הפודקאסטים הטובים ביותר ב-Usa Audio (2024)

1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons 1:13:39

16+ y ago1:13:39

1:13:39

In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …

1
HD Moore & Valsmith: Tactical Exploitation-Part 2 1:12:12

16+ y ago1:12:12

1:12:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…

1
Joe Stewart: Just Another Windows Kernel Perl Hacker 18:55

18+ y ago18:55

18:55

This talk will detail the Windows remote kernel debugging protocol and present a Perl framework for communicating with the kernel debug API over a serial/usb/1394 port from non-Windows systems. This leads to some interesting possibilities for hacking the kernel, such as code injection, hooking, forensics, sandboxing and more, all controlled from a …

1
Jerry Schneider: Reflection DNS Poisoning 19:18

18+ y ago19:18

19:18

Targeting an enterprise attack at just a few employees seems to be yielding the best results, since it lowers the risk of discovering the exploit. Yet the typical DNS cache poisoning approach, aimed at various levels in the DNS server hierarchy or the enterprise server itself, is not as effective as it could be, primarily because so many people are…

1
Stephan Patton: Social Network Site Data Mining 23:15

18+ y ago23:15

23:15

Social Network Sites contain a wealth of public information. This information is of great interest to researchers, investigators, and forensic experts. This presentation presents research regarding an approach to automated site access, and the implications of site structure. Associated tools and scripts will be explained. Additionally, investigativ…

1
Jeff Morin: Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage 10:25

18+ y ago10:25

10:25

In the realm of application testing, one of the major, but most often overlooked vulnerabilities, is that of type conversion errors. These errors result from input variable values being used throughout the many areas and codebases that make up the application, and in doing so, are potentially treated as different data types throughout the processin…

1
Charlie Miller: Hacking Leopard: Tools and Techniques for Attacking the Newest Mac OS X 25:13

18+ y ago25:13

25:13

According to the Apple website, ?Mac OS X delivers the highest level of security through the adoption of industry standards, open software development and wise architectural decisions.? Of course, the Month of Apple Bugs showed that Mac?s are just as susceptible to vulnerabilities as other operating systems. Arguably, the two factors keeping the nu…

1
Iain Mcdonald: Longhorn Server Foundation & Server Roles 27:37

18+ y ago27:37

27:37

Iain will discuss Server Foundation and Server Roles?how Longhorn Server applied the principles of attack surface minimization. This talk will detail the mechanics of LH Server componentization and then discuss the primary roles. You will learn how to install and manage a server that doesn't have a video driver and will hear about File Server, Web …

1
David Leblanc: Practical Sandboxing: Techniques for Isolating Processes 24:00

18+ y ago24:00

24:00

The sandbox created for the Microsoft Office Isolated Converter Environment will be demonstrated in detail. The combination of restricted tokens, job objects, and desktop changes needed to seriously isolate a process will be demonstrated, along with a demonstration of why each layer is needed.על ידי David Leblanc

1
Zane Lackey: Point, Click, RTPInject 14:46

18+ y ago14:46

14:46

The Realtime Transport Protocol (RTP) is a common media layer shared between H.323, SIP, and Skinny (SCCP) VoIP deployments. RTP is responsible for the actual voice/audio stream in VoIP networks; hence attacks against RTP are valid against the bulk VoIP installations in enterprise environments. Since signaling (H.323/SIP/SCCP) and media transfer (R…

1
Greg Wroblewski: Reversing MSRC Updates: Case Studies of MSRC Bulletins 2004-2007 18:06

18+ y ago18:06

18:06

Greg Wroblewski has a Ph.D. in Computer Science and over 15 years of software industry experience. At Microsoft he is a member of a team of security researchers that investigate vulnerabilities and security threats as part of the Microsoft Security Response Center (MSRC). The team works on every MSRC case to help improve the guidance and protection…

