Events for tag "Security"

Where in the World Is Carmen Sandiego?

Becoming a secret travel agent

• 59 min
• 2016-12-27
• 23812
• Karsten Nohl and Nemanja Nikodijevic

Hacking Sony PlayStation Blu-ray Drives

• Security Main
• 49 min
• 2019-12-28
• 3455
• oct0xor

Du kannst alles hacken – du darfst dich nur nicht erwischen lassen.

OpSec für Datenreisende

• 57 min
• 2018-12-29
• 33386
• Linus Neumann and Thorsten Schröder

The Great Escape of ESXi

Breaking Out of a Sandboxed Virtual Machine

• Security Main
• 40 min
• 2019-12-27
• 5228
• f1yyy

Attacking Chrome IPC

Reliably finding bugs to escape the Chrome sandbox

• 54 min
• 2018-12-29
• 3767
• nedwill

Modchips of the State

Hardware implants in the supply-chain

• 36 min
• 2018-12-27
• 4126
• Trammell Hudson

Wallet Security

How (not) to protect private keys

• 35 min
• 2018-12-28
• 1574
• Stephan Verbücheln

A Deep Dive Into Unconstrained Code Execution on Siemens S7 PLCs

• Security Main
• 62 min
• 2019-12-27
• 1954
• Ali Abbasi and Tobias Scharnowski

Are all BSDs created equally?

A survey of BSD kernel vulnerabilities.

• 58 min
• 2017-12-29
• 6454
• Ilja van Sprundel

Venenerkennung hacken

Vom Fall der letzten Bastion biometrischer Systeme

• 39 min
• 2018-12-27
• 14471
• starbug and Julian

Anykernels meet fuzzing

how to make NetBSD a better software for you and me

• 43 min
• 2019-08-22
• 326
• Akat1 Majorana

The Noise Protocol Framework

• 32 min
• 2017-12-28
• 1035
• Trevor Perrin

Console Hacking

Breaking the 3DS

• 72 min
• 2015-12-27
• 72400
• plutoo, derrek and smea

Hacking an NFC toy with the ChameleonMini

• Security WikiPakaWG
• 13 min
• 2019-12-30
• 3030
• fptrs and ceres-c

What's left for private messaging?

• Security Main
• 60 min
• 2019-12-27
• 39759
• Will Scott

Decoding Contactless (Card) Payments

An Exploration of NFC Transactions and Explanation How…

• 58 min
• 2017-12-29
• 3279
• Simon Eumes

Beyond your cable modem

How not to do DOCSIS networks

• 60 min
• 2015-12-27
• 219306
• Alexander Graf

Das nützlich-unbedenklich Spektrum

Können wir Software bauen, die nützlich /und/ unbedenklich…

• Security Main
• 63 min
• 2019-12-28
• 13227
• Fefe

Mit dem Getränkeautomaten in die Cloud

Über die (Un-)Sicherheit eines Bezahlsystems

• 30 min
• 2019-08-23
• 1283
• Janis Streib

Smart Home - Smart Hack

Wie der Weg ins digitale Zuhause zum Spaziergang wird

• 51 min
• 2018-12-28
• 30173
• Michael Steigerwald

All wireless communication stacks are equally broken

• Security Main
• 38 min
• 2019-12-28
• 8273
• jiska

Harry Potter and the Not-So-Smart Proxy War

Taking a look at a covert CIA virtual fencing solution

• Security Main
• 35 min
• 2019-12-28
• 6597
• Jos Wetzels

"Hacker hin oder her": Die elektronische Patientenakte kommt!

• Security Main
• 60 min
• 2019-12-27
• 17491
• Martin Tschirsich, cbro - Dr. med. Christian Brodowski and Dr. André Zilch

