logo

2018-08-09 ~ 2018-08-12

Presentations (with video): 113 (98)

DEF CON (also written as DEFCON, Defcon or DC) is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyers, federal government employees, security researchers, students, and hackers with a general interest in software, computer architecture, hardware modification, conference badges, and anything else that can be "hacked". The event consists of several tracks of speakers about computer- and hacking-related subjects, as well as cyber-security challenges and competitions (known as hacking wargames). Contests held during the event are extremely varied, and can range from creating the longest Wi-Fi connection to finding the most effective way to cool a beer in the Nevada heat.

Sort by:  

Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

The presentation discusses techniques for identifying malware in Android applications through analyzing creation times and language metadata.
  • Using the Android SDK tool apt, creation times of files within an APK can be analyzed to identify potential malware
  • Language metadata within RTF documents can also be used to identify the default language of the developer, potentially indicating the country of origin of the malware
  • A bug in the apt tool causes it to use the wrong time zone when adding files to an APK, but this can be fixed by manually inputting the correct time stamp
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

The presentation discusses the vulnerabilities of inter-process communication (IPC) in various applications, particularly in password managers, and proposes solutions to mitigate these vulnerabilities.
  • IPC in client-server architecture may be vulnerable to various types of attacks
  • Standalone password managers are particularly vulnerable due to lack of authentication between the browser extension and the app
  • RoboForm is an example of a password manager with no authentication between the browser extension and the app
  • OnePassword is an example of a password manager with attempted protection of IPC channel, but with an insecure protocol and lack of server verification
  • Native messaging is a more secure alternative to IPC, but still has limitations
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

The presentation discusses a method of bypassing ASLR by brute-forcing and pre-selecting base addresses.
  • The attack involves a route process and a drone process
  • The drone process launches and throws back a specific return code based on whether or not it has the desired base address
  • The route process maps the file in a loop until it finds the desired base address
  • The attack can be embedded in any PE and is position agnostic
  • The attack cannot obfuscate imports and can be slow
  • The presenter discovered a method of invalidating base addresses by copying and launching the file repeatedly
  • The attack can be used to bypass ASLR on Windows 10 by tweaking ASLR configuration or invalidating base addresses
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

The presentation discusses the power of synthetic events in bypassing security mechanisms on Mac OS and how they can be utilized by attackers. It also highlights the vulnerabilities in Apple's security mechanisms and the need for better protection.
  • Synthetic events are a powerful capability that can be used to bypass security mechanisms and perform actions invisibly.
  • AppleScript and Core Graphics Framework are commonly used to interact with UI prompts programmatically and generate synthetic events.
  • Apple's security mechanisms have vulnerabilities that can be exploited using synthetic events, such as the unsecured privacy alerts and the flaw in the kernel loading extension security mechanism.
  • The presentation also announces a new Mac security conference called Objective by the Sea.
  • In Mohave, Apple has taken a more drastic approach to block and disallow a ton of actions, which is good from a security point of view but may block legitimate applications.
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

The presentation discusses various techniques used by malicious drivers to evade detection and compromise systems, as well as the importance of analyzing and protecting against these techniques.
  • Malicious drivers often use techniques such as hooking, encryption, and random driver selection to evade detection and compromise systems
  • Patchguard can be used to protect against some of these techniques, but malicious drivers may also try to avoid touching protected areas
  • Advanced malware may use techniques such as altering the MBR or hiding sectors to bypass security measures
  • It is important for security professionals to be aware of these techniques and to analyze and protect against them
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

The presentation discusses reverse engineering and vulnerability research on Microsoft Defender ATP.
  • Reverse engineering of Microsoft Defender ATP
  • AV instrumentation throughout the engine
  • Vulnerabilities discovered by Google Project Zero
  • Abuse of API call instruction by malware
  • Importance of reverse engineering and vulnerability research
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

The talk discusses the importance of understanding gadget chains in deserialization vulnerabilities and introduces a tool for automatically finding gadget chains.
  • Gadget chains are important to understand in deserialization vulnerabilities
  • Existing applications with clients make updating IPC mechanisms difficult
  • Tools like Y so serial and Marshal SEC can help identify known gadget chains
  • Jugal is a tool for programmatically querying data types on a class path
  • The speaker introduces a tool for automatically finding gadget chains
  • The tool was able to find a sophisticated gadget chain in a proof of concept
  • Better tools are needed to understand risk profiles in applications
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

The presentation discusses a native hooking framework for Android emulators to prevent cheating in mobile games.
  • Commercial Android emulators are popular and often shipped with root permission, making them vulnerable to cheating tools.
  • Cheating on emulators is often done through touch simulation, which requires root privilege or shell access.
  • A native hooking framework can be used to prevent cheating on mixed-mode emulators.
  • The presentation includes a demo of using the hooking framework to cheat a game on an emulator.
  • The future of mobile game cheating may be impacted by the development of such frameworks.
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

Tumble RF is a software framework for fuzzing arbitrary RF protocols that abstracts out the radio API, test case generation, and harness. It allows for easy changing of RF interfaces, flexible test case generation, and comprehensive fuzzing of both layer two and the file layer.
  • Tumble RF is a software framework for fuzzing arbitrary RF protocols
  • It abstracts out the radio API, test case generation, and harness
  • Allows for easy changing of RF interfaces
  • Flexible test case generation
  • Comprehensive fuzzing of both layer two and the file layer
Tags:
Conference:  Defcon 26
Authors:
2018-08-01

tldr - powered by Generative AI

ThinSIM-based Attacks on Mobile Money Systems
  • Mobile money applications are widely used in developing countries where access to banks is limited
  • ThinSIMs are small SIM card add-ons that provide alternative mobile money implementations without operating their own mobile networks
  • The security implications of ThinSIMs are not well understood
  • Attackers can use ThinSIMs to steal money from mobile money platforms by intercepting, modifying, and creating toolkit commands
  • The attacks take place in two phases: stealing credentials and making fraudulent payments
  • Mobile money platforms offer different interfaces such as USSD, smartphone apps, SIM toolkit apps, and IVR
  • ThinSIM-based attacks can be triggered through various means, and defense is difficult
Tags: