DEF CON 26 - Truman Kain - Dragnet Your Social Engineering Sidekick
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=D7MryKXWqUA
Guang Gong
Pwning the toughest target the exploit chain of winning the largest bug bounty in the history of ASR program
...
https://www.youtube.com/watch?v=driilAoWa9c
Josep Pi Rodriguez
Breaking Extreme Networks WingOS How to own millions of devices running on Aircrafts Government Smart cities and more
...
https://www.youtube.com/watch?v=wSSgvZMzxNs
There has been significant attention recently surrounding the risks associated with cyber vulnerabilities in critical medical devices. Understandably, people are concerned that an attacker may exploit a vulnerability to modify the delivery of patient therapy, such as altering the dosage of medicine, delivering insulin therapy, or administering a shock via a pacemaker. These concerns raise several questions, such as: How do these devices work? What does the typical attack surface for implanted medical device look like? What do exploits against these systems look like? How do manufacturers respond to potentially life-threatening security issues? This presentation will address all these questions.
This presentation is the culmination of an 18-month independent case study in implanted medical devices. The presenters will provide detailed technical findings on remote exploitation of a pacemaker systems, pacemaker infrastructure, and a neurostimulator system. Exploitation of these vulnerabilities allow for the disruption of therapy as well as the ability to execute shocks to a patient.
The researchers followed coordinated disclosure policies in an attempt to help mitigate the security concerns. What followed was an 18-month roller coaster of unresponsiveness, technical inefficiencies and misleading reactions. The researchers will walk the audience through the details of disclosure and discuss the responses from the manufacturer and coordination associated with DHS ICS-CERT and the FDA. How did the manufacturer initially respond? What tactics did the manufacturer use to attempt to dismiss the independent researchers? Was the response by the manufacturer adequate from a patient responsibility standpoint? Has the actual technical vulnerability even been addressed?
...
https://www.youtube.com/watch?v=D0l8Ypu7Wmw
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=VvleCbYOorU
Every single security company is talking in some way or another about how they are applying machine learning. Companies go out of their way to make sure they mention machine learning and not statistics when they explain how they work. Recently, that's not enough anymore either. As a security company you have to claim artificial intelligence to be even part of the conversation.
Guess what. It's all baloney. We have entered a state in cyber security that is, in fact, dangerous. We are blindly relying on algorithms to do the right thing. We are letting deep learning algorithms detect anomalies in our data without having a clue what that algorithm just did. In academia, they call this the lack of explainability and verifiability. But rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and in turn discover wrong insights.
In this talk, I will show the limitations of machine learning, outline the issues of explainability, and show where deep learning should never be applied. I will show examples of how the blind application of algorithms (including deep learning) actually leads to wrong results. Algorithms are dangerous. We need to revert back to experts and invest in systems that learn from, and absorb the knowledge, of experts.
...
https://www.youtube.com/watch?v=VU8xZpS6w2A
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=AjXvhti5JkM
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=qVWAWXmlnww
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=X0ijvWaAPHI