DEF CON 26 - Alexandre Borges - Ring 0 Ring 2 Rootkits - Bypassing Defenses
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube. ... https://www.youtube.com/watch?v=RoJ7RUfjJNY
Krotofil & Wetzels
Through the Eyes of the Attacker Designing Embedded Systems Exploits for Industrial Control Systems
...
https://www.youtube.com/watch?v=lkO33NoYyV4
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=L2-jiU-niOQ
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=VvleCbYOorU
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=328zIgQvpmQ
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
...
https://www.youtube.com/watch?v=71HIid6yhiw
Do you want to know how you can exploit DNS rebinding 10x faster, bypass prevention mechanisms, interactively browse the victim's internal network, and automate the whole process during your next red team exercise?
This talk will teach you how and give you an easy-to-use tool to do it.
First, we will cover in detail the subtleties that make DNS rebinding attacks more effective in practice, including techniques and operational conditions that make it faster and more reliable. We'll also explain how to bypass commonly recommended security controls, dispelling attack and defense misconceptions that have been disseminated in blogs and social media posts.
This talk will include a number of demos using Singularity, our open source DNS rebinding attack framework that includes all the parts you need to get started pwning today, including:
Remote code execution and exfiltration payloads for common dev tools and software
Practical scanning and automation techniques to maximize the chance of controlling targeted services
We'll also show an interesting post-exploitation technique that allows you to browse a victim browser network environment via the attacker's browser without the use of HTTP proxies.
You'll leave this talk with the knowledge and tools to immediately start finding and exploiting DNS rebinding bugs.
Talk by Gerald Doussot
...
https://www.youtube.com/watch?v=qVUbc18S1eQ