Loading ...For those of you who were either unable to make it to DEFCON 13, or too busy partaking in the abundant alcohol, mayhem, and other frivolities going on during this last weekend I have compiled a reading list of talks to check out.
Bear in mind that the talks listed here comprised about roughly 25% of the talks given at DEFCON 13 this year so there is a lot of talks I am leaving out of this. If I left your talk out its because it dealt with deeply complex subjects involving certain types of coding or because I didn’t find it interesting or applicable to myself or my friends and associates. That being said most of the talks this year were of good quality but I do wish some of the speakers would be a bit more detailed in some of their presentation slides. Everything listed below I am mirroring on the nonmundane.org server for your convience as some of the mirrors are a bit slow when I last checked them.
In no particular order
Ian Clarke and Oskar Sandberg’s
Routing in The Dark: Scalable Searches in Dark P2P Networks
In this presentation Clarke and Sandberg try to apply routing algorithms to social networks in the context of dark P2P networks and show some of the solutions that they have come up with so far as part of the Freenet Project’s ongoing progress.
Broward Horne’s
Meme Mining for Fun and Profit
Broward shows how keyword hit analysis in USENET newsgroups and job boards online can be used to track popularity of memes and possibly predict future popularity of memes and what it cxan enable you to do with your decisionmaking.
David Hulton’s
The Next Generation of Cryptanalytic Hardware
Here David shows how FPGA’s can be applied towards solving cryptographic problems faster then general purpose PCs and how the cost of FPGA hardware has come down enabling security researchers with more powerful password auditing capabilities.
Bruce Potter of the Shmoo Group’s
Windows vs FreeBSD vs Linux
In this talk Bruce goes over the relative security or information assurance that the three operating systems provide and tries to compare the different security aspects to come up with a better view of the risks involved with running any of the operating systems in a production environment.
The Shmoo Group’s
Shmoo-Fu: Hacker Goo, Goofs, and Gear with the Shmoo
In this talk the entire Shmoo group gives an overall update of what they have been working on for the past year including new kinds of wireless network attacks, wireless equipment, and how to protect against these attacks.
Dan Kaminsky’s
Black Ops of TCP/IP 2005
Dan talks about uses of the MD5 hash vulnerability discovered earlier in the year and then goes on to show what he found when he scanned all the Internet’s DNS servers.
Strom Carlson & Black Ratchet’s
Be your own telephone company with Asterisk!
Strom and Carlson here go into great detail about the open source PBX software, Asterisk, and how it can be used and what pieces of information you need to know when deciding how to set one up. Also included are WAV files showing how various speech compression codecs in Asterisk affect voice quality. This entire talk is a 15MB zip file due to the audio samples included.
Grothoff, et. al
Lost in Translation: Translation-based Steganography
Here Grothoff and his co-authors show how one can use steganographic techniques combined with machine translated cleartexts to send secret data to others in plain view. Very interesting approach but does have some limitiations.
Dave Heiland’s
The Insecure Workstation II
Here Dave shows how one can craft a small program to use API call vulnerabilities to do user rights escalataion and subsequently subvert the Windows logon process. Also goes over how one could protect against the attack as well.
John Ives’
Passive Host Auditing
Ives here shows how one can go about using free open source tools along with custom scripts to passively identify operating systems and running applications on systems based on the traffic they send out for updates, A/V signatures and OS updates.
Metlstorm’s
Post Intrusion SSH Hijacking
In this talk Metlstorm shows how it is possible for a crafty intruder to silently hijack a SSH session in progress and open a new SSH shell to a remote system instead of the normal filehandle thanks to the magic of UNIX. Very cool stuff.
Dean Pierce, Brandon Edwards, & Anthony Lineberry’s
Bypassing Authenticated Wireless Networks
In this talk are shown how one can employ some simple sniffing techniques along with correlation of key pieces of data over unencrypted wireless networks to bypass common authentication systems using the software pickupline they created.
0 Responses to “DEFCON 13 Reading List”
Leave a Reply