2018

S1.E1 ∙ Hacking, Phreaking & Juvenile Delinquency

Sun, Jun 10, 2018

In a time when tinkering with technology was a guarantee for ridicule and torment, a small group of curious explorers were connecting to computer systems, traversing the telephone network, and occasionally causing mischief. Speaking at CypherCon 3.0, Joe Grand talks about previously unheard stories of his early days as a hacker, phone phreak, and troublemaker, following a rebellious path towards the eventual redirection of his passion to serve the greater good.

0 /10

S1.E2 ∙ Hacking a Better Tomorrow

Wed, Jun 27, 2018

With more than 20 million YouTube views and fans spanning the globe, Ben is a proponent of computer science education, the DIY movement and equipping his viewers with the tools and knowledge to overcome any obstacle - design-related or otherwise.

0 /10

S1.E3 ∙ Forensics When You're Broke

Fri, Jul 06, 2018

Exploring the forensic methodology and tasks using free open source software. We won't be focusing on what tools are available, the focus of the presentation is explaining the methodology and where these tools fit in to the process to get the job done.

0 /10

S1.E4 ∙ Hack in the Day

Thu, Aug 02, 2018

This talk will be about hacking/phreaking in the late 1980's, early 1990's, and what the scene was like back then as compared to present times. Tips and tricks that were considered cutting edge back then, and some tricks that still work today. The general attitude around hacking, and hacking 'groups' has matured and evolved over the years, and this talk will give a snapshot into some of the origins of how we got to where we are at today. This will be a talk that touches not only on technical aspects, but also on social aspects of historical hacking.

0 /10

S1.E5 ∙ Developer Friendly Cryptography

Thu, Aug 16, 2018

Software developers often make mistakes when using cryptography in applications, which tends to result in code with dangerous and subtle weaknesses. Some of this can be addressed through training, but should we expect all developers to be cryptography experts? Many developers only know to avoid writing their own ciphers, and rely on one of the many incomplete or incorrect code examples that exist on the internet. To make things worse, most cryptographic libraries in use today are designed to be used by experts and often result in misunderstandings by the average application developer. In this talk we will look at some common cryptography usage errors and why popular libraries often fall short. We will also discuss nuances such as backwards compatibility, FIPS 140-2 validation, and weak standards such as JOSE/JWT that contribute to the overall confusion. Brice will share some advice that you can provide to the development/engineering teams in your organization to not only make their job easier, but also ensure more secure cryptographic implementations. Thank you for watching, subscribing and your support.

0 /10

S1.E6 ∙ Hacking Academia

Thu, Aug 30, 2018

Disciplines such as genetics and chemistry have a long history of discoveries that were initially overlooked and not appreciated for their transformative implications until decades later. These findings were often made by researchers working on the fringes of the mainstream scientific community who published in obscure journals, if at all. Through sheer luck their work formed the basis for larger discoveries. The cybersecurity community has many parallels. If you look at the titles of talks at serious academic conferences, there's a surprising overlap of topics and methods, but the two worlds never meet. There is a prevalence of virtual and physical collaborations of cybersecurity experts performing research and deriving tangible, noteworthy results that are never published and is often not taken seriously enough to influence the timely design of security systems and software. How can we create feedback loops between the academic community, cybersecurity operators and underground security researchers who may not even think of themselves as "researchers"? Anita Nikolich will present some ideas about how three communities with different incentives, yet the same goals, can work together to shorten the time to discovery and overcome many of the obstacles that impeded progress in the sciences centuries earlier.

0 /10

S1.E7 ∙ Attacking Wireless Devices with SDR

Thu, Sep 13, 2018

In this talk, we'll be exploring how wireless communication works. We'll capture digital data live (with Software-Defined Radio [SDR]), and see how the actual bits are transmitted. From here, we'll see how to view, listen to, manipulate, and replay wireless signals. We'll also look at interrupting wireless communication, and finally, we'll even generate new radio waves from scratch (which can be useful for fuzzing and brute force attacks). I'll also be demoing some brand new tools I've written to help in the interception, manipulation, and generation of digital wireless signals with SDR.

