Jako každé léto i letos proběhla v Las Vegas (8 až 10. srpna) konference Defcon. Letošní zastoupení bylo dle referencí opravdu široké, lze očekávat mnoho novinek. Po zhruba měsící jsou vydávany defcon papers – souhrn přednášek, reference na nejnovější zranitelnost, hacky, exploity a exploitovací techniky, XSS a mnoho dalšího. Pro každého kdo netrpělivě čeká na první oficiální (nebo neoficiální :) tématické dokumentace přínášime souhrn přednášek a seznam přednášejících na DEFCON 16.
Pre-con
Podrobné informace na webu defcon toxic BBQ.
Skybox
Pátek až neděle (každý den) – Hardware Hacking Village, Wireless Village, Lockpick Village
Pátek – „Spiders are Fun“ party, Hacker pimps
Sobota – 303 (Skytalks), Ninja Networks, i-hacked
Neděle – HAM Radio Testing
Pátek
Vše je řazeno do tkz. Tracků (track 1 až../ čas). Souběžně funguje až 6 tracků..
Track 1
- Úvod (Kingpin)
- Schuyler Towne How to make friends & influence Lock Manufacturers.
- Marc Weber Tobias Open in 30 Seconds: Cracking One of the Most Secure Locks in America.
- Eric Schmiedl Advanced Physical Attacks: Going Beyond Social Engineering and Dumpster Diving Or, Techniques of Industrial Espionage
- David Maynor & Robert Graham Bringing Sexy Back: Breaking in with Style.
- Matt Yoder Death Envelope: Medieval Solution to a 21st Century Problem.
- Fabian „Fabs“ Yamaguchi & FX New Ideas for Old Practices- Port Scanning Improved.
- Movie Night With DT: Premiere of „Hackers Are People Too“
- Movie Night With DT: Appleseed: Ex Machina
Track 2
- Weasel Compliance: The Enterprise Vulnerablity Roadmap.
- Michael Brooks Deciphering Captcha
- Kolisar Whitespace: A Different Approach to JavaScript Obfuscation.
- Mike Spindel Captchas: Are they really Hopeless? (Yes!)
- Tom „Strace“ Stracener & Robert „RSnake“ Hansen Xploiting Google Gadgets: Gmalware & Beyond
- Nathan Hamiel & Shawn Moyer Satan is on my friends list: Attacking Social Networks.
- Wendel Guglielmetti Henrique Playing with Web Application Firewalls.
- Fyodor NMAP-Scanning the Internet.
- Ben Feinnstein Snort Plug-in Development: Teaching an Old Pig New
- Guy Martin Sniffing Cable Modems.
Track 3
- Chema Alonso & Jose Parada Time-Based Blind SQL Injections Using Heavy Queries: A Practical Approach to MS SQL Server, MS Acess, Oracle, MySQL Databases and Marathon Tool.
- Ian Angell Digital Security: A Risky Business
- Mark Bristow ModScan: A SCADA MODBUS Network Scanner
- Robert Ricks New Tool for SQL Injection with DNS Exfiltration.
- Morgan Marquis-Boire Fear, Uncertainty and the Digital Armageddon.
- Kurt Grutzmacher Nail the Coffin Shut,NTLM is Dead.
- Kevin Figueroa, Marco Figueroa, & Anthony L. Williams VLANs Layer 2 Attacks: Their Relevance and their Kryptonite.
- James Shewmaker StegoFS
- D.J. Capelis Building a Real Session Layer.
- John Fitzpatrick Virtually Hacking.
Track 4
- Brenno J.S.A de Winter Hacking Data Retention: Small Sister your Digital Privacy Self Defense.
- Joe Cicero Hacking E.S.P.
- Clinton Wong Web Privacy & Flash Local Shared Objects.
- Roger Dingledine Security and anonymity vulnerabilities in Tor: past, present, and future
- Jim O’Leary Every Breath you Take.
- Magnus Bråding Generic, Decentralized, Unstoppable Anonymity: The Phantom Protocol.
- Blake Self & Durandal Free Anonymous Internet Using Modified Cable Modems.
- Vic Vandal Keeping Secret Secrets Secret & Sharing Secret Secrets Secretly.
- Eric Smith & Dr. Shana Dardan. Medical Identity Theft.
