This talk covers tag-side attacks against NFC communication protocols, including cracking of Mifare encryption keys and performing targeted attacks against NFC readers. In addition, it will cover the design and creation of devices capable of emulating NFC tags down to the raw protocol using standard components and tools, with no abstraction to dedicated hardware, covering and expanding on the capabilities of available products. This talk will contain how 13.56MHz NFC works at a raw level, how tools can be built for analysing it, how the protocol can be implemented in full on standard Microcontrollers, and the security weaknesses present in its design. ... https://www.youtube.com/watch?v=7FPvCwo5Ib0

Dennis Maldonado (AKA Linuz) Security Consultant - LARES Consulting Medic (Tim McGuffin) Security Consultant - LARES Consulting With minimal to no effort, we can gain SYSTEM level access to hundreds, if not, thousands of machines on the internet [remotely]. No, this is not a new super 1337 exploit and no this is not even a new technique. No super fancy website with poorly designed logo is necessary, there is nothing new here. Tim and Dennis have discovered that something only stupid sysadmins would do turns out to be much more prevalent than expected. What starts off as a sysadmin's innocent attempt to fix an issue, turns into complete compromise of entire servers/workstations with no effort needed from the attacker. Tim and Dennis will discuss how we came to this realization and explain how we automated looking for these issues in order to find hundreds of vulnerable machines over the internet. Tim and Dennis explain the tool developed for automation, provide statistics discovered from our research, and go over ways to protect yourself from falling victim to the issue. Dennis Maldonado is a Security Consultant at LARES Consulting. His current work includes penetration testing, infrastructure assessments, red teaming, and security research. Dennis’ focus is encompassing all forms information security into an assessment in order to better simulate a real world attack against systems and infrastructure. As a security researcher and evangelist, Dennis spends his time sharing what he knows about Information Security with anyone willing to learn. Dennis is a returning speaker to DEF CON and has presented at numerous workshops and meet-ups in the Houston area. Dennis co-founded Houston Locksport in Houston, Texas where he shares his love for lock-picking physical security as well as Houston Area Hackers Anonymous (HAHA), a meet-up for hackers and InfoSec professionals in the Houston area. Twitter: @DennisMald Tim was voted "most likely to be indicted" by his high school senior class, but has since gone on to gain the trust of large organizations and their executive management, which may or may not be a good thing. He holds a few industry certifications and is a member of a few security organizations, but considers his insomnia and attention deficit problems far more important to his career. Twitter: @NotMedic ... https://www.youtube.com/watch?v=saFKjW-hMCE