Inside Intel Management Engine

• 51 min
• 2017-12-27
• 6619
• Maxim Goryachy and Mark Ermolov

Taking Bluetooth lockpicking to the next level

...or the 37th floor of a Hotel

• 46 min
• 2019-08-23
• 856
• Ray and mh

Die fabelhafte Welt des Mobilebankings

• 33 min
• 2017-12-27
• 18695
• Vincent Haupert

KTRW: The journey to build a debuggable iPhone

• Security Main
• 54 min
• 2019-12-28
• 1101
• Brandon Azad

Running your own 3G/3.5G network

OpenBSC reloaded

• 56 min
• 2015-12-27
• 10943
• LaForge

Dissecting Broadcom Bluetooth

• 43 min
• 2018-12-30
• 2488
• jiska and mantz

radare demystified

after 1.0

• 62 min
• 2016-12-29
• 3794
• pancake

Intel ME: Myths and reality

• 62 min
• 2017-12-28
• 4359
• Igor Skochinsky and Nicola Corna

A deep dive into the world of DOS viruses

Explaining in detail just how those little COM files…

• 38 min
• 2018-12-28
• 6267
• Ben Cartwright-Cox

(Un)Sicherheit von App-basierten TAN-Verfahren im Onlinebanking

• 60 min
• 2015-12-28
• 152221
• Vincent Haupert

avatar²

Towards an open source binary firmware analysis framework

• 55 min
• 2017-12-29
• 1361
• nsr

Console Hacking 2016

PS4: PC Master Race

• 53 min
• 2016-12-27
• 43900
• marcan

Intel Management Engine deep dive

Understanding the ME at the OS and hardware level

• Security Main
• 60 min
• 2019-12-27
• 5326
• Peter Bosch

Rowhammer.js: Root privileges for web apps?

A tale of fault attacks on DRAM and attacks on CPU caches

• 30 min
• 2015-12-28
• 25652
• Clémentine Maurice and Daniel Gruss

ZombieLoad Attack

Leaking Your Recent Memory Operations on Intel CPUs

• Security Main
• 55 min
• 2019-12-28
• 1266
• Michael Schwarz, Moritz Lipp and Daniel Gruss

The One Weird Trick SecureROM Hates

• Security Main
• 38 min
• 2019-12-29
• 3632
• qwertyoruiop

Hirne Hacken

Menschliche Faktoren der IT-Sicherheit

• Security Main
• 43 min
• 2019-12-29
• 32203
• Linus Neumann

Deploying TLS 1.3: the great, the good and the bad

Improving the encrypted the web, one round-trip at a time

• 61 min
• 2016-12-27
• 5322
• Filippo Valsorda and Nick Sullivan

Doping your Fitbit

On Fitbit Firmware Modifications and Data Extraction

• 22 min
• 2017-12-27
• 7319
• jiska and DanielAW

Messenger Hacking: Remotely Compromising an iPhone through iMessage

• Security Main
• 61 min
• 2019-12-27
• 26212
• Samuel Groß

Hacking Containers and Kubernetes

Exploiting and protecting containers with a few lines of…

• 43 min
• 2019-08-21
• 1614
• Thomas Fricke

Resilienced Kryptographie

• 59 min
• 2017-12-29
• 2452
• ruedi and cforler

Console Security - Switch

Homebrew on the Horizon

• 56 min
• 2017-12-28
• 19060
• plutoo, derrek and naehrwert

Tor onion services: more useful than you think

• 60 min
• 2015-12-29
• 81846
• Roger, David Goulet and asn

Lets break modern binary code obfuscation

A semantics based approach

• 60 min
• 2017-12-27
• 2336
• Tim Blazytko and Moritz Contag

A systematic evaluation of OpenBSD's mitigations

• Security Main
• 53 min
• 2019-12-29
• 2686
• stein

From Zero to Zero Day

• 48 min
• 2018-12-29
• 3506
• Jonathan Jacobi

How Do I Crack Satellite and Cable Pay TV?

• 62 min
• 2016-12-27
• 14328
• Chris Gerlinsky

Talking Behind Your Back

On the Privacy & Security of the Ultrasound Tracking…

• 59 min
• 2016-12-29
• 5283
• Vasilios Mavroudis and Federico Maggi

iOS kernel exploitation archaeology

• 54 min
• 2017-12-27
• 2424
• argp

Attacking end-to-end email encryption

Efail, other attacks and lessons learned.

• 60 min
• 2018-12-28
• 4798
• Sebastian Schinzel

Exploiting PHP7 unserialize

teaching a new dog old tricks

• 44 min
• 2016-12-27
• 4104
• Yannay Livneh

Unpatchable

Living with a vulnerable implanted device

• 60 min
• 2015-12-28
• 44701
• Marie Moe and Eireann Leverett

Check your privileges!

How to drop more of your privileges to reduce attack…

• 60 min
• 2015-12-29
• 77168
• Fefe

Gone in 60 Milliseconds

Intrusion and Exfiltration in Server-less Architectures

• 33 min
• 2016-12-28
• 10644
• Rich Jones

High-assurance crypto software

• Security Main
• 61 min
• 2019-12-29
• 2015
• djb and Tanja Lange

Circumventing video identification using augmented reality

• 30 min
• 2018-12-29
• 1212
• Jan Garcia

The plain simple reality of entropy

Or how I learned to stop worrying and love urandom

• 60 min
• 2015-12-29
• 17654
• Filippo Valsorda

Dissecting modern (3G/4G) cellular modems

• 58 min
• 2016-12-29
• 7194
• LaForge and holger

Jailbreaking iOS

From past to present

• 47 min
• 2018-12-28
• 2967
• tihmstar

Microsofts Windows 10 Botnet

• 60 min
• 2015-12-30
• 121761
• ruedi

Introduction to (home) network security.

