This Friday - 05/07/2019 - Tune In for a Exclusive Offensive Warfare 2.0 Portal Introduction Livestream with Managing Director - Dancho Danchev. RSVP for details here.

Jump to content

Welcome to the Wonderful World of Hacking!

Welcome to the Wonderful World of Hacking!

Today we're proud to announce the launch of the Offensive Warfare 2.0 Hacking and Security Community!

Read more

Get Premium Membership!

Join now and get full access!
 

What are you waiting for?

?

Premium

Welcome to Offensive Warfare 2.0 - The Future of Cyber Warfare - Hacking and Cyber Security Forum Introduction Update

Welcome to the Wonderful World of Information Security! In a World dominated by modern and increasingly sophisticated cyber threats it should be clearly noted that the general public end users and organizations should definitely take the necessary measures to stay ahead of current and emerging cyber threat in the face of protecting the confidentiality availability and integrity of their data currently exposed to a multi-tude of malicious attack scenarios courtesy of cybercriminals malicious attackers the U.S Intelligence Community and various other rogue and nation state actors.

What are the primary Key Points in terms of this community?

  • Spread data information and knowledge to thousands of active users
  • Raise awareness on current and emerging Cyber Threats including detection and prevention technologies
  • Offer the necessary "tools-of-trade" to empower thousands of loyal users on a daily basis with the necessary tools to stay on the top of their game
  • Offer general and in-depth discussion on current Cyber Security and Hacking Tactics and Techniques including prevention and detection mechanisms

What we're currently looking for?

  • Donations - feel free to donate to this project using PayPal ID: dancho.danchev@hush.com
  • Subscriptions - basic subscription-based access for Premium Members would guarantee access to exclusive content including Security and Hacking Search Engine and Dark Web Search Engine
  • Spread the Word - with free registration you have approximately ten invitations which you can use to send to your friends and colleagues in terms of joining the community
  • Share your knowledge - join the community today - post an introduction - and let's get the conversation going!

PayPal ID for Donations: dancho.danchev@hush.com

Yours Sincerely,

Dancho Danchev

Managing Director

Offensive Warfare 2.0 - Cyber Security and Hacking Community


Search the Community

Showing results for tags 'penetration testing'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Forum Rules and Guidelines
    • Announcements
    • General Discussion
    • Forum FAQ and Rules
    • Web Site and Community
  • Member Introduction and Profile
    • Introduction
    • Site Feedback and Inquiries
    • Comments and Suggestions
    • VIP Signup
    • The Lounge
  • Offensive Warfare Team Members
    • Hacking E-Zine
    • Bug Bounty
    • Security Incubator
    • Hacking E-Book
    • Talent Management
    • Security Comic
    • Merchandise
    • Top Hacking Links
    • Contest
    • Security Products
    • Security Services
    • Community Services
    • Hacker Game
    • Online Radio
    • Security Newsletter
    • Security Podcast
    • Security Conference
    • Security Search Engine
  • Information Security Main Discussion
    • Penetration Testing
    • Honeypot Technologies
    • Security Audit
    • Industry Standards
    • Security Hardening
  • Security Audit and Hardening
    • Windows Hardening
    • Mac OS X Hardening
    • Android Hardening
    • Linux Hardening
    • Infrastructure Hardening
    • Database Hardening
    • Physical Security
  • General Security Discussion
    • Beginner Hacking
    • Hacking Tutorials
    • Beginner Guides
    • Security Lectures
    • Hacking Videos
    • Security Training
    • Hacking Training
    • Video Lectures
    • Hacking E-books
    • Security E-books
    • Certifications
    • Encryption
    • Challenges
  • General Cracking Discussion
    • Cracking Groups
    • Cracking Tools
    • Cracking Tutorials
    • Cracking Challenges
    • Reverse Engineering
    • Debugging
    • Disassembly
    • Decompiling
  • General Hacking Discussion
  • Threat Intelligence
  • Security Conference
  • National Security
  • Culture and Lifestyle

Product Groups

There are no results to display.

Categories

  • Cyber Secuity Articles Case Studies Manuals and Tutorials
  • Hacking Articles Case Studies Manuals and Tutorials
  • Penetration Testing Articles Case Studies Manuals and Tutorials
  • Social Engineering Articles Case Studies Manuals and Tutorials
  • OSINT Articles Case Studies Manuals and Tutorials
    • Public OSINT Case Studies
    • Classified OSINT Case Studies
  • Cybercrime Research Articles Case Studies Manuals and Tutorials
    • Public Cybercrime Research Case Studies
    • Classified Cybercrime Research Case Studies
  • Malicious Software Research Articles Case Studies Manuals and Tutorials
    • Public Malicious Software Research Case Studies
    • Classified Malicious Software Research Case Studies
  • Threat Intelligence Articles Case Studies Manuals and Tutorials
    • Public Threat Intelligence Case Studies
    • Classified Threat Intelligence Case Studies
  • Cyber Jihad Articles Case Studies Manuals and Tutorials
    • Public Cyber Jihad Research Case Studies
    • Classified Cyber Jihad Research Case Studies

Blogs

There are no results to display.

There are no results to display.

Calendars

There are no results to display.

There are no results to display.

Categories

  • Security Papers
  • Security Books
  • Penetration Testing Tools
  • Hacking E-Zines
  • Hacking Tools
  • Wireless Security Tools
  • Encryption Tools
  • Password Cracking Tools
  • Security Software
  • System Utilities
  • Network Sniffers
  • Vulnerability Scanners
  • Exploit Frameworks
  • Network Packet Tools
  • Digital Forensic Tools
  • Remote Access Tools
  • Explotation Tools
  • Information Gathering Tools
  • Network Tools
  • Mobile Security Tools
  • System Administration Tools
  • Vulnerability Analysis Tools
  • Web Application Security Tools
  • DDoS Attack Tools
  • Networking Reporting Tools
  • Malware Analysis Tools
  • Security Auditing
  • Honeypot Tools
  • Privacy Tools
  • Security Magazines
  • Security Podcasts
  • Browser Privacy Tools
  • Security Live CD Tools
  • DDoS Booters
  • OSINT Tools
  • Malware Crypters
  • Remote Access Tools
  • Keyloggers
  • Youtube Hacking Tools
  • SMS Bombers
  • Worm and Virus Generators
  • Web Exploit Kits
  • Bluetooth Security Tools
  • Social Engineering Tools
  • SQL Injection Tools
  • Reverse Shell Tools
  • Phishing Tools
  • Threat Intelligence Analysis Tools
  • Security Presentations
  • Ransomware Tools

Categories

  • Security Auditing
  • Cloud Security
  • Security Compliance
  • Email Security
  • Endpoint Protection
  • Endpoint Protection
  • Fraud Detection
  • Identity Management
  • IT Risk Management
  • Mobile Security
  • Network Security
  • Secure USB Drives
  • Security Management
  • Two-Factor Authentication
  • Web Site Security
  • Wireless Security
  • Security Analytics
  • Website Defacement Solution
  • Security Training
  • Penetration Testing
  • Vulnerability Assessment
  • DDoS Attack Protection
  • Intrusion Detection
  • Patch Management
  • Vulnerability Management
  • Web Application Firewall
  • Security Advisory & Consulting
  • Security Awareness
  • Vulnerability Assessment
  • Antivirus Solutions
  • Data Loss Prevention
  • Embedded Device Security
  • Encryption Solutions
  • Network Security Solutions
  • Security Event Management Solutions
  • Cyber Security Insurance
  • Data Breach Solutions
  • Incident Response Solutions
  • Log Analysis Solutions
  • Firewall Solutions
  • Digital Forensics Solutions
  • Security Software Development
  • Managed Security Services
  • Security Source Code Review
  • Web Penetration Testing
  • Biometrics Solutions
  • Authentication Solutions
  • Digital Signature Solutions
  • Public Key Infrastructure Solutions
  • Mobile Application Security Solutions
  • Disaster Recovery Solutions
  • Threat Intelligence Solutions
  • Intellectual Property Protection Solutions
  • Privileged Accounts Solutions
  • Privacy Protection Solutions
  • Password Management Solutions
  • Anti-Spam Solutions
  • Insider Threats Solutions
  • IoT Security Solutions