- Nathan Evans De-TOR-iorate Anonymity
- TCP/IP Drinking Game
- Hacker Jeopardy
Track 5
- Ben Feinstein The Wide World of WAFs.
- Panel: Hacking in the Name of Science.
- Greg Conti Could Googling Take Down a President, Prime Minister, or an Average Citizen?
- Jan Newger Anti-RE Techniques in DRM Code
- Alex Stamos, David Thiel & Justine Osborne Living in the RIA.
- Travis Goodspeed Journey to the center of the HP28.
- Panel: Meet the Feds
Contest Area
- oCTF, Coffee Wars, Race to Zero, Buzzword Survivor, DEFCONBots, GH3, Badge Hacking Contest, Mystery Challenge
- GH3 Free Play, The Phreaking Callenge, Mystery Challenge Wildcard Slot Competition
- Scavenger Hunt, GH3 Med. Heat 1, Beverage Cooling Contraption Contest
- GH3 Med. Heat 2, Mystery Challenge, GH3 Med. Heat 3
Events
- Warballooning Demo, Mobile Hacker Spaces Demo,
Sobota
Track 1
- David Weston & Tiller Beauchamp RE:Trace: The Reverse Engineer’s Unexpected Swiss Army Knife.
- Matt Weir & Suhir Aggarwal Password Cracking on a Budget.
- FX Developments in Cisco IOS Forensics.
- Adam Bregenzer Buying Time- What is your Data Worth? (A Generalized Solution to Distributed Brute Force Attacks.)
- Panel: All your Sploits (and Servers) are belong to us.
- Michael Brooks CSRF Bouncing.
- Felix „FX“ Lindner Toying With Barcodes
- Paul F. Renda The True Story of the Radioactive Boyscout: The first Nuclear Hacker & how his work relates to Homeland Security’s model of the dirty bomb.
- Movie Night With DT: 25th Anniversary Showing of Wargames Followed by a fireside chat with David Scott Lewis, IT & green tech entrepreneur, model for David Lightman, Movie Night With DT:
Three Days of the Condor
Track 2
- Nelson Murilo & Luiz „effffn“ Eduardo Beholder: New WiFi Monitor Tool.
- Thomas d’Otreppe de Bouvette „Mister X“ & Rick Farina „Zero_Chaos“ Shifting the Focus of WiFi Security: Beyond Cracking your neighbor’s WEP key.
- Matt „DCFLuX“ Krick Flux on:EAS (Emergency Alert System)
- Alexander Lash Taking Back your Cellphone.
- Major Malfunction Feed my SAT Monkey.
- Zac Franken Is that a unique credential in your pocket or are you just pleased to see me?
- Mike Perry 365-Day:Active https cookie hijacking.
- MD Sohail Ahmad, JVR Murthy & Amit Vartak Autoimmunity Disorder in Wireless LANs.
- NYCMIKE The World of Pager Sniffing/ Interception: More Activity than one may suspect.
- Fouad Kiamilev & Ryan Hoover Demonstration of Hardware Trojans.
- Scott Moulton Solid State Drives Destroy Forensic & Data Recovery Jobs: Animated!
Track 3
- Don Blumenthal Working With Law Enforcement.
- Scott Moulton Forensics is ONLY for Private Investigators.
- John „Jur1st“ Benson. When Lawyers Attack! Dealing with the New Rules of Electronic Discovery.
- Panel: Ask the EFF: The Year in Digital Civil Liberties Panel
- Panel: Commission on Cyber Security for the 44th Presidency
- Don Blumenthal What to do when your Data winds up where it shouldn’t.
- TBA
Track 4
- Joe „kingpin“ Grand & Zoz BSODomizer.
- Cameron Hotchkies Under the iHood.
- Jay Beale Owning the Users with Agent in the Middle.
- Luciano Bello & Maximiliano Bertacchini Predictable RNG in the Vulnerable Debian OpenSSL Package, the What and the How.
- SensePost Pushing the Camel through the eye of a needle
- Mati Aharoni BackTrack Foo- From bug to 0day.
- atlas VulnCatcher: Fun with Vtrace & Programmatic Debugging.
- David Byrne Grendel-Scan: A New Web Application Scanning Tool.
- Renderman How can I pwn thee? Let me count the ways.
