Events for tag "Security"

A Deep Dive Into Unconstrained Code Execution on Siemens S7 PLCs

• Security Main
• 62 min
• 2019-12-27
• 1618
• Ali Abbasi and Tobias Scharnowski

SELECT code_execution FROM * USING SQLite;

--Gaining code execution using a malicious SQLite database

• Security Main
• 46 min
• 2019-12-27
• 5941
• OmerGull

Identifying Multi-Binary Vulnerabilities in Embedded Firmware at Scale

• Security Main
• 36 min
• 2019-12-28
• 522
• Nilo Redini

Hacking (with) a TPM

Don't ask what you can do for TPMs, Ask what TPMs can do…

• Security Main
• 37 min
• 2019-12-29
• 1646
• Andreas Fuchs

(Post-Quantum) Isogeny Cryptography

• Security Main
• 52 min
• 2019-12-27
• 4377
• naehrwert

What could possibly go wrong with <insert x86 instruction here>?

Side effects include side-channel attacks and bypassing…

• 55 min
• 2016-12-27
• 5007
• Clémentine Maurice and Moritz Lipp

Intel Management Engine deep dive

Understanding the ME at the OS and hardware level

• Security Main
• 60 min
• 2019-12-27
• 4669
• Peter Bosch

SiliVaccine: North Korea's Weapon of Mass Detection

How I Learned to Stop Worrying and Love the Backdoor

• 52 min
• 2018-12-27
• 7327
• Mark Lechtik

Inside the AMD Microcode ROM

(Ab)Using AMD Microcode for fun and security

• 37 min
• 2018-12-27
• 7876
• Benjamin Kollenda and Philipp Koppe

It's not safe on the streets... especially for your 3DS!

Exploring a new attack surface on the 3DS

• Security Main
• 46 min
• 2019-12-27
• 2473
• nba::yoh

No source, no problem! High speed binary fuzzing

• Security Main
• 59 min
• 2019-12-29
• 908
• Nspace and gannimo

15 Jahre deutsche Telematikinfrastruktur (TI)

Die Realität beim Arztbesuch nach 15 Jahren Entwicklung…

• Security Main
• 41 min
• 2019-12-29
• 2616
• Christoph Saatjohann

Integration einer FIDO U2F basierten Zwei-Faktor-Authentifizierung mit LinOTP

• 55 min
• 2015-08-23
• 274
• Christian Pommranz

Email authentication for penetration testers

When SPF is not enough

• Security Main
• 61 min
• 2019-12-29
• 2039
• Andrew Konstantinov

The One Weird Trick SecureROM Hates

• Security Main
• 38 min
• 2019-12-29
• 2993
• qwertyoruiop

Das nützlich-unbedenklich Spektrum

Können wir Software bauen, die nützlich /und/ unbedenklich…

• Security Main
• 63 min
• 2019-12-28
• 11154
• Fefe

Hacking Sony PlayStation Blu-ray Drives

• Security Main
• 49 min
• 2019-12-28
• 3012
• oct0xor

Smart Home - Smart Hack

Wie der Weg ins digitale Zuhause zum Spaziergang wird

• 51 min
• 2018-12-28
• 25910
• Michael Steigerwald

Leaving legacy behind

Reducing carbon footprint of network services with MirageOS…

• Security Main
• 52 min
• 2019-12-27
• 8563
• Hannes Mehnert

"Hacker hin oder her": Die elektronische Patientenakte kommt!

• Security Main
• 60 min
• 2019-12-27
• 13525
• Martin Tschirsich, cbro - Dr. med. Christian Brodowski and Dr. André Zilch

High-assurance crypto software

• Security Main
• 61 min
• 2019-12-29
• 1633
• djb and Tanja Lange

Venenerkennung hacken

Vom Fall der letzten Bastion biometrischer Systeme

• 39 min
• 2018-12-27
• 14183
• starbug and Julian

ZombieLoad Attack

Leaking Your Recent Memory Operations on Intel CPUs

• Security Main
• 55 min
• 2019-12-28
• 979
• Michael Schwarz, Moritz Lipp and Daniel Gruss

On the insecure nature of turbine control systems in power generation

A security study of turbine control systems in power…

• Security Main
• 60 min
• 2019-12-28
• 3434
• repdet, @_moradek_ and c0rs

Cryptography demystified

An introduction without maths

• Security Main
• 53 min
• 2019-12-29
• 2327
• oots

Du kannst alles hacken – du darfst dich nur nicht erwischen lassen.