Categories

  • Security Companies News
    • Press Releases
    • Security Research
    • Security Podcasts
    • White Papers
    • Webinars
    • Security Videos
    • Security Inverviews
    • Security Events
    • Investor Relations

Categories

  • Internet Security Projects
  • Internet Privacy Projects
  • Security Software Projects
  • Penetration Testing Projects
  • Honeypot Technology Projects
  • Malware Research Projects
  • Internet Security Books

Media Categories

There are no results to display.

There are no results to display.

Categories

  • Random Hacker Videos
  • Hacking Video Tutorials
  • Cybercrime Research Videos
  • Penetration Testing Video Tutorials
  • Malware Analysis Videos
  • Defcon Security Event Videos
  • Blackhat Security Event Videos
  • AusCERT Security Conference
  • RSA Europe Security Event Videos

Collections

  • Offensive Warfare 2.0 Community Feedback and General Questions

Marker Groups

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 15 results

  1. Dear Offensive Warfare 2.0 Community Member, It's been several years and unfortunately a decade since we last communicated though the visionary eyes of my research circa 2008-2013 when we used to rock the boat in terms of publishing quality third-party research and analysis successfully educating hundreds of thousands of users on current cyber attacks techniques and methodologies on current and emerging Web-based attacks spreading knowledge data and information successfully educating the Security Community and the Security Industry on current and emerging cyber threats. Following a successful series of productive and knowledge and information-driven years in the works including hundreds of thousands of loyal users the Bulgarian hacker and Information Security expert Dancho Danchev (http://ddanchev.blogspot.com) - today's World's leading expert in the field of cybercrime research security blogging and Threat Intelligence gathering with over a decade in experience in fighting malicious and nation-state malicious and fraudulent actors leading to a successful set of hundreds of published quality analysis and research articles is proud to present the general availability and official launch of the Offensive Warfare 2.0 Hacking and Cyber Security Community. Throughout 2003-2006 under the leadership of CEO and Managing Director - Dancho Danchev - while working for Astalavista Security Group successfully producing a high-quality Security Newsletter (https://packetstormsecurity.com/groups/astalavista) is proud to present a variety of proprietary and industry-leading products and services serving the needs of millions of users globally on a daily basis positioning the newly launched portal as the World's Leading Information Security Portal under the management of CEO and Managing Director - Dancho Danchev - including the Official Launch of the Offensive Warfare 2.0 Hacking and Cyber Security Community empowering hundreds of thousands of users globally on a daily basis with the necessary data information and knowledge to stay ahead of current and emerging threats successfully enriching their security career path establishing new working connections including a variety of industry-leading and community-driven partnerships offering the full spectrum of Subscription-based Security and Hacking Community 2.0 Products and Services. The Security Group Security Lab circa - 2006 What used to be a personal hobby of Technical Collector of malicious software thorough the 90's while working for Trojan Defense Suite and LockDownCorp when I was not busy playing computer games on my IBM clone also known as Pravetz 16 I was busy reading books and visiting the local school quickly matured into a professional career path full with joyful experiences and personal colleagues that I used to know and admire and cooperate and work with including the U.S Intelligence Community and the Security Industry the way we know it. Sample screenshot courtesy of Dancho Danchev's TDS-2 Trojan and Worm Signature Database: Sample screenshot of LockDownCorp's LockDown2000: Among my most venerable experiences within the U.S Intelligence Community was a personal visit to the GCHQ back in 2008 where me and the Honeynet Project held a Workshop on the Current State of Cybercrime following a participation in a Top Secret Program called Lovely Horse whose purpose is to monitor Twitter for hacker conversation utilizing the Open Source for Defense mechanism including the tracking down monitoring and taking down of the Koobface botnet with the botnet masters behind the campaign leaving a message within the botnet's infected infrastructure personally greeting me including the active redirection of Facebook's entire netblock space to my personal blog including the following personal achievements in chronological order: Security