Skip to main content

BSides San Francisco 2018



rss RSS

53
RESULTS


Show sorted alphabetically

Show sorted alphabetically

SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
BSides San Francisco 2018
movies

eye 24

favorite 0

comment 0

Patrick O'Doherty - Lessons Learned Implementing Meaningful Access Controls to Customer Data There exists an unfortunate open secret in our industry: that companies are often quite old and advanced in nature before they implement meaningful internal access controls to sensitive customer data. The reasons for this are numerous, ranging from lack of tools to lack of prioritization in the face of other engineering needs in startups. At Intercom we decided to undertake a significant body of work...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 32

favorite 0

comment 0

Neal Mueller - You Want to Step Outside? What We Can Learn from Google’s Fight with Phishing Phishing is the great public plague of the web, and attacks are on the rise. In the first longitudinal measurement of the underground ecosystem fueling credential theft, Google identified 12.4 million potential victims of phishing kits, and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Our researchers estimated that 7–25% of stolen passwords in the...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 27

favorite 0

comment 0

Sacha Faust - Six Degrees of Infiltration: Using Graph to Understand your Infrastructure and Optimize Security Decision Making Current infrastructures depends on multiple technologies and third party infrastructures that increase security complexity and makes it very difficult to have a clear end to end view of the overall state and possible risks. Existing approaches were good investments but a few challenges were observed * Some duplication - Broad set of dedicated services that collect and...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 43

favorite 0

comment 0

Claudio Contin - Fuzzing Ruby and C Extensions Intro to fuzzing, and specifics in Ruby lang:, security implications of vulnerabilities that might be found (ex: https://hackerone.com/reports/499). Intro to AFL fuzzer, basic concepts on how it works, and how to run it against Ruby lang, and potentially target gems with C extensions. Source: https://www.youtube.com/watch?v=1qjz8yObonI Uploader: Security BSides San Francisco
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 36

favorite 0

comment 0

AJ Bahnken • Forrest Fleming - PostgreSQL Threats and Attacks in the Wild We developed two PostgreSQL honeypots, pghoney (low-interaction) and Sticky Elephant (medium-interaction). This talk presents our findings (exploits! malware! brute force!) to the security community. We will also discuss the development of our honeypots and their integration into MHN & HPFeeds. Source: https://www.youtube.com/watch?v=k9N3rcLFk0c Uploader: Security BSides San Francisco
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 42

favorite 0

comment 0

Cameron Ero - The Bucket List: Experiences Operating S3 Honeypots 2017 was a blockbuster year for breaches, with everything from Russian espionage to Equifax. However, if you read between the eye-popping headlines you'll notice another concerning trend - this was the year of S3 bucket incidents. Extensive research has been published about hunting for publicly exposed buckets, and several open source tools exist that make it easy. Unfortunately, not a lot of research has been published from the...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 41

favorite 0

comment 0

Devin Lundberg - No More XSS: Deploying CSP with nonces and strict-dynamic XSS, one of the most common web vulnerabilities, can be completely prevented with a strict Content Security Policy (CSP). Older versions of CSP involved the tedious process of building a whitelist of domains where scripts lived. It is very common for these whitelists to contain sites that allow for arbitrary code execution and developers cannot use inline scripts without disabling the XSS protections. Version 3 of CSP...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 31

favorite 0

comment 0

Ian Lee - Your Secrets are Showing! - How to Find if Your Developers are Leaking Secrets? This talk will zoom in to the cache of goodies which developers leave lying around that an attacker could leverage access valuable information and / or to pivot through a target environment. It will also highlight some of the tools available to developers and InfoSec professionals to find and prevent these sorts of information leakages. Every day, developers interact with a variety of source code...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 60

favorite 0

comment 0

Stella - Privacy for Safety - OPSEC When the Threat is in the Home We live in a hyper connected world, security awareness for most people means protecting against SE or clicking on links. What happens if you need to protect yourself against someone who has your personal information or can access your devices? How can we inform people better and how can we help them? Can we improve existing apps and processes to protect people in abusive relationships or vulnerable groups? What are the dangers...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 22

favorite 0

comment 0

Shane Cota • Chris Magistrado - The Memory of a Meltdown, and No We Don't Mean Britney Software bugs can be patched as soon as the vendor pushes an update and the user updates their system. Hardware bugs are a bit more difficult to patch. Within the past few months, Spectre and Meltdown have provided hackers the ability to access memory outside the scope of their permissions. We will be getting our hands dirty with memory to demonstrate how both these vulnerabilities work and how we use a PoC...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 24

