Submit Search
Upload
Joxean Koret - Database Security Paradise [Rooted CON 2011]
•
Download as ODP, PDF
•
3 likes
•
2,032 views
RootedCON
Follow
Report
Share
Report
Share
1 of 70
Download now
Recommended
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
RootedCON
Wtf is happening_inside_my_android_phone_public
Wtf is happening_inside_my_android_phone_public
Jaime Blasco
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
RootedCON
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
RootedCON
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...
RootedCON
Threat stack aws
Threat stack aws
Jen Andre
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where the hacker/penetration-tester has deployed a malware on a user's workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.) On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user's workstation. I developed (and will publish) two tools that help the community in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help to circumvent the hardware firewall after one can execute code on the server with admin privileges (using a signed kernel driver). My tools have been tested against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops (e.g. Citrix). The number of problems one can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Shakacon
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
RootedCON
Recommended
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
RootedCON
Wtf is happening_inside_my_android_phone_public
Wtf is happening_inside_my_android_phone_public
Jaime Blasco
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
RootedCON
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
RootedCON
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...
RootedCON
Threat stack aws
Threat stack aws
Jen Andre
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where the hacker/penetration-tester has deployed a malware on a user's workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.) On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user's workstation. I developed (and will publish) two tools that help the community in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help to circumvent the hardware firewall after one can execute code on the server with admin privileges (using a signed kernel driver). My tools have been tested against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops (e.g. Citrix). The number of problems one can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Shakacon
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
Rooted2020 roapt evil-mass_storage_-_tu-ya_aqui_-_david_reguera_-_abel_valero
RootedCON
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker. The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Shakacon
Codetainer provides an API for you to interact with Docker containers in your browser. Presentation given at E4E Conference, Sept 2015
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
Jen Andre
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019]
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
RootedCON
Michal will take you on a journey all the way to 90’s and back, sharing the Mozilla detection framework - a systematic way to detect and hunt down threat actors. Why did we spend hours digging through some old Phrack issues? How does a blue team's member approach writing rootkits? What is better - a fail negative or a false positive? I will share answers to these questions plus a lot of alerting and evil-doing code.
"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski
PROIDEA
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]
RootedCON
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Priyanka Aash
RootedCON 2020 talk. In this talk, we showed the research about software dependencies that led us to rule the world for a day. Surprisingly, we could take control of more than 800 developer machines in less than 24 hours with the collusion of the most famous software dependency repositories... And with the "collaboraiton" of the developers ;)
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)
Javier Junquera
Writing a successful, protected, targeted, malicious binary is a software development task that requires great skill. A well-written piece of targeted malware should evade anti-virus solutions, hide its network communications, protect itself against reverse engineering, and clean up any forensic evidence of its existence on the system. However, writing a mediocre piece of targeted malware that works most of the time is easy. There are many publicly available backdoors, downloaders, and keyloggers that require little to no expertise to use, and poorly trained malware authors try to roll their own all the time. Working in malware detection and reverse engineering, I see some of the intelligent choices malware authors make, but more often I see the hilariously poor code they write. During this talk I will demonstrate how to reverse engineer real world malware. I will focus on samples with interesting and comical mistakes, as well as samples that are impressive and well written.
Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!
Shakacon
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Priyanka Aash
Ведущий: Асука Накадзима (Asuka Nakajima) Практика повторного использования исходного кода позволяет сократить расходы на разработку программного обеспечения. Тем не менее, если в оригинальном исходном коде кроется уязвимость, она будет перенесена и в новое приложение. Докладчик расскажет о необычном способе обнаружения «наследуемых» уязвимостей в бинарных файлах без необходимости обращаться к исходному коду или символьным файлам.
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Positive Hack Days
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
Jason Choi
Attacking VxWorks: from Stone Age to Interstellar presented by Yannick Formaggio at 44CON London 2015.
