Enviar búsqueda
Cargar
Defcon 18: FOCA 2
•
Descargar como PPT, PDF
•
11 recomendaciones
•
14,613 vistas
Chema Alonso
Seguir
Slides used by Jose Palazon PALAKO and Chema Alonso to present FOCA 2 in Defcon 18
Leer menos
Leer más
Denunciar
Compartir
Denunciar
Compartir
1 de 43
Descargar ahora
Recomendados
In this talk, top ranked white-hat hacker Frans Rosén (@fransrosen) will focus on methodologies and results of attacking modern web technologies. He will do a deep-dive in postMessage, how vulnerable configurations in both AWS and Google Cloud allow attackers to take full control of your assets. Listen to 60 minutes of new hacks, bug bounty stories and learnings that will make you realize that the protocols and policies you believed to be secure are most likely not.
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
Frans Rosén
Fuzzing, Brute Force Vulnerability Discovery
Fuzzing
Fuzzing
Khalegh Salehi
Messaging for Web and Mobile with Apache ActiveMQ
Messaging for Web and Mobile with Apache ActiveMQ
dejanb
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
SecuRing
Configuration of Cisco 800 series routers for providing internet access. Several scenarios are discussed.
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet Access
Harris Andrea
Super quick intro in Docker and Docker Compose
Docker intro
Docker intro
Oleg Z
Cryptography for Java Developers Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA About the Speaker What is Cryptography? Cryptography in Java – APIs and Libraries Hashes, MAC Codes and Key Derivation (KDF) Encrypting Passwords: from Plaintext to Argon2 Symmetric Encryption: AES (KDF + Block Modes + IV + MAC) Digital Signatures, Elliptic Curves, ECDSA, EdDSA Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
Introduction to container based virtualization with docker
Introduction to container based virtualization with docker
Introduction to container based virtualization with docker
Bangladesh Network Operators Group
Recomendados
In this talk, top ranked white-hat hacker Frans Rosén (@fransrosen) will focus on methodologies and results of attacking modern web technologies. He will do a deep-dive in postMessage, how vulnerable configurations in both AWS and Google Cloud allow attackers to take full control of your assets. Listen to 60 minutes of new hacks, bug bounty stories and learnings that will make you realize that the protocols and policies you believed to be secure are most likely not.
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
Frans Rosén
Fuzzing, Brute Force Vulnerability Discovery
Fuzzing
Fuzzing
Khalegh Salehi
Messaging for Web and Mobile with Apache ActiveMQ
Messaging for Web and Mobile with Apache ActiveMQ
dejanb
Ever wanted to hack these proximity/contactless cards you use every day, but did not know where to start? This is the talk to attend! I will walk you through the fascinating world of RFID/NFC failures, snake oils and installation gaps - that despite facing well deserved hacks long time ago, still remain unpatched in so many buildings. Besides legacy (but still widespread), more modern (but also broken), and supposedly non-breakable (yet to be tested) systems, I will also share the risks and possible attacks on the new emerging technology - replacing plastic cards with your NFC smartphone in access control systems. How to recognize the card type? What kinds of cards can be cloned? Can you clone a card having just a picture of it? How to build your own card cracking and cloning equipment for less than $10, and when it is worth to invest in a more powerful hardware? How to use a smartphone to crack keys, or emulate a plastic access control card? How to intercept data transmitted from wall reader to backend door controller? How to reverse hotel system and understand the data encoded on cards? Expect highly practical information regarding these and many other topics. Multiple live demos and NFC hacking hardware sets to give away included. After the talk you are also welcome to practice the new skills yourself on our test access control installations onsite.
A 2018 practical guide to hacking RFID/NFC
A 2018 practical guide to hacking RFID/NFC
SecuRing
Configuration of Cisco 800 series routers for providing internet access. Several scenarios are discussed.
