of Microsoft Windows Vista Part II Synopsis: Address Space Layout Randomization (ASLR) is a mitigation technique designed thinder the ability of an attacker tachieve arbitrary code execution when exploiting software vulnerabilities. As the name implies, ASLR involves placing a computer program and its associated memory at random locations, either between reboots or executions, thinder the attacker's ability treliably locate either their shell code or other required data. This paper is the result of a brief analysis of the implementation of ASLR within Microsoft Windows Vista 32bit RTM, conducted by Symantec's Advanced Threat Research. " "Mr Whitehouse has worked in information security both as a consultant and researcher. This has included being employed by companies in a variety of industries ranging from financial services ttelecommunications. Mr Whitehouse originally created Delphis Consulting's security practice in 1999. Mr Whitehouse joined @stake Inc in 2000 as a Managing Security Architect before becoming European Technical Director in 2004. After Symantec's acquisition of @stake Inc in 2004 Mr Whitehouse continued as Technical Manager for its professional services division in London until 2005. In mid 2005 he took a full time research role with Symantec Research Labs in Government research. Mr Whitehouse subsequently moved tSymantec's Response division joining its Advanced Threats Research team specializing in mobile platforms and related technologies. Mr Whitehouse as previously published research on the security of mobile telecommunication networks, mobile devices and Bluetooth. In addition he has alsdiscovered numerous security vulnerabilities in a wide range of desktop and server applications. His previous research has led him tpresent at CanSecWest, RuxCON, UNCON and Chaos Communication Camp among others"