A beginner-friendly guide to network segmentation for…

• 41 min
• 2019-08-21
• 2223
• Egor

Truly cardless: Jackpotting an ATM using auxiliary devices.

• 35 min
• 2018-12-29
• 6036
• Olga Kochetova and Alexey Osipov

SCADA - Gateway to (s)hell

Hacking industrial control gateways

• 45 min
• 2017-12-30
• 5683
• Thomas Roth

Uncover, Understand, Own - Regaining Control Over Your AMD CPU

• Security Main
• 56 min
• 2019-12-27
• 4795
• Robert Buhren, Alexander Eichner and Christian Werling

Memsad

why clearing memory is hard.

• 61 min
• 2018-12-29
• 3148
• Ilja van Sprundel

Sichere Netzwerke mit pfSense

• 61 min
• 2018-08-26
• 3659
• Hagen Bauer

PQCHacks

A gentle introduction to post-quantum cryptography

• 60 min
• 2015-12-27
• 12390
• djb and Tanja Lange

What The Fax?!

Hacking your network likes it's 1980 again

• 46 min
• 2018-12-27
• 24301
• Yaniv Balmas and Eyal Itkin

Nintendo Hacking 2016

Game Over

• 61 min
• 2016-12-27
• 9747
• derrek, nedwill and naehrwert

Cryptography demystified

An introduction without maths

• Security Main
• 53 min
• 2019-12-29
• 2946
• oots

The DROWN Attack

Breaking TLS using SSLv2

• 55 min
• 2016-12-27
• 1857
• Sebastian Schinzel

Skalierbares Auditing

• 54 min
• 2019-08-11
• 181
• Philipp Krenn

It's not safe on the streets... especially for your 3DS!

Exploring a new attack surface on the 3DS

• Security Main
• 46 min
• 2019-12-27
• 2746
• nba::yoh

IT-Sicherheit in mittelständischen Unternehmen

• Security
• 127 min
• 2015-04-29
• 3246
• Mirar

Towards (reasonably) trustworthy x86 laptops

• 62 min
• 2015-12-27
• 32085
• Joanna Rutkowska

A look into the Mobile Messaging Black Box

A gentle introduction to mobile messaging and subsequent…

• 63 min
• 2016-12-28
• 7671
• Roland Schilling and Frieder Steinmetz

Everything you want to know about x86 microcode, but might have been afraid to ask

An introduction into reverse-engineering x86 microcode and…

• 57 min
• 2017-12-28
• 11784
• Benjamin Kollenda and Philipp Koppe

Tales of old: untethering iOS 11

Spoiler: Apple is bad at patching

• Security Main
• 39 min
• 2019-12-27
• 7859
• littlelailo

How hackers grind an MMORPG: by taking it apart!

An introduction to reverse engineering network protocols

• 54 min
• 2015-12-28
• 58891
• Rink Springer

All Your Gesundheitsakten Are Belong To Us

"So sicher wie beim Online-Banking": Die elektronische…

• 61 min
• 2018-12-27
• 8028
• Martin Tschirsich

What could possibly go wrong with <insert x86 instruction here>?

Side effects include side-channel attacks and bypassing…

• 55 min
• 2016-12-27
• 5037
• Clémentine Maurice and Moritz Lipp

Praktische Einführung in HashiCorp Vault

• 56 min
• 2018-08-26
• 359
• Timo Stankowitz

Bootstraping a slightly more secure laptop

• 47 min
• 2016-12-27
• 7031
• Trammell Hudson

Electromagnetic Threats for Information Security

Ways to Chaos in Digital and Analogue Electronics

• 49 min
• 2017-12-28
• 1192
• @EMHacktivity and José Lopes Esteves

Einführung zu Blockchains

• 61 min
• 2016-12-28
• 14054
• vimja

On the insecure nature of turbine control systems in power generation

A security study of turbine control systems in power…

• Security Main
• 60 min
• 2019-12-28
• 3998
• repdet, @_moradek_ and c0rs

Modern Windows Userspace Exploitation

• 50 min
• 2018-12-28
• 3581
• Saar Amar

KRACKing WPA2 by Forcing Nonce Reuse

• 61 min
• 2017-12-27
• 3037
• Mathy Vanhoef

TamaGo - bare metal Go framework for ARM SoCs.

Reducing the attack surface with pure embedded Go.