0 /10

S1.E8 ∙ SOAR: Operating at Attacker Speed

Thu, Sep 27, 2018

We face a shortage of qualified information security professionals, a high volume of security alerts, and a dynamic threat landscape rapidly evolving toward automated attacks. Security Orchestration, Automation and Response (SOAR) enables defenders to operate at attacker speed by codifying detection and response expertise into automation playbooks. This talk will examine the core components of SOAR, the skills required to design and implement it in your organization, common use cases in detection and response, and potential opportunities for security control testing in a defense-in-depth environment.

0 /10

S1.E9 ∙ When Developers Fail to Secure

Thu, Oct 11, 2018

In the last year, David Bryan has found some pretty stupid security mistakes. Blatantly overlooked controls, or flat out lazy system admins. David will show real-world examples of misuse and abuse, and improper data handling of passwords inside application code. When talking about the security of a system as a whole, we must remember a breech in one system, can lead to a breach on another system because of the implicit trust relationships we build to get the job done. David will cover how he pulled down 1.2M hashes and cracked them and what controls were missed, and how to prevent it from happening again.

0 /10

S1.E10 ∙ What the Fungi? How to Grow Your Own Nootropics

Thu, Oct 25, 2018

Big time farmers are getting rich off fungi. Ripping off consumers and controlling the supply. Don't be cheated by all the claims that science would deny. Learn how mushrooms are medicinal from what the clinical trials imply. From Star Trek to Starbucks, mushrooms seem to be popping up everywhere lately, doing amazing things like fighting cancer, boosting immunity, improving cognition, making Mario SUPER BIG, and sending starships across the galaxy at faster than warp speeds! As our science catches up with our science fiction, marketers are getting away with murder selling "mushroom products." In a market that enjoys zero quality control yet is expected it hit $50 billion in the coming years, they can literally sell you the dirt mushrooms grow in and get away with it. Don't believe the hype. In this presentation learn which compounds mushrooms produce that are medicinal and how you can easily grow them at home. We'll review the latest research from clinical trials and unveil the low cost, high yield techniques gleaned from the forums of anonymous mushroom cultivators.

0 /10

S1.E11 ∙ Text Mining: Reading Between the Lines

Thu, Nov 08, 2018

Ever hear the phrase, "Read between the lines?" This usually refers to one's ability to infer hidden meaning from text. This ability has always been reserved for humans (or those who appear human). That is, until now. This session will look at the tools and efforts needed for "Text Mining" or using Data Mining techniques to infer meaning, biases, misconceptions, and/or hidden agendas from common documents. Viewers will leave with a general understanding of the text mining process along with a list of free/inexpensive tools and services they can use to start text mining right away.

0 /10

S1.E12 ∙ SAEDY: Subversion & Espionage Directed Against You

Thu, Nov 22, 2018

"Frequently, people who go along a treasonous path do not know they are on a treasonous path until it is too late", as per testimony from former CIA Director John Brennan, May 2017. The definition of social engineering (SE) is: "any act that influences a person to take an action that may or may not be in their best interest". Using an old US Army acronym called SAEDA, Subversion and Espionage Directed Against the Army, will discuss how today's use of SE is essentially trade craft of espionage, commonly known as spying. "There is no patch for an untrained user or even an experienced security professional who forgets, in the heat of the moment, to follow what they have been taught." Espionage is the practice of secretly gathering information about a foreign government or a competing industry, with the objective of placing one's own government or corporation at a strategic or financial advantage. Presenting case examples of military and industrial espionage will illustrate how tricks of the spy trade are parleyed against ordinary individuals every day. The ultimate goal is for individuals to become self-aware as today's cyber threat landscape is essentially 'them against you'.

0 /10

S1.E13 ∙ Spy

Thu, Dec 06, 2018

Military veteran Ken Grigas talks about his time in service during the "Cold War" between the Unites States and the U.S.S.R.

0 /10

S1.E14 ∙ Alice in ICSLand

Thu, Dec 20, 2018

From Crash Override to TRISIS, the past decade has made it clear that the threat of cyber attacks on Industrial Control Systems (ICS) is real, and poses a fundamental risk to our way of life. The demand of ICS security professionals far exceeds the supply. But how does a information security professional learn to function in such a different environment? Mark Stacey and Lesley Carhart of Dragos Inc. (who both transitioned from traditional DFIR) will provide an overview of some great ways to learn about the operational and technical aspects of ICS networks and grow one's skill set without breaking the bank.