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet Access
Harris Andrea
Super quick intro in Docker and Docker Compose
Docker intro
Docker intro
Oleg Z
Cryptography for Java Developers Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA About the Speaker What is Cryptography? Cryptography in Java – APIs and Libraries Hashes, MAC Codes and Key Derivation (KDF) Encrypting Passwords: from Plaintext to Argon2 Symmetric Encryption: AES (KDF + Block Modes + IV + MAC) Digital Signatures, Elliptic Curves, ECDSA, EdDSA Live demos and code examples: https://github.com/nakov/Java-Cryptography-Examples Video (in Bulgarian language): https://youtu.be/ZG3BLXWVwJM Blog: https://nakov.com/blog/2019/01/26/cryptography-for-java-developers-nakov-at-jprofessionals-jan-2019/
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
Introduction to container based virtualization with docker
Introduction to container based virtualization with docker
Introduction to container based virtualization with docker
Bangladesh Network Operators Group
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay using BGP EVPN
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
Laurent Bernaille
Integration Solution Patterns
Integration Solution Patterns
WSO2
Kubernetes, Probes Tutorial,
Kubernetes Probes (Liveness, Readyness, Startup) Introduction
Kubernetes Probes (Liveness, Readyness, Startup) Introduction
AkhmadZakiAlsafi
Explore the world of brute force attacks, their causes, and types. Learn about essential prevention measures and discover powerful tools to safeguard your digital assets. Stay secure online with strong passwords, multifactor authentication, and password management practices
Brute Force Attack and Its Prevention.pptx
Brute Force Attack and Its Prevention.pptx
hamzajawad10
Introduction to docker for beginners
Introduction to docker
Introduction to docker
Walid Ashraf
In this YouTube live session, you will learn what is Docker Swarm and how Docker Swarm enables high availability of the containerized web services. The following topics have been covered in the session: 1. What is a Docker container? 2. What is Docker Swarm? 3. Docker Swarm commands
Docker Swarm For High Availability | Docker Tutorial | DevOps Tutorial | Edureka
Docker Swarm For High Availability | Docker Tutorial | DevOps Tutorial | Edureka
Edureka!
#CSA #Dehradun XSS Video POC in Yahoo : https://www.youtube.com/watch?v=I2WKUJn8P7I Tapjacking bug poc in Android 6.0 Video : https://www.youtube.com/watch?v=8BcP3Q4ZWXQ
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Shubham Gupta
Exploring Docker Desktop and Docker Assemble.
From Zero to Docker
From Zero to Docker
Abhishek Verma
6.LAB3.5.3_Resolución de problemas de las configuraciones de VLAN
6.lab3.5.3 resolución de problemas de las configuraciones de vlan
6.lab3.5.3 resolución de problemas de las configuraciones de vlan
Alvaro J
Introduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker Swarm
An Nguyen
null Bangalore Chapter - March 2014 Wireless Humla
Wireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
Input Method Kit
Input Method Kit
Weizhong Yang
Practical information for Alfresco integration with AOS (Sharepoint Protocol), Google Drive, Microsoft 365, ONLYOFFICE and Collabora Online. Additionally ADW support for ONLYOFFICE is provided by https://github.com/atolcd/adf-onlyoffice-extension#installation
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
Angel Borroy López
OWASP - Vulnerable Flask App
OWASP-VulnerableFlaskApp
OWASP-VulnerableFlaskApp
anilyelken
Docker introduction
Docker introduction
Docker introduction
Gourav Varma
The OAuth working group recently decided to discourage use of the implicit grant. But that’s just the most prominent recommendation the working group is about to publish in the upcoming OAuth 2.0 Security Best Current Best Practice (https://tools.ietf.org/html/draft-ietf-oauth-security-topics), which will elevate OAuth security to the next level. The code flow shall be used with PKCE only and tokens should be sender constraint to just mention a few. Development of this enhanced recommendations was driven by several factors, including experiences gathered in the field, security research results, the increased dynamics and sensitivity of the use cases OAuth is used protect and technological changes. This session will present the new security recommendations in detail along with the underlying rationales.
OAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
Torsten Lodderstedt
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity.
Proxy server
Proxy server
Proxies Rent
Top 10 Web Security Vulnerabilities as defined by the OWASP, and what you can do to protect your application
Top 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
Carol McDonald
For our February session, we are excited to invite Robert Paprocki, Cloud Engineer at Kong present on managing Terraform Module Versioning and Dependencies. Key Takeaways *This talk discusses how the team at Kong Cloud manages Terraform deployments through tooling solutions around dependency management, preaching a culture of creating small-re-usable Terraform modules. *Leveraging community tools for versioning and common variable management. *Discusses how these tools and practices are extended to logical software deployments, using Terraform to shape and manage Nomad job definitions.
Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies
Nebulaworks
docker introduction
Docker Introduction
Docker Introduction
Hao Fan
Tutorial de la aplicación foca http://linuxelcomienzodelalibertad.blogspot.com/
Tutorial de-foca
Tutorial de-foca
Jeffry Roldan
Esta obra presenta un enfoque eminentemente técnico de la experiencia de varios años de trabajo en grandes redes, desde el punto de vista de las áreas de “Planificación y Operación de red”, “Seguridad de redes y TI” y “Auditoría de seguridad”, que podríamos afirmar que son los pilares fundamentales de toda Red. Los prólogos de este libro están escritos por “Chema Alonso” y “Antonio Castro Lechtaler”, que como todos conocemos, son dos referentes internacionales en Redes y Seguridad. El autor es Alejandro Corletti Estrada que luego de la publicación “Seguridad por Niveles” en el año 2011, nuevamente nos deja esta obra para “difusión y descarga gratuita para cualquier uso docente” quedando prohibida toda acción y/o actividad comercial o lucrativa, como así también su derivación y/o modificación sin autorización expresa del autor.
Libro de Seguridad en Redes
Libro de Seguridad en Redes
Telefónica
Más contenido relacionado
La actualidad más candente
The Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to connect containers. The talk will continue with a demo showing how to build your own simple overlay using these technologies. Finally, it will show how we can dynamically distribute IP and MAC information to every hosts in the overlay using BGP EVPN
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
Laurent Bernaille
Integration Solution Patterns
Integration Solution Patterns
WSO2
Kubernetes, Probes Tutorial,
Kubernetes Probes (Liveness, Readyness, Startup) Introduction
Kubernetes Probes (Liveness, Readyness, Startup) Introduction
AkhmadZakiAlsafi
Explore the world of brute force attacks, their causes, and types. Learn about essential prevention measures and discover powerful tools to safeguard your digital assets. Stay secure online with strong passwords, multifactor authentication, and password management practices
Brute Force Attack and Its Prevention.pptx
Brute Force Attack and Its Prevention.pptx
hamzajawad10
Introduction to docker for beginners
Introduction to docker
Introduction to docker
Walid Ashraf
In this YouTube live session, you will learn what is Docker Swarm and how Docker Swarm enables high availability of the containerized web services. The following topics have been covered in the session: 1. What is a Docker container? 2. What is Docker Swarm? 3. Docker Swarm commands
Docker Swarm For High Availability | Docker Tutorial | DevOps Tutorial | Edureka
Docker Swarm For High Availability | Docker Tutorial | DevOps Tutorial | Edureka
Edureka!
#CSA #Dehradun XSS Video POC in Yahoo : https://www.youtube.com/watch?v=I2WKUJn8P7I Tapjacking bug poc in Android 6.0 Video : https://www.youtube.com/watch?v=8BcP3Q4ZWXQ
Bug Bounty - Play For Money
Bug Bounty - Play For Money
Shubham Gupta
Exploring Docker Desktop and Docker Assemble.
From Zero to Docker
From Zero to Docker
Abhishek Verma
6.LAB3.5.3_Resolución de problemas de las configuraciones de VLAN
6.lab3.5.3 resolución de problemas de las configuraciones de vlan
6.lab3.5.3 resolución de problemas de las configuraciones de vlan
Alvaro J
Introduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker Swarm
An Nguyen
null Bangalore Chapter - March 2014 Wireless Humla
Wireless Cracking using Kali
Wireless Cracking using Kali
n|u - The Open Security Community
Input Method Kit
Input Method Kit
Weizhong Yang
Practical information for Alfresco integration with AOS (Sharepoint Protocol), Google Drive, Microsoft 365, ONLYOFFICE and Collabora Online. Additionally ADW support for ONLYOFFICE is provided by https://github.com/atolcd/adf-onlyoffice-extension#installation
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
Angel Borroy López
OWASP - Vulnerable Flask App
OWASP-VulnerableFlaskApp
OWASP-VulnerableFlaskApp
anilyelken
Docker introduction
Docker introduction
Docker introduction
Gourav Varma
The OAuth working group recently decided to discourage use of the implicit grant. But that’s just the most prominent recommendation the working group is about to publish in the upcoming OAuth 2.0 Security Best Current Best Practice (https://tools.ietf.org/html/draft-ietf-oauth-security-topics), which will elevate OAuth security to the next level. The code flow shall be used with PKCE only and tokens should be sender constraint to just mention a few. Development of this enhanced recommendations was driven by several factors, including experiences gathered in the field, security research results, the increased dynamics and sensitivity of the use cases OAuth is used protect and technological changes. This session will present the new security recommendations in detail along with the underlying rationales.
OAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
Torsten Lodderstedt
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity.
