http://www.shodanhq.com/videos/media http://www.shodanhq.com/videos/media/routerpwn-a-router-exploitation-framework http://www.shodanhq.com/videos/media/routerpwn-a-router-exploitation-framework Tue, 11 Oct 2011 16:49:19 +0000 Routerpwn is a mobile exploitation framework that helps you in the exploitation of vulnerabilities in network devices such as residential and commercial routers, switches and access points. It is a compilation of ready to run local and remote web exploits. Programmed in Javascript and HTML in order to run in all "smart phones" and mobile Internet devices, including Android, iPhone, BlackBerry and all tablets. You can even store it off line for local exploitation without Internet connection. http://www.websec.mx http://www.websec.ca http://www.hakim.ws https://www.underground.org.mx routerpwn, Toorcon Toorcon 13 http://www.shodanhq.com/videos/media/atlas-sploit-me-if-you-can http://www.shodanhq.com/videos/media/atlas-sploit-me-if-you-can Tue, 04 Oct 2011 13:04:48 +0000 c++ template reversing, vftable madness, and randomization, oh my! come watch as atlas iterates through the 2011 defcon quals “potent pwnables 500? challenge and the path to solution. All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist atlas, DefCon quals, derbycon Derbycon 1 http://www.shodanhq.com/videos/media/jason-scotts-shareware-calvacade http://www.shodanhq.com/videos/media/jason-scotts-shareware-calvacade Tue, 04 Oct 2011 13:03:01 +0000 It drastically affected lives, it brought ruin and glory, and it left all the participants coated in the scars of battle that would stay with them forever. We speak, of course, of the shareware phenomenon. Drawing from over a terabyte of shareware software collected over the last decade, Jason will show you the highs, the lows, the ruination and the triumph of a rapidly fading chapter in computer history. Expect a fast-paced waterfall of trivia, eye-opening visuals and mind-blowing examples of all the foibles of humanity captured on small plastic discs. All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist computer history, derbycon, Jason Scott, shareware Derbycon 1 http://www.shodanhq.com/videos/media/hook-line-and-syncer-the-liar-for-hires-ultimate-t http://www.shodanhq.com/videos/media/hook-line-and-syncer-the-liar-for-hires-ultimate-t Tue, 04 Oct 2011 12:59:04 +0000 This presentation is an exploration of the latest tools used in the art of social engineering. From information gathering to post exploitation, participants will get to experience “the thrill of the con” from presenters who live it each day. The presentation seeks to prove that you don’t have to be a sleazy ‘salesman’ type personality to be successful at social engineering. With the right tools and techniques, just about anyone can pull off creative exploits. While an overview of all popular tools will be given, a deep-dive will be taken into a few of the coolest tools. But even better, the presenters will discuss real-life situations in which these tools have been used. This provides the participants with a context in which to understand the tools and how they may best be leveraged for maximum ownage. All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist Chris Silvers, derbycon, Pat McCoy, social engineering Derbycon 1 http://www.shodanhq.com/videos/media/compliance-an-assault-on-reason http://www.shodanhq.com/videos/media/compliance-an-assault-on-reason Tue, 04 Oct 2011 12:55:06 +0000 You have done PCI/HIPAA/SOX/ISO/FISMA/GLBA Compliance Audits, 10 Pentests, 20 Vulnerability Assessments, Code Review, App Testing and enough paperwork to feed the fire all winter long… but what did it get you. It got you a huge bill and a hardware stable of all of the latest security products. So now what? Are you safe? Will the Millions you spent on Hardware, Software and Compliance protect you from the “Bad Guys?” You may never know… but at least the marketing says it “Should.” Even if it DOES its job, will it protect your business? The answer: Not likely! For much too long, compliance has