• Security Main
• 59 min
• 2019-12-28
• 1078
• Andrea Barisani

AppArmor Crashkurs

Lerne in unter einer Stunde, AppArmor-Profile zu erstellen…

• 45 min
• 2019-08-10
• 186
• Christian Boltz

Implementing an LLVM based Dynamic Binary Instrumentation framework

• 60 min
• 2017-12-28
• 1163
• Charles Hubain and Cédric Tessier

A Christmas Carol - The Spectres of the Past, Present, and Future

• Graz linuxtage
• 47 min
• 2019-04-27
• 78
• Claudio Canella, Daniel Gruss, Michael Schwarz and Moritz Lipp

LO! An LLVM Obfuscator

• 45 min
• 2019-08-24
• 283
• Klondike

Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit

Warum das Laden eines Elektroautos unsicher ist

• 52 min
• 2017-12-27
• 23415
• Mathias Dalheimer

The sustainability of safety, security and privacy

• Security Main
• 43 min
• 2019-12-28
• 6435
• Ross Anderson

A Christmas Carol - The Spectres of the Past, Present, and Future

• 61 min
• 2018-12-28
• 1528
• Moritz Lipp, Michael Schwarz, Daniel Gruss and Claudio Canella

Memory Deduplication: The Curse that Keeps on Giving

A tale of 3 different memory deduplication based…

• 59 min
• 2016-12-29
• 2506
• Ben Gras, Kaveh Razavi, brainsmoke and Antonio Barresi

Hardware-Trojaner in Security-Chips

Eine Reise auf die dunkle Seite

• 60 min
• 2015-12-27
• 63283
• Peter Laackmann and Marcus Janke

The Perl Jam 2

The Camel Strikes Back

• 60 min
• 2015-12-28
• 47123
• Netanel Rubin

What you see is not what you get - when homographs attack

• 29 min
• 2019-08-23
• 293
• Julio

Beyond Anti Evil Maid

Making it easier to avoid low-level compromise, and why…

• 60 min
• 2015-12-29
• 42521
• Matthew Garrett

Recount 2016: An Uninvited Security Audit of the U.S. Presidential Election

• 60 min
• 2016-12-28
• 2704
• Matt Bernhard and J. Alex Halderman

Die DSGVO als Chance nutzen

Ein Fahrplan für ein mehr an Informationssicherheit in…

• 59 min
• 2019-08-11
• 135
• Hagen Bauer

SigOver + alpha

Signal overshadowing attack on LTE and its applications

• Security Main
• 55 min
• 2019-12-28
• 771
• CheolJun Park and Mincheol Son

Architecture of secure IoT devices

Security by design

• 48 min
• 2019-08-24
• 326
• frehberg

How to drift with any car

(without your mom yelling at you)

• 51 min
• 2017-12-28
• 8341
• Guillaume Heilles and P1kachu

New memory corruption attacks: why can't we have nice things?

• 54 min
• 2015-12-27
• 7394
• gannimo and npc@berkeley.edu

Sicherheit von 125kHz Transpondern am Beispiel Hitag S

• 60 min
• 2015-12-28
• 19070
• Ralf Spenneberg, Hendrik Schwartke and Oguzhan Cicek

wallet.fail

Hacking the most popular cryptocurrency hardware wallets

• 61 min
• 2018-12-27
• 25978
• Thomas Roth, Dmitry Nedospasov and Josh Datko

Domain Name System

Hierarchical decentralized naming system used since 30 years

• 42 min
• 2018-12-29
• 1520
• Hannes Mehnert

Downgrading iOS: From past to present

• 52 min
• 2016-12-28
• 3129
• tihmstar

The Layman's Guide to Zero-Day Engineering

A demystification of the exploit development lifecycle

• 57 min
• 2018-12-28
• 2357
• Markus Gaasedelen and Amy (itszn)

On Smart Cities, Smart Energy, And Dumb Security

• 45 min
• 2016-12-29
• 3418
• Netanel Rubin

You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet

Finding interesting targets in 128bit of entropy

• 46 min
• 2016-12-27
• 3884
• Tobias Fiebig

Enclosure-PUF

Tamper Proofing Commodity Hardware and other Applications

• 61 min
• 2018-12-29
• 897
• Christian Zenger, David Holin and Lars Steinschulte

Intercoms Hacking

Call the frontdoor to install your backdoors

• 40 min
• 2016-12-28
• 2139
• Sebastien Dudek

SiliVaccine: North Korea's Weapon of Mass Detection

How I Learned to Stop Worrying and Love the Backdoor

• 52 min
• 2018-12-27
• 7405
• Mark Lechtik

Microarchitectural Attacks on Trusted Execution Environments

• 55 min
• 2017-12-27
• 930
• Keegan Ryan

Integration einer FIDO U2F basierten Zwei-Faktor-Authentifizierung mit LinOTP

• 55 min
• 2015-08-23
• 289
• Christian Pommranz

Updates from the Onion

The Road to Mobile Tor and Improved Censorship Circumvention

• 43 min
• 2019-08-23
• 401
• GeKo

Boot2root

Auditing Boot Loaders by Example

• Security Main
• 62 min
• 2019-12-29
• 1585
• Ilja van Sprundel and Joseph Tartaro

