SlideShare une entreprise Scribd logo
1  sur  25
Black hat / Defcon 2014
What is (a) Blackhat? 
• A conference for security professionals 
• 4 days of training, 2 days of briefings 
• 9,000 security executives, hackers, academics, and spies attended Black Hat this year 
• A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for 
personal gain“ 
• Ticket price range from $1795 - $2595 just for the briefings
Venue – Mandalay Bay 
Nothing says Vegas like a hotel wedding chapel 
• First year that BH enters Mandalay 
• 3,309 hotel rooms and a casino of 
12,500 m2 
• Convention center is 93,000 m2 (!)
What is Defcon ? 
• By hackers, for hackers 
• Nearly 16,000 attendees, up from last year’s 12,000. 
• Tickets cost $220 at the door – cash only (I wonder why)
Venue – Rio 
• 2,522 hotel rooms and a casino of 11,000 m2 
• Convention center only 15,000 m2 
• Long lines...
Focus on hacks, whatever it might be 
• Badge hacking 
• SDR hacking 
• Hardware 
• Software 
• Locks 
• People… 
• Hack all the things!
People who think that they’re hackers
Wall of sheep 
• Dedicated to security research and 
the advancement of security 
awareness through, in many cases, 
unconventional methods. 
”Free charge?! Awesome!”
Skytalks 
• A con within a con (conception?) 
• Classic, old-school Defcon: no cameras, no recording. 
No pre-con content takedowns. 
No sobriety. No bullshit. 
• Solely funded by donations 
• “Special” talks 
• A brief history of teledildonics. Yeah, apparently that’s a thing. 
• Breaking MIFARE ULTRALIGHT.. or how to get free rides and more
Summary
A Survey of Remote Automotive Attack 
Surfaces 
• Hacking cars remotely 
Source: autoguide.com
BadUSB
Extreme Privilege Escalation on Windows 
8/UEFI Systems 
• Hacking Windows through the bios 
https://www.blackhat.com/docs/us-14/materials/us-14-Kallenberg-Extreme-Privilege- 
Escalation-On-Windows8-UEFI-Systems-WP.pdf
Interesting sessions 
Cyber defend yourself – Don’t screw up!
Interesting sessions 
• Hacking RFID – or how to ride for free on public transportation 
Source: SL
Interesting sessions 
• Internet of things 
Source: Morgan Stanley
Interesting sessions 
• Post Exploitation – Veil Pillage
Interesting sessions 
• What the Watchers see – or not…
Interesting sessions 
• Veaponize your pets 
Source: 
Funnypostcard.coml
Interesting sessions cont. 
• Exploiting Thunderbolt 
Source: Intel
Everybody loves to hack credit cards!
Credit card hacks present or presented at 
Defcon 
• Jackpotting ATMs 
• Mag stripe skimming (duh…) 
• Relay attack 
• False terminals (capture PIN) 
• No PIN attack (MiTM attack) 
• More www.lightbluetouchpaper.org 
• And http://www.cl.cam.ac.uk/~rja14/banksec.html
Interesting sessions 
• And of course…. Lots on NSA playset 
Source: Der Spiegel

Contenu connexe

En vedette

ElDar Marble and Granite
ElDar Marble and GraniteElDar Marble and Granite
ElDar Marble and Granite
a2zdecor
 
A&B Catalog 2011
A&B Catalog 2011A&B Catalog 2011
A&B Catalog 2011
nancygrav
 
Student net iwmw 2010 presentation upload
Student net iwmw 2010 presentation uploadStudent net iwmw 2010 presentation upload
Student net iwmw 2010 presentation upload
Josef Lapka
 
El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...
El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...
El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...
JdJuan Guadalinfo
 
Ifam lounge bilanzpolitik
Ifam lounge bilanzpolitikIfam lounge bilanzpolitik
Ifam lounge bilanzpolitik
Werner Drizhal
 
El arte-de-isabel-guerra
El arte-de-isabel-guerraEl arte-de-isabel-guerra
El arte-de-isabel-guerra
abelenguer
 
The history of social networks
The history of social networksThe history of social networks
The history of social networks
Knut Linke
 
Formato para referencia de documento electrónico copia
Formato para referencia de documento electrónico   copiaFormato para referencia de documento electrónico   copia
Formato para referencia de documento electrónico copia
Daniel Kintero
 
Carlos petano actividad1.doc
Carlos petano actividad1.docCarlos petano actividad1.doc
Carlos petano actividad1.doc
carlospet23
 

En vedette (19)

ElDar Marble and Granite
ElDar Marble and GraniteElDar Marble and Granite
ElDar Marble and Granite
 
Acs ss ice_led
Acs ss ice_ledAcs ss ice_led
Acs ss ice_led
 
A&B Catalog 2011
A&B Catalog 2011A&B Catalog 2011
A&B Catalog 2011
 
New Riverside Green Sand MSDS
New Riverside Green Sand MSDSNew Riverside Green Sand MSDS
New Riverside Green Sand MSDS
 
Preparing Life Insurers for the Future of Distribution
Preparing Life Insurers for the Future of DistributionPreparing Life Insurers for the Future of Distribution
Preparing Life Insurers for the Future of Distribution
 
Student net iwmw 2010 presentation upload
Student net iwmw 2010 presentation uploadStudent net iwmw 2010 presentation upload
Student net iwmw 2010 presentation upload
 
El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...
El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...
El Ayuntamiento de La Roda de Andalucía incentiva la contratación de personas...
 
Ifam lounge bilanzpolitik
Ifam lounge bilanzpolitikIfam lounge bilanzpolitik
Ifam lounge bilanzpolitik
 
El arte-de-isabel-guerra
El arte-de-isabel-guerraEl arte-de-isabel-guerra
El arte-de-isabel-guerra
 
E - Sweet Tale
E -  Sweet TaleE -  Sweet Tale
E - Sweet Tale
 
imPacT 2016-PT & PTA
imPacT 2016-PT & PTAimPacT 2016-PT & PTA
imPacT 2016-PT & PTA
 
The history of social networks
The history of social networksThe history of social networks
The history of social networks
 
Formato para referencia de documento electrónico copia
Formato para referencia de documento electrónico   copiaFormato para referencia de documento electrónico   copia
Formato para referencia de documento electrónico copia
 
Prádena
Prádena Prádena
Prádena
 
Golden ticket, pass the ticket mi tm kerberos attacks explained
Golden ticket, pass the ticket mi tm   kerberos attacks explainedGolden ticket, pass the ticket mi tm   kerberos attacks explained
Golden ticket, pass the ticket mi tm kerberos attacks explained
 
Visual kei
Visual keiVisual kei
Visual kei
 
Crowdar - Introducción a BDD
Crowdar - Introducción a BDDCrowdar - Introducción a BDD
Crowdar - Introducción a BDD
 
Carlos petano actividad1.doc
Carlos petano actividad1.docCarlos petano actividad1.doc
Carlos petano actividad1.doc
 
Concordia university-guide firstyear
Concordia university-guide firstyearConcordia university-guide firstyear
Concordia university-guide firstyear
 

Similaire à Black hat and defcon 2014

Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
Albert Hui
 

Similaire à Black hat and defcon 2014 (20)

Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
Hacker Halted 2018: From CTF to CVE – How Application of Concepts and Persist...
 
So You Want to be a Hacker?
So You Want to be a Hacker?So You Want to be a Hacker?
So You Want to be a Hacker?
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks   KS ED TECH 2012Surfing with Sharks   KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Dark Web and Privacy
Dark Web and PrivacyDark Web and Privacy
Dark Web and Privacy
 
A Blockchain Quest - Hacker House
A Blockchain Quest - Hacker HouseA Blockchain Quest - Hacker House
A Blockchain Quest - Hacker House
 
Why We Need a Dark(er) Web
Why We Need a Dark(er) WebWhy We Need a Dark(er) Web
Why We Need a Dark(er) Web
 
Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency Introduction to Bitcoin and Crypto-currency
Introduction to Bitcoin and Crypto-currency
 
44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?44CON @ IPexpo - You're fighting an APT with what exactly?
44CON @ IPexpo - You're fighting an APT with what exactly?
 
Darknet (ec)
Darknet (ec) Darknet (ec)
Darknet (ec)
 
Cyber Fraud - The New Frontiers
Cyber Fraud - The New FrontiersCyber Fraud - The New Frontiers
Cyber Fraud - The New Frontiers
 
Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)Pichman privacy, the dark web, & hacker devices i school (1)
Pichman privacy, the dark web, & hacker devices i school (1)
 
Hunt for the red DA
Hunt for the red DAHunt for the red DA
Hunt for the red DA
 
How to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bagHow to Build Your Own Physical Pentesting Go-bag
How to Build Your Own Physical Pentesting Go-bag
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 
Dark Web Forensics
Dark Web Forensics Dark Web Forensics
Dark Web Forensics
 
Cyber crime &_info_security
Cyber crime &_info_securityCyber crime &_info_security
Cyber crime &_info_security
 
Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)Cybercrime in the Deep Web (BHEU 2015)
Cybercrime in the Deep Web (BHEU 2015)
 
Cybercrime In The Deep Web
Cybercrime In The Deep WebCybercrime In The Deep Web
Cybercrime In The Deep Web
 
ethicalhacking-1
ethicalhacking-1ethicalhacking-1
ethicalhacking-1
 
TADHack Global 2022 Winners
TADHack Global 2022 WinnersTADHack Global 2022 Winners
TADHack Global 2022 Winners
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Dernier (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers:  A Deep Dive into Serverless Spatial Data and FMECloud Frontiers:  A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Black hat and defcon 2014

  • 1. Black hat / Defcon 2014
  • 2. What is (a) Blackhat? • A conference for security professionals • 4 days of training, 2 days of briefings • 9,000 security executives, hackers, academics, and spies attended Black Hat this year • A "black hat" hacker is a hacker who "violates computer security for little reason beyond maliciousness or for personal gain“ • Ticket price range from $1795 - $2595 just for the briefings
  • 3. Venue – Mandalay Bay Nothing says Vegas like a hotel wedding chapel • First year that BH enters Mandalay • 3,309 hotel rooms and a casino of 12,500 m2 • Convention center is 93,000 m2 (!)
  • 4. What is Defcon ? • By hackers, for hackers • Nearly 16,000 attendees, up from last year’s 12,000. • Tickets cost $220 at the door – cash only (I wonder why)
  • 5. Venue – Rio • 2,522 hotel rooms and a casino of 11,000 m2 • Convention center only 15,000 m2 • Long lines...
  • 6. Focus on hacks, whatever it might be • Badge hacking • SDR hacking • Hardware • Software • Locks • People… • Hack all the things!
  • 7. People who think that they’re hackers
  • 8. Wall of sheep • Dedicated to security research and the advancement of security awareness through, in many cases, unconventional methods. ”Free charge?! Awesome!”
  • 9. Skytalks • A con within a con (conception?) • Classic, old-school Defcon: no cameras, no recording. No pre-con content takedowns. No sobriety. No bullshit. • Solely funded by donations • “Special” talks • A brief history of teledildonics. Yeah, apparently that’s a thing. • Breaking MIFARE ULTRALIGHT.. or how to get free rides and more
  • 11.
  • 12. A Survey of Remote Automotive Attack Surfaces • Hacking cars remotely Source: autoguide.com
  • 14. Extreme Privilege Escalation on Windows 8/UEFI Systems • Hacking Windows through the bios https://www.blackhat.com/docs/us-14/materials/us-14-Kallenberg-Extreme-Privilege- Escalation-On-Windows8-UEFI-Systems-WP.pdf
  • 15.
  • 16. Interesting sessions Cyber defend yourself – Don’t screw up!
  • 17. Interesting sessions • Hacking RFID – or how to ride for free on public transportation Source: SL
  • 18. Interesting sessions • Internet of things Source: Morgan Stanley
  • 19. Interesting sessions • Post Exploitation – Veil Pillage
  • 20. Interesting sessions • What the Watchers see – or not…
  • 21. Interesting sessions • Veaponize your pets Source: Funnypostcard.coml
  • 22. Interesting sessions cont. • Exploiting Thunderbolt Source: Intel
  • 23. Everybody loves to hack credit cards!
  • 24. Credit card hacks present or presented at Defcon • Jackpotting ATMs • Mag stripe skimming (duh…) • Relay attack • False terminals (capture PIN) • No PIN attack (MiTM attack) • More www.lightbluetouchpaper.org • And http://www.cl.cam.ac.uk/~rja14/banksec.html
  • 25. Interesting sessions • And of course…. Lots on NSA playset Source: Der Spiegel

