- Wiggly Wayne DDS
- Sep 11, 2010
-
|
required watching before posting itt post 2/2:
34c3:
large chunk from day 1 of 34c3, i may have low balled that 50 figure if this is a trend:
Forensic Architecture by Eyal Weizman (43:34)
- tech issues turn this into an improv presentation where the presenter works off of his website. good talk that goes into visually reconstructing bombings in conflict zones and representing conflicting narratives in kidnappings. q&a is great and full of actually good questions
Demystifying Network Cards by Paul Emmerich (31:29)
- good fast dense talk focused on optimising networking performance mainly aimed at driver development. only a brief mention of security where the presenter hopes dropping priviledges is perfect, but not the main point of the talk. light q&a
eMMC hacking, or: how I fixed long-dead Galaxy S3 phones by oranav (56:07)
- good technical talk starting from reversing patches, abusing backdoors to dump firmware then finally patching. no hardware mods necesary. worth a watch. q&a has some nice gems
Uncovering British spies’ web of sockpuppet social media personas by Mustafa Al-Bassam (31:31)
- alt names: "my first day on irc", "the day i learned what sigint actually does", pretty naive analysis throughout. only thing of value was gchq being lazy with timing tweets (mon-fri 9-5 gmt). other than that just a rehash of leaks and the presenter going "well this would be a good place to research, right??". q&a also useless given the source is of questionable value for opsec advice given the indictment
Squeezing a key through a carry bit by Sean Devlin, Filippo Valsorda (50:02)
- alt name: "not obviously exploitable", leveraging a rare carry bug (~2^32) to full key recovery. crash course on ecc then p straightforward crypto talk on the bug itself then optimising it to a feasible attack. no real q&a though
Unleash your smart-home devices: Vacuum Cleaning Robot Hacking by Dennis Giese and DanielAW (31:15)
- audio troubles for 5m. focuses on xiaomi devices. homebrewing presentation that talks around the rooting aspect but does a good job with what they have to work with. q&a is good. alright watch to see what's stored on the device and functionality available to the manufacturer
How risky is the software you use? by Tim Carstens and Parker Thompson (58:50)
- alt name: "producing a consumer-friendly security advisory notice at-scale". pretty bad talk that's more about imposing archaic guidelines post-release than improving the dev process. For all the talk comparing to EPCs the speaker's against giving risk-based advice on improving score, but prefers an adversarial approach to improving standards. Speaker hopes a bayesian stats approach will lead to devs implementing secure practices, not just getting enough boxes ticked for implementing x irrelevant feature. Even dumber is this approach leads to score dilution where thousands of irrelevant secure programs are loaded on with manufacturer's own dumb program to make the overall product look better. their analytic pipeline could do with angr rather than remaking the wheel for the nth time (it's almost as if it's the same problem field...). i could keep yelling but this is a lot of stats nerds trying to show the grant money was spent well. bad sales pitch disguised as a talk. q&a is good as the speaker accidentally tears down their own talk, then misunderstands threat models
BBSs and early Internet access in the 1990ies by LaForge (61:41)
- a good nostalgia talk, extremely brave speaker for giving a live demo to look at random unvetted bbs images. worth watching. q&a is mostly worthless though
Science is broken by hanno (30:45)
- alright talk, doesn't add much if you're familiar with different scientific field study practices though. mostly poking at generic iteration flaws and publication bias. q&a is good
Tightening the Net in Iran by Mahsa Alimardani (47:47)
- a very strange start to a talk. takes a bit to get going but a good overview of how iran are going about limiting internet access in the country. speaker is defensive of telegram (takes the common stance of "it's popular so let's fix it rather than saying use signal/tor"), bit of an odd choice for a privacy standpoint. good watch though, if oddly ignorant of telegram's issues. q&a is alright but mistakes a single person as a perfect source of info for a country
1-day exploit development for Cisco IOS by Artem Kondratenko (45:36)
- good talk on rebuilding a snmp buffer overflow vuln into a reliable rce. spends a lot of time on refinding rop chains though. if you want to know more about exploiting cisco generically i'd read through this.
Inside Intel Management Engine by Maxim Goryachy (51:46)
- an unfortunately rough talk as the speaker isn't that confident. great on the technical aspects though so worth watching. q&a try to salvage the talk
iOS kernel exploitation archaeology by argp (54:56)
- focuses on reverse engineering a kernel exploit from a late 2013 jailbreak to figure out the exploit techniques. alright talk but it meanders a lot and ultimately turns into how the speaker reimplemented the exploit than how it was originally designed.