0 /10

S1.E15 ∙ How to "Theoretically" Kill a Continent

Sun, Dec 31, 2017

SARS, H1N1, MRSA, Zika, Ebola. The human body is terrifyingly vulnerable. With the rise of novel gene-editing techniques and our increasing knowledge of genomics, we are forced to confront the idea of a microscopic enemy. This talk will explore the not-so-theoretical aftermath of an unchecked pandemic of unknown origin, the monsters we created in our own medical hubris, and the ever-present threat of bio-terrorism. The unpredictability of such weapons, and our inability to create safety brakes for the ones we do create will also be discussed.

0 /10

S1.E16 ∙ Embedding Security

Thu, Jan 17, 2019

Sequestered, Cordoned Off, Separated, even Out of Touch. These words have been used by plenty of non-infosec folks. From Dev teams to Admins, Sales people and more, we get looked at as these mystical people who say NO. The people who are stopping others from doing their job. Maybe it is time for our team to take a different approach.

0 /10

S1.E17 ∙ Handshakes & Hashes, Plucking Passwords from Thin Air

Thu, Jan 31, 2019

New developments in Hashcat have brought some new WiFi attack techniques to light. We've taken concepts from classic WiFi attacks, added a little special sauce, and created a whole new attack vector for WiFi devices everywhere. All it takes is a friendly introduction and a little cracking time to gain access to protected networks. Also, Cynosure Prime will be releasing source for a new password cracking technique. Come get some code and that uneasy feeling of being vulnerable.

0 /10

S1.E18 ∙ Hidden in Plain Sight, Steganography & Digital Watermarking

Thu, Feb 14, 2019

Steganography is the practice of hiding a message "in plain sight" inside an image, video, sound, text, or file. The practice goes back centuries, and in recent years has seen a rise in use for digital watermarking. Unlike cryptography, steganography seeks to hide even the presence of a message. Steganography can be used for communication, leak prevention, or copyright protection. We'll look at steganographic techniques, analysis, and detection through the lens of digital watermarking.

0 /10

S1.E19 ∙ An Interdisciplinary View of Risk, Applications for Security

Thu, Feb 28, 2019

Risk is important to cybersecurity professionals to justify security controls, to engineers during the requirements phase of an engineering project and to management in project planning. In its Internet Security Threat Report, Symantec reports that in 2016, 791,820,040 data records were breached in the United States, which averages two breaches per American. France, Canada and Taiwan also encountered breaches above or near their population levels - or double it. This begs the question: are we doing and spending enough for security? Risk management states that an organization shall not pay more for controls than it may lose due to risk. In information security, it is commonly accepted that corporations underspend for risk because as a Tech Republic news article is titled: "The real reason companies don't take security seriously: Their money isn't on the line." The commonly held view of risk is that risk management is a cost-saving measure to protect the organization. Following this philosophy, it is possible for an organization to protect itself at the expense of customers, the neighborhood, employees and/or the environment. This view can frustrate engineers and IT staff when their best efforts to protect organizations and customers are not sufficiently respected and prioritized. What does an interdisciplinary study of risk indicate about how we should evaluate risk? As we develop automated vehicles and other Internet of Things products, security breaches may not just divulge information, but could potentially harm health, homes and lives. This interdisciplinary study of ethical risk considers how to calculate risk and engineer solutions for this new environment. I also introduce a maturity model of ethical risk.

0 /10

S1.E20 ∙ Hack Dumberly Not Smarterer

Thu, Mar 14, 2019

Tim Medin discuss the dumbest red team tricks and hacks encountered over the years. We are going to take the A out of APT, because so few attackers really need to use advanced techniques. We'll also discuss the simple defenses that make an attacker's life much more difficult.

0 /10

S1.E21 ∙ Crypt-Oh No

Thu, Mar 28, 2019

The security community hasn't done a great job at making it easy for developers to choose the right algorithms and ciphers for their applications. Even when the right crypto primitives are chosen, subtle programming mistakes can lead to issues with the efficacy of the encryption. This presentation is aimed at helping developers avoid common cryptography pitfalls when encrypting sensitive data by giving guidance on what algorithms to choose and identifying common implementation issues observed in real-world applications.

0 /10