-
DEF CON 29 - Ian Vitek - Central Bank Digital Currency, Threats and Vulnerabilities
- Welcome to the presentation, Central Bank Digital Currency, Threats and Vulnerabilities.
00:10 - We will start with a background. Then we’ll move over a detailed system description of the prototype, system components, and to point out functions that need protection, information to secure, and secure communication.
00:30 - Then we will deep dive into vulnerabilities that we have found in the retail central bank digital currency prototype for phase one, and then I have to talk about everything else that needs to be handled before going to production.
-
DEF CON 29 - Martin Doyhenard - Response Smuggling: Pwning HTTP 1 1 Connections
- Hello. My name is Martin Doyhenard. I’m a security researcher at the Onapsis Labs.
00:07 - And today I’m going to present a new set of techniques that can be used to obtain control over the response queue in a persistent connection by exploiting different HTTP desynchronization vulnerabilities.
00:20 - The agenda for today. First, I’m going to make a quick recap on HTTP request smuggling.
-
DEF CON 29 - Michael Whiteley Katie Whiteley - Making the DEF CON 29 Badge
(upbeat electronic music) - Hello and welcome to another episode of BETWEEN TWO PRINTERS.
00:09 - My name’s Katie, and today we’ll be talking with this year’s DEF CON badge makers, MK Factor.
00:15 - Hello, Michael, thank you for being here. - Glad to be here.
00:19 - - To my knowledge, we’re filming this before the badge is completely done, yes? - Yes, about three weeks before DEF CON.
-
DEF CON 29 - Mickey Shkatov, Jesse Michael - High Stakes Updates: BIOS RCE OMG WTF BBQ
- [Mickey] Hello, friends and welcome to our talk High-Stakes Updates, or as we like to call it BIOS, RCE OMG WTF BBQ.
00:09 - We are Jesse and Mickey. I am Mickey. - [Jesse] I’m Jessie.
00:13 - - [Mickey] Here are our pictures. So you can someday find us and harass us face to face.
00:18 - We both work at a startup named Eclypsium, who has generously funded this research.
-
DEF CON 29 - Paz Hameiri - TEMPEST Radio Station
- Hi everyone, my name is Paz Hameiri and I’ll be talking about the project I’m working on named Tempest Radio Station.
00:10 - First allow me to introduce myself. I’ve been developing hardware and software for more than 30 years and I’m working as a system engineer for more than a decade.
00:21 - I started my professional career very early.
00:25 - During my teen years, I cracked games and develop software tools.
-
DEF CON 29 - Richard Henderson - Old MacDonald Had a Barcode, E I E I CAR
- Okay, looks like we’re up and running. Hi everybody, welcome.
00:10 - Hi DEFCON, hi DEFCON 29. Thanks for everybody tuning in from wherever you are.
00:15 - Hopefully next year we get to all do this in person.
00:18 - Here we are. So hi guys, my name’s Richard.
00:21 - We’ll get to that in a second. This is my talk on barcodes and Old McDonald had a barcode, E-I-E-I CAR.
-
DEF CON 29 - Richard Thieme AKA neuralcowboy - UFOs: Misinformation, Disinfo, and the Basic Truth
- Hello again, this is Richard Thieme, showing up 25 years after I showed up to speak here at DEFCON for the first time to address the topic UFOS: Misinformation, Disinformation, and the Basic Truth.
00:18 - A lot has been happening since I made a talk about this subject eight years ago, which is on YouTube, and I’ll refer to that subsequently, but I want to say that reality, as Philip K.
-
DEF CON 29 - Rotem Bar - Abusing SAST tools When scanners do more than just scanning
- For the last couple of months, I’ve been playing with different SAST tools.
00:05 - I’m playing with SAST tools because part of my job and part of my actually interest is how to secure code and then the best way and doing so, we always start by playing with SAST.
00:21 - After SAST, the much more highest than SAST but we’ll focus about static tools and I turned to play with them and abuse them in different ways.
-
DEF CON 29 - Sagi Sheinfeld, Eyal Karni, Yaron Zinar - Using M(achine)ITM to Attack Active Directory
- Hey everybody, welcome to our talk, Adventures in MitM-land, Using MitM to Attack Active Directory Authentication Schemes.
00:14 - So first, let me introduce us. I’m Yaron, manager on the engineering team at CrowdStrike.
00:25 - I’ve presented two times before at Black Hat and one time at DEFCON, did a lot of research on authentication protocols.
00:36 - Eyal, an engineer, previously presented on Black Hat.
-
DEF CON 29 - Salvador Mendoza - PINATA PIN Automatic Try Attack
- Hello to everyone. Is a real pleasure to be part of DefCon 29.
00:04 - My name is Salvador Mendoza and I’m a Security Researcher at Metabase Q.
00:08 - And I’m proudly member of Ocelot Offensive Security Team.
00:12 - Today, I’m going to talk about the Pinata attack, or PIN Automatic Try Attack, regarding EMV technology.
00:20 - So let’s start with the agenda for today.