Lets break modern binary code obfuscation by Tim Blazytko and Moritz Contag (60:02)
- two parts: first treads a lot of ground on common commercial obfuscation methods before focusing on vm approaches and common hardening techniques. second dives into probabilistically modeling functions to work around the obfuscation arms race. demo with toolset, p good talk with no real downtime. q&a is alright
leftovers from day 1:
Defeating (Not)Petya's Cryptography by Sebastian Eschweiler (54:44)
- talk takes a bit to get going and the speaker isn't good with public speaking. content is pretty front-loaded (mistakes in (not)petya), then the rest of the talk is on iterating different approaches to get a functional key recovery via known-plaintext. alright watch, q&a salvages content out of the last half of the talk
DPRK Consumer Technology by Will Scott and Gabe Edwards (31:28)
- good talk which aims to publicise consumer system images from dprk consumer devices. also explains the process involved in breaking the drm applied to educational material. no q&a due to time
Microarchitectural Attacks on Trusted Execution Environments by Keegan Ryan (55:02)
- do you want to learn about side-channels? this talk is for you then. great introduction to cache attacks focusing on trustzone and sgx. great watch with good q&a
Doping your Fitbit by jiska and DanielAW (22:49)
- a teardown and reverse engineer of a fitbit. short talk but pretty dense covering a lot of ground
BootStomp On the Security of Bootloaders in Mobile Devices by Audrey Dutcher (28:23)
- aka "what if we point angr at bootloaders?" p good talk that takes a bit to get going but the speaker trips over themselves a few times. q&a is light
KRACKing WPA2 by Forcing Nonce Reuse by Mathy Vanhoef (61:42)
- corrects some misconceptions on the attack and provides a thorough walkthrough of the attack with issues on specific implementions highlighted. great watch imo, q&a is good too
The Ultimate Apollo Guidance Computer Talk by Michael Steil and Christian Hessmann (61:42)
- another in the ultimate series - fast and dense talk. 60m to learn as much as possible about the apollo guidance computer. must watch imo, no q&a.
day 2:
Mobile Data Interception from the Interconnection Link by Dr. Silke Holtmanns (48:19)
- ss7? eh that's old let's look at diameter. crash course on lte networking and a brief overview of a viable attack. good watch, and any operator should take notes. q&a is a must watch for informed ss7 vuln impact
Deep Learning Blindspots by Katharine Jarmul (53:48)
- more of a light literature overview of creating adversarial examples to defeat different machine learning models generically. there's a few examples given but missable unless you're interested in the field but haven't seen examples before. q&a is p light as well
Reverse engineering FPGAs by MathiasL (42:09)
- p rough talk (always have backups for presenting demos), but good content on reversing commercial fpgas. q&a is a bulk of the video with lots of good questions
Spy vs. Spy A Modern Study Of Microphone Bugs Operation And Detection by Veronica Valeros and Sebastian Garcia (62:31)
- a sdr-based transmitter detection tool. starts out alright but their narrow scope focusing on poo poo commercial bugs limits its use. talk's alright but had a lot more potential, they're more concerned with transmission than suitability of microphone types and only look at post-processing lightly. q&a just highlight the limitations
Electromagnetic Threats for Information Security by @EMHacktivity and José Lopes Esteves (49:11)
- it starts off alright then goes into the academia hole of overly defining the scope and possible issues. 23m in they get to testing then show good examples of active attacks so it's worth watching from there. good watch overall, q&a is a bit of a waste though
Internet of Fails by Barbara Wimmer (59:21)
- the IoT talk of the day, covers a lot of ground but it's more an overview than presenting anything new. worth a watch though, q&a is light
Everything you want to know about x86 microcode, but might have been afraid to ask by Benjamin Kollenda and Philipp Koppe (57:25)
- talk is really on reversing microcode updates, then writing arbitrary microcode updates to modify runtime. demo is great as well, must watch. q&a is thorough as well
Inside Android’s SafetyNet Attestation Attack and Defense by Collin Mulliner (59:11)
- an attempt at documenting safetynet, then goes into bypasses and other attacks on the system. good watch despite demo hell, light on q&a
How to drift with any car by Guillaume Heilles and P1kachu (51:18)