1
Dave G & Jeremy Rauch: Hacking Capitalism 20:04

18+ y ago20:04

20:04

The financial industry isn't built on HTTP/HTTPS and web services like everything else. It has its own set of protocols, built off of some simple building blocks that it employs in order to make sure: that positions are tracked in real time, that any information that might affect a traders action is reliably received, and that trades happens in a f…

1
Ero Carerra: Reverse Engineering Automation with Python 24:27

18+ y ago24:27

24:27

Instead of discussing a complex topic in detail, this talk will discuss 4 different very small topics related to reverse engineering, at a length of 5 minutes each, including some work on intermediate languages for reverse engineering and malware classification. Ero Carrera is currently a reverse engineering automation researcher at SABRE Security,…

1
Mark Ryan Del Moral Talabis: The Security Analytics Project: Alternatives in Analysis 17:17

18+ y ago17:17

17:17

With the advent of advanced data collection techniques in the form of honeypots, distribured honeynets, honey clients and malware collectors, data collected from these mechanisms becomes an abundant resource. One must remember though that the value of data is often only as good as the analysis technique used. In this presentation, we will describe …

1
Phil Zimmermann: Z-Phone 1:03:31

18+ y ago1:03:31

1:03:31

Philip R. Zimmermann is the creator of Pretty Good Privacy. For that, he was the target of a three-year criminal investigation, because the government held that US export restrictions for cryptographic software were violated when PGP spread all around the world following its 1991 publication as freeware. Despite the lack of funding, the lack of any…

1
Mark Vincent Yason: The Art of Unpacking 1:00:52

18+ y ago1:00:52

1:00:52

Unpacking is an art - it is a mental challenge and is one of the most exciting mind games in the reverse engineering field. In some cases, the reverser needs to know the internals of the operating system in order to identify or solve very difficult anti-reversing tricks employed by packers/protectors, patience and cleverness are also major factors …

1
Chris Wysopal & Chris Eng: Static Detection of Application Backdoors 1:11:09

18+ y ago1:11:09

1:11:09

Backdoors have been part of software since the first security feature was implemented. So unless there is a process to detect backdoors they will inevitably be inserted into software. Requiring source code is a hurdle to detecting backdoors since it isn't typically available for off the shelf software or for many of the libraries developers link to…

1
Ariel Waissbein: Timing attacks for recovering private entries from database engines 1:01:54

18+ y ago1:01:54

1:01:54

Dynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applications typically interface with web users and allow them to make only certain queries from the database while they safeguard the privacy where expected, for…

1
Eugene Tsyrklevich: OpenID: Single Sign-On for the Internet 58:05

18+ y ago58:05

58:05

Tired of tracking your username and password across 169 Web 2.0 websites that you have registered with? Thinking of adding SSO to your webapp? Pen-testing a Web 2.0 app? Then come and learn about OpenID - a new decentralized Single Sign-On system for the web. OpenID is increasingly gaining adoption amongst large sites, with organizations like AOL a…

1
Peter Thermos: Transparent Weaknesses in VoIP 1:09:57

18+ y ago1:09:57

1:09:57

The presentation will disclose new attacks and weaknesses associated with protocols that are used to establish and protect VoIP communications. In addition, a newer "unpublished" version of the SIVuS tool will be demoed.על ידי Peter Thermos

1
Bryan Sullivan: Premature Ajax-ulation 1:05:29

18+ y ago1:05:29

1:05:29

The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases. Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened agains…

1
Scott Stender: Blind Security Testing - An Evolutionary Approach 58:56

18+ y ago58:56

58:56

The vast majority of security testing relies on two approaches: the use of randomly generated or mutated data and the use of type-specific boundary test cases. Unfortunately, the current state of software security is such that most applications fall to these relatively simple tests. For those applications that have been specifically hardened agains…

1
Alexander Sotirov: Heap Feng Shui in JavaScript 1:14:55

18+ y ago1:14:55

1:14:55

Heap exploitation is getting harder. The heap protection features in the latest versions of Windows have been effective at stopping the basic exploitation techniques. In most cases bypassing the protection requires a great degree of control over the allocation patterns of the vulnerable application. This presentation introduces a new technique for …

