Video Archives Of Security Conferences And Workshops

Just some links for your enjoyment

List of security conferences in 2014

Video archives:



AIDE (Appalachian Institute of Digital Evidence)

• 2013
• 2012
• 2011

Blackhat

• 2012 or 2012 torrent

Botconf

• 2013

Bsides

• BSides DC 2014
• BSides Chicago 2014
• BSides Nashville 2014
• BSides Augusta 2014
• BSides Huntsville 2014
• BSides Las Vegas 2014
• BSidesDE 2013
• BSidesLV 2013
• BSidesRI 2013
• Bsides Cleveland 2012 BsidesCLE
• Bsides Las Vegas 2012

Chaos Communication Congress

• Chaos Communications Channel YouTube
• 31c3 Recordings

Defcon

• Defcon: All Conference CDs and DVDs with Presentation PDF files (updated 2014 for DEF CON 22): Torrent
• Defcon Wireless Village 2014
• Defcon: all other

Derbycon

• Derbycon 4
• DerbyCon 3
• Derbycon 2
• Derbycon 1

Digital Bond's S4x14

• Digital Bond's S4x14 ISC Security

Circle City Con

• Circle City Con 2014

GrrCON Information Security Summit & Hacker Conference

• GrrCON 2014

Hack in the box HITB

• 2011

Hack in Paris :

• 2011  https://www.youtube.com/playlist?list=PL70E48008B3E43448
• 2012  https://www.youtube.com/playlist?list=PL1F1B29D6E0D89A5F
• 2013  https://www.youtube.com/playlist?list=PL3UAg9Zuj1yK5nePRJCq1Y3gVLkoqVj9a
• 2014  https://www.youtube.com/playlist?list=PL3UAg9Zuj1yLmemIKw-domjg5UkbN-pLc

Hack3rcon

• Hack3rcon 4
• Hack3rcon 3

InfowarCon

• InfowarCon 2014

Free and Open Source Software Conference 2014

• froscon2014

International Cyber Security Conference 

• Tel-Aviv 2014

KIACS Cyber Security Conference

• KIACS 2014

Louisville

• Louisville Infosec 2014
• Louisville InfoSec 2013

NATO Cyber Security Conference

• 2014

Notacon

• Notacon 2013

Nuit du Hack

• 2011 https://www.youtube.com/playlist?list=PL311C7F71E22EA36A
• 2012 https://www.youtube.com/playlist?list=PLA446F5E0B2847F06
• 2013 https://www.youtube.com/playlist?list=PLzGIjwtabBqjyvyt1eUdlfXg0EbcLND-8
• 2014 https://www.youtube.com/playlist?list=PLzGIjwtabBqggpaJe51ZuifYYovBy3HhS

Nullcon

• Nullcon 2014
• Nullcon 2013
• Nullcon 2012

OWASP

• OWASP Global Webinars
• AppSec California 2014
• AppSecEU 2014
• AppSecUSA 2013
• AppSec EU Research 2013
• AppSecUSA 2012
• AppSecUSA 2011

OISF

• OISF 2014
• OISF 2013

OHM

• OHM2013. Observe, Hack, Make

Outerz0ne 9

• 2013
• 2011

Passwordscon

• Passwordscon 2014

PhreakNIC

• PhreakNIC 16

RSA

• Videos
• 2014 Big data should be dead. Unisys

Ruxcon

• Ruxcon 2012
• Ruxcon 2011

Shmoocon

• Shmoocon 2014
• Firetalks 2015
• Firetalks 2014
• Firetalks 2013
• Firetalks 2011

ShowMeCon

• 2014

SkyDogCon

• SkyDogCon 2013
• SkyDogCon 2012

TakeDownCon

• Rocket City 2014

Troopers

Heidelberg Germany

• Troopers 2014
• Troopers 2013
• Troopers 2012

Virus Bulletin

•  VB2014

Workshops, How-tos, and Demos

• Adrian Crenshaw. Intro to Darknets: Tor and I2P Workshop
• Installing the I2P darknet software in Linux
• Adrian Crenshaw. Installing Nessus on Kali Linux and Doing a Credentialed Scan
• Intro to Metasploit Class at IU Southeast
• Louisville ISSA Web PenTesting Workshop
• Louisville Nmap Class 2014
• ISSA Kentuckiana - RESTful Web Services - Jeremy Druin - @webpwnized
• Introduction to HTML Injection (HTMLi) and Cross Site Scripting (XSS) Using Mutillidae
• Introduction to Pen Testing Simple Network Management Protocol (SNMP) - ISSA Kentuckiana workshop 9 - Jeremy Druin
• Liam Randall- Shmoocon 2013: Bro IDS and the Bro Network Programming Language
• Basics of using sqlmap - ISSA Kentuckiana workshop 8 - Jeremy Druin
• SQL Server Hacking from ISSA Kentuckiana workshop 7 - Jeremy Druin
• Introduction to buffer overflows from ISSA KY workshop 6 - Jeremy Druin
• The potential impact of Software Defined Networking on security - Brent Salisbury
• Into to Metasploit - Jeremy Druin
• Traceroute and Scapy Jeremy Druin @webpwnized
• Basic Setup of Security-Onion: Snort, Snorby, Barnyard, PulledPork, Daemonlogger
• NetworkMiner Professional for Network Forensics

Special thanks to  Adrian Crenshaw for his collection of videos

Related links

• Cómo Se Escribe Hacker
• Curso Growth Hacking
• Curso De Ciberseguridad Y Hacking Ético

Parrot Security OS 4.7 Released With New Linux Kernel, Menu Structure, Tools Improvements And Many Changes

In Sep 18 2019, Parrot Security OS 4.7 has released, with many new following changes below.