- must watch talk going in depth on reading the can bus and reversing commercially successful fuel improvement tools. good demos and the q&a is gold
Console Security - Switch by plutoo and derrek and naehrwert (49:41)
- good talk but skips over a few critical points and they're still nervous after years of talks. their demo also falls apart, but it's worth a watch, no q&a though
Taking a scalpel to QNX by Jos Wetzels and Ali Abbasi (46:18)
- QNX 7: prngs and exploit mitigations. great in-depth talk building on last year that's a must watch. q&a is light
Financial surveillance by Jasmin Klofta and Tom Wills (59:06)
- must watch talk on evaluating a leaked list of WorldCheck and finding their 'reputable sources' for flagging people as terrorists/money launderers. q&a is good as well
Intel ME Myths and reality by Igor Skochinsky and Nicola Corna (62:34)
- alt name: "a very nervous hex-rays dev walks into a security conference". a pretty rough talk going through the history of intel's remote management attempts and how it evolved into intel me. after the history it's bad for a while - conjecture and unreliable sources mainly. gets good from ~27m when they shift to vulns and then the other speaker takes over. q&a is alright
The Noise Protocol Framework by Trevor Perrin (32:04)
- general overview of the framework, good entry level talk on the design rationale and implementation. very short q&a
LatticeHacks by djb and Tanja Lange and Nadia Heninger (65:56)
- the headline crypto talk of the conference. bit more straightforward than the last few years so great for beginners. must watch, but no time for q&a
day 2 leftovers:
ASLR on the line by brainsmoke (44:14)
- very nervous speaker and an intermediate talk on tackling aslr. focused on attacking aslr from javascript with perf timing attacks and working around existing mitigations. there's a lot better introductions to side channels that also go into more depth, but good talk if you want to see it from the browser and can deal with a nervous speaker. q&a is rough as well
Uncovering vulnerabilities in Hoermann BiSecur by Markus Muellner and Markus Kammerstetter (51:36)
- pretty nice talk on breaking garage door openers. q&a is nice and thorough
day 3:
Policing in the age of data exploitation by Eva Blum--Dumontet and Millie Wood (60:07)
- good overview of powers the police have, but focuses more on lack of awareness than providing new information. alright watch with a good q&a
Internet censorship in the Catalan referendum by Matthias (50:25)
- good talk on the censorship methods utilised and workarounds used. worth a watch and good q&a
Protecting Your Privacy at the Border by Kurt Opsahl and William Budington (58:01)
- more aimed at the general public, but a good talk. q&a is good as well, but the speakers are a bit behind on ssd forensics
Are all BSDs created equally? by Ilja van Sprundel (58:58)
- alright talk attempting a code quality assessment across open/net/free bsd. worth watching for the different responses from the respective security teams. q&a is good as well
Running GSM mobile phone on SDR by Vadim Yanitskiy and ptrkrysik (31:20)
- good talk with a nice demo. not a lot a progress in the gsm sdr space since last year but worth a watch. no q&a due to time
How Alice and Bob meet if they don't like onions by Tobias Mueller and Erik and Matthias (61:53)
- decent overview of alternative networks, but focuses on the theoretical models than how they work in practice. q&a is alright but a large chunk of the talk
Decoding Contactless (Card) Payments by Simon Eumes (58:19)
- great overview of how contactless transactions work, well informed. 20m of q&a that bring a lot of good questions
Public FPGA based DMA Attacking by Ulf Frisk (31:27)
- must watch on using pcileech for dma attacks. great demos and presentation, with no real wasted time. q&a is good as well
day 4:
TrustZone is not enough by Pascal Cotret (31:24)
- audio issues but a weird talk that has the strangest introduction to side channels so far. doesn't really bring anything new beyond using fpgas. no q&a either
Italy's surveillance toolbox by boter (27:49)
- good talk on the funding behind the various italian interception companies obtained through public tenders. q&a is alright as well
The Internet in Cuba: A Story of Community Resilience by Will Scott and kopek (58:30)
- must watch talk on networking in cuba, mainly focusing on havana's snet - a rarely discussed community network. q&a is good with few dumb questions
Uncertain Concern by Allison McDonald (58:15)
- good talk on how undocumented US immigrants deal with risk and common misconceptions held. q&a is alright