44CON London - Attacking VxWorks: from Stone Age to Interstellar
44CON London - Attacking VxWorks: from Stone Age to Interstellar
44CON
Banking Trojans have been part of the financial cybercrime landscape for over a decade, causing losses measured in billions of dollars. On the flip side, the constant evolution of defenses against this type of malware has forced Trojan operators to adjust to security controls designed to keep them out. As a result, many Trojan operators have either disappeared or considerably narrowed their activity scope, but more interestingly, are using novel techniques to achieve their goals. In this talk, we will present three top malware operators active in the wild and their use of automated scripts to tackle their challenges: The notorious Gozi (ISFB) malware used to run its own executable files. Nowadays, it avoids storing malicious payloads on disk and instead, writes a Powershell script to the Windows registry and executes it using a special regex-based run-key. Ramnit, a dated foe that focuses on UK banks, encrypts its payload using a Windows API function with a device-unique key. In every system reboot, it decrypts the payload in-memory and runs it with a Visual Basic script that runs Powershell. This allows Ramnit to avoid running a detectable, executable file as it used to do in the past. BackSwap is a new banking Trojan that attacks financial institutions in Spain. Its dropper is a JavaScript Encoded (JSE) file. When decoded, the dropper results in a 30k lines-of-code script which downloads a binary sample from a remote Command-and-Control server. Together with our audience, we will walk through the research process and share our findings along with our (sometimes) quick-and-dirty solutions. We aim to enhance our participants’ knowledge of today’s bankers and help them get deeper into current-day scripting-related techniques cybercriminals use.
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
PROIDEA
Slide for CODE BLUE 2017
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
Chi-en Shen (Ashley) is a security researcher at FireEye, where she focuses on threat intelligence research. She specializes in threat hunting, malware analysis, reverse engineering, and targeted attacks research. Prior to FireEye, Ashley helped found Team T5, a threat research security company where she also works as a threat analyst. For supporting women in InfoSec, Ashley co-founded “HITCON GIRLS” – the first security community for women in Taiwan. Ashley is also a regular speaker at global security conferences, including Black Hat Europe, Black Hat Asia, FIRST, HITB GSEC, CODE BLUE, Troopers, HITCON and VXCON. Ashley also serves as a member of the Black Hat Asia review board where she evaluates research for briefings and training.
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen
PROIDEA
Talk of Skip Duckwall and I at BlackHat 2014 USA / Defcon Wall of Sheep. Kerberos, and new pass-the-* feature, like overpass-the-hash and the Golden Ticket
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy
This talk will cover how powerfull are buffer overflows, how weak are mitigations against them, why are buffer overflows still possible in those days, how generic are they, and example how useful is turn race conditions to buffer overflow. Race conditions are nice example for that, because they are one of the hardest to find and on of the easiest to make. example is on Linux kernel (droids included), but talk will be keeped for buffer overflows in general (mainly for windows & Linux kernel)
When is something overflowing
When is something overflowing
Peter Hlavaty
Slides from 44con 2015
How to drive a malware analyst crazy
How to drive a malware analyst crazy
Michael Boman
Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network. And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier. Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Sergey Gordeychik
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
RootedCON
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
RootedCON
More Related Content
What's hot
LastPass is a popular password manager that integrates with browsers through plugins. One of the most interesting features is the fact that the encrypted vault is stored in LastPass' servers but they have no access to the content since the master password never leaves the user's machine. All encryption and decryption happens locally. Password managers are a single point of failure by design and therefore they need to be secure. A tool with the sole purpose of storing all your secrets is a important target for any attacker. The most valuable piece of information is the master password. It is the key to decrypt the data and gain complete access. Research has been done on different attack vectors but the focus is on leaking passwords stored in the vault. This presentation will focus on how it is possible to steal and decrypt the master password. In addition, I will also demonstrate an additional attack vector that results in full access to the vault without the need of the master password. Two different attacks to achieve the same goal, full access to the vault. But given that LastPass supports 2 factor authentication, I will also demonstrate how to bypass it. Last but not least, I will release a Metasploit module that will automate the whole process. Stealing the master password, leaking the encryption key and bypassing 2 factor authentication.
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Shakacon
Codetainer provides an API for you to interact with Docker containers in your browser. Presentation given at E4E Conference, Sept 2015
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
Jen Andre
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go :(" [rooted2019]
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
RootedCON
Michal will take you on a journey all the way to 90’s and back, sharing the Mozilla detection framework - a systematic way to detect and hunt down threat actors. Why did we spend hours digging through some old Phrack issues? How does a blue team's member approach writing rootkits? What is better - a fail negative or a false positive? I will share answers to these questions plus a lot of alerting and evil-doing code.