Notes de l'éditeur

  1. Vegas och varför konferenserna är där. Hackers blir lätt uttråkade, bra med en stad som aldrig sover.
  2. Läs på sliden. Black Hat, grundades av Jeff Moss som en systerkonferens till DefCon, ägs nu av UBM Tech. Är numera ett nätverk av konferenser runt om i världen (EU, USA, Asien) och “toppmöten” runt om i världen Trainings går på flera tusen dollar styck, beroende på innehåll och längd.
  3. Första året på Mandalay i BH’s 16-åriga historia. Venetian första året, sen Ceasers tom förra året. 28,000  m2 på Ceasers dög inte längre. Ett av de största privatägda convention centers i världen. Gott om plats. Fult hotell! :D
  4. Trainings är fyra dagar av hård träning med erkända experter inom deras områden, t.ex: APPLICATION SECURITY: FOR HACKERS AND DEVELOPERS ATTACKING, DEFENDING AND BUILDING SCADA SYSTEMS ERP SECURITY: ASSESS, EXPLOIT AND DEFEND SAP PLATFORMS Briefings: Föreläsningar 2 dagar, säkerhetsforskare och specialister Networking: Corporate stuff... Arsenal: Cool tools $$$: Mycket runt konferensen handlar om pengar. Vendors vill sälja sina coola prylar och synas genom att bjuda på saker. Microsoft t.ex. hade fest på en av Vegas största nattklubbar
  5. Innovation city: Designated area for start-ups to showcase cutting-edge products and solutions and engage with the community Vendor sessions: One-hour sponsored presentations in the Business Hall Theater, presented by leading researchers and security experts Business center: Selected area for private meeting rooms and suites to conduct business with clients, colleagues and press Networking longue: The primary destination for attendees to network, conduct informal meetings and enjoy food and beverages
  6. Efter en lång dag av coola föreläsningar så måste man slappna av, och vilken stad att göra det i ;) PARTY!
  7. DEFCON är en femgradig beredskapsskala använd av USA:s militär. Konferens som även den grundades av Jess Moss.
  8. Ett lag i CTF som sitter och hackar och plockar flaggor Ett WIFI-gevär pimpat med pringles-antenner för maximal räckvidd!
  9. WIFI pineapple är ett verktyg med skräddarsydd hård- och mjukvara för revision av trådlösa nätverk. The intern var ute på djupt vatten...
  10. Folk som har insett att fler delar deras intresse och har därför satt upp en ”village” där man kan testa på och höra föreläsningar om ämnet. Exempel: Tamper evident: Man ska försöka bryta sig in någon typ av låda utan att ”auto destruct” sekvensen skall gå av. I år var det en bomb som skulle desarmeras, ala Hollywood :)
  11. Förklara wall of sheep, lyssnar på nätet efter klartextprotokoll Plugga inte in din dator/telefon i vad som helst...
  12. A small con within defcon. One room with its own schedule and speakers Not all talks are strictly legal which is why recording and cameras are prohibited. Talks that are designed to overclock your brain with cutting edge information about sensitive topics that you might not be able to freely discuss or research from the privacy of your own home, workplace, or favorite con
  13. Blackhat / defcon badge sida vid sida summerar konferenserna ganska bra. Blackhat: Corporate, stilrent, grått, rätt tortt/tråkigt. Ansvarsfullt! Defcon: Blinkade kretskort som du själv kan hacka och modda, lära dig programmera eller löda med osv. ”Do not obey” är kanske raka motsatsen av vad blackhat står för
  14. Breifly mention how they hacked 20 things in 40 minutes using
  15. Mention that you need to “hide” your ass. For everyone elses sake. And don’t screw it up
  16. Breifly describe how they cloned and manipulated RFID cards for public transport using NFC smartphones
  17. Talk about how the internet of thing could be exploited using timing attacks
  18. Talk about the tool Veil and its new component Pillage Utilizes$various languages and techniques to generate AV? Evading payloads – shellcode injection and ’pure’ meterpreter stagers ▪ Modularity:'want$it$to$be$easy$to$ implement$new$post?exploitation$ techniques$ – And$want$to$be$able$to$easily$integrate$our$ code/techniques$into$other$tools$ ▪ Completeness:'automation,$ comprehensive$logging,$cleanup,$etc.
  19. Talk about how Wireless cameras lack security and that it is possible to send you own images to the Command Center
  20. Put Tech on Coat Put Coat on Cat Send Cat on a walkabout Recover data when cat returns Profit Cats, howa bout dogs… Denial of service Dog – Pinapple + TV B Gone
  21. Talk briefly about how they managed to create a Thunderbolt VGA adapter to hack laptops
  22. Talk about how people have started to create their own ANT devices.