- 95
- 87 586
The Long Con
Приєднався 3 лис 2014
BSides Winnipeg
Matir - Badgelife Creator 101: Making Your First Electronic Badge
Badgelife culture involves making custom badges for various events and conferences. Though not always, these badges are often electronic. Many creators may have ideas, but have never made a custom PCB or custom electronic device. This talk is intended to take those who may have played with an Arduino and help them understand the process -- and difficulties -- in turning their idea into a functional badge, along with caveats and suggestions for their first attempt. Even if you've never built anything electronic, it's my hope you'll understand what's involved, and maybe be inspired to go forth and build something yourself. I'll cover refining your idea for badgelife, realistic projects for a first try, and setting up a timeline. Then I'll discuss the steps -- schematic capture, PCB layout, PCB manufacture, PCB assembly (both paid and DIY), and firmware options.
Bio: "David is a senior engineer and tech lead of the internal Red Team at Google. When not breaking things, he enjoys making electronics and teaching others about security and electronics. He has spoken at DEF CON, BSidesLV, BSidesSF, and other events."
Bio: "David is a senior engineer and tech lead of the internal Red Team at Google. When not breaking things, he enjoys making electronics and teaching others about security and electronics. He has spoken at DEF CON, BSidesLV, BSidesSF, and other events."
Переглядів: 58
Відео
Oleksiy Vasylyuk - Unlocking a Secure Future via Test-Driven Delivery
Переглядів 168 місяців тому
Is it secure? I'm asked this on a daily basis and I believe I might have a pragmatic answer. This submission introduces a refined approach to enhance security, quality, and consistency in solution delivery through Test-Driven Architecture (TDA). The core challenge addressed is the prevalence of inconsistent and frequently overlooked security requirements, resulting in vulnerabilities, complianc...
Jared Bater - Adventures in Agricultural IoT
Переглядів 228 місяців тому
Deploying LoRaWAN and cellular devices in remote location to service agricultural clients has some unexpected challenges. From high delay/unreliable carriers to extremes in temperatures and power to retrofitting legacy industrial equipment, there are some unique deployment and management challenges. Come along with me as I share problems and some solutions in the world of IoT in the world of Bi...
Richard Frovarp - How SSO Works
Переглядів 298 місяців тому
SSO is everywhere, but how does it work? As a defender, what parts do you need to be worried about? This talk will cover CAS protocol, SAML 2, and potentially OIDC. We will learn what front channel and back channel communication is. We will see how this works in a multilateral federation. Bio: "Richard is a software engineer that primarily focuses on IAM (Identity and Access Management). He is ...
Paul Harrison - Transparency in Security
Переглядів 128 місяців тому
Security by obscurity doesn't work, so why are so many people terrified about talking about their security programs without an NDA? Security measures, when well implemented, should be able to withstand someone learning about them. Let's talk openly about our security, we can all benefit from it! Bio: "Jack of all trades, master of absolutely nothing. Security, privacy, and open source geek. Att...
GlitchWitch - SaaS Security Basics on a Shoestring Budget
Переглядів 618 місяців тому
As a recent founder who has spent a lot of the last year helping other founders with their security, I've come to realise that there is a lot of mystery and basic knowledge gap when it comes to keeping your product and infrastructure secure that the average technical founder or small team simply doesn't have a grasp on. In this talk I'll dive into many of the security issues SaaS and tech enabl...
Mike Saunders - Roll for Stealth: Intro to AV & EDR Evasion
Переглядів 3538 місяців тому
Evading modern AV & EDR can seem daunting and near impossible to the uninitiated. If the idea of trying to get a payload past these defences seems unattainable or too 'l337', this talk is for you! I'll cover basic concepts and tools you can use to start evading detection and get payloads running. Bio: "Mike Saunders (@hardwaterhacker) is Red Siege Information Security's Principal Consultant and...
Travis Friesen - Logging: you're not doing it enough
Переглядів 188 місяців тому
When it comes to meaningful improvements to your security posture, there is nothing that gives you better value for your money than a comprehensive log collection and aggregation deployment. In this talk, Travis will persuade you of the value of a formal logging program, compare and contrast this to a SIEM, and talk about how you can get going with logging today. Bio: "Autopilot Software. InfoS...