Proxy server
Proxy server
Proxies Rent
Top 10 Web Security Vulnerabilities as defined by the OWASP, and what you can do to protect your application
Top 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
Carol McDonald
For our February session, we are excited to invite Robert Paprocki, Cloud Engineer at Kong present on managing Terraform Module Versioning and Dependencies. Key Takeaways *This talk discusses how the team at Kong Cloud manages Terraform deployments through tooling solutions around dependency management, preaching a culture of creating small-re-usable Terraform modules. *Leveraging community tools for versioning and common variable management. *Discusses how these tools and practices are extended to logical software deployments, using Terraform to shape and manage Nomad job definitions.
Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies
Nebulaworks
docker introduction
Docker Introduction
Docker Introduction
Hao Fan
La actualidad más candente
(20)
Deeper dive in Docker Overlay Networks
Deeper dive in Docker Overlay Networks
Integration Solution Patterns
Integration Solution Patterns
Kubernetes Probes (Liveness, Readyness, Startup) Introduction
Kubernetes Probes (Liveness, Readyness, Startup) Introduction
Brute Force Attack and Its Prevention.pptx
Brute Force Attack and Its Prevention.pptx
Introduction to docker
Introduction to docker
Docker Swarm For High Availability | Docker Tutorial | DevOps Tutorial | Edureka
Docker Swarm For High Availability | Docker Tutorial | DevOps Tutorial | Edureka
Bug Bounty - Play For Money
Bug Bounty - Play For Money
From Zero to Docker
From Zero to Docker
6.lab3.5.3 resolución de problemas de las configuraciones de vlan
6.lab3.5.3 resolución de problemas de las configuraciones de vlan
Introduction To Docker, Docker Compose, Docker Swarm
Introduction To Docker, Docker Compose, Docker Swarm
Wireless Cracking using Kali
Wireless Cracking using Kali
Input Method Kit
Input Method Kit
Collaborative Editing Tools for Alfresco
Collaborative Editing Tools for Alfresco
OWASP-VulnerableFlaskApp
OWASP-VulnerableFlaskApp
Docker introduction
Docker introduction
OAuth 2.0 Security Reinforced
OAuth 2.0 Security Reinforced
Proxy server
Proxy server
Top 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
Managing Terraform Module Versioning and Dependencies
Managing Terraform Module Versioning and Dependencies
Docker Introduction
Docker Introduction
Destacado
Tutorial de la aplicación foca http://linuxelcomienzodelalibertad.blogspot.com/
Tutorial de-foca
Tutorial de-foca
Jeffry Roldan
Esta obra presenta un enfoque eminentemente técnico de la experiencia de varios años de trabajo en grandes redes, desde el punto de vista de las áreas de “Planificación y Operación de red”, “Seguridad de redes y TI” y “Auditoría de seguridad”, que podríamos afirmar que son los pilares fundamentales de toda Red. Los prólogos de este libro están escritos por “Chema Alonso” y “Antonio Castro Lechtaler”, que como todos conocemos, son dos referentes internacionales en Redes y Seguridad. El autor es Alejandro Corletti Estrada que luego de la publicación “Seguridad por Niveles” en el año 2011, nuevamente nos deja esta obra para “difusión y descarga gratuita para cualquier uso docente” quedando prohibida toda acción y/o actividad comercial o lucrativa, como así también su derivación y/o modificación sin autorización expresa del autor.
Libro de Seguridad en Redes
Libro de Seguridad en Redes
Telefónica
Índice del libro "Hacking Web Technologies" de 0xWord, centrado en la explotación de vulnerabilidades en plataformas web. El libro está disponible a la venta en la siguiente URL: http://0xword.com/es/libros/81-hacking-web-technologies.html
Índice del libro "Hacking Web Technologies"
Índice del libro "Hacking Web Technologies"
Telefónica
La labor de gestionar la seguridad de una empresa suele ser como bailar sobre el alambre. Hay que permitir que el negocio siga funcionando, estar a la última, proteger lo ya implantado e innovar en cosas nuevas. Eso sí, de forma más eficiente cada año y con menos presupuesto. Todo ello, con el objetivo de no que no pase nada. La conclusión de esto es que al final siempre queda Long Hanging Fruit para que cualquiera se aproveche.
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
Chema Alonso
En esta sesión se podrá ver la nueva versión de FOCA (v2.0) que, no sólo ya con metadatos, sino haciendo un uso de los resultados en los buscadores y las consultas DNS, mediante un algoritmo encadenado de búsquedas derivadas, ayuda a descubrir toda la red de una organización.