Beyond the Pile of Knobs

Redesigning NoScript’s UX

• 46 min
• 2019-08-22
• 289
• Eileen Wagner

500.000 Recalled Pacemakers, 2 Billion $ Stock Value Loss

The Story Behind

• 44 min
• 2019-08-22
• 493
• Tobias Zillner

DPRK Consumer Technology

Facts to fight lore

• 31 min
• 2017-12-27
• 4705
• Will Scott and Gabe Edwards

Fast Global Internet Scanning - Challenges and new Approaches

Or how to become your own ISP

• 42 min
• 2019-08-24
• 352
• Johannes Klick 'Garak'

Predicting and Abusing WPA2/802.11 Group Keys

• 60 min
• 2016-12-27
• 1398
• Mathy Vanhoef

Pegasus internals

Technical Teardown of the Pegasus malware and Trident…

• 29 min
• 2016-12-27
• 2325
• Max Bazaliy

(Post-Quantum) Isogeny Cryptography

• Security Main
• 52 min
• 2019-12-27
• 4834
• naehrwert

PLC-Blaster

Ein Computerwurm für PLCs

• 58 min
• 2015-12-27
• 42761
• Maik Brüggemann and Ralf Spenneberg

What the flag is CTF?

• 41 min
• 2018-12-30
• 1879
• Andy

Mobile Data Interception from the Interconnection Link

• 48 min
• 2017-12-28
• 1680
• Dr. Silke Holtmanns

Vehicle immobilization revisited

Uncovering and assessing a second authentication mechanism…

• Security Main
• 55 min
• 2019-12-28
• 1365
• Wouter Bokslag

How to Break PDFs

Breaking PDF Encryption and PDF Signatures

• Security Main
• 58 min
• 2019-12-27
• 6040
• Fabian Ising and Vladislav Mladenov

Breaking Microsoft Edge Extensions Security Policies

• Security Main
• 30 min
• 2019-12-28
• 543
• Nikhil Mittal

Automated security testing for Software Developers who dont know security!

secure your apps and servers through continuous integration

• 49 min
• 2019-08-22
• 410
• cy

BootStomp: On the Security of Bootloaders in Mobile Devices

• 28 min
• 2017-12-27
• 1121
• Audrey Dutcher

Dissecting VoLTE

Exploiting Free Data Channels and Security Problems

• 49 min
• 2015-12-28
• 16993
• Dongkwan and Hongil Kim

Don't Ruck Us Too Hard - Owning Ruckus AP Devices

3 different RCE vulnerabilities on Ruckus Wireless access…

• Security Main
• 48 min
• 2019-12-28
• 812
• Gal Zror

Reversing UEFI by execution

• 60 min
• 2015-12-29
• 8672
• Jethro Beekman

Uncovering vulnerabilities in Hoermann BiSecur

An AES encrypted radio system

• 51 min
• 2017-12-28
• 849
• Markus Muellner and Markus Kammerstetter

Taking a scalpel to QNX

Analyzing & Breaking Exploit Mitigations and Secure Random…

• 46 min
• 2017-12-28
• 829
• Jos Wetzels and Ali Abbasi

Everything-as-Code – Anything Secure?

• 47 min
• 2019-08-10
• 101
• Jan Sudmeyer

Privacy leaks in smart devices: Extracting data from used smart home devices

• 51 min
• 2019-08-21
• 629
• Dennis Giese

Compromising online accounts by cracking voicemail systems

• 42 min
• 2018-12-27
• 5325
• Martin Vigo

GDPR and ePrivacy: Compliance Nightmares for Open-Source Projects?