1
Window Snyder & Mike Shaver : Building and Breaking the Browser 58:28

18+ y ago58:28

58:28

Traditional software vendors have little interest in sharing the gory details of what is required to secure a large software project. Talking about security only draws a spotlight to what is generally considered a weakness. Mozilla is using openness and transparency to better secure its products and help other software projects do the same. Mozilla…

1
Bruce Schneier: KEYNOTE: The Psychology of Security 49:21

18+ y ago49:21

49:21

Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why s…

1
Eric Schmeidl & Mike Spindel: Strengths and Weaknesses of Access Control Systems 55:37

18+ y ago55:37

55:37

Access control systems are widely used in security, from restricting entry to a single room to locking down an entire enterprise. The many different systems available?card readers, biometrics, or even posting a guard to check IDs?each have their own strengths and weaknesses that are often not apparent from the materials each vendor supplies. We pro…

1
Len Sassaman: Anonymity and its Discontents 1:17:12

18+ y ago1:17:12

1:17:12

In recent years, an increasing amount of academic research has been focused on secure anonymous communication systems. In this talk, we briefly review the state of the art in theoretical anonymity systems as well as the several deployed and actively used systems, and explain their strengths and limitations. We will then describe the pseudonym syste…

1
Tony Sager: KEYNOTE: The NSA Information Assurance Directorate and the National Security Community 46:15

18+ y ago46:15

46:15

The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Depart…

1
Paul Vincent Sabanal: Reversing C++ 52:59

18+ y ago52:59

52:59

As recent as a couple of years ago, reverse engineers can get by with just knowledge of C and assembly to reverse most applications. Now, due to the increasing use of C++ in malware as well as most moderns applications being written in C++, understanding the disassembly of C++ object oriented code is a must. This talk will attempt to fill that gap …

1
Joanna Rutkowska & Alexander Tereshkin: IsGameOver(), anyone? 1:15:41

18+ y ago1:15:41

1:15:41

We will present new, practical methods for compromising Vista x64 kernel on the fly and discuss the irrelevance of TPM/Bitlocker technology in protecting against such non-persistent attacks. Then we will briefly discuss kernel infections of the type II (pure data patching), especially NDIS subversions that allow for generic bypassing of personal fi…

1
Dror-John Roecher: NACATTACK 1:10:08

18+ y ago1:10:08

1:10:08

The last two years have seen a big new marketing-buzz named "Admission Control" or "Endpoint Compliance Enforcement" and most major network and security players have developed a product-suite to secure their share of the cake. While the market is still evolving one framework has been getting a lot of market-attentiont: "Cisco Network Admission Cont…

1
Danny Quist & Valsmith: Covert Debugging: Circumventing Software Armoring Techniques 48:09

18+ y ago48:09

48:09

Software armoring techniques have increasingly created problems for reverse engineers and software analysts. As protections such as packers, run-time obfuscators, virtual machine and debugger detectors become common newer methods must be developed to cope with them. In this talk we will present our covert debugging platform named Saffron. Saffron i…

1
Thomas H. Ptacek, Peter Ferrie & Nate Lawson: Don't Tell Joanna, The Virtualized Rootkit Is Dead 1:03:11

18+ y ago1:03:11

1:03:11

Since last year's Black Hat, the debate has continued to grow about how undetectable virtualized rootkits can be made. We are going to show that virtualized rootkits will always be detectable. We would actually go as far as to say they can be easier to detect than kernel rootkits.על ידי Thomas H. Ptacek, Peter Ferrie & Nate Lawson

1
Cody Pierce: PyEmu: A multi-purpose scriptable x86 emulator 1:01:25

18+ y ago1:01:25

1:01:25

Processor emulation has been around for as long as the processor it emulates. However, emulators have been difficult to use and notoriously lacking in flexibility or extensibility. In this presentation I address these issues and provide a solution in the form of a scriptable multi-purpose x86 emulator written in Python. The concept was to allow a s…