favorite 0

comment 0

Russell Thomas - Navigating the Vast Ocean of Browser Fingerprints This talk is about how to combine browser fingerprinting and machine learning to create *general purpose* models for blue team applications (e.g. fraud detection/prevention/response). Source: https://www.youtube.com/watch?v=VUsTdf8r_m4 Uploader: Security BSides San Francisco
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 33

favorite 0

comment 0

Arkadiy Tetelman - Data Driven Bug Bounty In a single sentence: if you're not collecting metrics from your bug bounty program then you're missing out on half of the value - it's not enough to simply triage, assign, and resolve individual bugs. You should collect as much data as you can - things like first response/triage/payout/resolution time, what components are vulnerable and what bug classes are they vulnerable to, which teams are bugs originating from, how often do vulnerabilities go past...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 37

favorite 0

comment 0

Yathi Naik - Pensieve: Finding Malicious Artifacts in Container Environments Traditional forensic investigation tools such as LiME, fmem (memory imaging), dd, dcfldd (disk imaging), volatility are not suited for ephemeral and immutable infrastructure. In this session, we’ll show how to make use of Checkpoint and Restore in UserSpace (CRIU), docker techniques, and other tools for evidence retention and gathering to help security operators gather artifacts from known malicious containers and...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 29

favorite 0

comment 0

Aladdin Mubaied • Rahul Nair - Tales of Red Teaming, AKA "Continuous Intrusion Continuous Deception" This talk explores various avenues of techniques used to attack a large scale corporate networks. It begins by discussing about the compromise of misconfigured deployment systems to obtain access to production servers. We will also show how it is possible to backdoor software packages with minimal to no effort and gain SYSTEM level access to many of production boxes. Then we will...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 30

favorite 0

comment 0

Wes Connell - Building a Predictive Pipeline to Rapidly Detect Phishing Domains Registering a new domain, obtaining a legitimate SSL certificate, and deploying it on a web server got much cheaper for threat actors thanks to free SSL services like Let's Encrypt. Detecting new phishing domains has always been a reactive process for security teams; just like malware, one cannot provide threat intelligence on phishing domains before they're registered and operationalized. The development of the...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 28

favorite 0

comment 0

Aditya K Sood - Crimeware Chaos: Empirical Analysis of HTTP-Based Botnet C&C Panels Cybercriminals deploy crimeware for conducting nefarious operations on the Internet. Crimeware is managed on a large scale through deployment of centralized portals known as Command and Control (C&C) panels. C&C panels are considered as attackers’ primary operating environment through which crimewave is controlled and updated at regular intervals of time. C&C panels also store information...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 25

favorite 0

comment 0

Rafae Bhatti - Overcoming Obstacles in Operationalizing Security: A Tale from the Trenches So you got an offer letter to manage or lead a security team at a startup. You create a lofty security strategy that encompasses all of the advice you got from your peers together with textbook security principles. As you roll up your sleeves and get going, you quickly realize that an ambitious strategy, even when combined with genuine security expertise and advice, won’t take you too far if it does not...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 33

favorite 0

comment 0

Brian Gorenc - From Bounties to Bureaucracy - The Hidden Market Factors of Exploit Economics Bug bounty programs are nearly ubiquitous today, but that wasn’t always the case. When the Zero Day Initiative (ZDI) was founded in 2005, bug bounty programs were considered to be a rare and somewhat controversial commodity. Now they are seen as an indispensable means for companies to acquire bug reports. Our initial goals were similar. The ZDI program extended our own research team by leveraging the...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 20

favorite 0

comment 0

Robby Cochran - Listen to your Engine: Unearthing Security Signals from the Modern Linux Kernel Observing all kernel events can be like descending into the steam-engine of an airship – the machinery of system calls can be arcane, complicated and very, very noisy. Buried in this cacophony, though, can be indicators of privilege escalation, resource abuse or side-channel attacks. In this talk, we revisit the well-trodden system call but with fresh eyes (goggles). In a cloud-native world,...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 21

favorite 0

comment 0

Poornaprajna Udupi - Starting a Security Program: Thrills and Spills Building a security program sounds exciting and exhilarating. Security practitioners tend to focus on technology and policy skills in preparation for such an opportunity. But, developing good emotional intelligence is critical for this role of a security program builder. Why would the engineering team dedicate cycles to turn on find-sec-bugs, resolve all findings and then be willing to fail the build pipeline on errors? Why...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 34