• 45 min
• 2019-08-11
• 148
• Giannis Konstantinidis

Email authentication for penetration testers

When SPF is not enough

• Security Main
• 61 min
• 2019-12-29
• 2660
• Andrew Konstantinov

No source, no problem! High speed binary fuzzing

• Security Main
• 59 min
• 2019-12-29
• 1316
• Nspace and gannimo

CloudABI

Pure capability-based security for UNIX

• 62 min
• 2015-12-28
• 8630
• Ed Schouten

Cloud Storage Encryption with Cryptomator

Cryptomator is a multi-platform, client-side encryption…

• 57 min
• 2015-08-23
• 470
• Sebastian Stenzel and Tobias Hagemann

In Soviet Russia Smart Card Hacks You

• 38 min
• 2018-12-29
• 1802
• Eric Sesterhenn

De-anonymizing Programmers

Large Scale Authorship Attribution from Executable Binaries…

• 59 min
• 2015-12-29
• 39456
• Aylin

Inside Android’s SafetyNet Attestation: Attack and Defense

• 59 min
• 2017-12-28
• 1069
• Collin Mulliner

Code BROWN in the Air

A systemic update of sensitive information that you sniff…

• 37 min
• 2016-12-28
• 939
• miaoski

Squeezing a key through a carry bit

• 50 min
• 2017-12-27
• 1307
• Filippo Valsorda

The Great Train Cyber Robbery

• 54 min
• 2015-12-27
• 19217
• Sergey Gordeychik, Aleksandr Timorin and repdet

The year in post-quantum crypto

• 70 min
• 2018-12-28
• 4931
• djb and Tanja Lange

Fighting back against Libra - Decentralizing Facebook Connect

Nym Anonymous Authentication Credentials

• 41 min
• 2019-08-25
• 233
• Harry Halpin

Untrusting the CPU

A proposal for secure computing in an age where we cannot…

• 61 min
• 2016-12-27
• 1871
• jaseg

On the Security and Privacy of Modern Single Sign-On in the Web

(Not Only) Attacks on OAuth and OpenID Connect

• 64 min
• 2016-12-28
• 1881
• Guido Schmitz (gtrs) and dfett

1-day exploit development for Cisco IOS

• 45 min
• 2017-12-27
• 3595
• Artem Kondratenko

First Sednit UEFI Rootkit Unveiled

• 40 min
• 2018-12-27
• 4071
• Frédéric Vachon

Building and Breaking Wireless Security

Wireless Physical Layer Security & More...

• 29 min
• 2015-12-29
• 76563
• jiska

Logjam: Diffie-Hellman, discrete logs, the NSA, and you

• 61 min
• 2015-12-28
• 69966
• J. Alex Halderman and Nadia Heninger

Provable Security

How I learned to stop worrying and love the backdoor

• 59 min
• 2018-12-29
• 1484
• FJW and Lukas

Turris: secure open source router

Who is the root on your router?

• 52 min
• 2018-08-26
• 114
• Michal Hrusecky

How not to use OAuth

New security recommendations for OAuth

• 56 min
• 2019-08-10
• 278
• Dr. Daniel Fett

Sichere Webanwendungen mit Clojure

• 46 min
• 2016-08-21
• 139
• Joy Clark and Simon Kölsch

We should share our secrets

Shamir secret sharing: How it works and how to implement it

• 59 min
• 2017-12-28
• 938
• Daan Sprenkels

Kerberos und OTP

Nur einmal authentisiert - aber stark!

• 49 min
• 2013-08-25
• 176
• Cornelius Kölbel

Defeating (Not)Petya's Cryptography

• 54 min
• 2017-12-27
• 1082
• Sebastian Eschweiler

TrustZone is not enough

Hijacking debug components for embedded security

• 31 min
• 2017-12-30
• 531
• Pascal Cotret

How do we know our PRNGs work properly?

• 58 min
• 2016-12-29
• 2598
• Vladimir Klebanov and Felix Dörre

ATMs how to break them to stop the fraud

• 54 min
• 2016-12-28
• 3354
• Olga Kochetova and Alexey Osipov

Windows drivers attack surface

some 'new' insights

• 60 min
• 2015-12-27
• 8994
• Ilja van Sprundel

Math Protected Social Interactions

• 38 min
• 2019-08-21
• 232
• ruedi

(In)Security of Embedded Devices' Firmware - Fast and Furious at Large Scale

• 59 min
• 2015-12-29
• 87475
• Andrei Costin

Shopshifting

The potential for payment system abuse

• 60 min
• 2015-12-27
• 98388
• Karsten Nohl, Fabian Bräunlein and dexter

Wheel of Fortune

Analyzing Embedded OS Random Number Generators

• 36 min
• 2016-12-28
• 1520
• Jos Wetzels and Ali Abbasi

Web-based Cryptojacking in the Wild

When your browser is mining coins for other people

• 39 min
• 2018-12-29
• 1610
• Marius Musch

OpenVPN im Unternehmenseinsatz

Realisierung einer Hochverfügbarkeitslösung mit dynamischem…

• 37 min
• 2011-08-20
• 125
• Dominik Fischer and Oliver Dumschat-Hötte

MQA - A clever stealth DRM-Trojan

A critical look on a new audio Format

• 60 min
• 2017-12-30
• 1953
• Christoph Engemann and Anton.schlesinger@studio-singer.de

Exploring fraud in telephony networks

• 62 min
• 2018-12-28
• 3965
• Merve Sahin and Aurélien Francillon

Internet of Dongs

A long way to a vibrant future

• 32 min
• 2018-12-29
• 7001
• Werner Schober

CloudABI

Cloud computing meets fine-grained capabilities

• 57 min
• 2015-08-22
• 54
• Ed Schouten

Domain computers have accounts, too!