OpSec für Datenreisende

• 57 min
• 2018-12-29
• 30803
• Linus Neumann and Thorsten Schröder

A systematic evaluation of OpenBSD's mitigations

• Security Main
• 53 min
• 2019-12-29
• 2284
• stein

Towards (reasonably) trustworthy x86 laptops

• 62 min
• 2015-12-27
• 32030
• Joanna Rutkowska

Messenger Hacking: Remotely Compromising an iPhone through iMessage

• Security Main
• 61 min
• 2019-12-27
• 23931
• Samuel Groß

Hirne Hacken

Menschliche Faktoren der IT-Sicherheit

• Security Main
• 43 min
• 2019-12-29
• 22526
• Linus Neumann

TamaGo - bare metal Go framework for ARM SoCs.

Reducing the attack surface with pure embedded Go.

• Security Main
• 59 min
• 2019-12-28
• 885
• Andrea Barisani

What's left for private messaging?

• Security Main
• 60 min
• 2019-12-27
• 36267
• Will Scott

Truly cardless: Jackpotting an ATM using auxiliary devices.

• 35 min
• 2018-12-29
• 5712
• Olga Kochetova and Alexey Osipov

Where in the World Is Carmen Sandiego?

Becoming a secret travel agent

• 59 min
• 2016-12-27
• 23555
• Karsten Nohl and Nemanja Nikodijevic

The Great Escape of ESXi

Breaking Out of a Sandboxed Virtual Machine

• Security Main
• 40 min
• 2019-12-27
• 4637
• f1yyy

Exploring fraud in telephony networks

• 62 min
• 2018-12-28
• 3827
• Merve Sahin and Aurélien Francillon

Enclosure-PUF

Tamper Proofing Commodity Hardware and other Applications

• 61 min
• 2018-12-29
• 852
• Christian Zenger, David Holin and Lars Steinschulte

Vehicle immobilization revisited

Uncovering and assessing a second authentication mechanism…

• Security Main
• 55 min
• 2019-12-28
• 1154
• Wouter Bokslag

Everything you always wanted to know about Certificate Transparency

(but were afraid to ask)

• 60 min
• 2016-12-27
• 2888
• Martin Schmiedecker

Tales of old: untethering iOS 11

Spoiler: Apple is bad at patching

• Security Main
• 39 min
• 2019-12-27
• 7257
• littlelailo

Plundervolt: Flipping Bits from Software without Rowhammer

• Security Main
• 49 min
• 2019-12-27
• 7062
• Daniel Gruss and Kit Murdock

Check your privileges!

How to drop more of your privileges to reduce attack…

• 60 min
• 2015-12-29
• 77075
• Fefe

Tor onion services: more useful than you think

• 60 min
• 2015-12-29
• 81622
• Roger, David Goulet and asn

Boot2root

Auditing Boot Loaders by Example

• Security Main
• 62 min
• 2019-12-29
• 1197
• Ilja van Sprundel and Joseph Tartaro

Taking a scalpel to QNX

Analyzing & Breaking Exploit Mitigations and Secure Random…

• 46 min
• 2017-12-28
• 801
• Jos Wetzels and Ali Abbasi

What The Fax?!

Hacking your network likes it's 1980 again

• 46 min
• 2018-12-27
• 23821
• Yaniv Balmas and Eyal Itkin

All wireless communication stacks are equally broken

• Security Main
• 38 min
• 2019-12-28
• 6658
• jiska

Decoding the LoRa PHY

Dissecting a Modern Wireless Network for the Internet of…

• 64 min
• 2016-12-29
• 16465
• Matt Knight

The sustainability of safety, security and privacy

• Security Main
• 43 min
• 2019-12-28
• 5593
• Ross Anderson

SigOver + alpha

Signal overshadowing attack on LTE and its applications

• Security Main
• 55 min
• 2019-12-28
• 619
• CheolJun Park and Mincheol Son

Fighting back against Libra - Decentralizing Facebook Connect

Nym Anonymous Authentication Credentials

• 41 min
• 2019-08-25
• 198
• Harry Halpin

Console Hacking 2016

PS4: PC Master Race

• 53 min
• 2016-12-27
• 42759
• marcan

Predicting and Abusing WPA2/802.11 Group Keys

• 60 min
• 2016-12-27
• 1393
• Mathy Vanhoef

Virtual Secure Boot

Secure Boot support in qemu, kvm and ovmf.

• 51 min
• 2016-12-30
• 1986
• Gerd Hoffmann

Gibberish Detection 102

• 58 min
• 2015-12-29
• 21322
• Ben H.