tested physical assets and ignored the thing that matters most…. YOUR BUSINESS. This session will discuss how we can change the paradigm. Throw away the # of addresses, the compliance reg, the book of what IT “thinks” is important and let’s get to work on testing the BUSINESSES ability to survive an attack. We will review how to evaluate what DOES matter and why compliance is nothing more than a blanket to hide under. At the end, it is about protecting the special sauce that makes your company unique. You can’t pay a fine for being “Non-Compliant” if you have already been HACKED OUT OF BUSINESS. All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist Chris Nickerson, compliance, derbycon Derbycon 1 http://www.shodanhq.com/videos/media/the-details-dont-matter http://www.shodanhq.com/videos/media/the-details-dont-matter Tue, 04 Oct 2011 12:52:07 +0000 Somewhere between the down in the trenches day to day operations of IT security and the high level, watered down strategies consumed and regurgitated by the CxO community, there lies some ground truths in what’s occurring in the information security universe. “What’s the best firewall to buy?” and “How to I configure it?” aren’t as important questions as “What does a firewall really buy me given the current threat environment?” Conversely “What percentage of my IT budge is spent on security?” isn’t as important as “Am I spending my money in a manner that protects my assets as effectively as required for my business?” and “How have I adapted from the ‘defend everything’ to ‘accept compromise and worry about detection and mitigation’ mindset?” It’s easy to get caught up in the weeds of the currently state of infosec. It’s a highly dynamic field and the specific threats and products change daily. However, the ground truth of what’s really going on changes much more slowly. By paying attention to the important truths of IT security, you can focus on the important aspects of securing what you really care about and not get lost in the details that simply waste time and cloud the real problems. All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist Bruce Potter, derbycon, IT security Derbycon 1 http://www.shodanhq.com/videos/media/the-penetration-testing-execution-standard-p http://www.shodanhq.com/videos/media/the-penetration-testing-execution-standard-p Tue, 04 Oct 2011 12:50:48 +0000 This is what you have been waiting for. We are releasing the alpha version of the Penetration Testing Execution Standard. This standard will be the baseline moving forward for all penetration tests and something that we believe deeply in. It’s time to change the field and it starts right here at DerbyCon 2011. All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist derbycon, Panel, PTES Derbycon 1 http://www.shodanhq.com/videos/media/adaptive-penetration-testing http://www.shodanhq.com/videos/media/adaptive-penetration-testing Tue, 04 Oct 2011 12:41:04 +0000 Penetration Testing is something that has many different meaning depending on the context used by the person. The Penetration Testing Execution Standard (PTES) is aimed to change that. In this talk we’ll be covering adaptive penetration testing which essentially is the ability to conform and change based on the environment that your attacking. We’ll be covering several live examples used in real-world penetration tests, how we discovered some clever tricks to circumvent security controls, and eventually be creative and gain unauthorized access. All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist Dave Kennedy, derbycon, Kevin Mitnick, penetration testing, PTES, security controls Derbycon 1 http://www.shodanhq.com/videos/media/hackers-for-charity-update http://www.shodanhq.com/videos/media/hackers-for-charity-update Tue, 04 Oct 2011 12:39:02 +0000 Johnny Long will give an update and future of the Hackers for Charity foundation. All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist derbycon, hackers for charity, Johnny Long Derbycon 1 http://www.shodanhq.com/videos/media/acoustic-intrusions