favorite 0

comment 0

Cristina Vatamanu - Netrepser – A JavaScript Targeted Attack The discovery of Stuxnet in a uranium enrichment facility in Natanz opened a new era in tactical military operations. For seven years, advanced espionage and sabotage operations have been carried out with the help of extremely complex code written especially for the job, and then discarded. The Netrepser threat we have analyzed and documented in the following pages is the exact opposite: a complex, targeted malware framework that,...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 22

favorite 0

comment 0

Reed Loden - Opening Remarks (Monday) Source: https://www.youtube.com/watch?v=gKd2ShpdwS0 Uploader: Security BSides San Francisco
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 51

favorite 0

comment 0

Itai Tevet - Supply Chain Attack Through CCleaner - Evidence Aurora Operation Still Active Last September, hackers broke into as many as 2.27 million accounts of a computer cleaning program while targeting telecom equipment companies in the United States, Japan, South Korea and Taiwan. When Avast, which owns the program, looked at the computer logs, it found just 23 compromised computers at eight different companies. The hackers' program was specifically looking for companies on a list of...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 40

favorite 0

comment 0

Evan Johnson • Maya Kaczorowski - Managing Secrets in Your Cloud Environment: AWS, GCP, and Containers (and Beyond) Applications often require access to sensitive data at build or run time, known as secrets. As a cloud application developer, you have many options to store these secrets, such as in code, environment variables, or purpose built solutions. We’ll discuss what a secret is, how secrets are stored today and some common mistakes in secret management, identity as it relates to...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 62

favorite 0

comment 0

Phil Roth - An Open Source Malware Classifier and Dataset Research in machine learning for static malware detection has been stymied because of stale, biased, and otherwise limited public datasets. In this talk, I will introduce an open source dataset of labels for a diverse and representative set of Windows PE files. The dataset also includes feature vectors for machine learning model building, a high-performing pre-trained model for research, and source code to reproducibly generate the...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 22

favorite 0

comment 0

John Banghart • Allan Friedman • Kent Landfield • Wendy Nather - So You Think You Can Patch: The Game Show that Questions Your Security Assumptions Few people know that the game show was actually a Victorian invention, although they were a bit more erudite in the airship era. In this week’s episode of “So you think you can patch,” we explore what happens when patching isn’t so simple. Contestants and the audience will face situations when security updates may not be the...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 25

favorite 0

comment 0

Anton Goncharov - Building Intelligent Automatons with Semantic Reasoning and Horse Glue Proper data modeling is probably the most underrated aspect of security data analysis. Our addiction to logs and string pattern matching as a primary source of knowledge have painted the security industry practitioners into a corner. The data never tells the full story, and the path to discovery is laborious and painful. We'll discover how graph based ontologies can help consolidate all relevant information...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 23

favorite 0

comment 0

Omri Segev Moyal - Rise of Coinminers Coinminers have been on the rise in 2017, causing slow down on home computers, massive overage to cloud providers, Highjacking someone else’s CPU power for money. This rise of Coinminers have set me on a journey diving into this new world, trying to shed some light on this emerging threat and finding ways to eradicate it. Our journey begins by exploring the magnitude of this phenomenon, its technical pieces, discovering ways to capture these vicious...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 24

favorite 0

comment 0

Spencer Walden • Justin Warner - Unraveling the Threat of Chrome Based Malware Most leading web browsers, including Google Chrome, offer users the ability to install extensions, web based applications that have the ability to execute javascript/HTML in the context of the browser. Software extensibility is both a cherished feature by end users to enhance their application experience, and in the case of Chrome extensions, also a potential threat to the security of the networks in which they are...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 25

favorite 0

comment 0

David Tomaschik - The IoT Hacker's Toolkit IoT and embedded devices provide new challenges to security engineers hoping to understand and evaluate the attack surface these devices add. From new interfaces to uncommon operating systems and software, the devices require both skills and tools just a little outside the normal security assessment. I'll show both the hardware and software tools, where they overlap and what capabilities each tool brings to the table. I'll also talk about building the...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 21

favorite 0

comment 0

Katie Ledoux - Fix All The Things: Rapid-Fire Stories of Creative Solutions to InfoSec Problems Rapid-fire stories of creative solutions to infosec problems. Source: https://www.youtube.com/watch?v=QKcuAz-9PBY Uploader: Security BSides San Francisco
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 25

favorite 0

comment 0

Reed Loden - Closing Ceremony Source: https://www.youtube.com/watch?v=-UUEEJ-d8Ts Uploader: Security BSides San Francisco
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 29