New Media Coverage - 2008-2013 Russian hacker 'militia' mobilizes to attack Georgia Fraudsters Target Facebook With Phishing Scam Fake Microsoft e-mail contains Trojan virus With Unrest in Iran, Cyber-attacks Begin Hackers expand massive IFRAME attack to prime sites What's really the safest Web Browser? Hackers infiltrate Google searches Hackers expand massive IFrame attack to prime sites Hackers knocked Comcast.net offline Russian hacker 'militia' mobilizes to attack Georgia Adobe investigates Flash Player attacks Adblock Plus and (a little) more High-tech bank robbers phone it in Attackers booby-trap searches at top Web sites Firefox add-on encrypts sessions with Facebook, Twitter Reviewing the reviews of Google's Chrome Storm worm e-mail says U.S. attacked Iran India's underground CAPTCHA-breaking economy Domain Name Record Altered to Hack Comcast.net Google searchers could end up with a new type of bug Ongoing IFrame attack proving difficult to kill Hackers expand massive IFRAME attack to prime sites Danchev: The small pack Web malware exploitation kit CAPTCHAs are dead - new research from Dancho Danchev confirms it Danchev: Massive SQL injection the Chinese way Hackers infiltrate Google searches Massive aux-CNN spam blitz uses legit sites to deliver fake Flash Faked CNN spam blitz pushes fake Flash Danchev: Anti-fraud site DDOS attack Sony PlayStation site victim of SQL-injection attack Fake CNN Alert Still Spreading Malware Look Ma, I'm on CIA.gov What's really the safest Web Browser? Twitter warms up malware filter Green Dam exploit in the wild “In gaz we trust”: a fake Russian energy company facilitating cybercrime NYT scareware scam linked to click fraud botnet Don’t pay your ransom via SMS Danchev: A crimeware developer's to-do list Is “aggregate-and-forget” the future of cyber-extortion? Danchev rained on my scareware campaign Microsoft declares war on 'scareware' Zeus bot found using Amazon's EC2 as C&C server Watch out for malware with those pretty Mac screensavers Months-old Skype vulnerability exploited in the wild Chuck Norris Botnet Karate-chops Routers Hard Danchev: Money mule recruiters Cybercrime's bulletproof hosting exposed Has EV-SSL Growth Been Slow? Report: Vishing Attack Targets Skype Users Fake UPS notices deliver malware ZeuS/Zbot Trojan Spread Through Rogue US Airways Email New Skype malware threat reported: Poison Ivy Five Koobface botnet suspects named by New York Times Is the death knell sounding for traditional antivirus? Can the Nuclear exploit kit dethrone Blackhole? Experts split over regulation for bounty-hunting bug sniffers Spammers Using Fake YouTube Notifications to Peddle Drugs Adele Bests Adderall As Affiliate Spammers Offer Music Downloads Fake PayPal Emails Distributing Malware Web Gang Operating in the Open ZeuS/Zbot Trojan Spread Through Rogue US Airways Email Buy 500 hacked Twitter accounts for less than a pint How Hackers Make Money Online NBC.com Hacked, Infected With Citadel Trojan How Much Does A Botnet Cost? Automated YouTube account generator offered to cyber crooks Upgraded Modular Malware Platform Released in Black Market NBC hack infects visitors in 'drive by' cyberattack Bitcoins are being traded for hack tools New DIY Google Dorks Based Hacking Tool Released Hacking The TDoS Attack Mass website hacking tool alerts to dangers of Google dorks Cybercrime service automates creation of fake scanned IDs Spammers unleash DIY phone number slurping web tool Spam email contains malware, not Apple gift card APT1, that scary cyber-Cold War gang: Not even China's best Mass website hacking tool alerts to dangers of Google dorks C&C PHP script for staging DDoS attacks sold on underground forums Russian Malware-as-a-Service Offers Up Server Rentals for $240 a Pop Java exploit kit sells for $40 per day Buggy DIY botnet tool leaks in black market Botnets for rent, criminal services sold in the underground market Spam email contains malware, not Apple gift card Presenting with the Honeynet Project circa 2008 at the GCHQ: Among my first professional experiences in the World of Hacking was as a primary member of a variety of hacking and Hacking Scene type of groups following a successful career and contribution as a Member to WarIndustries List Moderator at BlackCode Ravers Contributor Black Sun Research Facility (BSRF) List Moderator Software Contributor to DiamondCS Trojan Defense (TDS-2 Trojan Information Database) contributor to LockDownCorp Contributor to HelpNetSecurity a security consultant for Frame4 Security Systems contributor to TechGenix's WindowSecurity.com security blogger for ZDNet threat intelligence analyst for Webroot throughout the 90's. My first appearance on Slashdot was circa 2006 with my Malware - Future Trends paper following a second appearance on Slashdot regarding my 2010's dissapearence and possible kidnapping