44CON Courses

44CON Information Security Conference

Universal Serial aBUSe: Remote Physical Access Attacks - Presented By: Rogan Dawes & Dominic White

Syllabus: Intro Quick Intro Why did you pursue this attack Cottonmouth Devices Apex Predator Physical Inspection Remote Trigger Avoid obvious vectors Automated User Interaction Previous Work Cactus Micro Revision 2 Building our own board Finished Hardwar…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Jtagsploitation 5 wires, 5 ways to root Presented By Joe FitzPatrick & Matt King

Syllabus: Intro Speaker Bio Physical Layer: Test Access Port Data Link: TAP FSM Transport Layer: Target-Specific JTAG on the Beaglebone Black Boundary Scan on the BBB Access Non-Volatile Storage Run Control Memory Access Simple Memory Analysis Advanced M…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Indicators of Compromise From malware analysis to eradication Presented By Michael Boman Worksho

Syllabus: Intro About me Malware Research Lab, 2012 How INT3 breakpoints work Memory Breakpoints Hardware breakpoints Timing Windows Internals Debug Object Handle Thread Hiding Open Process Parent Process UnhandledExceptionFilter Process Exploitation Nan…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Meterpreter Understanding the New Shiny Presented By OJ Reeves

Syllabus: Intro Background knowledge The new shiny Extended API (extapi) extapi - adsi_domain_query extapi - Service enumeration extapi - Service control extapi - Clipboard Mimikatz 2.0 (kiwi) Recap - stagers Recap - WinINET vs WinHTTP Recap - Establishi…

• YouTube
• 1-2 hours worth of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Get in the Ring0 – Understanding Windows drivers Presented By Graham Sutherland

Syllabus: Intro GREETINGS GENERAL SETUP REQUIRED TOOLS • Virtual Machine - Virtual serial ports ENVIRONMENT [1/3] PICK A DRIVER DEVICE OBJECT CREATION MAJOR FUNCTION HANDLERS BUFFERED I/O CUSTOM CONTROL CODES I/O CONTROL CODES EXAMPLE IOCTL DISPATCH EXAM…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

MITMf Bringing Man In The Middle attacks to the 21st century Presented ByMarcello Salvati

Syllabus: Intro About me Why MITMf Maninthemiddle tools Sergio Proxy What is Sergio Proxy Wishlist MITMf MITMf Overview NetCreds Normal Mode Configuration File Presentation Who is Leonardo How it works SMBTrap plugin Replace strings in HTML Appcache pois…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Lessons Learned from Black Hat’s Infrastructure: The Tweets Must Flow - Presented By Conan Dooley

Syllabus: Intro My experience at Black Hat What is Black Hat Black Hats Infrastructure Supporting Infrastructure Events Volunteers Network Security Wired Infrastructure Handmade Cables Network Problems How it was fixed Segmenting the network Quality of s…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Researching Android Device Security with the Help of a Droid Army - Presented By Joshua J. Drake

Syllabus: Intro Agenda Who am I Motivation for this talk fragmentation the end effect demo existing solutions vulnerability research Zeroday discovery Buying devices Android TV sticks More Android devices More devices Disaster strikes The Hub The Hubs Fu…

• YouTube
• 1-2 hours worth of material
• On-Demand
• Free Online Course

44CON Information Security Conference

GreedyBTS: Hacking Adventures in GSM - Presented By Hacker Fantastic

Syllabus: Introduction Overview of GSM GSM Architecture Mobile Station SIM Card Known Weaknesses What is a BTS Radio and Cellular Physical Layer Frequency Division Multiple Access Network Switching Subsystem Logical Channels Broadcast Channel Common Cont…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Breaking AV Software - Presented By Joxean Koret

Syllabus: Intro Breaking antivirus software Attack surface Attacking antivirus engines Vulnerabilities in AV engines Fuzzing statistics Exploiting AV engines (more tips) Exploiting AV engines: Summary Forticlient Kaspersky Comodo Antivirus Notes about de…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Bootstrapping an Architectural Research Platform - Presented By Jacob Torrey

Syllabus: Introduction Why this talk Agenda Protected Mode Paging Cache Virtualization Boot Process Memory Management General Protection Fault Performance Counters Branch Tracing VMExit EPT SMM SMI Questions Case Study Monitoring OS Troubleshooting Bare…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Advanced incident remediation techniques - Presented By Steve Armstrong

Syllabus: Intro Bad hosts The UFP Problem with the UFP The circle despair Why is wiping the box What is happening Who is the attacker Active attacker What we typically get Typical timeline EM Trends What can you do Missed opportunities Look after your In…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

What the HEC? Security implications of HDMI Ethernet Channel ... - Andy Davis

Syllabus: Intro Why am I talking about video interfaces? HDMI is an output isn't it? Supported CEC commands The CEC protocol Can we fuzz CEC? What are the fuzzer results? HEC - HDMI Ethernet Channel CDC (Capability Discovery and Control) Network loop pre…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Security Testing 4G (LTE) Networks - Martyn Ruks & Nils

Syllabus: Introduction Agenda Background Technical Details Environment Overview LTE Interfaces Legitimate UE Privileged Access Challenges with Testing No Authentication Authentication Process GTP Tunnel IDs Test Methods The Bad Picture Implementing the E…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course

44CON Information Security Conference

Inside .NET smart card operating system - Behrang Fouladi

Syllabus: Intro What is a smart card? Single Application Smart Cards Did you know? Example: SIM Tracker Applet In The News... Why? Smart Card Firewall NET smart card overview NET smart card security model Public Key Token Code Access Security Data Access…

• YouTube
• Less than 1 hour of material
• On-Demand
• Free Online Course