Chema Alonso - Presentación de la FOCA v2.0 [RootedCON 2010]
Chema Alonso - Presentación de la FOCA v2.0 [RootedCON 2010]
RootedCON
Presentación sobre cifrado y protección de portátiles realizada por SmartAccess durante la Gira Up To Secure 2010
Portátiles A Prueba De Robos
Portátiles A Prueba De Robos
Chema Alonso
Presentación de comparativa de seguridad en navegadores de Internet.
Seguridad en Navegadores
Seguridad en Navegadores
Chema Alonso
Charla sobre contraseñas por defecto impartida por Chema Alonso en las Jornadas de Seguridad de la Universidad de A Coruña de 2011
Default Passwords: Adelante por favor
Default Passwords: Adelante por favor
Chema Alonso
Fortificación de MS SharePon
Fortificación de MS SharePon
Chema Alonso
Presentación sobre circuitos de video vigilancia IP realizada por D-Link Iberia durante la Gira Up to Secure 2010
Circuitos de Video Vigilancia IP
Circuitos de Video Vigilancia IP
Chema Alonso
Presentación sobre seguridad en los navegadores de Internet en la empresa realizada por Chema Alonso, de Informática64 en la Gira Up to Secure 2010
Navegadores en la Empresa
Navegadores en la Empresa
Chema Alonso
Diapositivas utilizadas en la Gira Up To Secure 2010 para la presentación de MS Forefront Client Security
MS Forefront Client Security
MS Forefront Client Security
Chema Alonso
Diapositivas sobre seguridad en Apache impartida por Chema Alonso en la Fundación Dédalo durante el año 2011.
Seguridad en Apache Web Server
Seguridad en Apache Web Server
Chema Alonso
Presentación impartida por Dani "The Doctor" Kachakil en el Asegúr@IT 7 que tuvo lugar en Barcelona, el 24 de Marzo de 2010.
Asegúr@IT 7: Serialized SQL Injection
Asegúr@IT 7: Serialized SQL Injection
Chema Alonso
Talk delivered by Chema Alonso and Jose Palazon "Palako" in BlackHat DC 2010 about Connection String Injection Parameter Pollution attacks.
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Chema Alonso
Charla sobre Malware realizada por Chema Alonso, de Informática 64, con Bitdefender en Bolivia, Argentina y Perú
Apadrina un malware
Apadrina un malware
Chema Alonso
Presentación de Chema Alonso y Alejandro Martín de Informática64 sobre DUST
RootedCON 2011: DUST
RootedCON 2011: DUST
Chema Alonso
Presentación impartida por Chema Alonso en The App Fest 2012 sobre hacking, Ciberguerra y otros Palabros raros en el año 2012
Hacking, Ciberguerra y otros Palabros
Hacking, Ciberguerra y otros Palabros
Chema Alonso
Sesión de Forefront Unified Access Gateway UAG 2010 impartida por Chema Alonso y Alejandro Martín Bailón, de Informática64 [http://www.informatica64.com] durante el evento Asegúr@IT 7 que tuvo lugar en Barcelona, el día 24 de Marzo de 2010.
Asegúr@IT 7 - Forefront UAG 2010
Asegúr@IT 7 - Forefront UAG 2010
Chema Alonso
Presentación de FOCA 2.0 y MetaShield Protector impartida por Chema Alonso y Alejandro Martín Bailón, de Informática64, en el Asegúr@IT 7 que tuvo lugar en Barcelona el 24 de Marzo de 2010.
MetaShield Protector & FOCA 2.0
MetaShield Protector & FOCA 2.0
Chema Alonso
Destacado
(20)
Tutorial de-foca
Tutorial de-foca
Libro de Seguridad en Redes
Libro de Seguridad en Redes
Índice del libro "Hacking Web Technologies"
Índice del libro "Hacking Web Technologies"
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
Chema Alonso - Presentación de la FOCA v2.0 [RootedCON 2010]
Chema Alonso - Presentación de la FOCA v2.0 [RootedCON 2010]
Portátiles A Prueba De Robos
Portátiles A Prueba De Robos
Seguridad en Navegadores
Seguridad en Navegadores
Default Passwords: Adelante por favor
Default Passwords: Adelante por favor
Fortificación de MS SharePon
Fortificación de MS SharePon
Circuitos de Video Vigilancia IP
Circuitos de Video Vigilancia IP
Navegadores en la Empresa
Navegadores en la Empresa
MS Forefront Client Security
MS Forefront Client Security
Seguridad en Apache Web Server
Seguridad en Apache Web Server
Asegúr@IT 7: Serialized SQL Injection
Asegúr@IT 7: Serialized SQL Injection
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Apadrina un malware
Apadrina un malware
RootedCON 2011: DUST
RootedCON 2011: DUST
Hacking, Ciberguerra y otros Palabros
Hacking, Ciberguerra y otros Palabros
Asegúr@IT 7 - Forefront UAG 2010
Asegúr@IT 7 - Forefront UAG 2010
MetaShield Protector & FOCA 2.0
MetaShield Protector & FOCA 2.0
Similar a Defcon 18: FOCA 2
Charla impartida por Chema Alonso en el IV Curso de Verano de Seguridad Informática de la Universidad Europea de Madrid.