attempt. Following a successful career as lead blogger at my personal Dancho Danchev's Blog - Mind Streams of Information Security Knowledge throughout 2008-2013 my personal cybercrime-research profiling articles and research articles have been widely accepted within popular Online News media outlets including - Techmeme, ZDNet, CNN, PCWorld, SCMagazine, TheRegister, NYTimes, CNET, ComputerWorld. Among my favorite and personal choice games throughout the 90's that I was busy playing on a daily basis remain the following games: Alone in the Dark Indiana Jones and the Fate of Atlantis The Legend of Kyrandia Star Control II Blood Descent Duke Nukem 3D Quake Z.A.R. Commander Keen: Aliens Ate My Baby Sitter! Gods Prehistorik The Even More! Incredible Machine Transport Tycoon F-117A Nighthawk Stealth Fighter 2.0 Wing Commander Virtual Pool Battle Chess Worms Managing Director - Dancho Danchev - Astalavista Security Group - The Netherlands 2003-2006 This is perhaps the perfect timing to issue a very specific greet to my partner in life acting as Astalavista Security Group Security Newsletter Proofreader - 2003-2006 - Yordanka Ilieva - today's leading expert in the field of Investment Banking and Financial Management. The time has come to introduce some of Offensive Warfare 2.0's official community-based services commercial products and commercial services available exclusively to Offensive Warfare 2.0 Community Members only further empowering the Offensive Wafare 2.0's generation of novice and experienced hackers crackers and security experts with the necessary data information and knowledge to stay ahead of current and emerging cyber threats. Sample personal photo of CEO and Managing Director - Dancho Danchev - ex-hacker throughout the 90's: Sample photo of a personal project called "Security is Futile" courtesy of CEO and Managing Director - Dancho Danchev - throughout the 90s: Sample photo of a personal project called "Security is Futile" courtesy of CEO and Managing Director - Dancho Danchev - throughout the 90s: Sample Security Text - "The Complete Windows Trojans Paper" courtesy of CEO and Managing Director - Dancho Danchev - throughout the 90s: Sample photo of a popular Security Newsletter written for BlackCode Ravers courtesy of CEO and Managing Director - Dancho Danchev - throughout the 90s: Sample ZDNet Zero Day Blog Headshot Circa 2008-2013: New Core Offensive Warfare 2.0 Services: Malware Connector - Infected with Malware? Let our experts and Security Team take care of the rest Cloud Antivirus - Introducing the World's Premier Cloud-based Antivirus Scanner DNS Security Service - Introducing the World's Most Comprehensive Sensor Network for anticipating and responding to current and emerging threats Web Site Malware Scanner - Are you a Web site Owner? Let our service automatically scan and detect and remove malicious software from your Web site Honeypot Service - Interested in learning more about cyber threats? Consider becoming part of World's Most Comprehensive Honeypot Sensor Network Threat Intelligence Service - Worry about malicious software entering your network and data premises? Consider subscribing to The World's Most Comprehensive Threat Intelligence gathering and sharing Service Penetration Testing Service - Are you part of a security organization worrying about the latest threats facing your infrastructure? Consider becoming part of of Red and Blue Team Security Training Service - Interested in learning more about computer and network security? Consider becoming member of the World's Most Versatile Portfolio of training courses and material Sample personal photo of CEO and Managing Director - Dancho Danchev - Presenting at InfoSec 2012: Sample photo of CEO and Managing Director - Dancho Danchev - Presenting at RSA Europe - 2012: Sample personal photo of CEO and Managing Director - Dancho Danchev - Presenting at CyberCamp - 2016: New Core Offensive Warfare 2.0 Community-Oriented Services: Wargames Server - Want to learn new hacking and security tricks and tools of the trade? Consider obtaining access to our sophisticated Wargames Server Security and Hacking Search Engine - Introducing the World's Largest and Most Comprehensive Search Index of Hacking and Security Content Hacking Mailing List - Introducing the World's leading and most proprietary Hacking Mailing List Hacking E-Zine - Introducing the World's Leading Hacking E-zine featuring content from hundreds of security authors and experts from across the globe Bug Bounty - Do you have experience in finding security bugs and vulnerabilities? Consider joining the World's Largest and Most Versatile Bug Bounty program IRC Network - Are you a fan of IRC? Consider joining the World's Largest Hacking and Security IRC Network and talk with us in real-time Security Conference - Introducing the World's Leading