KTRW: The journey to build a debuggable iPhone

• Security Main
• 54 min
• 2019-12-28
• 841
• Brandon Azad

Jailbreaking iOS

From past to present

• 47 min
• 2018-12-28
• 2895
• tihmstar

Sichere Netzwerke mit pfSense

• 61 min
• 2018-08-26
• 3128
• Hagen Bauer

Uncover, Understand, Own - Regaining Control Over Your AMD CPU

• Security Main
• 56 min
• 2019-12-27
• 4193
• Robert Buhren, Alexander Eichner and Christian Werling

All Your Gesundheitsakten Are Belong To Us

"So sicher wie beim Online-Banking": Die elektronische…

• 61 min
• 2018-12-27
• 7137
• Martin Tschirsich

Console Security - Switch

Homebrew on the Horizon

• 56 min
• 2017-12-28
• 18634
• plutoo, derrek and naehrwert

Harry Potter and the Not-So-Smart Proxy War

Taking a look at a covert CIA virtual fencing solution

• Security Main
• 35 min
• 2019-12-28
• 5994
• Jos Wetzels

Shut Up and Take My Money!

The Red Pill of N26 Security

• 30 min
• 2016-12-27
• 48330
• Vincent Haupert

Type confusion: discovery, abuse, and protection

• 56 min
• 2017-12-30
• 851
• gannimo

A Dozen Years of Shellphish

From DEFCON to the DARPA Cyber Grand Challenge

• 57 min
• 2015-12-29
• 18756
• Antonio Bianchi, Jacopo Corbetta and Andrew Dutcher

BootStomp: On the Security of Bootloaders in Mobile Devices

• 28 min
• 2017-12-27
• 1110
• Audrey Dutcher

Circumventing video identification using augmented reality

• 30 min
• 2018-12-29
• 1103
• Jan Garcia

Domain computers have accounts, too!

Owning machines through relaying and delegation

• 40 min
• 2019-08-23
• 415
• JaGoTu

MQA - A clever stealth DRM-Trojan

A critical look on a new audio Format

• 60 min
• 2017-12-30
• 1864
• Christoph Engemann and Anton.schlesinger@studio-singer.de

IT-Sicherheit in vernetzten Gebäuden

Was kann man noch retten, wenn langlebigen Strukturen…

• 46 min
• 2019-08-23
• 723
• Simeon

wallet.fail

Hacking the most popular cryptocurrency hardware wallets

• 61 min
• 2018-12-27
• 25162
• Thomas Roth, Dmitry Nedospasov and Josh Datko

Self-encrypting deception

weaknesses in the encryption of solid state drives (SSDs)

• 58 min
• 2018-12-29
• 2089
• Carlo Meijer

Windows drivers attack surface

some 'new' insights

• 60 min
• 2015-12-27
• 8984
• Ilja van Sprundel

Beyond the Pile of Knobs

Redesigning NoScript’s UX

• 46 min
• 2019-08-22
• 274
• Eileen Wagner

Key-logger, Video, Mouse

How to turn your KVM into a raging key-logging monster

• 49 min
• 2015-12-27
• 28785
• Yaniv Balmas

Viva la Vita Vida

Hacking the most secure handheld console

• 56 min
• 2018-12-29
• 3781
• Yifan Lu and Davee

Shopshifting

The potential for payment system abuse

• 60 min
• 2015-12-27
• 98344
• Karsten Nohl, Fabian Bräunlein and dexter

Mit dem Getränkeautomaten in die Cloud

Über die (Un-)Sicherheit eines Bezahlsystems

• 30 min
• 2019-08-23
• 1207
• Janis Streib

Physical Unclonable Functions: The Future Technology for Physical Security Enclosures?

• 47 min
• 2019-08-24
• 155
• Johannes

Tales from Hardware Security Research

From Research over Vulnerability Discovery to Public…

• 45 min
• 2019-08-22
• 340
• Johannes and marc

Die fabelhafte Welt des Mobilebankings

• 33 min
• 2017-12-27
• 18357
• Vincent Haupert

Web-based Cryptojacking in the Wild

When your browser is mining coins for other people

• 39 min
• 2018-12-29
• 1580
• Marius Musch

Building and Breaking Wireless Security

Wireless Physical Layer Security & More...

• 29 min
• 2015-12-29
• 76551
• jiska

Console Hacking

Breaking the 3DS

• 72 min
• 2015-12-27
• 72309
• plutoo, derrek and smea

Practical Cache Attacks from the Network and Bad Cat Puns

• Security Main
• 42 min
• 2019-12-27
• 724
• Michael Kurth

Uncovering vulnerabilities in Hoermann BiSecur

An AES encrypted radio system

• 51 min
• 2017-12-28
• 817
• Markus Muellner and Markus Kammerstetter

Kernel Tracing With eBPF

Unlocking God Mode on Linux

• 54 min
• 2018-12-30
• 1789
• Jeff Dileo and Andy Olsen

DoH or Don't

The dilemma of DNS privacy protocols

• 43 min
• 2019-08-21
• 587
• Carsten Strotmann

Internet of Dongs

A long way to a vibrant future

• 32 min
• 2018-12-29
• 6742
• Werner Schober

SD-WAN a New Hop

How to hack software defined network and keep your sanity?