Owning machines through relaying and delegation

• 40 min
• 2019-08-23
• 534
• JaGoTu

DG50: ZigBee

• 93 min
• 2015-04-14
• 964
• Stephan

Type confusion: discovery, abuse, and protection

• 56 min
• 2017-12-30
• 881
• gannimo

Physical Unclonable Functions: The Future Technology for Physical Security Enclosures?

• 47 min
• 2019-08-24
• 180
• Johannes

Tapping into the core

• 31 min
• 2016-12-28
• 2200
• Maxim Goryachy and Mark Ermolov

Modern Security Model for Embedded Linux Distributions

• 64 min
• 2016-08-21
• 68
• Aleksander Zdyb

Practical Cache Attacks from the Network and Bad Cat Puns

• Security Main
• 42 min
• 2019-12-27
• 946
• Michael Kurth

Security in open source projects

• 50 min
• 2019-08-11
• 69
• Jose Manuel Ortega

Inside the AMD Microcode ROM

(Ab)Using AMD Microcode for fun and security

• 37 min
• 2018-12-27
• 7954
• Benjamin Kollenda and Philipp Koppe

Neither Snow Nor Rain Nor MITM… The State of Email Security in 2015

• 49 min
• 2015-12-29
• 14418
• Zakir Durumeric

DoH or Don't

The dilemma of DNS privacy protocols

• 43 min
• 2019-08-21
• 646
• Carsten Strotmann

Container for Desktops

Security und Privacy mit LXC et.al. - auch auf…

• 61 min
• 2016-08-21
• 272
• Robert Matzinger

APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for

How advanced threat actors learn and change with innovation…

• 60 min
• 2015-12-27
• 32969
• Inbar Raz and Gadi Evron

Plundervolt: Flipping Bits from Software without Rowhammer

• Security Main
• 49 min
• 2019-12-27
• 7516
• Daniel Gruss and Kit Murdock

SD-WAN a New Hop

How to hack software defined network and keep your sanity?

• 49 min
• 2018-12-27
• 1835
• Sergey Gordeychik

Virtual Secure Boot

Secure Boot support in qemu, kvm and ovmf.

• 51 min
• 2016-12-30
• 2005
• Gerd Hoffmann

Kernel Tracing With eBPF

Unlocking God Mode on Linux

• 54 min
• 2018-12-30
• 1851
• Jeff Dileo and Andy Olsen

IT-Sicherheit in vernetzten Gebäuden

Was kann man noch retten, wenn langlebigen Strukturen…

• 46 min
• 2019-08-23
• 795
• Simeon

Tales from Hardware Security Research

From Research over Vulnerability Discovery to Public…

• 45 min
• 2019-08-22
• 379
• Johannes and marc

Introduction to Mix Networks and Katzenpost

a new anonymity movement

• 47 min
• 2019-08-23
• 375
• David Stainton and mo

IT-Unsicherheit in der Gebäudeautomation

Eine Bestandsaufnahme

• 58 min
• 2014-08-24
• 393
• Daniel Arenz

Hacking (with) a TPM

Don't ask what you can do for TPMs, Ask what TPMs can do…

• Security Main
• 37 min
• 2019-12-29
• 2231
• Andreas Fuchs

LinOTP und Single Sign On

Zwei-Faktor Authentisierung in der Praxis

• 53 min
• 2014-08-23
• 256
• Rainer Endres

Do as I Say not as I Do: Stealth Modification of Programmable Logic Controllers I/O by…

• 60 min
• 2016-12-29
• 860
• Ali Abbasi and Majid

Visiting The Bear Den

A Journey in the Land of (Cyber-)Espionage

• 59 min
• 2016-12-27
• 2500
• Jessy Campos

Sichere Softwareentwicklung

Ein praktischer Einstieg

• 54 min
• 2016-08-21
• 219
• Stephan Kaps

Sneaking In Network Security

Enforcing strong network segmentation, without anyone…

• 60 min
• 2018-12-29
• 2220
• Maximilian Burkhardt

DANEn lügen nicht

SSL/TLS Zertifikate mit DNSSEC absichern

• 61 min
• 2014-08-23
• 430
• Carsten Strotmann

Web-App-Encryption

Is your data secure by default? How Django can be used to…

• 63 min
• 2014-08-23
• 263
• Didi Hoffmann

Key-logger, Video, Mouse

How to turn your KVM into a raging key-logging monster

• 49 min
• 2015-12-27
• 28793
• Yaniv Balmas

DNSSEC

• 45 min
• 2016-08-21
• 207
• Christoph Egger

The Rocky Road to TLS 1.3 and better Internet Encryption

• 60 min
• 2018-12-27
• 5657
• hanno

Everything you always wanted to know about Certificate Transparency

(but were afraid to ask)