Raph - SYSMON + ATT&CK to feed your SIEM
Переглядів 458 місяців тому
Endpoints are still a thing even though everyone has their heads in the clouds. There are many ways to deploy Sysmon to endpoints and get the logs that matter to enrich a story even when the EDR's fails. We will walk through an easy way to deploy and manage a Sysmon stack which uses Mitre as detections. Bio: "In IT for 20 years, Cyber for the last 5 or 6, I do threat detection engineering!"
William Franzin - Reverse-Engineering & Re-Purposing Smart Devices
Переглядів 1388 місяців тому
We're going to look at popular smart bulbs and plugs, how to reverse-engineer them and repurpose those devices into low-cost computers for our internet of things projects. We'll also have some fun abusing that hardware and cover all the things it shouldn't do - but can do. Bio: "William has been a tech enthusiast his entire life and worked with computers and radio communications since the 90s. ...
Mike Himbeault - The Ancestry of Kubernetes
Переглядів 388 місяців тому
There are two types of multitasking - I'll let you guess what they are - but when we invented those, we started down a path that inexorably led us to the worst possible outcome. And then after that, Kubernetes. This talk discusses how we got here, why we should have made a left, not a right, maybe, back at that old house with angry badgers in it, and why Kubernetes is what it is, isn't what it ...
Rob Keizer - pledge, and why you should use it
Переглядів 1388 місяців тому
Pledge is a system call that empowers a program to limit itself. Originally coming out of OpenBSD, this concept is seeing increased usage and has been ported to Linux. If a process breaks a pledge that it has made it is terminated. This allows programmers to increase security, and heavily mitigates supply chain attacks. It can also be used in a wrapper, effectively guarding against malicious ac...
Mark Jenkins - The Security Implications of Ansible Scared Me
Переглядів 268 місяців тому
Mark is fresh off his first dive into Ansible, the popular system automation tool. His first reaction to the technology was to imagine the security dangers of an overly powerful Ansible controller. Mark will share some of his first experience mitigating risk while also bringing the technological benefits into his workplace. Bio: "Mark is 17 years into his career as a an 'opdev', a system operat...
Sarah LaCroix - Do I Need To Be Worrying About Security Updates For My Car????
Переглядів 865 років тому
Back in the day, when purchasing a car, all you really had to worry about were safety ratings and cost. Today, vehicles are more complex and as much computer as they are machine. You've likely heard the horror stories of self driving cars getting hacked. Maybe that's made you fearful. But what about cars you have to drive yourself? With today's Bluetooh-equipped, dashcam-set-up, Internet connec...
Chris Johnson\r - Securely converting accessible text to speech input using emacspeak
Переглядів 3975 років тому
Chris Johnson\r - Securely converting accessible text to speech input using emacspeak
Robert Wagner - Defense on a budget: Free Tips & Tricks for Improving Security
Переглядів 995 років тому
Robert Wagner - Defense on a budget: Free Tips & Tricks for Improving Security
Travis Friesen - Evading commercial anti-virus
Переглядів 1095 років тому
Travis Friesen - Evading commercial anti-virus
William Kempan - An Overview of Active Directory Active and Defence
Переглядів 1625 років тому
William Kempan - An Overview of Active Directory Active and Defence
Magno Rodrigues - Web hacking 101: burping for fun and maybe some profit
Переглядів 1265 років тому
Magno Rodrigues - Web hacking 101: burping for fun and maybe some profit
Saulo Hachem - REST in peace. Exploiting GraphQL
Переглядів 1505 років тому
Saulo Hachem - REST in peace. Exploiting GraphQL
Matthew Southworth - Lessons in Purple Teaming with ATT&CK
Переглядів 665 років тому
Matthew Southworth - Lessons in Purple Teaming with ATT&CK
Robert Keizer/Troy Denton - Reconfigurable computing on Open-source ISAs: Research and Applications
Переглядів 475 років тому
Robert Keizer/Troy Denton - Reconfigurable computing on Open-source ISAs: Research and Applications
Richard Frovarp - Capturing WPA2 Enterprise credentials with a Pi
Переглядів 2835 років тому
Richard Frovarp - Capturing WPA2 Enterprise credentials with a Pi
Mike Saunders - Assumed Breach: A Better Model for Penetration Testing
Переглядів 925 років тому
Mike Saunders - Assumed Breach: A Better Model for Penetration Testing
Katherine Scrupa - Rad Omens: The Good and Evil Uses of WMI, CIM
Переглядів 2285 років тому
Katherine Scrupa - Rad Omens: The Good and Evil Uses of WMI, CIM
Mike Himbeault - Taking Back the Home: Reverse engineering proprietary home automation
Переглядів 785 років тому
Home automation systems are split primarily into the two camps of open (and open-source), and proprietary. Proprietary systems have an advantage in that they are typically managed by a third party (for a fee, often paired with an alarm system) and they come with a preselected collection of devices the managing party guarantees work nicely together. This talk will explore how to reverse engineer...