MQA - A clever stealth DRM-Trojan by Christoph Engemann and Anton Schlesinger (60:32)
- self-aware audiophile discusses a new drm audio format (MQA). second speaker has the sniffles, but rips the scientific basis apart. it's a great watch with good q&a
Type confusion: discovery, abuse, and protection by gannimo (56:39)
- good talk on type confusion focusing on c++. shows off a nice tool (hextype) that allows instrumentation for type confusion that integrates with afl. good fuzzing examples on popular projects. q&a is good as well
SCADA - Gateway to (s)hell by Thomas Roth (45:09)
- the yearly ics talk. tackles 3 devices with vulnerabilities for them all. must watch, with a great q&a as the speaker buffered for the demos failing
day 3 additional:
Holography of Wi-Fi radiation by Friedemann Reinhard
- good talk on visualing wi-fi radiation as holograms building upon recent prior research. academic but covers a lot of real world applications. security assessment doesn't seem to care about long-term recon of fixed buildings (e.g. embassies) instead focusing on reactional recon e.g. in tactical engagements. q&a is good but only one question tries to tackle this premise
35c3:
35c3 day 1 talks:
Locked up science by Claudia Frick (@FuzzyLeapfrog) (41:52)
- quick runthrough of how academic publication occurs, and advances to encouraging free access to the publications. good watch if you're unfamiliar with the issues involved, but doesn't go that in-depth. q&a is pretty straightforward
The Rocky Road to TLS 1.3 and better Internet Encryption by hanno (1:00:38)
- audio issues go away a minute in. pretty thorough history lesson on how we got to 1.3 and the vulnerabilities along the way. a familiar email's in there. good q&a
Mind the Trap: Die Netzpolitik der AfD im Bundestag by Noujoum (41:10)
- deu->eng. good intro to the german parliament, the AfD's leverage as the biggest opposition party, and their current approach to hiding in plain view. doesn't go that in-depth though and q&a is light
Going Deep Underground to Watch the Stars by Jost Migenda (47:03)
- neutrinos: the talk. good talk to watch covering the design of detectors and future plans. q&a is good as well
LibreSilicon by leviathan, hsank and Andreas Westerwick (1:00:13)
- advances on the lightning talk from last year. very techncially dense talk. they're making good progress at recreating silicon compilers, and focus a lot more on the process side this time. great talk to watch if you want a refresher on circuit board optimisation. speakers get a bit nervous but given how dense the talk is that's hardly surprising. q&a is pretty good as well
Election Cybersecurity Progress Report by J. Alex Halderman (59:39)
- expands on the 2016 talk with the same speaker, this time they consider looking past the prior academic vacuum given the data that's came out since. it's worth watching this talk against what the speaker said in 2016 and where the strict denials suddenly vanish. q&a is good
First Sednit UEFI Rootkit Unveiled by Frédéric Vachon (40:53)
- uefi rookits in the wild! goes through discovery of the initial vector, exploitation and the features of the rootkit. relatively quick talk, good q&a
SiliVaccine: North Korea's Weapon of Mass Detection by Mark Lechtik (52:45)
- dprk's antivirus. lots of good highlights throughout the talk. strangely doesn't tie into the prior dprk talks. q&a is very short
Frontex: Der europäische Grenzgeheimdienst by Matthias Monroy (41:38)
- deu->eng light talk covers border security at the mediterranean. mainly focuses on the cooperation between different governments in working this in practice, and libya's involvement. q&a is long
Taming the Chaos: Can we build systems that actually work? by Peter Sewell (58:53)
- starts as a standard talk about formally defined systems focusing on C. moves onto showing off academic advances in proofing in practice, and progresses to almost functional in the real world. q&a is good and a large chunk of the talk.
Censored Planet: a Global Censorship Observatory by Roya Ensafi (56:04)
- talk is mostly about rediscovering how to abuse a sequential id in ip packets to infer connectivity between 2 uncontrolled machines. then it moves onto abusing open dns resolvers. certainly some strange ethics tests involved, and seems to be ignoring legal issues. i'd go on but it's strange how for the talk about adversarial research little seems to be done on pitfalls in the data collection and likely poisoning the sources listed. q&a brings this up, but the answers don't inspire confidence.