"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski
PROIDEA
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]
RootedCON
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Priyanka Aash
RootedCON 2020 talk. In this talk, we showed the research about software dependencies that led us to rule the world for a day. Surprisingly, we could take control of more than 800 developer machines in less than 24 hours with the collusion of the most famous software dependency repositories... And with the "collaboraiton" of the developers ;)
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)
Javier Junquera
Writing a successful, protected, targeted, malicious binary is a software development task that requires great skill. A well-written piece of targeted malware should evade anti-virus solutions, hide its network communications, protect itself against reverse engineering, and clean up any forensic evidence of its existence on the system. However, writing a mediocre piece of targeted malware that works most of the time is easy. There are many publicly available backdoors, downloaders, and keyloggers that require little to no expertise to use, and poorly trained malware authors try to roll their own all the time. Working in malware detection and reverse engineering, I see some of the intelligent choices malware authors make, but more often I see the hilariously poor code they write. During this talk I will demonstrate how to reverse engineer real world malware. I will focus on samples with interesting and comical mistakes, as well as samples that are impressive and well written.
Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!
Shakacon
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Priyanka Aash
Ведущий: Асука Накадзима (Asuka Nakajima) Практика повторного использования исходного кода позволяет сократить расходы на разработку программного обеспечения. Тем не менее, если в оригинальном исходном коде кроется уязвимость, она будет перенесена и в новое приложение. Докладчик расскажет о необычном способе обнаружения «наследуемых» уязвимостей в бинарных файлах без необходимости обращаться к исходному коду или символьным файлам.
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Positive Hack Days
This presentation is an introduction to Cuckoo Sandbox, an automated a malware analysis system, and Intelligence to use this tool, at Department of Scientific Criminal Investigation in SungKyunKwan University in Korea.
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
Jason Choi
Attacking VxWorks: from Stone Age to Interstellar presented by Yannick Formaggio at 44CON London 2015.
44CON London - Attacking VxWorks: from Stone Age to Interstellar
44CON London - Attacking VxWorks: from Stone Age to Interstellar
44CON
Banking Trojans have been part of the financial cybercrime landscape for over a decade, causing losses measured in billions of dollars. On the flip side, the constant evolution of defenses against this type of malware has forced Trojan operators to adjust to security controls designed to keep them out. As a result, many Trojan operators have either disappeared or considerably narrowed their activity scope, but more interestingly, are using novel techniques to achieve their goals. In this talk, we will present three top malware operators active in the wild and their use of automated scripts to tackle their challenges: The notorious Gozi (ISFB) malware used to run its own executable files. Nowadays, it avoids storing malicious payloads on disk and instead, writes a Powershell script to the Windows registry and executes it using a special regex-based run-key. Ramnit, a dated foe that focuses on UK banks, encrypts its payload using a Windows API function with a device-unique key. In every system reboot, it decrypts the payload in-memory and runs it with a Visual Basic script that runs Powershell. This allows Ramnit to avoid running a detectable, executable file as it used to do in the past. BackSwap is a new banking Trojan that attacks financial institutions in Spain. Its dropper is a JavaScript Encoded (JSE) file. When decoded, the dropper results in a 30k lines-of-code script which downloads a binary sample from a remote Command-and-Control server. Together with our audience, we will walk through the research process and share our findings along with our (sometimes) quick-and-dirty solutions. We aim to enhance our participants’ knowledge of today’s bankers and help them get deeper into current-day scripting-related techniques cybercriminals use.
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
PROIDEA
Slide for CODE BLUE 2017
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai
Chi-en Shen (Ashley) is a security researcher at FireEye, where she focuses on threat intelligence research. She specializes in threat hunting, malware analysis, reverse engineering, and targeted attacks research. Prior to FireEye, Ashley helped found Team T5, a threat research security company where she also works as a threat analyst. For supporting women in InfoSec, Ashley co-founded “HITCON GIRLS” – the first security community for women in Taiwan. Ashley is also a regular speaker at global security conferences, including Black Hat Europe, Black Hat Asia, FIRST, HITB GSEC, CODE BLUE, Troopers, HITCON and VXCON. Ashley also serves as a member of the Black Hat Asia review board where she evaluates research for briefings and training.