and Premier Security Conference Event featuring thousands of security experts conversations and discussions Security Comic - Are you a fan of Comic Books? Consider obtaining access to the World's Premier and Leading Information Security and Hacking Comic Book Security Incubator - Do you have an idea for a new security product or a service? Consider submitting your project proposal and we'll be happy to assist with an investment proposal Security and Hacking E-Books - Introducing the World's Leading in-house portfolio of Hacking and Security E-Books empowered by hundreds of security experts and authors across the globe Job Search Engine - Interested in finding the latest and hottest security job? Consider obtaining access to the World's Leading and Most Comprehensive Security Career Portal Hacking Game - Enjoy playing computer games? Consider obtaining immediate access to Offensive Security 2.0 Flagship Online Premium Hacker Game Hacking Radio - Enjoy listening to music and security podcasts? Consider obtaining access to Offensive Security 2.0's Security and Hacking Radio Security Podcast - Enjoy listening to the latest security news and events across the industry? Consider obtaining access to Offensive Security 2.0 Premium Security Podcast Security Newsletter - Enjoy keeping yourself updated with the latest security news and events across the industry? Consider obtaining access to Offensive Security 2.0's Security Newsletter Dancho Danchev's Corporate Headshot - 2012: Offensive Warfare 2.0 - The Future of Cyber Warfare - Hacking and Cyber Security Forum Community users should direct their general Community feedback including possible feature requests general remarks and possible recommendations to - dancho.danchev@hush.com and will promptly receive a response in terms of their recommendation. Looking forward to begin working with you and making this community the World's Largest and Most Popular Information Security and Hacking Community. Yours Sincerely, Dancho Danchev Managing Director Offensive Warfare 2.0 - Hacking and Cyber Security Community
  2. No technology since the Internet itself has bewitched so many as the blockchain. Not just a "digital ledger", the blockchain is touted in the normal tech-averse business press as a "trust machine". In truth the blockchain has just one special trick: it determines the ordering of entries in the ledger without an umpire. If this is important, the value proposition is weakened by almost every modification and spin-off put forward so far. Blockchain’s advocates tend to overlook its one unique feature, while claiming a whole lot of things it simply doesn’t do. This presentation will debunk the blockchain, especially the myth of open source "math money", and issue some strong challenges to its proponents and their approach to security.
  3. - The sophistication of today’s threat landscape - Lessons learnt in government intelligence on defending against fast- moving adversaries - Using machine learning for automatic threat detection and efficient resource allocation - Gaining visibility into 100% network activity and mitigate problems early
  4. Zero Touch and Knowledge hacking can be used to steal intellectual data, exploit the most secure organizations, and social engineer ultimate access. Learn how one can track down criminals, spies, and the every-man as they leak their data. Learn techniques only taught to law-enforcement and private detectives on how you can track down anyone, and how hackers use this data against you. What sort of protection do you have against them?This talk will examine techniques used by law-enforcement, government intelligence agencies, organized criminals, and hackers that use open-source intelligence, social engineering techniques, and cyber warfare techniques to obtain and extract the most sensitive information from the most secure organizations around the world. Some techniques that we will cover is how and where people hide metadata and use steganography in public web forums embedded in images to communicate secretly, how private investigators find and track people who do not want to be found, how to track anyone with a phone number, how to buy and sell zero-day exploits and malware, and advanced social engineering attacks and phishing techniques.
  5. The majority of all data breach incidents do not result from circumvention of advanced defensive systems and complex security controls; but from the failure of well-established systems, in particular firewalls, that have become too numerous and complex to manage effectively. In this presentation we will discuss the implications of firewall policy complexity, why it remains a problem today and how to resolve it.