• 60 min
• 2016-12-27
• 2911
• Martin Schmiedecker

ASLR on the line

Practical cache attacks on the MMU

• 44 min
• 2017-12-28
• 2133
• brainsmoke

The Freenet Project

Anonymes Netzwerk basierend auf dem Kleine-Welt-Phänomen

• Security
• 47 min
• 2009-08-23
• 24
• Bahtiar `kalkin` Gadimov

Mehr-Faktor-Authentifizierung am Puls der Zeit

Was ist neu in privacyIDEA

• 59 min
• 2016-08-21
• 111
• Cornelius Kölbel

Container - Alles sicher oder was?

• Graz linuxtage
• 34 min
• 2019-04-27
• 86
• Martin Maurer

A Dozen Years of Shellphish

From DEFCON to the DARPA Cyber Grand Challenge

• 57 min
• 2015-12-29
• 18758
• Antonio Bianchi, Jacopo Corbetta and Andrew Dutcher

Thunderstrike 2

• 43 min
• 2015-12-27
• 8456
• Trammell Hudson

Self-encrypting deception

weaknesses in the encryption of solid state drives (SSDs)

• 58 min
• 2018-12-29
• 2203
• Carlo Meijer

The long road to reproducible builds

why+how to create bit by bit identical binary packages

• 41 min
• 2015-08-23
• 110
• Holger 'h01ger' Levsen

15 Jahre deutsche Telematikinfrastruktur (TI)

Die Realität beim Arztbesuch nach 15 Jahren Entwicklung…

• Security Main
• 41 min
• 2019-12-29
• 3169
• Christoph Saatjohann

LatticeHacks

Fun with lattices in cryptography and cryptanalysis

• 65 min
• 2017-12-28
• 3053
• djb, Tanja Lange and Nadia Heninger

Ghidra - An Open Source Reverse Engineering Tool

How the NSA open-sourced all software in 2019

• 60 min
• 2019-08-10
• 386
• larsborn

Attacking IoT Telemetry

A study of weaknesses in the pipeline of rapidly advancing…

• 70 min
• 2015-08-22
• 269
• Michael Schloh von Bennewitz

Das Privoxy-Ökosystem

• 69 min
• 2016-08-21
• 170
• Fabian

Sicher Programmieren mit Ruby on Rails

• 53 min
• 2015-08-23
• 152
• Mario Manno

Bitcoin

Open Sourcing Money

• 64 min
• 2014-08-24
• 479
• Levin Keller

Viva la Vita Vida

Hacking the most secure handheld console

• 56 min
• 2018-12-29
• 4186
• Yifan Lu and Davee

eMMC hacking, or: how I fixed long-dead Galaxy S3 phones

A journey on how to fix broken proprietary hardware by…

• 56 min
• 2017-12-27
• 2439
• oranav

Sanitizing PCAPs

Fun and games until someone uses IPv6 or TCP

• 43 min
• 2015-12-28
• 7748
• Jasper Bongertz

Gibberish Detection 102

• 58 min
• 2015-12-29
• 21324
• Ben H.

TAPS Transport Services API

Retiring the BSD Socket API

• 44 min
• 2019-08-22
• 95
• phils

PostgreSQL Security

• Graz linuxtage
• 41 min
• 2019-04-27
• 123
• Hans-Jürgen Schönig

SELECT code_execution FROM * USING SQLite;

--Gaining code execution using a malicious SQLite database

• Security Main
• 46 min
• 2019-12-27
• 8933
• OmerGull

Alles meins!

Zugänge und Daten mit privacyIDEA absichern

• 59 min
• 2015-08-23
• 336
• Cornelius Kölbel

Decoding the LoRa PHY

Dissecting a Modern Wireless Network for the Internet of…

• 64 min
• 2016-12-29
• 18671
• Matt Knight

Shut Up and Take My Money!

The Red Pill of N26 Security

• 30 min
• 2016-12-27
• 49344
• Vincent Haupert

Breaking Honeypots for Fun and Profit

• 54 min
• 2015-12-30
• 56189
• DeanSysman, Gadi Evron and Itamar Sher

Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale

• Security Main
• 36 min
• 2019-12-28
• 620
• Nilo Redini

Leaving legacy behind

Reducing carbon footprint of network services with MirageOS…

• Security Main
• 52 min
• 2019-12-27
• 8988
• Hannes Mehnert

To Make Hearts Bleed

A Native Developer's Account On SSL

• 57 min
• 2014-08-24
• 126
• Daniel Molkentin

Build your own NSA

How private companies leak your personal data into the…

• 60 min
• 2016-12-28
• 17202
• Andreas Dewes and @sveckert