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen
PROIDEA
Talk of Skip Duckwall and I at BlackHat 2014 USA / Defcon Wall of Sheep. Kerberos, and new pass-the-* feature, like overpass-the-hash and the Golden Ticket
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy
This talk will cover how powerfull are buffer overflows, how weak are mitigations against them, why are buffer overflows still possible in those days, how generic are they, and example how useful is turn race conditions to buffer overflow. Race conditions are nice example for that, because they are one of the hardest to find and on of the easiest to make. example is on Linux kernel (droids included), but talk will be keeped for buffer overflows in general (mainly for windows & Linux kernel)
When is something overflowing
When is something overflowing
Peter Hlavaty
Slides from 44con 2015
How to drive a malware analyst crazy
How to drive a malware analyst crazy
Michael Boman
Having developed a test set, we started to research how safe it is for clients to use 4G networks of the telecommunication companies. During the research we have tested SIM-cards, 4G USB modems, radio components, IP access network. First of all we looked for the vulnerabilities that could be exploited remotely, via IP or radio network. And the result was not late in arriving. In some cases we managed to attack SIM-cards and install a malicious Java applet there, we were able to update remotely USB modem firmware, to change password on a selfcare portal via SMS and even to get access to the internal technological network of a carrier. Further attack evolution helped to understand how it is possible to use a simple SMS as an exploit that is able not only to compromise a USB modem and all the communications that go through it, but also to install bootkit on a box, that this modem is connected to.
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Sergey Gordeychik
What's hot
(20)
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)
Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!
Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Automated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
44CON London - Attacking VxWorks: from Stone Age to Interstellar
44CON London - Attacking VxWorks: from Stone Age to Interstellar
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
Possibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen
Abusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
When is something overflowing
When is something overflowing
How to drive a malware analyst crazy
How to drive a malware analyst crazy
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Viewers also liked
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
RootedCON
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
RootedCON
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...
RootedCON
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]
RootedCON
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...
RootedCON
José Ramón Palanco - NoSQL Security [RootedCON 2011]
José Ramón Palanco - NoSQL Security [RootedCON 2011]
RootedCON
Alejandro Martín + Chema Alonso - Pulveriza tus publicaciones con Dust [Roote...
Alejandro Martín + Chema Alonso - Pulveriza tus publicaciones con Dust [Roote...
RootedCON
Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit [RootedCON 2011]
Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit [RootedCON 2011]
RootedCON
Rubén Santamarta - SCADA Trojans: Attacking the Grid [Rooted CON 2011]
Rubén Santamarta - SCADA Trojans: Attacking the Grid [Rooted CON 2011]
RootedCON
Para este Panel contaremos con la moderación de SecurityByDefault.com y la asistencia de miembros de uno de los primeros y más famosos grupos de hackers españoles, quienes nos contarán el qué, cómo, cuándo y dónde de sus andanzas.
{RootedPanel] Grupo de Hackers Históricos: Apòstols [RootedCON 2010]
{RootedPanel] Grupo de Hackers Históricos: Apòstols [RootedCON 2010]
RootedCON
Antonio Ramos - La asimetría en el mercado de la seguridad [RootedCON 2011]
Antonio Ramos - La asimetría en el mercado de la seguridad [RootedCON 2011]
RootedCON
Alberto García de Dios - Virus, el arte no debería ser negocio [Rooted CON 2011]
Alberto García de Dios - Virus, el arte no debería ser negocio [Rooted CON 2011]
RootedCON
Blueliv - Information Tracking with Optos [Rooted CON 2011]
Blueliv - Information Tracking with Optos [Rooted CON 2011]
RootedCON
David López Paz - Global Warfare [RootedCON 2011]
David López Paz - Global Warfare [RootedCON 2011]
RootedCON
Vins Villaplana - Seguridad en capa de enlace [RootedCON 2011]
Vins Villaplana - Seguridad en capa de enlace [RootedCON 2011]
RootedCON
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
RootedCON
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
RootedCON
Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]
RootedCON
Alejandro Ramos - Know your ******: 4dv4nc3d P@55w0rd$ (r4c|<1ng [RootedCO...
Alejandro Ramos - Know your ******: 4dv4nc3d P@55w0rd$ (r4c|<1ng [RootedCO...
RootedCON
Viewers also liked
(19)
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...