http://www.shodanhq.com/videos/media/acoustic-intrusions Tue, 04 Oct 2011 12:37:40 +0000 What do the News of the World phone hackers have to do with the safe in your hotel room? How does war dialing help in an era with digital phones and few modems? Why can Metasploit help with the threat of IEDs? This talk will cover a different angle on security, with a focus on audio data collection and analysis. All videos at http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist derbycon, HD Moore, Metasploit, phone hacking, war dialing Derbycon 1 http://www.shodanhq.com/videos/media/smile-for-the-grenade-camera-go-bang http://www.shodanhq.com/videos/media/smile-for-the-grenade-camera-go-bang Tue, 04 Oct 2011 12:35:22 +0000 Cameras are hugely important to urban and suburban battlefields. Reconnaissance is a must-have for commanders, and a force multiplier for actual combat units. A combat-deployable camera system is being developed or used by nearly every military-industrial manufacturer and government agency, ranging from Throwable Camera Balls to Grenade-style launched cameras. But they’re expensive and inaccessible to civilians. Would it be possible to build a combat-deployable camera system that would fulfill the mandates of a tactical combat team, feed information to a strategic command center, and force-multiply “on the cheap”? All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist camera, derbycon, reconnaissance Derbycon 1 http://www.shodanhq.com/videos/media/welcome-to-derbycon-2011-intro-to-the-con-and-even http://www.shodanhq.com/videos/media/welcome-to-derbycon-2011-intro-to-the-con-and-even Tue, 04 Oct 2011 12:33:03 +0000 All videos at: http://www.irongeek.com/i.php?page=videos/derbycon1/mainlist derbycon Derbycon 1 http://www.shodanhq.com/videos/media/spirit-of-the-time-mikko-hypponen-at-zeitgei http://www.shodanhq.com/videos/media/spirit-of-the-time-mikko-hypponen-at-zeitgei Thu, 29 Sep 2011 22:24:33 +0000 Spirit of the Time-- When we bring together a range of young minds seeking solutions for our time, what inspirational insights will we discover? Mikko Hypponen, Chief Research Officer, F-Secure Background image courtesy of Trey Ratcliff at Stuck in Customs Photography (http://www.stuckincustoms.com). Image featured is "The Bamboo Forest" - http://stuckincustoms.smugmug.com/Portfolio-The-Best/your-favorites/10668747_AuyBk#742619345_hkJPG. inspiration, mikko hypponen, zeitgeist Featured http://www.shodanhq.com/videos/media/exploiting-digital-cameras http://www.shodanhq.com/videos/media/exploiting-digital-cameras Thu, 22 Sep 2011 23:13:09 +0000 Alfredo Ortega, Sr. Exploit Writer at Core Security Oren Isacson, Sr. Exploit Writer at Core Security ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org digital camera, ekoparty Ekoparty 2010 http://www.shodanhq.com/videos/media/sandboxing-based-on-seccomp-for-linux-kernel http://www.shodanhq.com/videos/media/sandboxing-based-on-seccomp-for-linux-kernel Thu, 22 Sep 2011 23:12:33 +0000 Nicolás Bareli, Sr. Security Researcher at EADS ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, SECCOMP Ekoparty 2010 http://www.shodanhq.com/videos/media/pentesting-driven-by-foca http://www.shodanhq.com/videos/media/pentesting-driven-by-foca Thu, 22 Sep 2011 23:11:55 +0000 Chema Alonso, System Engineer at Informatica 64 ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org Chema Alonso, ekoparty, FOCA, Informatica 64 Ekoparty 2010 http://www.shodanhq.com/videos/media/virtually-pwned-pentesting-vmware http://www.shodanhq.com/videos/media/virtually-pwned-pentesting-vmware Thu, 22 Sep 2011 23:11:06 +0000 Claudio Criscione, Sr. Security Researcher ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, VMware Ekoparty 2010 http://www.shodanhq.com/videos/media/historias-de-0days-disclosing-y-otras-yerbas http://www.shodanhq.com/videos/media/historias-de-0days-disclosing-y-otras-yerbas Thu, 22 Sep 2011 23:10:33 +0000 Cesar Cerrudo, CEO at Argeniss ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty Ekoparty 2010 http://www.shodanhq.com/videos/media/sap-backdoors-a-ghost-at-the-heart-of-your-busines http://www.shodanhq.com/videos/media/sap-backdoors-a-ghost-at-the-heart-of-your-busines Thu, 22 Sep 2011 23:09:36 +0000 Mariano Nuñez Di Croce, Director of Research and Development at Onapsis. ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, SAP Ekoparty 2010 http://www.shodanhq.com/videos/media/faraday-a-tool-to-share-knowledge http://www.shodanhq.com/videos/media/faraday-a-tool-to-share-knowledge Thu, 22 Sep 2011 23:08:45 +0000 Federico Kirschbaum, CTO at Infobyte Security. Facundo Guzman, Sr. Security Researcher Esteban Guillardoy, Sr. Security Researcher ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, faraday, knowledge Ekoparty 2010 http://www.shodanhq.com/videos/media/token-kidnappings-revenge http://www.shodanhq.com/videos/media/token-kidnappings-revenge Thu, 22 Sep 2011 23:07:12 +0000 Cesar Cerrudo, CEO at Argeniss ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty Ekoparty 2010 http://www.shodanhq.com/videos/media/2x1-microsoft-bugs-virtual-pc-hyper-hole-visor-win http://www.shodanhq.com/videos/media/2x1-microsoft-bugs-virtual-pc-hyper-hole-visor-win Thu, 22 Sep 2011 23:06:41 +0000 Nicolás Economou, Sr. Exploit Writer at Core Security Technologies ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, hypervisor, vulnerability Ekoparty 2010 http://www.shodanhq.com/videos/media/atacando-voipun-paraiso http://www.shodanhq.com/videos/media/atacando-voipun-paraiso Thu, 22 Sep 2011 23:05:51 +0000 Giovanni Cruz, Sr. Security Researcher. ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty Ekoparty 2010 http://www.shodanhq.com/videos/media/network-based-detection-of-pe-structural-anomalies http://www.shodanhq.com/videos/media/network-based-detection-of-pe-structural-anomalies Thu, 22 Sep 2011 16:05:33 +0000 Gary Golomb, Sr. Security Researcher at NetWitness Corporation. ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty Ekoparty 2010 http://www.shodanhq.com/videos/media/web-application-security-payloads http://www.shodanhq.com/videos/media/web-application-security-payloads Thu, 22 Sep 2011 16:04:50 +0000 Andrés Riancho, CEO at Bonsai Security ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, web app security Ekoparty 2010 http://www.shodanhq.com/videos/media/understanding-the-low-fragmentation-heap-fro http://www.shodanhq.com/videos/media/understanding-the-low-fragmentation-heap-fro Thu, 22 Sep 2011 16:02:46 +0000 Chris Valasek, Sr. Security Research Scientist - Accuvant. ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, exploit, heap Ekoparty 2010 http://www.shodanhq.com/videos/media/wpa-migration-mode-wep-is-back-to-haunt-you http://www.shodanhq.com/videos/media/wpa-migration-mode-wep-is-back-to-haunt-you Thu, 22 Sep 2011 16:02:09 +0000 Leandro Federico Meiners, Sr. Security Researcher at Core Security ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, WEP, WPA Ekoparty 2010 http://www.shodanhq.com/videos/media/distinguishing-lockpicks-raking-vs-lifting-vs-jigg http://www.shodanhq.com/videos/media/distinguishing-lockpicks-raking-vs-lifting-vs-jigg Thu, 22 Sep 2011 16:01:27 +0000 Deviant Ollam, Network Engineer and Security Consultant. ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, Lockpicking Ekoparty 2010 http://www.shodanhq.com/videos/media/understanding-the-win-smb-ntlm-weak-nonce-vulnerab http://www.shodanhq.com/videos/media/understanding-the-win-smb-ntlm-weak-nonce-vulnerab Thu, 22 Sep 2011 15:58:19 +0000 Hernán Ochoa, Sr. Security Researcher at Amplia Security Agustín Azubel, Sr. Security Researcher at Amplia Security ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, NTLM, SMB, weak nonce vulnerability Ekoparty 2010 http://www.shodanhq.com/videos/media/hacking-an-activity-of-public-interest http://www.shodanhq.com/videos/media/hacking-an-activity-of-public-interest Thu, 22 Sep 2011 15:57:23 +0000 Cedric Blancher, Sr. Researcher - EADS Computer Security. ekoparty Security Conference 2010 Buenos Aires - Argentina +info: www.ekoparty.org ekoparty, public interest Ekoparty 2010