  6. In a culture of convenience, can a balance be struck between the need for simplicity and security? What happens when the basic man-machine trust is violated As a security researcher and developer of renowned penetration testing equipment, these questions are at the core of my attack tool arsenal. Moreover, they're the key to the future of privacy-protecting technologies. Part social, part technical - we'll explore the inherent vulnerabilities exploited by a number of Hak5 developed tools with funny names like Pineapple, Turtle, Monkey and Rubber Ducky and answer the questions: How is it that user-friendly features which let Grandma setup printers came to enable air gap hopping attacks against uranium enriching centrifuges? And, how can these techniques be used to provide all of humanity with transparent end-to-end encryption?
  7. The speaker was drawn into the very middle of defending RSA Security against a serious military grade cyber attack in 2011. Yes, that one. Through that experience and work with the intelligence and defense agencies of several countries, as well as his work with many large customers, the author gained unique insight into how these breaches unfold, how pervasive they are, and how we actually help our attackers. This talk will focus on some of the things which we as an industry do to make it easier for the attacker, and some ideas on how we can better defend against these types of attacks.  In addition, this talk will touch on the methods used by the attackers, and shifts in mind sets which we all need to undertake if we are to defend ourselves against this type of determined attacker.
  8. The TLS protocol - by far the most important cryptographic protocol in use today - came under much more scrutiny during the past years. Attacks against the protocol itself and against implementations have made headlines. Faulty implementations can enable attacks. In some cases they can even be a security risk for uninvolved third parties and endanger the whole TLS ecosystem. Especially so-called Enterprise devices that have their own TLS stack are often a reason for concern. The speaker will give an overview of implementation errors that happened in various TLS stacks and will shed light on this underappreciated problem.
  9. Enterprise companies are using consumer and IoT devices to complete (or expand) their services such as broadband, IPTV, media streaming, satellite, voice and 3G/4G services. Although the devices are owned by the service providers, subscribers have limited (or full) access to them with service agreements. In addition to that, some of consumer devices also have roles on corporate communications, environment security or employee services. Consumer devices are located at subscriber premises; therefore, the traditional security testing approach only covers backend services security, not the devices. Consumer and IoT devices are susceptible to hardware hacking based attacks such as firmware dumping, re-flashing with a custom firmware, and getting low level access using the physical management interfaces such as SPI, JTAG and UART. Low level access obtained can be used to modify device behaviours or their initial states. This helps attackers to debug consumer devices and operator services, to find new vulnerabilities, and to obtain the device configuration which may contain credentials for the service infrastructure. Embedded device and hardware hacking is a rising skill set for penetration testers. It is required to understand targeted attacks which may include hardware implants, modified hardware attacking their own infrastructure or compromised devices that target the human factor. Some of advanced testing examples to be discussed are preparing a custom hardware for persistent access during a red teaming exercise, preparing a compromised consumer device for human factor pen-testing, attacking TR-069 services of a provider using smart home modems or altering the security controls of a device to abuse the service. The presentation focuses on how the existing security testing techniques should be evolved with hardware and IoT hacking, and how service providers can make their infrastructure secure for cutting-edge attacks. Essential hardware hacking information, identifying and using physical management interfaces, hardware hacking toolset, well-known hardware attacks and hardware testing procedure will be presented in a road map for consumer devices security testing. Also a security testing approach will be explained to develop new security testing services and to improve existing ones such as red teaming, human factor pen-testing and infrastructure pen-testing.
  10. Radio frequencies present an interesting research topic for information security; not only does its history provide a wealth of lessons learnt, recent developments are seeing a re-emergence as an attack surface. The proliferation of a number of technologies alongside the ever-evolving information security domain warrants a revisit of this field. The purpose of this talk is to provide an understanding of history of radio frequencies in the context of information security with an appreciation of current risks, and guidance to remove or otherwise mitigate.