José Ramón Palanco - NoSQL Security [RootedCON 2011]
José Ramón Palanco - NoSQL Security [RootedCON 2011]
Alejandro Martín + Chema Alonso - Pulveriza tus publicaciones con Dust [Roote...
Alejandro Martín + Chema Alonso - Pulveriza tus publicaciones con Dust [Roote...
Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit [RootedCON 2011]
Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit [RootedCON 2011]
Rubén Santamarta - SCADA Trojans: Attacking the Grid [Rooted CON 2011]
Rubén Santamarta - SCADA Trojans: Attacking the Grid [Rooted CON 2011]
{RootedPanel] Grupo de Hackers Históricos: Apòstols [RootedCON 2010]
{RootedPanel] Grupo de Hackers Históricos: Apòstols [RootedCON 2010]
Antonio Ramos - La asimetría en el mercado de la seguridad [RootedCON 2011]
Antonio Ramos - La asimetría en el mercado de la seguridad [RootedCON 2011]
Alberto García de Dios - Virus, el arte no debería ser negocio [Rooted CON 2011]
Alberto García de Dios - Virus, el arte no debería ser negocio [Rooted CON 2011]
Blueliv - Information Tracking with Optos [Rooted CON 2011]
Blueliv - Information Tracking with Optos [Rooted CON 2011]
David López Paz - Global Warfare [RootedCON 2011]
David López Paz - Global Warfare [RootedCON 2011]
Vins Villaplana - Seguridad en capa de enlace [RootedCON 2011]
Vins Villaplana - Seguridad en capa de enlace [RootedCON 2011]
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]
Alejandro Ramos - Know your ******: 4dv4nc3d P@55w0rd$ (r4c|<1ng [RootedCO...
Alejandro Ramos - Know your ******: 4dv4nc3d P@55w0rd$ (r4c|<1ng [RootedCO...
Similar to Joxean Koret - Database Security Paradise [Rooted CON 2011]
New and Improved Hacking Oracle From Web Apps - Sumit Sidharth - OWASP India Conference 2012
New and improved hacking oracle from web apps sumit sidharth
New and improved hacking oracle from web apps sumit sidharth
owaspindia
Talk was presented by Abdullah Joseph at NanoSec Conference 2019, InterContinental Hotel Kuala Lumpur on the 9th of October 2019.
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Hafez Kamal
See how Kamil Cholewiński talks about Practical automation in Tech Talk episode 10 Visit pilot.co — World’s best engineering and design talent on demand. YouTube: https://youtu.be/x0eQ7x7xN8o
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot
Introduction to terraform
introduction-infra-as-a-code using terraform
introduction-infra-as-a-code using terraform
niyof97
Android Ramdisks basics presented at the Big Android BBQ 2014. Covers some of SElinux for Android, Kernels, Startup Sequences, Services, Classes, and Properties. Even, some practical examples on how they can be used to help your Android embedded or debugging work.
Timings of Init : Android Ramdisks for the Practical Hacker
Timings of Init : Android Ramdisks for the Practical Hacker
Stacy Devino
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
DevOpsDays Tel Aviv
infractucturas
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
miguel dominguez
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
MortazaJohari
This is a talk about managing your software and infrastructure-as-code that walks through a real-world example of deploying microservices on AWS using Docker, Terraform, and ECS.
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Yevgeniy Brikman
Development environments are a necessary part of every developer's workflow. They can also be a great source of friction. What may begin as simply running python my_app.py eventually bloats as you add more apps, more databases, more testing frameworks, and more developers. We'll talk about the evolution of a typical development environment, how it lets us down, and how we try to make it better. We'll end with an introduction to Dusty, a new tool which uses Docker containers to take our development environments to the next level. Originally presented at PyGotham 2015.
Dev Environments: The Next Generation
Dev Environments: The Next Generation
Travis Thieman
True microservices are more than simply bolting a REST interface on your legacy application, packing it in a Docker container and hoping for the best. Security is a key component when designing and building out any new architecture, and it must be considered from top to bottom. Umpa Lumpas might not be considered "real" microservices, but Willy Wonka still has them locked down tight! In this talk, Aaron will briefly touch on the idea and security benefits of microservices before diving into practical and real world examples of creating a secure microservices architecture. We'll start with designing and building high security Docker containers, using and examining the latest security features in Docker (such as User Namespaces and seccomp-bpf) as well as examine some typically forgotten security principals. Aaron will end on exploring related challenges and solutions in the areas of network security, secrets management and application hardening. Finally, while this talk is geared towards Microservices, it should prove informational for all Docker users, building a PaaS or otherwise.