favorite 0

comment 0

Cole Thompson - Using Ancient Math to Speed Up Security Assessments of Windows Executables This is about greatly speeding up risk reduction when evaluating Windows programs. Reverse engineering binary programs tends to go one of two ways: either a quick static analysis using utilities like "strings", or a time consuming dive down the rabbit hole monitoring API calls or debugging with tools like IDA Pro. The payoff from reverse engineering can be great, *if* one picks the right...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 20

favorite 0

comment 0

Smiljana Antonijevic - Securing DNSSEC with Ritual and Ceremony (or for steampunks, How Neo-Victorians Keep Out Cads and Bounders) Which social factors are crucial for key signing ceremonies to build and maintain a chain of trust in the cryptographic operation and to establish credibility among the relying parties? Using Packet Clearing House’s DNSSEC key signing ceremonies as examples, this talk examines the process of selecting and vetting crypto officers and other individuals in trusted...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 23

favorite 0

comment 0

Arianna Willett - Moving Security from Cost Center to Revenue Generator Security is expensive. A security team requires a number of highly paid people and a myriad of expensive tools. For most business executives (read: non-security people), security is also scary and efforts never seem to be enough to get ahead of attackers. It’s easy to see why budget-makers view security as a money-sinkhole, forever appropriating valuable company resources. How can we, as security professionals, change the...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 32

favorite 0

comment 0

Pedro Fortuna - Caught My WebApp Cheating on Me! We trust that the web application code executed inside the browser is exactly the code that was sent by our application servers, but that is often not the case. The reality is that current WebApps are very susceptible to client-side injections and tampering. This can be performed by malicious extensions, Man-in-the-Browser trojans, or any kind of injection attack (e.g. reflected XSS). These attacks are very concerning not only because they change...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 19

favorite 0

comment 0

Lane Thames - Honeypots 2.0: A New ‘Twist’ on Defending Enterprise Networks with Dynamic Deception at Scale The concept of honeypots and deception has been leveraged by cyber-defenders for many years. Today, though, the emergence of maturing technologies allows us to add a new twist on the classic honeypot approach. Some argue that honeypots were ahead of their time. In the past, honeypots were useful but scale was a limiting factor for the amount of benefit and return on investment...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 23

favorite 0

comment 0

Benjamin Hering - Blue Team Fundamentals Noob friendly! While new technical vulnerabilities are found continuously, malicious actors often rely on tried and true methods to exploit. These exploits are surprisingly uncomplicated. In this talk, we’ll share attempts we’ve seen from malicious actors. We’ll break down actual attacks and share what’s been most effective in mitigating credential stuffing, phishing, and common RCE attempts. At the end of this talk, you’ll walk away with...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 33

favorite 0

comment 0

Will Dormann - Keep it Like a Secret: When Android Apps Contain Private Keys We all have secrets. And the way we keep them secrets is by not telling them to others. Either because of inappropriate design, or by sheer accident, many publicly-available Android applications include private keys in them. By processing over 1 million applications from the Google Play Store, I have found thousands of private key files that are not private. Discovered private keys include PGP private keys, SSH private...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 31

favorite 0

comment 0

Tongbo Luo • Zhaoyan Xu - KubeScope for the Extraordinary World of Containers Google’s Kubernetes has become the de facto standard for software container orchestration. As development teams have rapidly embraced it, the Kubernetes feature set has exploded and the importance of securing the Kubernetes ecosystem has come into focus. Security teams find themselves scrambling to identify potential threat vectors, establish best practices, and enable DevOps teams to accelerate without...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 22

favorite 0

comment 0

Jonathon Poling - Logging, Monitoring, and Alerting in AWS (The TL;DR) With AWS’ ever-increasing number services and ever-growing complexity, individuals and organizations are desperately seeking the “TL;DR” of what services are available to protect them from and respond to attacks, and how to best configure them for effective and efficient monitoring, alerting, and incident response. The first part of this presentation will walk the audience through the core services and capabilities...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 31

favorite 0

comment 0

Amit Elazari - Hacking the Law: Are Bug Bounties a True Safe Harbor? In the wake of recent media headlines, bug bounties emerge as a murky legal landscape to navigate. While the vulnerability economy is booming, a novel survey of bug bounty terms reveals that platforms and companies sometimes put hackers in “legal” harm’s way, shifting the risk for civil and criminal liability towards hackers instead of creating safe harbors. This practice already resulted in one public story concerning a...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 29

favorite 0

comment 0

Jerrod Chong - Simple. Open. Mobile: A Look at the Future of Strong Authentication In recent years, a growing demand to replace passwords and better protect online users has fueled the creation of new, open authentication standards that would deliver on the simplicity and security consumers require. Unlike early predecessors, newly-developed FIDO U2F and FIDO 2 standards provide strong authentication and high privacy with characteristics that have eluded previous hardware tokens – elegance...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 29

