-
DEF CON 29 - Chad Seaman - UPnProxyPot: Fake the Funk, Become a Blackhat Proxy, MITM their TLS...
- Welcome to my talk. This is UPnProxyPot, fake the funk, become a blackout proxy, man in the middle their TLS and scrape the wire.
00:11 - Before we begin. I’m Chad seaman, but around here at DefCon you can just call me d1rt.
00:16 - I am part of the Akamai SIRT team. I’m actually a team lead and senior engineer on that team.
00:21 - For those of you unfamiliar with the SIRT team, which is probably all of you You may have heard of some of our research before.
-
DEF CON 29 - Christopher Wade - Breaking Secure Bootloaders
- Hello, everyone. My name is Christopher Wade, and today I’m gonna be talking about breaking secure bootloaders.
00:06 - The purpose of this talk is to outline how smartphones use signature verification mechanisms to protect their firmware, both the core chips and the peripheral hardware.
00:13 - This is implemented at the bootloader level, which provides facilities for firmware updates as well, and often other interfaces for management of the device.
-
DEF CON 29 - Cory Doctorow - Privacy Without Monopoly
- Hey, I’m Cory Doctorow and I work with the Electronic Frontier Foundation.
00:07 - I’m a special advisor there. And this talk it’s based on a paper that I co-wrote with my colleague at EFF, Bennett Cyphers, that is his real name.
00:17 - And that paper is also called “Privacy Without Monopoly” same title as this talk, you can download it at eff. org/dc29, that’s down there in the URL, DEFCON29.
-
DEF CON 29 - David Dworken - Worming through IDEs
- Hi everyone, I’m David. And today, we’re going to talk about hacking IDEs.
00:05 - First a little bit about myself. I’m a security engineer at Google, where I work on web security.
00:09 - I’m focused both on developing new web security features along with figuring out how to you deploy them at scale.
00:18 - Outside of work, I really enjoy hacking in both senses of the word.
-
DEF CON 29 - Ian Coldwater, Chad Rikansrud - Real Life Story of the 1st Mainframe Container Breakout
- Hi, I’m Ian. I do container things.
00:04 - - Hi, I’m Chad. I do mainframe things.
00:07 - - And we’re here to tell you a story today about some things we did together.
00:12 - We both live in Minneapolis, Minnesota, which is a cold dark place, where it’s winter six months out of the year.
00:19 - Minnesotan hackers spend their long winters stuck inside, doing deep dive studying ancient Arcana and getting good at deep magic, which lends itself well to weird specializations, and that’s how we ended up here.
-
DEF CON 29 - Jacob Baines - Bring Your Own Print Driver Vulnerability
- [Jake] Hello, DEF CON. Welcome to my talk, Bring Your Own Print Driver Vulnerability.
00:07 - In this talk, I’ll discuss how a standard, low-privileged user can install print drivers of their choosing, by design, on Windows systems.
00:16 - And I’ll show how a local attacker can escalate to SYSTEM using a handful of different print drivers.
00:22 - Now, I want to say upfront that I won’t be talking about PrintNightmare.
-
DEF CON 29 - Jacob Baines - Bring Your Own Print Driver Vulnerability
- [Jake] Hello, DEF CON. Welcome to my talk, Bring Your Own Print Driver Vulnerability.
00:07 - In this talk, I’ll discuss how a standard, low-privileged user can install print drivers of their choosing, by design, on Windows systems.
00:16 - And I’ll show how a local attacker can escalate to SYSTEM using a handful of different print drivers.
00:22 - Now, I want to say upfront that I won’t be talking about PrintNightmare.
-
DEF CON 29 - James Kettle - HTTP2: The Sequel is Always Worse
- Hello and welcome to “HTTP two, The Sequel is Always Worse”.
00:05 - Have you ever seen something that was so complex, it just had to be hackable, if only you had time to understand it.
00:14 - HTTP/2 is a beautiful beast, but it is complex and where there’s complexity people take shortcuts and things go wrong.
00:23 - In this session, I will show you how you can use new features in H two for a range of high-impact attacks.
-
DEF CON 29 - Jenko Hwong - New Phishing Attacks Exploiting OAuth Authentication Flows
- Hi, welcome. Today, I’m going to be talking about new phishing attacks that exploit OAuth authorization flows.
00:12 - My name is Jenko Hwong, I’m currently a Researcher at Netskope.
00:17 - Here are some of the areas that I’ve dabbled in and are interesting to me from my research perspective.
00:26 - So to recap some of the past about phishing, I’d like to just spend a minute talking about that, so that we can understand some of the latest evolution of techniques.
-
DEF CON 29 - Kelly Kaoudis, Sick Codes - Rotten code, aging standards, & pwning IPv4 parsing
- [Sick Codes] Hey, everyone. Welcome to rotten code, aging standards, and pwning IPv4 parsing across nearly every mainstream programming language.
00:12 - Let’s get started. Sort of starting off with a meme here I got from JF or Joe Slowik’s Twitter account.
00:19 - Everyone, please stay calm. We’re releasing PoCs for the unpatched vulnerabilities so you can better evaluate security posture.
00:25 - I thought this was fantastic and I asked Joe if it was cool if I could put it in the presentation.