ViewTube

Ghidra - Journey from Classified NSA Tool to Open Source

Ghidra - Journey from Classified NSA Tool to Open Source

DevSecOps : What, Why and How

DevSecOps : What, Why and How

Black Hat USA 2019 Keynote: Every Security Team is a Software Team Now by Dino Dai Zovi

Black Hat USA 2019 Keynote: Every Security Team is a Software Team Now by Dino Dai Zovi

Behind the scenes of iOS and Mac Security

Behind the scenes of iOS and Mac Security

Reverse Engineering WhatsApp Encryption for Chat Manipulation and More

Reverse Engineering WhatsApp Encryption for Chat Manipulation and More

Selling 0-Days to Governments and Offensive Security Companies

Selling 0-Days to Governments and Offensive Security Companies

Process Injection Techniques - Gotta Catch Them All

Process Injection Techniques - Gotta Catch Them All

Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)

Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)

Detecting Malicious Files with YARA Rules as They Traverse the Network

Detecting Malicious Files with YARA Rules as They Traverse the Network

MITRE ATT&CK: The Play at Home Edition

MITRE ATT&CK: The Play at Home Edition

WebAuthn 101 - Demystifying WebAuthn

WebAuthn 101 - Demystifying WebAuthn

GDPArrrrr: Using Privacy Laws to Steal Identities

GDPArrrrr: Using Privacy Laws to Steal Identities

Inside the Apple T2

Inside the Apple T2

Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities

Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities

Death to the IOC: What's Next in Threat Intelligence

Death to the IOC: What's Next in Threat Intelligence

The Path Less Traveled: Abusing Kubernetes Defaults

The Path Less Traveled: Abusing Kubernetes Defaults

New Vulnerabilities in 5G Networks

New Vulnerabilities in 5G Networks

Breaking Samsung's ARM TrustZone

Breaking Samsung's ARM TrustZone

Breaking Samsung's ARM TrustZone

Breaking Samsung's ARM TrustZone

Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs

Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs

Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps

Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps

Biometric Authentication Under Threat: Liveness Detection Hacking

Biometric Authentication Under Threat: Liveness Detection Hacking

Practical Approach to Automate the Discovery & Eradication of Open-Source Software Vulnerabilities

Practical Approach to Automate the Discovery & Eradication of Open-Source Software Vulnerabilities

The Enemy Within: Modern Supply Chain Attacks

The Enemy Within: Modern Supply Chain Attacks

A Compendium of Container Escapes

A Compendium of Container Escapes

Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover

Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover

Backdooring Hardware Devices by Injecting Malicious Payloads on Microcontrollers

Backdooring Hardware Devices by Injecting Malicious Payloads on Microcontrollers

Woke Hiring Won't Save Us: An Actionable Approach to Diversity Hiring and Retention

Woke Hiring Won't Save Us: An Actionable Approach to Diversity Hiring and Retention

Automation Techniques in C++ Reverse Engineering

Automation Techniques in C++ Reverse Engineering

Command Injection in F5 iRules

Command Injection in F5 iRules

Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing

Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing

Attacking iPhone XS Max

Attacking iPhone XS Max

Shifting Knowledge Left: Keeping up with Modern Application Security

Shifting Knowledge Left: Keeping up with Modern Application Security

Rogue7: Rogue Engineering-Station Attacks on S7 Simatic PLCs

Rogue7: Rogue Engineering-Station Attacks on S7 Simatic PLCs

Breaking Encrypted Databases: Generic Attacks on Range Queries

Breaking Encrypted Databases: Generic Attacks on Range Queries

Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine

Infighting Among Russian Security Services in the Cyber Sphere

Infighting Among Russian Security Services in the Cyber Sphere

Fantastic Red-Team Attacks and How to Find Them

Fantastic Red-Team Attacks and How to Find Them

The Discovery of a Government Malware and an Unexpected Spy Scandal

The Discovery of a Government Malware and an Unexpected Spy Scandal

Behind the Scenes of Intel Security and Manageability Engine

Behind the Scenes of Intel Security and Manageability Engine

Preventing Authentication Bypass: A Tale of Two Researchers

Preventing Authentication Bypass: A Tale of Two Researchers

Cyber Insurance 101 for CISO’s

Cyber Insurance 101 for CISO’s

Messaging Layer Security: Towards a New Era of Secure Group Messaging

Messaging Layer Security: Towards a New Era of Secure Group Messaging

The Most Secure Browser? Pwning Chrome from 2016 to 2019

The Most Secure Browser? Pwning Chrome from 2016 to 2019

Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone

Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone

Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project

Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project

PicoDMA: DMA Attacks at Your Fingertips

PicoDMA: DMA Attacks at Your Fingertips

Project Zero: Five Years of 'Make 0Day Hard'

Project Zero: Five Years of 'Make 0Day Hard'

Dragonblood: Attacking the Dragonfly Handshake of WPA3

Dragonblood: Attacking the Dragonfly Handshake of WPA3

Everybody be Cool, This is a Robbery!

Everybody be Cool, This is a Robbery!

Exploiting Qualcomm WLAN and Modem Over The Air

Exploiting Qualcomm WLAN and Modem Over The Air

Exploiting Qualcomm WLAN and Modem Over The Air

Exploiting Qualcomm WLAN and Modem Over The Air

Adventures in the Underland: The CQForensic Toolkit as a Unique Weapon Against Hackers

Adventures in the Underland: The CQForensic Toolkit as a Unique Weapon Against Hackers

0-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars

0-days & Mitigations: Roadways to Exploit and Secure Connected BMW Cars

All the 4G Modules Could be Hacked

All the 4G Modules Could be Hacked

How Do Cyber Insurers View The World?

