conferences
The basics of digital wireless communication
The aim of this talk by Clemens Hopfer from the 30th Chaos Communication Congress is to give an understandable insight into wireless communication, using existing systems as …
Triggering deep vulnerabilities using symbolic execution
Symbolic Execution (SE) is a powerful way to analyze programs. Instead of using concrete data values SE uses symbolic values to evaluate a large set of parallel program paths …
Researchers demonstrate SD memory card hacking
Security researchers Andrew “bunnie” Huang and Sean “xobs” Cross have demonstrated that the only way to be absolutely sure that no one will be able to …
Useful password hashing: How to waste computing cycles with style
Password-based authentication is widely used today, despite problems with security and usability. To control the negative effects of some of these problems, best practice …
Authentication using visual codes: what can go wrong
Several password replacement schemes have been suggested that use a visual code to log in. However the visual code can often be relayed, which opens up a major vulnerability. …
Building an OATH-compliant authentication server for less than $100
Using a Raspberry Pi nanocomputer and the multiOTP open source library, André Liechti showcases how to how to create an OATH-compliant authentication server at PasswordsCon …
Tales of passwords, cyber-criminals and daily used devices
Specific embedded devices are targeted by criminals in order to gain access or utilize for further attacks. Modems are attacked to change DNS-servers for advertising or …
Tracking botnets using automatically generated domains
Stefano Zanero is an Assistant Professor at Politechnico di Milano, where he focuses on systems security. Modern botnets rely on domain-generation algorithms (DGAs) to build …
Bypassing security scanners by changing the system language
A substantial security oversight is present in a variety of penetration testing tools, and it has to do with the different languages that a computer system can be set up to …
Video: Advanced password recovery and modern mitigation strategies
Think about all the passwords we use to access information every day. Whether it is email, social media, financial institutions or numerous other services, passwords have …
How to social engineer a social network
Social engineering has for a while now been cyber attackers’ best bet to enter systems and compromise accounts when actual hacking doesn’t work, or when they …
A new classification for potentially unwanted mobile apps
What are PUAs (Potentially Unwanted Applications), and how should they be classified in the mobile (specifically Android) environment? PUAs are not technically malware, and …