Month: February 2021

forcing my kids to make Ethernet cables // FREE CCNA // EP 11

It’s time to get SERIOUS about your CCNA. Take the next steps with Boson: https://bit.ly/bosonexsimccna (Boson ExSim) (affiliate) How to make an Ethernet cable – In this video, NetworkChuck shows you how to make an RJ45 Cat5e Ethernet network cable...

/ February 27, 2021

JavaScript Hacking? Protect Your Website Against Hackers! Let me show you how it is done!

JavaScript is used extensively to manage data. It can also be susceptible to hacking attempts. Watch how a pro hacker does it to alter the data and hijack into accounts! Want to learn all about cyber-security and become an ethical...

/ February 27, 2021

Engineering Empathy: Adapting Software Engineering Principles and Process to Security

Software engineering has a lot to teach our ‘security engineering’ teams – this session will be a live retrospective of a professional role reversal – dropping a principal security engineer into a runtime team, and placing a principal software engineer...

/ February 26, 2021

Healthscare – An Insider’s Biopsy of Healthcare Application Security

The core of this presentation will focus on vulnerabilities and design issues within healthcare solutions. As we will illustrate through the dissection of numerous clinical focused systems, including radiology reading, EMR downtime, patient entertainment, pharmacy distribution, nurse communication, M&A EMR,...

/ February 26, 2021

Hacking the Supply Chain – The Ripple20 Vulnerabilities Haunt Tens of Millions of Critical Devices

This is the story of how we found and exploited a series of critical vulnerabilities (later named Ripple20) affecting tens or hundreds of millions of IoT devices across all IoT sector conceivable – industrial controllers, power grids, medical, home, networking,...

/ February 26, 2021

When TLS Hacks You

Lots of people try to attack the security of TLS. But, what if we use TLS to attack other things? It’s a huge standard, and it turns out that features intended to make TLS fast have also made it useful...

/ February 26, 2021

Discovering Hidden Properties to Attack the Node.js Ecosystem

We present a novel attack method against the Node.js platform, called hidden property abusing (HPA). The new attack leverages the widely used data exchanging feature of JavaScript to tamper critical program states of Node.js programs, like server-side applications. By Feng...

/ February 26, 2021

Lateral Movement & Privilege Escalation in GCP; Compromise Organizations without Dropping an Implant

Google Cloud’s security model in many ways is quite different from AWS. Spark jobs, Cloud Functions, Jupyter Notebooks, and more default to having administrative capabilities over cloud API’s. Instead of defaulting to no capabilities, permissions are granted to default identities....

/ February 26, 2021

Web Cache Entanglement: Novel Pathways to Poisoning

Caches are woven into websites throughout the net, discreetly juggling data between users, and yet they are rarely scrutinized in any depth. In this session, I’ll show you how to remotely probe through the inner workings of caches to find...

/ February 26, 2021

The Paramedic’s Guide to Surviving Cybersecurity

The security world is fraught with cases of mental health issues, burnout, substance abuse, and even suicide. We live in a world of threats and responses that trigger the deepest parts of our psyche; with the barriers between “online” and...

/ February 26, 2021

Carrying our Insecurities with Us: The Risks of Implanted Medical Devices in Secure Spaces

This talk explores the contradiction of allowing increasingly smart Implanted Medical Devices (IMD) in secure spaces through the combination of policy amendments and technical mitigations. The number of IMDs in use in the United States has been steadily increasing as...

/ February 26, 2021

You have No Idea Who Sent that Email: 18 Attacks on Email Sender Authentication

Our study demonstrates an unfortunate fact that even a conscientious security professional using a state-of-the-art email provider service like Gmail cannot with confidence readily determine, when receiving an email, whether it is forged. We identified 18 types of attacks to...

/ February 26, 2021