- LeetSkills Talent Competition
– Hacker Jeopardy
Track 5
– G.Mark Hardy A Hacker Looks at 50.
- Ferdinand Schober Gaming- The Next Overlooked Security Hole.
- „Ne0nRa1n“ & Joe „Kingpin“ Grand Brain Games: Make your own Biofeedback Video Game.
- Ian Clarke Hacking Desire.
- Lyn Tuning Your Brain.
- Phreakmonkey & mutantMandias Urban Exploration- A Hacker’s View.
- Lee Kushner & Mike Murray Career Mythbusters: Separating Fact from Fiction in your Information Security Career.
- Christopher Tarnovsky Introducing Momentary Faults Within Secure Smartcards/ Microcontrollers.
Contest Area
- oCTF, Øwn the Box, GH3, Gringo Warrior, Scavenger Hunt, GH3 Hard Heat 1, DEFCONBots, GH3 Hard Heat 2, The Phreaking Callenge, EEE PC Mod Workshop, GH3 Expert Heat, GH3 Finals Med., GH3 Finals Hard, GH3 Finals Expert
Events
- Skytalks, Warballooning Demo, Mobile Hacker Spaces Demo.
Neděle
Track 1
- Bruce Potter Malware Detection through Network Flow Analysis.
- Rick Hill War Ballooning-Kismet Wireless „Eye in the Sky“
- Simon Howard Race-2-Zero Unpacked.
- Thomas Wilhelm Mobile Hacker Space.
- Panel: Internet Wars
- Jason Scott Making a Text Adventure Documentary.
Track 2
- Brian K. Edwards Markets for Malware: A Structural Economic Approach
- Ryan Trost Evade IDS/IPS Systems using Geospatial Threat Detection.
- Dan Kaminsky TBA
- Teo Sze Siong & Hirosh Joseph Let’s Sink the Phishermen’s Boat!
- Renderman10 Things that are Pissing me off.
- Anthony Martinez & Thomas Bowen Toasterkit, a Modular NetBSD Rootkit.
- Michael Ligh & Greg Sinclair Malware RCE: Debuggers and Decryptor Development.
- Igor Muttik Good Viruses. Evaluating the Risks.
- Chris Eagle & Tim Vidas Next Generation Collaborative Reversing with IdaPro &CollabReate.
Track 3
- Tony Howlett The death of Cash: The Loss of anonymity & other danger of the cash free society.
- Peter Berghammer The Emergence (and use) of Open Source Warfare.
- Sandy Clark „Mouse“Climbing Everest: An Insider’s Look at one state’s Voting Systems.
- Doug Farre Identification Card Security: Past, Present, Future.
- Zack Anderson, RJ Ryan & Alessandro Chiesa The Anatomy of a Subway Hack: Breaking Crypto RFID’s & Magstripes of Ticketing Systems.
- Mike Renlund The Big Picture: Digital Cinema Technology & Security.
- Taylor Banks & Carric. Pen-Testing is Dead, Long live the Pen Test.
- Tottenkoph, Rev & Philosopher Hijacking the Outdoor Digital Billboard Network.
Track 4
- Christer Oberg, Claes Nyberg, & James Tusini Hacking Open VMS.
- N.N.P. VoIPER:Smashing the VoIP Stack while you sleep.
- Jay Beale They’re Hacking Our Clients! Introducing Free Client-side Intrustion Prevention.
- Paul Craig Compromising Windows Based Internet Kiosks.
- Panel: Black vs. White: The complete life cycle of a real world breach.
- lclee_vx Comparison of File Infection on Windows & Linux.
Track 5
- Stefan Frei, Thomas Duebendorfer, Gunter Ollman & Martin May Exploiting A Hundred-Million Hosts Before Brunch
- JonM Ham for Hackers-Take back the Airwaves.
- Nick Harbour Advanced Software Armoring and Polymorphic Kung Fu
- Valsmith & Colin Ames MetaPost-Exploitation
- Jonathan Brossard Bypassing pre-boot authentication passwords
- DAVIX Visualization Workshop
Contest Area
- The Phreaking Callenge
Events
- Mobile Hacker Spaces Demo
Další informace na stránce Defcon
Odkaz vede do sekce Diskuze článků a tutoriálů – komentáře směrujte do příslušné sekce.