"The" Social Credit System by Toni (1:01:17)
- great talk on china's social scoring systems. in-depth on how its seen in china, how it came into existence, and all of the biases inherent in the different models. good q&a as well
Scuttlebutt by Zenna / zelf (34:23)
- "The decentralized P2P gossip protocol" no don't run away! actually maybe do they missed more buzzwords: blockchain, mesh network, sneakernet, it just goes on. really have a drinking contest for this talk if you dare. they start rediscovering using split shared secrets for recovery. their main talk must have no substance as they then proceed to talk about other projects doing actually interesting work that they must be trying to look competent by vague association? it's a short talk as well so enjoy this trainwreck. i want my time back. q&a is far too polite on trying to get anything technical about how this protocol exists at all. questions about sybil attacks and fake accounts result in pure bullshit in response.
Hunting the Sigfox: Wireless IoT Network Security by Florian Euchner (Jeija) (38:03)
- good introduction to low energy RF protocols. quick but covers a good amount of ground for newcomers. q&a is good as well
Information Biology - Investigating the information flow in living systems by Jürgen Pahle (37:26)
- intro to biochemical modelling, good luck live translators. great talk but get ready for lots of stats. q&a covers a lot of ground as well
Introduction to Deep Learning by teubi (41:07)
- great thorough talk on how deep learning functions that's very accessible. doesn't go in depth on training issues, just how the training functions works. q&a is worthwile to watch
How does the Internet work? by Peter Stuge (50:09)
- pretty basic intro to the common protocols, honestly not great for an introduction talk as speaker is a bit nervous with a black/white slideshow and talking about all the protocols in a very dry manner. really is about the internet in early 90s compared to now - talk briefly touches on that at the end. q&a is one polite question
Compromising online accounts by cracking voicemail systems by Martin Vigo (42:02)
- great talk going through automating bruteforcing voicemail attacks to break bad reset flows. lots of practical attacks in the presentation. q&a is really good and informative for carriers in 2018
day 1 continued (i even skipped some talks!):
Digital Airwaves by Friederike (46:09)
- SDR talk covering how each component functions, the basics of RF, and dives into signal processing. good, but keep in mind its an intro talk. q&a is short but good
Space Ops 101 by sven (1:02:16)
- great talk on mission planning and engineering. covers real world scenarios and diagnosing faults throughout the process. interesting, and a quarter of the video is devoted to q&a
Transmission Control Protocol by Hannes Mehnert (39:13)
- a rough intro to TCPIP, cares too much about explaining the minutiae rather than why the choices were made. talk is really about how they made a formal model on TCPIP rather than an introduction to beginners. few polite questions at the end.
wallet.fail by Thomas Roth, Dmitry Nedospasov and Josh Datko (1:01:58)
- downside: *coin enthusiasts. upside: 4 practical attack vectors on hardware wallets. really well done talk that covers a lot of ground quickly. q&a is alright as well
What The Fax?! by Yaniv Balmas and Eyal Itkin (46:55)
- must watch talk focusing on attacking all-in-one printers with fax functionality. full of lots of fun easter eggs. q&a is short
A Routing Interregnum: Internet infrastructure transition in Crimea after Russian annexation by Xenia (44:38)
- must watch citizenlab talk analysing what happened to all the communication infrastructure during the annexation. shows how russia improved their surveillance capabilities in crimea. q&a is long as well
Quantum Mechanics by sri (57:30)
- accessible crash course in quantum mechanics focusing on the experiments and fundamental equations. well it's accessible for people already extremely familiar with the maths behind quantum mechanics, so good luck. good amount of time for q&a
Open Source Firmware by zaolin (49:39)
- deu->eng good overview on designing firmware, and the current advances made. no real q&a after the talk
Modchips of the State by Trammell Hudson (36:52)
- great quick watch. starts off running through the bloomberg claims, and goes into how to build an implant in practice. q&a is relatively lengthy as well.