How Do Cyber Insurers View The World?

Finding Our Path: How We're Trying to Improve Active Directory Security

Finding Our Path: How We're Trying to Improve Active Directory Security

Chip.Fail - Glitching the Silicon of the Connected World

Chip.Fail - Glitching the Silicon of the Connected World

HTTP Desync Attacks: Smashing into the Cell Next Door

HTTP Desync Attacks: Smashing into the Cell Next Door

Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller

Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller

How to Detect that Your Domains are Being Abused for Phishing by Using DNS

How to Detect that Your Domains are Being Abused for Phishing by Using DNS

Responding to a Cyber Attack with Missiles

Responding to a Cyber Attack with Missiles

Moving from Hacking IoT Gadgets to Breaking into One of Europe's Highest Hotel Suites

Moving from Hacking IoT Gadgets to Breaking into One of Europe's Highest Hotel Suites

Selling 0-Days to Governments and Offensive Security Companies

Selling 0-Days to Governments and Offensive Security Companies

Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime

Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime

Controlled Chaos: The Inevitable Marriage of DevOps & Security

Controlled Chaos: The Inevitable Marriage of DevOps & Security

HostSplit: Exploitable Antipatterns in Unicode Normalization

HostSplit: Exploitable Antipatterns in Unicode Normalization

API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web

API-Induced SSRF: How Apple Pay Scattered Vulnerabilities Across the Web

Lessons and Lulz: The 5th Annual Black Hat USA NOC Report

Lessons and Lulz: The 5th Annual Black Hat USA NOC Report

Lessons and Lulz: The 5th Annual Black Hat USA NOC Report

Lessons and Lulz: The 5th Annual Black Hat USA NOC Report

Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

Behind the Scenes: The Industry of Social Media Manipulation Driven by Malware

Paging All Windows Geeks – Finding Evil in Windows 10 Compressed Memory

Paging All Windows Geeks – Finding Evil in Windows 10 Compressed Memory

Women in Security: Building a Female InfoSec Community in Korea, Japan, and Taiwan

Women in Security: Building a Female InfoSec Community in Korea, Japan, and Taiwan

Lessons From Two Years of Crypto Audits

Lessons From Two Years of Crypto Audits

Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception

Monsters in the Middleboxes: Building Tools for Detecting HTTPS Interception

Internet-Scale Analysis of AWS Cognito Security

Internet-Scale Analysis of AWS Cognito Security

Critical Zero Days Remotely Compromise the Most Popular Real-Time OS

Critical Zero Days Remotely Compromise the Most Popular Real-Time OS

All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices

All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices

Defense Against Rapidly Morphing DDOS

Defense Against Rapidly Morphing DDOS

He Said, She Said – Poisoned RDP Offense and Defense

He Said, She Said – Poisoned RDP Offense and Defense

MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection

MINimum Failure - Stealing Bitcoins with Electromagnetic Fault Injection

Exploring the New World : Remote Exploitation of SQLite and Curl

Exploring the New World : Remote Exploitation of SQLite and Curl

Arm IDA and Cross Check: Reversing the Boeing 787's Core Network

Arm IDA and Cross Check: Reversing the Boeing 787's Core Network

ClickOnce and You're in - When Appref-ms Abuse is Operating as Intended

ClickOnce and You're in - When Appref-ms Abuse is Operating as Intended

Legal GNSS Spoofing and its Effects on Autonomous Vehicles

Legal GNSS Spoofing and its Effects on Autonomous Vehicles

Transparency in the Software Supply Chain: Making SBOM a Reality

Transparency in the Software Supply Chain: Making SBOM a Reality

Testing Your Organization's Social Media Awareness

Testing Your Organization's Social Media Awareness

Making Big Things Better The Dead Cow Way

Making Big Things Better The Dead Cow Way

Debug for Bug: Crack and Hack Apple Core by Itself

Debug for Bug: Crack and Hack Apple Core by Itself

Playing Offense and Defense with Deepfakes

Playing Offense and Defense with Deepfakes

Managing for Success: Maintaining a Healthy Bug Bounty Program Long Term

Managing for Success: Maintaining a Healthy Bug Bounty Program Long Term

Cybersecurity Risk Assessment for Safety-Critical Systems

Cybersecurity Risk Assessment for Safety-Critical Systems

Breaking Encrypted Databases: Generic Attacks on Range Queries

Breaking Encrypted Databases: Generic Attacks on Range Queries

A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works

A Decade After Bleichenbacher '06, RSA Signature Forgery Still Works

Firmware Cartography: Charting the Course for Modern Server Compromise

Firmware Cartography: Charting the Course for Modern Server Compromise

Hunting for Bugs, Catching Dragons

Hunting for Bugs, Catching Dragons

On Trust: Stories from the Front Lines

On Trust: Stories from the Front Lines

The Future of Securing Intelligent Electronic Devices Using the IEC 62351-7 Standard for Monitoring

The Future of Securing Intelligent Electronic Devices Using the IEC 62351-7 Standard for Monitoring

The Future of ATO

The Future of ATO

Bounty Operations: Best Practices and Common Pitfalls to Avoid in the First 6-12 Months

Bounty Operations: Best Practices and Common Pitfalls to Avoid in the First 6-12 Months