Showing Posts About

DEF CON

Platform Agnostic Kernel Fuzzing

Platform agnostic kernel fuzzing research developed a method for systematically testing system and library calls across Windows and POSIX kernels. The approach focused on effectively logging crashes, reproducing vulnerabilities, and scaling fuzzing across multiple virtual machines. The research provided a framework for identifying kernel-level bugs through comprehensive and methodical testing.

  • 7 Aug 2009

Defcon 17

DefCon 17 featured technical talks covering diverse cybersecurity topics including wireless sensor exploitation, USB security vulnerabilities, and router hacking. Presentations explored critical security issues such as extracting encryption keys, inline hooking techniques, and vulnerability disclosure strategies. The conference highlighted emerging research on hardware and software vulnerabilities across technological domains.

Fun with Plug & 0wn

Rafael Dominguez Vega presented USB security research at Defcon 17 in Las Vegas on August 2nd, 2009. The presentation materials discussing USB security vulnerabilities are available for download. The talk focused on research findings related to USB security.

DefCon16 - Virtually Hacking

A presentation by John Fitzpatrick from MWR InfoSecurity at DefCon 16 explored VMware security vulnerabilities. The talk focused on potential attack vectors in virtualized environments. The full presentation is available for download from the MWR InfoSecurity labs website.

  • 11 Aug 2008

Defcon 16 Talk Review: Advanced Software Armouring and Polymorphic Kung-Fu

Nick Harbour presented PE-Scrambler, an advanced Windows executable packer that manipulates binary code at the disassembly level to obstruct reverse engineering. The tool uses sophisticated techniques like destroying call trees, relocating code chunks, and creating ambiguous disassembly to make binary analysis challenging. Additionally, Harbour demonstrated FindEvil, a tool that detects packed binaries by comparing disassembly size to binary size.

  • 11 Aug 2008

Defcon 16 Talk Review: The Pentest is Dead, Long Live the Pentest

The article reviews a Defcon 16 talk about the evolution of penetration testing from an underground practice to a professional service. It highlights the shift from ad-hoc, tool-driven approaches to a more strategic, methodology-focused discipline. Key recommendations include developing creative testing methods, producing context-rich reports, and maintaining ongoing client partnerships.

  • 11 Aug 2008

Defcon 16 Talk Review: Time-Based Blind SQL Injection Using Heavy Queries and the Marathon Tool

A summary of a DEF CON talk on advanced SQL injection attacks.

Security Implications of Windows Access Tokens

A whitepaper by Luke Jennings explores the security implications of Windows access tokens in enterprise environments. The document details how access token design can be exploited during penetration testing, highlighting systemic vulnerabilities in corporate security controls. The paper discusses the technical mechanisms of Windows access tokens and provides insights into potential post-exploitation techniques.

DefCon 15 - Websphere MQ

A presentation about IBM Websphere MQ software security was delivered at DefCon 15 in Las Vegas on August 3rd, 2007. The presentation was given by MWR InfoSecurity and the slides are available for download from their website.

DefCon 14 - IBM Networking

A presentation by Martyn Ruks at DefCon 14 in 2006 explored IBM network security testing methodologies. The talk focused on identifying potential vulnerabilities in IBM network infrastructure. Specific network security assessment techniques for IBM systems were discussed during the presentation.