• 49 min
• 2018-12-27
• 1793
• Sergey Gordeychik

Web-App-Encryption

Is your data secure by default? How Django can be used to…

• 63 min
• 2014-08-23
• 263
• Didi Hoffmann

Privacy leaks in smart devices: Extracting data from used smart home devices

• 51 min
• 2019-08-21
• 561
• Dennis Giese

LatticeHacks

Fun with lattices in cryptography and cryptanalysis

• 65 min
• 2017-12-28
• 2997
• djb, Tanja Lange and Nadia Heninger

The year in post-quantum crypto

• 70 min
• 2018-12-28
• 4829
• djb and Tanja Lange

Container for Desktops

Security und Privacy mit LXC et.al. - auch auf…

• 61 min
• 2016-08-21
• 266
• Robert Matzinger

Attacking Chrome IPC

Reliably finding bugs to escape the Chrome sandbox

• 54 min
• 2018-12-29
• 3581
• nedwill

How to drift with any car

(without your mom yelling at you)

• 51 min
• 2017-12-28
• 8155
• Guillaume Heilles and P1kachu

Sneaking In Network Security

Enforcing strong network segmentation, without anyone…

• 60 min
• 2018-12-29
• 2140
• Maximilian Burkhardt

Doping your Fitbit

On Fitbit Firmware Modifications and Data Extraction

• 22 min
• 2017-12-27
• 6833
• jiska and DanielAW

Reversing UEFI by execution

• 60 min
• 2015-12-29
• 8655
• Jethro Beekman

First Sednit UEFI Rootkit Unveiled

• 40 min
• 2018-12-27
• 4033
• Frédéric Vachon

Talking Behind Your Back

On the Privacy & Security of the Ultrasound Tracking…

• 59 min
• 2016-12-29
• 4981
• Vasilios Mavroudis and Federico Maggi

Don't Ruck Us Too Hard - Owning Ruckus AP Devices

3 different RCE vulnerabilities on Ruckus Wireless access…

• Security Main
• 48 min
• 2019-12-28
• 669
• Gal Zror

The Rocky Road to TLS 1.3 and better Internet Encryption

• 60 min
• 2018-12-27
• 5568
• hanno

Das Privoxy-Ökosystem

• 69 min
• 2016-08-21
• 168
• Fabian

eMMC hacking, or: how I fixed long-dead Galaxy S3 phones

A journey on how to fix broken proprietary hardware by…

• 56 min
• 2017-12-27
• 2318
• oranav

Breaking Microsoft Edge Extensions Security Policies

• Security Main
• 30 min
• 2019-12-28
• 442
• Nikhil Mittal

Everything you want to know about x86 microcode, but might have been afraid to ask

An introduction into reverse-engineering x86 microcode and…

• 57 min
• 2017-12-28
• 11554
• Benjamin Kollenda and Philipp Koppe

Intel ME: Myths and reality

• 62 min
• 2017-12-28
• 4039
• Igor Skochinsky and Nicola Corna

Deploying TLS 1.3: the great, the good and the bad

Improving the encrypted the web, one round-trip at a time

• 61 min
• 2016-12-27
• 5213
• Filippo Valsorda and Nick Sullivan

(In)Security of Embedded Devices' Firmware - Fast and Furious at Large Scale

• 59 min
• 2015-12-29
• 87460
• Andrei Costin

Untrusting the CPU

A proposal for secure computing in an age where we cannot…

• 61 min
• 2016-12-27
• 1859
• jaseg

Taking Bluetooth lockpicking to the next level

...or the 37th floor of a Hotel

• 46 min
• 2019-08-23
• 782
• Ray and mh

The plain simple reality of entropy

Or how I learned to stop worrying and love urandom

• 60 min
• 2015-12-29
• 17527
• Filippo Valsorda

PostgreSQL Security

• Graz linuxtage
• 41 min
• 2019-04-27
• 113
• Hans-Jürgen Schönig

Sanitizing PCAPs

Fun and games until someone uses IPv6 or TCP

• 43 min
• 2015-12-28
• 7746
• Jasper Bongertz

How not to use OAuth

New security recommendations for OAuth

• 56 min
• 2019-08-10
• 251
• Dr. Daniel Fett

radare demystified

after 1.0

• 62 min
• 2016-12-29
• 3687
• pancake

Updates from the Onion

The Road to Mobile Tor and Improved Censorship Circumvention

• 43 min
• 2019-08-23
• 354
• GeKo

How Do I Crack Satellite and Cable Pay TV?

• 62 min
• 2016-12-27
• 13839
• Chris Gerlinsky

How hackers grind an MMORPG: by taking it apart!

