-
DEF CON 29 - Laura Abbott, Rick Altherr -Breaking TrustZone M: Privilege Escalation on LPC55S69
- Hi, I’m Laura Abbott, and I’m here with my colleague Rick Altherr to talk about breaking TrustZone-M using a privilege escalation on the LPC55S69.
00:17 - We are engineers at Oxide Computer working on building a new server.
00:21 - Computers haven’t changed much in many years, and we are looking to fix that.
00:25 - No, I promise this isn’t a sales pitch. I’m giving background to explain what we were building when we stumbled across this issue mostly by accident.
-
DEF CON 29 - Mars Cheng, Selmon Yang - Taking Apart and Taking Over ICS & SCADA Ecosystems
- Hello, everyone. I am Mars from TXOne Networks, and we are happy to have the opportunity to share our research results on the DEF CON 29 stage.
00:11 - In this session, we will discuss the ecosystem of ICS and SCADA, and more deeply focus on the Mitsubishi Electric’s communication protocols.
00:23 - And please allow me to quickly introduce TXOne.
00:26 - TXOne is a subsidiary company under Trend Micro.
-
DEF CON 29 - Matthew Bryant - Hacking G Suite: The Power of Dark Apps Script Magic
- Thank you all for coming. This is Hacking G Suite: The Power of Dark App Script Magic.
00:09 - A little bit of background on myself, I’m Matthew Bryant, I go often by my handle mandatory, I currently lead the Red Team Effort at Snapchat, and also outside of work, I also post occasionally about security on Twitter @IAmMandatory.
00:22 - And additionally, I also do hacking write-ups and research posts at my website, thehackerblog.
-
DEF CON 29 - PatH - Warping Reality: Creating and Countering the Next Generation of Linux Rootkits
- Good everyone, my name is Pat, I’m PathToFile on Twitter, Github, Discord, and most other places.
00:09 - And this talk is about Creating and Countering the Next Generation of Linux rootkits using eBPF.
00:15 - So today we’re gonna start with an overview on what Linux Kernel rootkits are, and we’re gonna cover why rootkits are such a powerful tool for attackers, but why they’re so dangerous to use.
-
DEF CON 29 - Patrick Wardle - Bundles of Joy: Breaking MacOS via Subverted Applications Bundles
- Aloha and welcome to Bundles of Joy. I’ll talk about breaking macOS via Subverted Application Bundles.
00:12 - My name is Patrick Wardle, I am the creator of the Mac Security Tool Suite and Security Website, Objective-See.
00:20 - Also the organizer of the Mac Security Conference, “Objective by the Sea,” and also the author of the “Art of Mac Malware” analysis book.
00:31 - So today, we’re gonna be talking about an interesting flaw that affected all recent versions of macOS.
-
DEF CON 29 - hyp3ri0n aka Alejandro Caceres Jason Hopper - PunkSPIDER and IOStation: Making a Mess
- Hello, everyone. And welcome to Punkspider and IOStation, making a mess all over the internet.
00:07 - I am Jason Hopper, and I’m the Director of Research at QOMPLX, and I’m here with- - I’m Alejandro Caceres.
00:15 - I’m the Director of Computer Network Exploitation at QOMPLX.
00:19 - - Years ago, Alex invented or developed a system called PunkSPIDER, and I developed something called IOStation.
-
DEF CON 29 -Justin Perdok - Hi Im DOMAIN Steve, Please Let Me Access VLAN2
- Hi, and welcome to my talk, “Hi! I’m DOMAIN\Steve, please let me access VLAN2. “ It’s about tricking firewall user identity capabilities into applying security policies to arbitrary IPs on the network.
00:13 - My name is Justin Perdok. I am a pen tester at Orange Cyberdefence.
00:17 - I enjoy drinking craft beers and long boarding in my free time, and as you might’ve imagined, I’m into hacking stuff, but also automating stuff.
-
DEF CON 29 - Yuhao Weng, Steven Seeley, Zhiniang Peng - An Attack Surface Tour of SharePoint Server
- [Yuhao Weng] Hello, everyone. It is a great honor to present at DefCon.
00:21 - Welcome to our presentation. Don’t Dare to Exploit An Attack Surface Tour of SharePoint Server.
00:27 - It is presented by myself, Yuhao Weng of Sangfor, Steven Seeley of Qihoo 360, and Zhiniang Peng of Sangfor.
00:36 - Let me introduce ourselves at first. Yuhao Weng who is a web security researcher of Sangfor and also a CTF player of Team Kap0k.
-
DEF CON 29 - Dimitry Op Nomad Snezhkov - Use of Offensive Enclaves In Adversarial Operations
- Hello, DEFCON. Welcome to Your House is My House.
00:06 - Use of Offensive Enclaves in Adversarial Operations.
00:10 - My name is Dimitry Snezhkov, and I’m part of protiviti, Attack and Penetration Testing Team, where I have a chance to do tooling, offensive research, and automation.
00:19 - Shout out to my team at protiviti for making that happen.
00:24 - So today we’re gonna talk about SGX technology as it applies to offensive operations.
-
DEF CON 29 - Dimitry Op Nomad Snezhkov - Racketeer Toolkit: Prototyping Controlled Ransomware Ops
- Hello Defcon, welcome to my talk, Racketeer Prototyping Control Ransomware Operations.
00:08 - My name is Dimitry Snezhkov. I work at Protiviti on attack and penetration testing team, we have a chance to do tooling, offensive research and automation.
00:18 - And today we’re gonna talk about ransomware.
00:20 - Specifically we’re gonna talk about simulating the lifecycle of ransomware, injecting into it, understanding it and emulating the steps that need to happen to properly test it.