  11. We are often told by vendors that we need the latest and greatest technology to better protect our organizations - but do we really? Are our security teams / CSIRTs / SOCs actually prepared to use that new technology to its best effect? We find the answer is often: “no”. Many organizations gloss over the basics, and try to integrate the latest cutting edge technology and techniques before they have the skills and processes in place to handle them. This talk proposes methods that you can use to work out when you are really ready for the Next Big Thing in your security team, and provides you with a roadmap to help guide you on your journey. We will address: * Where does your team sit on the maturity spectrum? * What does a good improvement roadmap include? * How do you know your organization is ready to use: * Large scale data feeds * Threat Intel * Big Data * Machine learning * What basics do you need to get right, and in what order?
  12. In this talk I will outline the use cases, explain McCallum-Relyea exchange and provide an overview of the network protocol, design and implementation of Tang and Clevis. There will be a live demo showing the setup and operation of Tang and Clevis to automatically decrypt LUKS volume keys and TLS private keys in Apache. The talk will conclude with a discussion of assumptions, limitations and threats in the Tang protocol, and how the protocol can play a part in more complex access policies (wherein *Shamir's Secret Sharing* makes an appearance).
  13. With rapid digitisation there are growing concerns about information security in the health sector. Security threats are intensified by the increased interconnectedness of information systems and by consumer participation in health processes. The potential for large-scale system failure as a result of cyber attacks is very real. In this presentation I will survey current trends in health information systems including consumer technologies. I will then examine case studies in hospitals, general practice and the consumer space to discuss cybersecurity challenges unique to health. The presentation will aim to improve understanding about health information systems and to identify gaps and areas for further work.
  14. Although SIEM has been the cornerstone of security data analysis for years, it has struggled to meet the data triage and analysis needs required for incident response and hunting. It is too slow, difficult to use, and is often inadequately tuned or maintained to be helpful for on-demand data analysis. In this session we’ll explore new security analytics technologies – rapid search, natural language, pattern-based correlations, and unstructured data – that can extend the on-demand data analysis of the SIEM to improve threat hunting and accelerate incident response.
  15. This presentation will walk the audience through the six stages for successful incident response. We will talk about  1 - The preparation phase where we ensure we have the right policies (and we are all aware of them), a fully kitted out jump bag with all the tools we may possibly need to respond to an incident, a defined procedure for responding, call lists, OS command cheat sheets etc.  2 - The Identification phase. How we identify whether we have just an event, or an incident. We will look at a range of sources that can provide us with the information we require to make this determination.  3 - Containment. What can we do to ensure that we limit the damage and prevent any further damage from the incident. Are there certain steps we can do to provide short-term containment whilst we work on more robust long-term containment solutions.  4 - Eradication. This phase is where we talk about how we can remove and restore affected systems. Can we safely use a backup, or do we need to rebuild from known good media?  5 - The recovery phase. This is where we bring the affected systems back into the production environment in a controlled manner as to not create another incident.  6 - Lessons learned. Possibly the most critical phases in the entire process. This is where we clean up the documentation that may not have been completed during the incident response process, but we actually look at the "who, what, where, when and why" of the incident to put controls in place to prevent the incident from happening again.  The presentation is to be something practical that the audience can take back to the office after the conference and start implementing. I will provide links to various supporting documents and templates that can be modified and used by attendees after the presentation.
×