An introduction to reverse engineering network protocols

• 54 min
• 2015-12-28
• 58719
• Rink Springer

PQCHacks

A gentle introduction to post-quantum cryptography

• 60 min
• 2015-12-27
• 12351
• djb and Tanja Lange

Modchips of the State

Hardware implants in the supply-chain

• 36 min
• 2018-12-27
• 4057
• Trammell Hudson

Domain Name System

Hierarchical decentralized naming system used since 30 years

• 42 min
• 2018-12-29
• 1446
• Hannes Mehnert

On Smart Cities, Smart Energy, And Dumb Security

• 45 min
• 2016-12-29
• 3318
• Netanel Rubin

We should share our secrets

Shamir secret sharing: How it works and how to implement it

• 59 min
• 2017-12-28
• 922
• Daan Sprenkels

Decoding Contactless (Card) Payments

An Exploration of NFC Transactions and Explanation How…

• 58 min
• 2017-12-29
• 3149
• Simon Eumes

LinOTP und Single Sign On

Zwei-Faktor Authentisierung in der Praxis

• 53 min
• 2014-08-23
• 250
• Rainer Endres

Ghidra - An Open Source Reverse Engineering Tool

How the NSA open-sourced all software in 2019

• 60 min
• 2019-08-10
• 312
• larsborn

Nintendo Hacking 2016

Game Over

• 61 min
• 2016-12-27
• 9627
• derrek, nedwill and naehrwert

Datengarten 50

ZigBee

• 93 min
• 2015-04-14
• 932
• Stephan

Introduction to Mix Networks and Katzenpost

a new anonymity movement

• 47 min
• 2019-08-23
• 328
• David Stainton and mo

Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit

Warum das Laden eines Elektroautos unsicher ist

• 52 min
• 2017-12-27
• 23006
• Mathias Dalheimer

Sicherheit von 125kHz Transpondern am Beispiel Hitag S

• 60 min
• 2015-12-28
• 19048
• Ralf Spenneberg, Hendrik Schwartke and Oguzhan Cicek

Microsofts Windows 10 Botnet

• 60 min
• 2015-12-30
• 121695
• ruedi

Build your own NSA

How private companies leak your personal data into the…

• 60 min
• 2016-12-28
• 16307
• Andreas Dewes and @sveckert

PLC-Blaster

Ein Computerwurm für PLCs

• 58 min
• 2015-12-27
• 42724
• Maik Brüggemann and Ralf Spenneberg

Bitcoin

Open Sourcing Money

• 64 min
• 2014-08-24
• 477
• Levin Keller

Resilienced Kryptographie

• 59 min
• 2017-12-29
• 2404
• ruedi and cforler

Electromagnetic Threats for Information Security

Ways to Chaos in Digital and Analogue Electronics

• 49 min
• 2017-12-28
• 1182
• @EMHacktivity and José Lopes Esteves

Dissecting modern (3G/4G) cellular modems

• 58 min
• 2016-12-29
• 6980
• LaForge and holger

The Perl Jam 2

The Camel Strikes Back

• 60 min
• 2015-12-28
• 46859
• Netanel Rubin

Turris: secure open source router

Who is the root on your router?

• 52 min
• 2018-08-26
• 102
• Michal Hrusecky

Beyond Anti Evil Maid

Making it easier to avoid low-level compromise, and why…

• 60 min
• 2015-12-29
• 42398
• Matthew Garrett

Exploiting PHP7 unserialize

teaching a new dog old tricks

• 44 min
• 2016-12-27
• 3985
• Yannay Livneh

The long road to reproducible builds

why+how to create bit by bit identical binary packages

• 41 min
• 2015-08-23
• 110
• Holger 'h01ger' Levsen

Memsad

why clearing memory is hard.

• 61 min
• 2018-12-29
• 2980
• Ilja van Sprundel

The Freenet Project

Anonymes Netzwerk basierend auf dem Kleine-Welt-Phänomen

• Security
• 47 min
• 2009-08-23
• 0
• Bahtiar `kalkin` Gadimov

Bootstraping a slightly more secure laptop

• 47 min
• 2016-12-27
• 6714
• Trammell Hudson

Neither Snow Nor Rain Nor MITM… The State of Email Security in 2015

• 49 min
• 2015-12-29
• 14406
• Zakir Durumeric

The DROWN Attack

Breaking TLS using SSLv2

• 55 min
• 2016-12-27
• 1821
• Sebastian Schinzel

Einführung zu Blockchains

• 61 min
• 2016-12-28
• 13848
• vimja

A Christmas Carol - The Spectres of the Past, Present, and Future

• 61 min
• 2018-12-28
• 1498
• Moritz Lipp, Michael Schwarz, Daniel Gruss and Claudio Canella

