Thursday, July 18, 2013

Defcon 21 Talks - By Category

For those of you going to Defcon this year, I went through and categorized the talks. Clicking the link will take you to the abstract on the Defcon site.

Some of the talks would easily fit into multiple categories but to keep it simple, I arbitrarily assigned them as I saw fit. I found it easier to verify that I would be hitting a good cross-section of the available talks this way. I hope you also get some use out of it.

Business of Security

Meet the VCs

Cryptography

ACL Steganography - Permissions to Hide Your Porn

Protecting Data with Short-Lived Encryption Keys and Hardware Root of Trust

A Password is Not Enough: Why Disk Encryption is Broken and How We Might Fix It

De-Anonymizing Alt.Anonymous.
Messages


Culture

Making Of The DEF CON Documentary

Suicide Risk Assessment and Intervention Tactics

Reality Hackers

The Cavalry Isn't Coming: Starting the Revolution to Fsck it All!

Made Open: Hacking Capitalism

Data Analysis

Open Public Sensors, Trend Monitoring and Data Fusion

Detection/Evasion

The Dirty South ? Getting Justified with Technology

EDS: Exploitation Detection System

Enterprise Software

So You Think Your Domain Controller is Secure?

Abusing NoSQL Databases

Doing Bad Things to 'Good' Security Appliances

Java Every-Days: Exploiting Software Running on 3 Billion Devices

Exposé

DragonLady: An Investigation of SMS Fraud Operations in Russia

How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers

Forensics

Offensive Forensics: CSI for the Bad Guy

This Presentation Will Self-Destruct in 45 Minutes: A Forensic Deep Dive into Self-Destructing Message Apps

Fast Forensics Using Simple Statistics and Cool Tools

Forensic Fails - Shift + Delete Won't Help You Here

Hardware/Firmware

10000 Yen into the Sea

Google TV or: How I Learned to Stop Worrying and Exploit Secure Boot

Decapping Chips the Easy Hard Way

Please Insert Inject More Coins

Dude, WTF in my car?

Phantom Network Surveillance UAV / Drone

Hardware Hacking with Microcontrollers: A Panel Discussion

Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO)

Data Evaporation from SSDs

GoPro or GTFO: A Tale of Reversing an Embedded System

JTAGulator: Assisted Discovery Of On-Chip Debug Interfaces

OTP, It won't save you from free rides!

Stepping P3wns: Adventures in Full Spectrum Embedded Exploitation (and defense!)

Incident Response

The Government and UFOs: A Historical Analysis

Information Exchange

How to Disclose or Sell an Exploit Without Getting in Trouble

Intelligence

Ambassador Joseph R. DeTrani:

Torturing Open Government Systems for Fun, Profit and Time Travel

The Growing Irrelevance of US Government Cybersecurity Intelligence Information

The Dark Arts of OSINT

Legal/Privacy

Backdoors, Government Hacking and The Next Crypto Wars

Ask the EFF: The Year in Digital Civil Liberties

The ACLU Presents: NSA Surveillance and More

The Politics of Privacy and Technology: Fighting an Uphill Battle

The Road Less Surreptitiously Traveled

Defeating Internet Censorship with Dust, the Polymorphic Protocol Engine

Legal Aspects of Full Spectrum Computer Network (Active) Defense

Privacy In DSRC Connected Vehicles

An Open Letter - The White Hat's Dilemma: Professional Ethics in the Age of Swartz, PRISM and Stuxnet

Malware

Prowling Peer-to-Peer Botnets After Dark

Combatting Mac OSX/iOS Malware with Data Visualization

A Thorny Piece Of Malware (And Me): The Nastiness of SEH, VFTables & Multi-Threading

Mobile

I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell

The Secret Life of SIM Cards

Business Logic Flaws In Mobile Operators Services

Do-It-Yourself Cellular IDS

Android WebLogin: Google's Skeleton Key

Building an Android IDS on Network Level

Defeating SEAndroid

Network

Evil DoS Attacks and Strong Defenses

MITM All The IPv6 Things

Kill 'em All ? DDoS Protection Total Annihilation!

VoIP Wars: Return of the SIP

Examining the Bitsquatting Attack Surface

Fear the Evil FOCA: IPv6 attacks in Internet Connections

Safety of the Tor Network: a Look at Network Diversity, Relay Operators, and Malicious Relays

DNS May Be Hazardous to Your Health

Defending Networks with Incomplete Information: A Machine Learning Approach

Conducting Massive Attacks with Open Source Distributed Computing

Let's Screw with Nmap

Password Cracking

gitDigger: Creating useful wordlists from public GitHub repositories

Physical Control Systems

Adventures in Automotive Networks and Control Units

Hacking Driverless Vehicles

RFID Hacking: Live Free or RFID Hard

How to Hack Your Mini Cooper: Reverse Engineering Controller Area Network (CAN) Messages on Passenger Automobiles

Physical Security

Insecurity - A Failure of Imagination

Key Decoding and Duplication Attacks for the Schlage Primus High-Security Lock

Policy/Governance

Wonk Lounge

Post-Exploitation

Getting The Goods With smbexec

PowerPreter: Post Exploitation Like a Boss

PowerPwning: Post-Exploiting By Overpowering PowerShell

Reconnaissance

Stalking a City for Fun and Frivolity

The Dawn of Web 3.0: Website Mapping and Vulnerability Scanning in 3D, Just Like You Saw in the Movies

Social Engineering

Predicting Susceptibility to Social Bots on Twitter

Software Research

Evolving Exploits Through Genetic Algorithms

Tactics - Blue Team

Pwn'ing You(r) Cyber Offenders

From Nukes to Cyber ? Alternative Approaches for Proactive Defense and Mission Assurance

Pwn The Pwn Plug: Analyzing and Counter-Attacking Attacker-Implanted Devices

Tactics - Red Team

We are Legion: Pentesting with an Army of Low-power Low-cost Devices

Collaborative Penetration Testing With Lair

Tools - Defense

EMET 4.0 PKI Mitigation

Web App Security

HTTP Time Bandit

How to use CSP to Stop XSS

Exploiting Music Streaming with JavaScript

Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys

Resting on Your Laurels Will Get You Pwned: Effectively Code Reviewing REST Applications to Avoid Getting Pwned

Transcending Cloud Limitations by Obtaining Inner Piece

Utilizing Popular Websites for Malicious Purposes Using RDI

C.R.E.A.M. Cache Rules Evidently Ambiguous, Misunderstood

Wireless

All Your RFz Are Belong to Me - Hacking the Wireless World with Software Defined Radio

Hacking Wireless Networks of the Future: Security in Cognitive Radio Networks

BYO-Disaster and Why Corporate Wireless Security Still Sucks

Noise Floor: Exploring the World of Unintentional Radio Emissions

Blucat: Netcat For Bluetooth

BYOD PEAP Show

The Bluetooth Device Database

No comments:

Post a Comment