All Your Gesundheitsakten Are Belong To Us by Martin Tschirsich (1:01:41)
- deu->eng good talk focusing on health data mobile apps for medical records between doctor and patient. it covers a variety of apps, but fumbles a few times on the danger of specific issues. great other than that, and the sloppy translation. q&a is pretty long but doesn't cover much
Inside the AMD Microcode ROM by Benjamin Kollenda, Philipp Koppe (37:21)
- must watch reverse engineering talk, should be pretty familiar if you watched last years talks - same speakers on the same subject. lot of interesting advances this year. q&a has nice questions as well
SD-WAN a New Hop by Sergey Gordeychik (49:04)
- great talk covering software defined WANs, and the security issues across multiple vendors' products. q&a is light and doesn't cover much
Day 2
Exploring fraud in telephony networks by Merve Sahin, Aurélien Francillon (1:02:05)
- interesting talk. starts trying to classify the classic frauds, then brings in data to show how they work in practice and models some defenses. lots of q&a with good information mixed in
A farewell to soul-crushing code by Mike Sperber, Nicole Rauch (1:00:57)
- talk has good dynamics, but is effectively a rough intro to functional programming and haskell. 15m of q&a at the end but there isn't anything worthwhile in there
Inside the Fake Science Factories by @sveckert, @tillkrause, Peter Hornung (1:01:36)
- deu->eng worth watching. investigative journalists look into the other side of academic publishing. goes from publishing papers, to attending the conferences and analysing authors at 5 of the major predatory journals. good q&a
Modern Windows Userspace Exploitation by Saar Amar (50:58)
- shows off the progress of native mitigations by taking a ctf challenge and exploiting it on win7, 10(TH1), 10(RS5). really good runthrough of the newer protections and older ways of bypassing them. dense with lots of demos so no q&a.
SymbiFlow - Finally the GCC of FPGAs! by Tim 'mithro' Ansell (1:02:04)
- good talk. aims to make a open source toolchain for fpga development. mostly an overview of the current state of the various replacement attempts, and if you want more info on nextpnr check out the next talk. thorough q&a
The nextpnr FOSS FPGA place-and-route tool by Clifford Wolf (46:52)
- paired with the last talk. far more technical than the general overview of the last talk. q&a is alright
Explaining Online US Political Advertising by Damon McCoy (1:01:22)
- must watch talk on analysing the targeting of political ads since the 2016 election. grabs facebook/google/twitter public ads archives, talks about their approaches, and visualises the data. good q&a as well
Lightning Talks Day 2 by too many people to list (2:06:49)
- starts off strong tbh, not going to rate every 5m talk. there's some crazy talks in there but the majority are worth watching.
Smart Home - Smart Hack by Michael Steigerwald (51:22)
- deu->eng turns out IoT devices are bad?? good talk that goes through multiple devices. includes putting arbitrary firmware on a device, and disabling the cloud features. lots of q&a
A Christmas Carol - The Spectres of the Past, Present, and Future by Moritz Lipp, Michael Schwarz, Daniel Gruss, Claudio Canella (1:01:29)
- must watch talk on the attacks, mitigations and why they're still not enough. brilliant presentation throughout. q&a is good as well
Attacking end-to-end email encryption by Sebastian Schinzel (1:00:38)
- really good talk on efail and the variants, the disclosure process that happened and why everything's still hosed. q&a covers a lot more details
Jailbreaking iOS by tihmstar (47:58)
- rough historical talk on jailbreaking expanding on the talk from 2 years ago. the community's not changed so expect the same issues. the crypto and future work sections are p useless as well. q&a does try and point out that jailbreaking is inherently incompatible with securing the devices
Wallet Security by Stephan Verbücheln (35:34)
- another *coin enthusiast, joy. the talk is p rough as well, makes the mistake of trying to explain crypto when its not their expertise, nor are they good at explaining old well documented attacks. just watch the hardware wallet talk as it covers all of this but with practical demos as well. q&a is a bit comical as well
The Layman's Guide to Zero-Day Engineering by Markus Gaasedelen, Amy (itszn) (57:04)
- great intro talk on the realities of researching from scratch, and the non-tech side of building exploits from scratch. recommend it for anyone without experience in researching to get an idea of what happens behind the scenes. actually bothers to talk about cleaning up post-exploit. no q&a - dense talk
A deep dive into the world of DOS viruses by Ben Cartwright-Cox (38:13)
- must watch talk covering the less well known DOS viruses, how they function and lots of fun examples. q&a is great as well
The year in post-quantum crypto by djb, Tanja Lange (1:10:01)
- must watch on what's happened in the past year across all of the NIST submissions. check last year's talk for more context. q&a is worth watching