SCADA - Gateway to (s)hell

Hacking industrial control gateways

• 45 min
• 2017-12-30
• 5571
• Thomas Roth

Provable Security

How I learned to stop worrying and love the backdoor

• 59 min
• 2018-12-29
• 1442
• FJW and Lukas

Beyond your cable modem

How not to do DOCSIS networks

• 60 min
• 2015-12-27
• 218789
• Alexander Graf

Tapping into the core

• 31 min
• 2016-12-28
• 2176
• Maxim Goryachy and Mark Ermolov

Running your own 3G/3.5G network

OpenBSC reloaded

• 56 min
• 2015-12-27
• 10885
• LaForge

Inside Intel Management Engine

• 51 min
• 2017-12-27
• 6537
• Maxim Goryachy and Mark Ermolov

Introduction to (home) network security.

A beginner-friendly guide to network segmentation for…

• 41 min
• 2019-08-21
• 2087
• Egor

Hardware-Trojaner in Security-Chips

Eine Reise auf die dunkle Seite

• 60 min
• 2015-12-27
• 63240
• Peter Laackmann and Marcus Janke

IT-Sicherheit in mittelständischen Unternehmen

• Security
• 127 min
• 2015-04-29
• 3194
• Mirar

On the Security and Privacy of Modern Single Sign-On in the Web

(Not Only) Attacks on OAuth and OpenID Connect

• 64 min
• 2016-12-28
• 1856
• Guido Schmitz (gtrs) and dfett

Are all BSDs created equally?

A survey of BSD kernel vulnerabilities.

• 58 min
• 2017-12-29
• 6261
• Ilja van Sprundel

Attacking end-to-end email encryption

Efail, other attacks and lessons learned.

• 60 min
• 2018-12-28
• 4678
• Sebastian Schinzel

Dissecting Broadcom Bluetooth

• 43 min
• 2018-12-30
• 2382
• jiska and mantz

DPRK Consumer Technology

Facts to fight lore

• 31 min
• 2017-12-27
• 4650
• Will Scott and Gabe Edwards

New memory corruption attacks: why can't we have nice things?

• 54 min
• 2015-12-27
• 7386
• gannimo and npc@berkeley.edu

Inside Android’s SafetyNet Attestation: Attack and Defense

• 59 min
• 2017-12-28
• 1054
• Collin Mulliner

ATMs how to break them to stop the fraud

• 54 min
• 2016-12-28
• 3332
• Olga Kochetova and Alexey Osipov

1-day exploit development for Cisco IOS

• 45 min
• 2017-12-27
• 3537
• Artem Kondratenko

You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet

Finding interesting targets in 128bit of entropy

• 46 min
• 2016-12-27
• 3829
• Tobias Fiebig

Recount 2016: An Uninvited Security Audit of the U.S. Presidential Election

• 60 min
• 2016-12-28
• 2691
• Matt Bernhard and J. Alex Halderman

Defeating (Not)Petya's Cryptography

• 54 min
• 2017-12-27
• 1070
• Sebastian Eschweiler

The Great Train Cyber Robbery

• 54 min
• 2015-12-27
• 19196
• Sergey Gordeychik, Aleksandr Timorin and repdet

Attacking IoT Telemetry

A study of weaknesses in the pipeline of rapidly advancing…

• 70 min
• 2015-08-22
• 269
• Michael Schloh von Bennewitz

DANEn lügen nicht

SSL/TLS Zertifikate mit DNSSEC absichern

• 61 min
• 2014-08-23
• 428
• Carsten Strotmann

LO! An LLVM Obfuscator

• 45 min
• 2019-08-24
• 217
• Klondike

Mobile Data Interception from the Interconnection Link

• 48 min
• 2017-12-28
• 1626
• Dr. Silke Holtmanns

Downgrading iOS: From past to present

• 52 min
• 2016-12-28
• 3048
• tihmstar

IT-Unsicherheit in der Gebäudeautomation

Eine Bestandsaufnahme

• 58 min
• 2014-08-24
• 389
• Daniel Arenz

Pegasus internals

Technical Teardown of the Pegasus malware and Trident…

• 29 min
• 2016-12-27
• 2280
• Max Bazaliy

Hacking Containers and Kubernetes

Exploiting and protecting containers with a few lines of…

• 43 min
• 2019-08-21
• 1499
• Thomas Fricke

Fast Global Internet Scanning - Challenges and new Approaches

Or how to become your own ISP

• 42 min
• 2019-08-24
• 287
• Johannes Klick 'Garak'

Container - Alles sicher oder was?

• Graz linuxtage
• 34 min
• 2019-04-27
• 73
• Martin Maurer

Rowhammer.js: Root privileges for web apps?

