In IT security, offensive problems are technical – but most defensive problems are political and organisational. Attackers have the luxury to focus only on the technical aspects of their work, while defenders have to navigate complex political and regulatory environments. In a previous talk (“Rearchitecting a defendable internet”) I discussed what technical measures would yield Read More …
Tag: conference
Month of AI Video – Practical LLM Security
Practical LLM Security As large language models (LLMs) become increasingly integrated into various applications, the security standards for these integrations have not kept pace. Much of the current security research tends to focus on either 1) the social harms and biases associated with LLMs, along with content moderation issues, or 2) the LLMs themselves, often Read More …
Conference Video – Threat Hunting Within Organizations Andrew Case
These are the videos from B Sides Tampa 2015
Conference Video – Deep Web – what to do and what not to do
Presented at the Cysinfo 9th Quarterly Meetup on 19th November 2016 at Bangalore Presentation Link
Conference Video – Defending Against Power Shell Attacks
Dutch Power Shell User Group – 3rd Power Shell Saturday 2017-04-08
Conference Video – Invoke-Obfuscation: PowerShell obFUsk8tion
Power Shell has increasingly become the de facto standard for penetration testers and hackers alike. It enables attackers to “live off the land” by using a Microsoft-signed binary that can execute remote code entirely in memory while bypassing both A/V and application whitelisting solutions. Today’s detection techniques monitor for certain strings in powershell.exe’s command-line arguments. Read More …
Conference Video – Win32 Exploit Development With Mona and the MSF Framework
In this talk, Corelanc0d3r and Nullthreat will walk the audience through the process of writing exploits for Win32 User Land, while elaborating on the subtleties of writing effective and reliable exploits that bypass common memory protections. Using a number of example exploits, they will demonstrate how the various functions available in mona.py, the Corelan Team Read More …
Conference Video – Dirty Red Team tricks
Let’s time travel to 2003 with today’s tools and own everything. This talk takes you inside the red teams at the North East and Mid Atlantic Collegiate Cyber Defense competition events. Raphael Mudge, the developer of the Armitage Metasploit GUI, will guide you on this journey. You will learn how to automate Metasploit, nmap, and Read More …
Conference Video – Offensive Countermeasures: Still trying to bring sexy back
Why is it that the Hackers and Penetration Testers get to have all of the “sexy” fun? In this presentation we will cover some cool tricks to confuse, block or mislead attackers. Penetration testers may be angered during this presentation as we will describe how to make their lives difficult. The term “hacking back” will Read More …
Conference Video – Dirty Secrets They Didn’t Teach You In Class
This talk is about methodologies and tools that we use or have coded that make our lives and pentest schedule a little easier, and why we do things the way we do. Of course, there will be a healthy dose of Metasploit in the mix.