Matthew Southworth - Stopping Digital Skimmers
Переглядів 2096 років тому
Matthew Southworth - Stopping Digital Skimmers
Travis Friesen - Beware the Maelstrom: The Pitfalls of Password Rotation
Переглядів 626 років тому
Travis Friesen - Beware the Maelstrom: The Pitfalls of Password Rotation
awesome talk, more like this.
tanks
Great talk! I found this especially interesting after recently watching Linus deal with his smart home stuff.
Thank you. This is an amazing video
awesome
Very interesting, great help for my Bachelors Thesis, thanks!! :)
Would have been nice if the video shot was zoomed in on the Powerpoint only, and maybe had the speaker in a PIP type window. Had to sit on my coffee table to read the Powerpoint.
01:40
This is the best talk on Threat Hunting I have ever seen, and he never even once uses the term.
This guy is hardcore. Motivated and brilliant.
thanks for this saulo
Hasn't wireless internet been proven not reliable in arctic or near artic conditions like northern Manitoba, Nunuvut, and NWT? This is why the CRTC is allowing wired Internet "up north" so that those communities can finally get reliable hi-speed Internet connections.
hi, how to identify and how to conect with a rt809h programer? i need to remove the password on yoga 370, need help, any schematic or tutorial.
hi i am trying to find the eeprom chip on lenovo thinkpad x1 carbon 1st gen and can not find anything anywhere.if anybody can help please contact me.
troy bidwell same here. You ever find anything out, or any Progress?
One of the best of the Bsides Winnipeg talks
0:30 Ron haha
In some situations, simply removal of the supervisor password might not working at all. I removed supervisor password by shorting PIN SCL and SDA during posting. But upon reboot back, the supervisor password re-inserted itself again. I believe if the supervisor password is set by an IT department instead of an individual, removing the password won't solve the problem like in my case. Find and Decode the supervisor password is the final solution.
Apparently the password is also backed up to battery-backed RAM in the clock chip, so make sure the yellow clock battery is unplugged also.
@creates_things With soldering method could you replace the ship (EEPROM) with a unlocked one?
Talk starts at 3:33
Ok, you bozzos, All the tools needed are at www.allservice.ro/store/utils. Reader is freeware and includes the schematics The real forum is this: www.allservice.ro/forum/viewtopic.php?t=47 the author is Victor Voinea and they unlocked the thinkpads ages ago.
Brilliant speaker.
Nicely done, Cian!
Interesting. Although I've always thought that large scale networks like Cisco would actually run their own scanners on the logs themselves to search for specific malware or invalid/various input code instead of just basic Antivirus and literal "investigative" examination of the logs. Kinda strange, now it makes me wonder if they do the same thing for large social medias as well. There's malware out there that you could send to a specific machine and if they have their firewall turned off for that brief moment, the file passes through, it opens instantly and stays there. Even if the firewall gets back on it won't matter because the OS will recognize the malware/file as a valid program. So even with a new antivirus + firewall you could get owned really fast. Since I'm also assuming that the nodes within the network even though they are broken into dif. other networks via subnetting they are connected somehow to the main one, which would be one step away from owning everything. Also, you don't really need browsers to connect to the net, there are other ways, I do however agree with the HTTP claims. I'll add even WWW to that analogy. WWW is used predominately in malware distribution. It has various protocols that allows them to be injected easier. In any case, good to know large networks have shitty security. And somehow I was expecting the internal layout of the interconnected networks to be more complicated. Hmmm
Great talk by Kyle Geske from BSides last year.
Awesome presentation Kyle, really great seeing it again. I still laugh that I was stumped by the bot at 21:25