A tale of fault attacks on DRAM and attacks on CPU caches

• 30 min
• 2015-12-28
• 25639
• Clémentine Maurice and Daniel Gruss

De-anonymizing Programmers

Large Scale Authorship Attribution from Executable Binaries…

• 59 min
• 2015-12-29
• 39437
• Aylin

500.000 Recalled Pacemakers, 2 Billion $ Stock Value Loss

The Story Behind

• 44 min
• 2019-08-22
• 455
• Tobias Zillner

Intercoms Hacking

Call the frontdoor to install your backdoors

• 40 min
• 2016-12-28
• 2124
• Sebastien Dudek

iOS kernel exploitation archaeology

• 54 min
• 2017-12-27
• 2406
• argp

Breaking Honeypots for Fun and Profit

• 54 min
• 2015-12-30
• 56157
• DeanSysman, Gadi Evron and Itamar Sher

(Un)Sicherheit von App-basierten TAN-Verfahren im Onlinebanking

• 60 min
• 2015-12-28
• 151939
• Vincent Haupert

APT Reports and OPSEC Evolution, or: These are not the APT reports you are looking for

How advanced threat actors learn and change with innovation…

• 60 min
• 2015-12-27
• 32959
• Inbar Raz and Gadi Evron

Thunderstrike 2

• 43 min
• 2015-12-27
• 8453
• Trammell Hudson

Sicher Programmieren mit Ruby on Rails

• 53 min
• 2015-08-23
• 150
• Mario Manno

Gone in 60 Milliseconds

Intrusion and Exfiltration in Server-less Architectures

• 33 min
• 2016-12-28
• 10431
• Rich Jones

Architecture of secure IoT devices

Security by design

• 48 min
• 2019-08-24
• 289
• frehberg

Squeezing a key through a carry bit

• 50 min
• 2017-12-27
• 1268
• Filippo Valsorda

Die DSGVO als Chance nutzen

Ein Fahrplan für ein mehr an Informationssicherheit in…

• 59 min
• 2019-08-11
• 104
• Hagen Bauer

Dissecting VoLTE

Exploiting Free Data Channels and Security Problems

• 49 min
• 2015-12-28
• 16963
• Dongkwan and Hongil Kim

From Zero to Zero Day

• 48 min
• 2018-12-29
• 3343
• Jonathan Jacobi

In Soviet Russia Smart Card Hacks You

• 38 min
• 2018-12-29
• 1750
• Eric Sesterhenn

A look into the Mobile Messaging Black Box

A gentle introduction to mobile messaging and subsequent…

• 63 min
• 2016-12-28
• 7421
• Roland Schilling and Frieder Steinmetz

The Noise Protocol Framework

• 32 min
• 2017-12-28
• 969
• Trevor Perrin

Modern Windows Userspace Exploitation

• 50 min
• 2018-12-28
• 3508
• Saar Amar

Visiting The Bear Den

A Journey in the Land of (Cyber-)Espionage

• 59 min
• 2016-12-27
• 2498
• Jessy Campos

Praktische Einführung in HashiCorp Vault

• 56 min
• 2018-08-26
• 321
• Timo Stankowitz

Wallet Security

How (not) to protect private keys

• 35 min
• 2018-12-28
• 1541
• Stephan Verbücheln

Modern Security Model for Embedded Linux Distributions

• 64 min
• 2016-08-21
• 66
• Aleksander Zdyb

TrustZone is not enough

Hijacking debug components for embedded security

• 31 min
• 2017-12-30
• 514
• Pascal Cotret

What the flag is CTF?

• 41 min
• 2018-12-30
• 1812
• Andy

ASLR on the line

Practical cache attacks on the MMU

• 44 min
• 2017-12-28
• 2106
• brainsmoke

KRACKing WPA2 by Forcing Nonce Reuse

• 61 min
• 2017-12-27
• 3005
• Mathy Vanhoef

What you see is not what you get - when homographs attack

• 29 min
• 2019-08-23
• 266
• Julio

Logjam: Diffie-Hellman, discrete logs, the NSA, and you

• 61 min
• 2015-12-28
• 69942
• J. Alex Halderman and Nadia Heninger

Automated security testing for Software Developers who dont know security!

secure your apps and servers through continuous integration

• 49 min
• 2019-08-22
• 392
• cy

AppArmor Crashkurs

Lerne in unter einer Stunde, AppArmor-Profile zu erstellen…

• 45 min
• 2019-08-10
• 151
• Christian Boltz

Unpatchable

Living with a vulnerable implanted device

• 60 min
• 2015-12-28
• 44678
• Marie Moe and Eireann Leverett

Anykernels meet fuzzing

how to make NetBSD a better software for you and me

• 43 min
• 2019-08-22
• 304
• Akat1 Majorana

Compromising online accounts by cracking voicemail systems

• 42 min
• 2018-12-27
• 5279
• Martin Vigo

Cloud Storage Encryption with Cryptomator

Cryptomator is a multi-platform, client-side encryption…

• 57 min
• 2015-08-23
• 451
• Sebastian Stenzel and Tobias Hagemann

Implementing an LLVM based Dynamic Binary Instrumentation framework

• 60 min
• 2017-12-28
• 1114
• Charles Hubain and Cédric Tessier

Sichere Softwareentwicklung

Ein praktischer Einstieg

• 54 min
• 2016-08-21
• 209
• Stephan Kaps

GDPR and ePrivacy: Compliance Nightmares for Open-Source Projects?