1
Mike Perry: Securing the tor network 1:07:32

18+ y ago1:07:32

1:07:32

Imagine your only connection to the Internet was through a potentially hostile environment such as the Defcon wireless network. Worse, imagine all someone had to do to own you was to inject some html that runs a plugin or some clever javascript to bypass your proxy settings. Unfortunately, this is the risk faced by many users of the Tor anonymity n…

1
Chris Palmer: Breaking Forensics Software: Weaknesses in Critical Evidence Collectio 1:11:17

18+ y ago1:11:17

1:11:17

cross the world law enforcement, enterprises and national security apparatus utilize a small but important set of software tools to perform data recovery and investigations. These tools are expected to perform a large range of dangerous functions, such as parsing dozens of different file systems, email databases and dense binary file formats. Altho…

1
Chris Paget: RFID for Beginners++ 26:44

18+ y ago26:44

26:44

Black Hat DC 2007 was supposed to be the venue for "RFID For Beginners", a talk on the basic mechanisms of operation used by RFID tags. Legal pressure forced the talk to be curtailed, with only 25% of the material being presented. The remainder was replaced with a Panel debate involving IOActive, US-CERT, ACLU, Blackhat, and Grand Idea Studio. Afte…

1
Alfredo Ortega: OpenBSD Remote Exploit 56:18

18+ y ago56:18

56:18

OpenBSD is regarded as a very secure Operating System. This article details one of the few remote exploit against this system. A kernel shellcode is described, that disables the protections of the OS and installs a user-mode process. Several other possible techniques of exploitation are described.על ידי Alfredo Ortega

1
Shawn Moyer: (un)Smashing the Stack: Overflows, Countermeasures, and the Real World 59:47

18+ y ago59:47

59:47

As of today, Vista, XP, 2K03, OS X, every major Linux distro, and each of the BSD's either contain some facet of (stack|buffer|heap) protection, or have one available that's relatively trivial to implement/enable. So, this should mean the end of memory corruption-based attacks as we know it, right? Sorry, thanks for playing. The fact remains that m…

1
HD Moore & Valsmith: Tactical Exploitation-Part 1 58:12

18+ y ago58:12

58:12

Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…

1
Eric Monti & Dan Moniz: Defeating Extrusion Detection 1:23:38

18+ y ago1:23:38

1:23:38

Todays headlines are rife with high profile information leakage cases affecting major corporations and government institutions. Most of the highest-profile leakage news has about been stolen laptops (VA, CPS), or large-scale external compromises of customer databases (TJX). On a less covered, but much more commonplace basis, sensitive financial dat…

1
Luis Miras: Other Wireless: New ways of being Pwned 1:02:59

18+ y ago1:02:59

1:02:59

There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as…

1
Haroon Meer & Marco Slaviero: It's all about the timing 1:13:22

18+ y ago1:13:22

1:13:22

It's all about the timing... Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are …

1
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know . 50:31

18+ y ago50:31

50:31

Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to fin…

1
David Litchfield: Database Forensics 1:03:44

18+ y ago1:03:44

1:03:44

Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen - the largest known breach so far. In 2006 there were…

1
Jonathan Lindsay: Attacking the Windows Kernel 59:23

18+ y ago59:23

59:23

Most modern processors provide a supervisor mode that is intended to run privileged operating system services that provide resource management transparently or otherwise to non-privileged code. Although a lot of research has been conducted into exploiting bugs in user mode code for privilege escalation within the operating system defined boundaries…

1
Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online 1:02:26

18+ y ago1:02:26

1:02:26

Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this pres…

1
Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys) 1:13:07

18+ y ago1:13:07

1:13:07

RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...על ידי Adam Laurie

1
Dr. Neal Krawetz: A Picture's Worth... 48:37

18+ y ago48:37

48:37

Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is showing something real? Is it compute…

1
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web 55:14

18+ y ago55:14

55:14

Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks Wit…

פודקאסטים ששווה להאזין

פודקאסטים בנושא Usa Audio

פודקאסטים ששווה להאזין

מדריך עזר מהיר