that's all the talks for day 2, so let's start with day 3:
From Zero to Zero Day by Jonathan Jacobi (48:29)
- good talk on getting into security research focusing on JITs. goes a bit too in-depth to be good for beginners, so watch if you're interested in JIT vulns. q&a does a lot to fill in the background of the talk
Provable Security by FJW, Lukas (59:06)
- good intro to proofs in crypto. uses ElGamal as a basis to show how proofing works in practice. q&a is good
Self-encrypting deception by Carlo Meijer (58:43)
- must watch talk covering the ssd crypto issues. first demo issue of the conference, but it gets sorted quick. lot of good q&a afterwards
Viva la Vita Vida by Yifan Lu, Davee (56:37)
- great console hacking talk covering software and hardware. has a great visual explanation of voltage glitching. great Q&AAA
Russia vs. Telegram: technical notes on the battle by Leonid Evdokimov (darkk) (40:53)
- great talk. covers some prior attempts at censorship, how the blacklist is implemented, and what's happened with the blocking attempts. video doesn't focus enough on the slides sadly. dense in info and a good watch. q&a has some good questions
Safe and Secure Drivers in High-Level Languages by Paul Emmerich, Simon Ellmann, Sebastian Voit (1:01:57)
- great academic talk expanding on last year. covers a lot of languages, but sadly doesn't talk about the bash implementation. deep dive into the go and rust implementations. great q&a
Enclosure-PUF by Christian Zenger, David Holin, Lars Steinschulte (1:01:21)
- must watch talk on creating high security physical tamper proofing systems via rf. the concept's came up before but it's good to see it demonstrated. q&a makes sure to tackle as many problems as possible in the timeframe, questionable applicability
Truly cardless: Jackpotting an ATM using auxiliary devices. by Olga Kochetova, Alexey Osipov (35:06)
- must watch that goes through practical attacks that were previously under nda. q&a is good as well
Web-based Cryptojacking in the Wild by Marius Musch (39:26)
- good talk, has the best walkthrough of mining so far and in a portion of the time. good runthrough of the impact on the internet, and how much could have been earned. good q&a
Attacking Chrome IPC by nedwill (54:13)
- great intro talk for getting into fuzzing with no experience. if you're wanting to try into research it's a must watch. q&a is p light
Modeling and Simulation of Physical Systems for Hobbyists by (38:17)
- really rough intro to how to model and simulate that goes with excel rather than the tools they mentioned? sticks with too basic physics examples, and doesn't go into how to actually do anything beyond visualising the most basic functions. no real q&a
The Mars Rover On-board Computer by breakthesystem (43:19)
- great talk. focuses on the software side, and how the rover functions in practice. doesn't go very in-depth, and the q&a doesn't give many answers
let's continue with day 3:
Conquering Large Numbers at the LHC by Carsten Bittrich, Stefanie Todt (41:45)
- great talk, unfortunately has audio issues. walks through trimming down what's worth storing, and how to analyse the data. lot of q&a
Domain Name System by Hannes Mehnert (42:41)
- good intro talk, but keep in mind it's a very basic overview of DNS. q&a covers a lot more detail
Circumventing video identification using augmented reality by Jan Garcia (30:51)
- must watch talk - turns out some banks think verifying an id over a webcam is fine? goes into a lot of detail on generating the id card. good q&a
Internet of Dongs by Werner Schober (32:41)
- must watch iot talk. very thorough analysis on off the shelf hardware, but unfortunately doesn't have enough time to talk about all the issues. not a lot of q&a due to this
In Soviet Russia Smart Card Hacks You by Eric Sesterhenn (38:16)
- must watch talk primarily focusing on open source implementations. the concept of a malicious card seems to have been overlooked by a lot of devs. great q&a
and on to day 4:
What the flag is CTF? by Andy (41:45)
- good intro to participating in CTFs. goes through example challenges and the different styles of CTFs that exist. examples are a lot higher than a beginner would be expected to solve, so don't get dismayed by it at all.
Kernel Tracing With eBPF by Jeff Dileo, Andy Olsen (54:08)
- must watch talk on improving tracing in linux kernels, or rather trying to make ebpf functional. it, uh, doesn't go well. not much q&a
Dissecting Broadcom Bluetooth by jiska, mantz (43:03)
- must watch talk focusing on analysing the link layer. tl;dr stop using bluetooth. lots of good q&a
well it seems we have a few talk requests and leftovers:
Day 3:
How Facebook tracks you on Android by Frederike Kaltheuner, Christopher Weatherhead (43:36)
- great talk that goes through how profiles are built off of metadata, how apps use the sdk in practice, and how bad the default config is. tons of q&a (20m)
Sneaking In Network Security by Maximilian Burkhardt (1:00:53)
- great talk on implementing segmentation on a live network. only of the conference?? tool name collision detected. good q&a
|