• 45 min
• 2019-08-11
• 136
• Giannis Konstantinidis

Skalierbares Auditing

• 54 min
• 2019-08-11
• 168
• Philipp Krenn

Code BROWN in the Air

A systemic update of sensitive information that you sniff…

• 37 min
• 2016-12-28
• 938
• miaoski

Memory Deduplication: The Curse that Keeps on Giving

A tale of 3 different memory deduplication based…

• 59 min
• 2016-12-29
• 2472
• Ben Gras, Kaveh Razavi, brainsmoke and Antonio Barresi

Mehr-Faktor-Authentifizierung am Puls der Zeit

Was ist neu in privacyIDEA

• 59 min
• 2016-08-21
• 107
• Cornelius Kölbel

CloudABI

Cloud computing meets fine-grained capabilities

• 57 min
• 2015-08-22
• 54
• Ed Schouten

DNSSEC

• 45 min
• 2016-08-21
• 204
• Christoph Egger

OpenVPN im Unternehmenseinsatz

Realisierung einer Hochverfügbarkeitslösung mit dynamischem…

• 37 min
• 2011-08-20
• 116
• Dominik Fischer and Oliver Dumschat-Hötte

avatar²

Towards an open source binary firmware analysis framework

• 55 min
• 2017-12-29
• 1220
• nsr

A Christmas Carol - The Spectres of the Past, Present, and Future

• Graz linuxtage
• 47 min
• 2019-04-27
• 70
• Claudio Canella, Daniel Gruss, Michael Schwarz and Moritz Lipp

The Layman's Guide to Zero-Day Engineering

A demystification of the exploit development lifecycle

• 57 min
• 2018-12-28
• 2275
• Markus Gaasedelen and Amy (itszn)

Math Protected Social Interactions

• 38 min
• 2019-08-21
• 224
• ruedi

A deep dive into the world of DOS viruses

Explaining in detail just how those little COM files…

• 38 min
• 2018-12-28
• 6158
• Ben Cartwright-Cox

Everything-as-Code – Anything Secure?

• 47 min
• 2019-08-10
• 85
• Jan Sudmeyer

Wheel of Fortune

Analyzing Embedded OS Random Number Generators

• 36 min
• 2016-12-28
• 1502
• Jos Wetzels and Ali Abbasi

CloudABI

Pure capability-based security for UNIX

• 62 min
• 2015-12-28
• 8626
• Ed Schouten

TAPS Transport Services API

Retiring the BSD Socket API

• 44 min
• 2019-08-22
• 90
• phils

Kerberos und OTP

Nur einmal authentisiert - aber stark!

• 49 min
• 2013-08-25
• 170
• Cornelius Kölbel

To Make Hearts Bleed

A Native Developer's Account On SSL

• 57 min
• 2014-08-24
• 126
• Daniel Molkentin

Hacking an NFC toy with the ChameleonMini

• Security WikiPakaWG
• 13 min
• 2019-12-30
• 1886
• fptrs and ceres-c

How to Break PDFs

Breaking PDF Encryption and PDF Signatures

• Security Main
• 58 min
• 2019-12-27
• 4786
• Fabian Ising and Vladislav Mladenov

Lets break modern binary code obfuscation

A semantics based approach

• 60 min
• 2017-12-27
• 2252
• Tim Blazytko and Moritz Contag

Security in open source projects

• 50 min
• 2019-08-11
• 63
• Jose Manuel Ortega

Sichere Webanwendungen mit Clojure

• 46 min
• 2016-08-21
• 133
• Joy Clark and Simon Kölsch

Alles meins!

Zugänge und Daten mit privacyIDEA absichern

• 59 min
• 2015-08-23
• 335
• Cornelius Kölbel

How do we know our PRNGs work properly?

• 58 min
• 2016-12-29
• 2571
• Vladimir Klebanov and Felix Dörre

Microarchitectural Attacks on Trusted Execution Environments

• 55 min
• 2017-12-27
• 919
• Keegan Ryan

Do as I Say not as I Do: Stealth Modification of Programmable Logic Controllers I/O by…

• 60 min
• 2016-12-29
• 858
• Ali Abbasi and Majid