Latest Linux 5.2.x series
   The new ISO files of Parrot 4.7 are being released only now, but we were the first Debian derivative distribution to introduce Linux 5.1 and 5.2 to all our users, and now ParrotSec team is ready to offer it also with our ISO files rebild cycle to support more devices and integrate all the latest linux features from the beginning.

New sandbox behavior (opt-in rather than opt-out)
   Sandboxing is a great thing, and ParrotSec team was in the first line when they introduced our custom Firejail and AppArmor solution for the first time many years ago. We still want to improve such feature and ParrotSec team has a whole team dedicated to improve sandboxing and hardening of the Parrot Security OS system, but ParrotSec team had to face the many users with issues caused by the restrictions of our sandbox.

   In Parrot Security OS 4.7 the sandbox is disabled by default, and users can decide wether to start an application sandboxed or not. You can easily start the sandboxed version of an installed program from the /sandbox/ folder or from a dedicated menu that ParrotSec team plans to improve in the future (meanwhile the search feature of the bottom menu will fit all your needs), or you can re-enable it by default by using the firecfg tool.

New menu structure and tools improvements
   The pentesting menu structure was refactored and re-designed to make tools easier to access in a more logical hierarchical structure. New tools were also added to the project, and ParrotSec team plans to add even more in the future. Not all of them are going to be pre-installed, but a good set of tools in our repository enables pentesters to build up the perfect pentest system for their specific needs, regardless the default package selection picked by ParrotSec team.

Domain changes
   To reflect the neutrality of a distro that started as a pentest-only system and became more general purpose later with Parro Home, the community voted through a democratic process to switch to parrotlinux.org as the new default domain of the project.

   ParrotSec team will still use ParrotSec.org for other things (included the old email addresses), and they introduced other project domains to handle specific parts of the infrastructure.

Repository changes
   ParrotSec team is preparing to integrate a future LTS branch, so they decided to rename the current repository from stable to rolling. Nothing changes for the end user, and the current Parrot Security OS branch will continue to behave the same as before, but now with a different name to better reflect the rolling release nature of the system, waiting for the LTS edition to join the Parrot Security OS family along side the rolling branch in a similar way OpenSUSE does.

New MATE 1.22 release: Parrot Security OS 4.7 ships with the latest MATE 1.22 desktop environment.

Miscellaneous: New Firefox Browser 69, the latest Radare2 and cutter versions and many other important upgrades are all aboard as expected in a properly developed rolling release distro.

How to upgrade to the lastest Parrot Security OS version
   You can update your existing Parrot Security OS system with this command:
sudo parrot-upgrade

   Or use the raw apt command
sudo apt update
sudo apt full-upgrade

   Don't forget to use this command regularly (at least once a week) to receive the latest security updates and bugfixes from the Parrot Security OS repository.

   Or you can download the latest release from official download page.

From Parrot Project Blog

More articles

• Certificacion Hacking Etico
• Hacker Definicion Informatica
• Hacking Tutorials
• Hacking Wifi
• Hacking 101
• Hacking Wifi
• Funnel Hacking Live
• Hacking 2018
• Hacking Wifi Windows
• Hacker Significado
• Libros Hacking Pdf

Vsftpd Backdoor - Ekoparty Prectf - Amn3S1A Team

It's a 32bits elf binary of some version of vsftpd, where it have been added a backdoor, they don't specify is an authentication backdoor, a special command or other stuff.

I started looking for something weird on the authentication routines, but I didn't found anything significant in a brief period of time, so I decided to do a bindiff, that was the key for locating the backdoor quickly. I do a quick diff of the strings with the command "strings bin | sort -u" and "vimdiff" and noticed that the backdoored binary has the symbol "execl" which is weird because is a call for executing elfs, don't needed for a ftp service, and weird that the compiled binary doesn't has that symbol.

Looking the xrefs of "execl" on IDA I found that code that is a clear backdoor, it create a socket, bind a port and duplicate the stdin, stdout and stderr to the socket and use the execl:

There are one xrefs to this function, the function that decides when trigger that is that kind of systems equations decision:

The backdoor was not on the authentication, it was a special command to trigger the backdoor, which is obfuscated on that systems equation, it was no needed to use a z3 equation solver because is a simple one and I did it by hand.

The equation:

cmd[0] = 69

cmd[1] = 78

cmd[1] + cmd[2] = 154

cmd[2] + cmd[3] = 202

cmd[3] + cmd[4] = 241

cmd[4] + cmd[5] = 233

cmd[5] + cmd[6] = 217

cmd[6] + cmd[7] = 218

cmd[7] + cmd[8] = 228

cmd[8] + cmd[9] = 212

cmd[9] + cmd[10] = 195

cmd[10] + cmd[11] = 195

cmd[11] + cmd[12] = 201

cmd[12] + cmd[13] = 207

cmd[13] + cmd[14] = 203

cmd[14] + cmd[15] = 215

cmd[15] + cmd[16] = 235

cmd[16] + cmd[17] = 242

The solution:

cmd[0] = 69

cmd[1] = 75

cmd[2] = 79

cmd[3] = 123

cmd[4] = 118

cmd[5] = 115

cmd[6] = 102

cmd[7] = 116

cmd[8] = 112

cmd[9] = 100

cmd[10] = 95

cmd[11] = 100

cmd[12] = 101

cmd[13] = 106

cmd[14] = 97                    

cmd[15] = 118

cmd[16] = 117

cmd[17] = 125

The flag:

EKO{vsftpd_dejavu}

The binary:
https://ctf.ekoparty.org/static/pre-ekoparty/backdoor

More information

• Hacking Gif
• Curso Hacking Gratis
• Hacking Etico Curso Gratis
• Hacking Netflix Account
• Significado De Hacker
• Libro Hacking Etico
• Udemy Hacking