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.
Prerequisite: Good knowledge of Docker, SELinux
Docker Security
Docker Security
BladE0341
Joanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista Kernel
guestf1a032
Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations. In this presentation, we will: - Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code - Discuss how to mitigate those risks - Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni
What’s with all of these container image vulnerabilities? I’m a developer, not a security analyst! Whether you’re a solo dev or a large team embracing DevSecOps, join me to learn practices I’ve seen successful teams using to build safer container images & avoid the mistakes they made along the way. If you’ve even run a vulnerability scan on a container you’ve probably seen it: the dreaded list with 100s, maybe even 1000s of issues on it. Containers have made life simpler in so many ways, but security sometimes doesn’t feel like one of them. So what can we do about it? In this talk, I’ll share what I’ve learned working with users and companies and the best practices I’ve picked up along the way to builds safer container images. I’ll also share what not to do, because there are many rabbit holes you can go down that end up wasting time and energy. I’ll share the processes and patterns that you can use whether you’re working on an individual project, or you’re part of a bigger team embracing DevSecOps.
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
Eric Smalling
Node Security: The Good, Bad & Ugly
Node Security: The Good, Bad & Ugly
Bishan Singh
On August 2017 a well established Corporation was hit by an advanced attacker. The techniques adopted to overcome security platforms and infrastructures showed a very dangerous and innovative attacker. This is the tale of the IR team hired to fight this advanced attacker, a tale of a team pushing all his resources and technical skills to overcome the threat and finally chase the Adder...
Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...
Stefano Maccaglia
Advanced .Net Debugging of native (unmanaged) and Managed CLR code using NTSD, SOS, SosEx, KD.
.Net Debugging Techniques
.Net Debugging Techniques
Bala Subra
How to fix bugs in live/production code by locating the root causes predictably and quickly?
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
Bala Subra
How Hackers Can Break Your CI/CD
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
Daniel Garcia (a.k.a cr0hn)
Similar to Joxean Koret - Database Security Paradise [Rooted CON 2011]
(20)
New and improved hacking oracle from web apps sumit sidharth
New and improved hacking oracle from web apps sumit sidharth
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
introduction-infra-as-a-code using terraform
introduction-infra-as-a-code using terraform
Timings of Init : Android Ramdisks for the Practical Hacker
Timings of Init : Android Ramdisks for the Practical Hacker
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Dev Environments: The Next Generation
Dev Environments: The Next Generation
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker Security
Docker Security
Joanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista Kernel
Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
Node Security: The Good, Bad & Ugly
Node Security: The Good, Bad & Ugly
Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...
.Net Debugging Techniques
.Net Debugging Techniques
.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
More from RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amado
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molina
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopez
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jara
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
RootedCON
RootedCON https://www.rootedcon.com Marzo/March 5-7 2020 Madrid (Spain)
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
RootedCON
More from RootedCON
(20)
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molina
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopez
Rooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jara
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Joxean Koret - Database Security Paradise [Rooted CON 2011]
1.
Database's Security Paradise
Joxean Koret
2.
3.
4.
5.
Local Vulnerabilities in
Database Software
6.
Unidata
7.
8.
Send SIGUSR2 signal
to any process
9.
10.
Ingres
11.
12.
Welcome to '70s!
13.
14.
15.
16.
Ingres Developers...
17.
MySQL Client
18.
19.
20.
Stupid bug #1
21.
Stupid bug #2
22.
Stupid bug #2
23.
(Remote) Stupid bug
#3
24.
25.
IBM DB2
26.
27.
Local privilege escalation
28.
29.
30.
31.
32.
Oracle
33.
34.
35.
36.
Informix
37.
38.
39.
40.
Path to ifmx_dlopen
function
41.
42.
43.
44.
45.
Remote Vulnerabilities
46.
47.
Unidata
48.
49.
50.
51.
52.
IBM DB2
53.
54.
55.
56.
57.
58.
Informix
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
Search for bugs
;)
70.
Download now