favorite 0

comment 0

Reed Loden - Opening Remarks (Monday) Source: https://www.youtube.com/watch?v=osyGIfegMLc Uploader: Security BSides San Francisco
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 35

favorite 0

comment 0

Vlad Craciun - Prospecting Ransomware Tech 2017 was a year with a large increase of ransomware families and malware technologies. Some malware technologies are not dangerous enough unless they get mixed with others, yet somehow most of them end up into ransomwares and botnets. Wannacry and Not-Petya were empowered with SMB exploits for mass spreading. Not-Petya, GoldenEye and Armalocky make use of low-level disk encryption to alter the user data at sector level. GlobeImposter, BTCWare and...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 44

favorite 0

comment 0

Clint Gibler - The SecDevOpronomicon - Arcane Secrets for Scaling your Company’s Security In Victorian San Francisco, we provision fleets of servers with Chef or Puppet and push new code to production dozens of times a day, our laptops illuminated by candle light and backlit Macbook keyboards. You twirl your LED monocle and focus your attention once more on your most pressing challenge: how can you scale your company’s security efforts given the rapid pace of development with a security...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 19

favorite 0

comment 0

Thomas Phillips - Machine Learning: Too Smart for its Own Good Wouldn't it be awesome to build a machine learning device that ran on tubes, valves, and gears? Terms like machine learning, deep learning, and neural nets are often brought up as if they are a magical cure for security problems. Unfortunately, machine learning systems have fundamental, inescapable limitations. Exploring the limitations is normally done through discussion of the mathematics involved. Instead of using math, we will...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 37

favorite 0

comment 0

Jim Nitterauer - Demystifying DNS Security – Practical Steps for Reducing Exposure and Detecting Compromise The Internet as we know it would come to a screeching halt if DNS failed for any extended period yet we give little thought to the configuration, monitoring and security of our critical DNS services. From a practical standpoint, DNS is extremely insecure and can be exploited in many nefarious ways. This talk will examine some to the more common ways that DNS can be exploited. We will...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 15

favorite 0

comment 0

Nate Cardozo • Andrew Crocker • Gennie Gebhart • Stephanie Lacambra • Sydney Li • Kurt Opsahl - Ask the EFF "Ask the EFF" will be a panel presentation and question-and-answer session with several staff members of the Electronic Frontier Foundation, the nation’s premiere nonprofit digital civil liberties group. Each staffer will discuss a particular issue that has been in the news or on EFF’s docket this year. Source: https://www.youtube.com/watch?v=tjhmR-ouSMU Uploader:...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 27

favorite 0

comment 0

Tiberius Axinte - Deconstructing APT28's XAgent for OSX Until now APT28 was only available for Windows, Linux and iOS operating systems. Now we've discovered macOS version that which brings more spying capabilities such as key-logging, screen grabbing and file exfiltration and stealing iOS backups from Mac computers, which contain messages, contacts, voicemail, call history, notes, calendar and Safari data. The macOS version, is the most advanced version of APT28 in terms of cyber espionage...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 40

favorite 0

comment 0

Dylan Ayrey - Fighting Secrets In Source Code With TruffleHog Secrets in source code have lead to breaches in the past. They make it really easy to move laterally and escalate privileges once inside an environment, and it's a problem the entire industry faces. I'm going to talk about the tool I wrote to help identify secrets: TruffleHog. I'll be talking about different ways to use the tool, how it can be used in devops pipelines, and the future of the tool going forward. I'll also talk about a...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
movies

eye 29

favorite 0

comment 0

Jason Craig • Michael George - A Case Study of MacOS Supply Chain Compromise Supply chain compromises remain an effective technique for attackers to get their malware on a wide array of victims. In this talk we will discuss some of the free and open source MacOS tooling that we use to help defend our networks. We will then walk through how one can use these tools and others to build context around the data they generate to find new, unknown threats and independently identify malware in your...
Topics: Youtube, video, Science & Technology
BSides San Francisco 2018
by Security BSides San Francisco
movies

eye 45

favorite 0

comment 0

Yamin Tian - Introduction to Windows Kernel Mode Debugging Debugging is a very practical science, and an underappreciated component of creating secure software. Specifically, debugging in the kernel is extremely useful for creating efficiencies, finding the root cause of problems, and crafting more secure software. It also helps us to establish a deeper understanding of the operating system internals, which is one of the fundamentals for security experts. Moreover, there is a growing movement...
Topics: Youtube, video, Science & Technology