La nueva FOCA 2.7
La nueva FOCA 2.7
Eventos Creativos
Pentesting drivenbyfoca slides
Pentesting drivenbyfoca slides
BIT Technologies
Foca slides
Foca training hackcon6
Foca training hackcon6
Chema Alonso
Training about FOCA 2.5.5 delivered by Chema Alonso (Informatica 64). Learn about FOCA PRO 2.5.5
FOCA 2.5.5 Training
FOCA 2.5.5 Training
Chema Alonso
4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh
Shailendra Sadh - CISSP
Analyze a sample windows malware binary.
HoneyNet SOTM 32 - Windows Malware Analysis
HoneyNet SOTM 32 - Windows Malware Analysis
Chetan Ganatra
A talk presented at an NSF Workshop on Data-Intensive Computing, July 30, 2009. Extreme scripting and other adventures in data-intensive computing Data analysis in many scientific laboratories is performed via a mix of standalone analysis programs, often written in languages such as Matlab or R, and shell scripts, used to coordinate multiple invocations of these programs. These programs and scripts all run against a shared file system that is used to store both experimental data and computational results. While superficially messy, the flexibility and simplicity of this approach makes it highly popular and surprisingly effective. However, continued exponential growth in data volumes is leading to a crisis of sorts in many laboratories. Workstations and file servers, even local clusters and storage arrays, are no longer adequate. Users also struggle with the logistical challenges of managing growing numbers of files and computational tasks. In other words, they face the need to engage in data-intensive computing. We describe the Swift project, an approach to this problem that seeks not to replace the scripting approach but to scale it, from the desktop to larger clusters and ultimately to supercomputers. Motivated by applications in the physical, biological, and social sciences, we have developed methods that allow for the specification of parallel scripts that operate on large amounts of data, and the efficient and reliable execution of those scripts on different computing systems. A particular focus of this work is on methods for implementing, in an efficient and scalable manner, the Posix file system semantics that underpin scripting applications. These methods have allowed us to run applications unchanged on workstations, clusters, infrastructure as a service ("cloud") systems, and supercomputers, and to scale applications from a single workstation to a 160,000-core supercomputer. Swift is one of a variety of projects in the Computation Institute that seek individually and collectively to develop and apply software architectures and methods for data-intensive computing. Our investigations seek to treat data management and analysis as an end-to-end problem. Because interesting data often has its origins in multiple organizations, a full treatment must encompass not only data analysis but also issues of data discovery, access, and integration. Depending on context, data-intensive applications may have to compute on data at its source, move data to computing, operate on streaming data, or adopt some hybrid of these and other approaches. Thus, our projects span a wide range, from software technologies (e.g., Swift, the Nimbus infrastructure as a service system, the GridFTP and DataKoa data movement and management systems, the Globus tools for service oriented science, the PVFS parallel file system) to application-oriented projects (e.g., text analysis in the biological sciences, metagenomic analysis, image analysis in neuroscience, information integration for health care applications, management of experimental data from X-ray sources, diffusion tensor imaging for computer aided diagnosis), and the creation and operation of national-scale infrastructures, including the Earth System Grid (ESG), cancer Biomedical Informatics Grid (caBIG), Biomedical Informatics Research Network (BIRN), TeraGrid, and Open Science Grid (OSG). For more information, please see www.ci.uchicago/swift.
Extreme Scripting July 2009
Extreme Scripting July 2009
Ian Foster
Penetration Testing Boot CAMP
Penetration Testing Boot CAMP
Shaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
The title "Big Data using Hadoop.pdf" suggests that the document is likely a PDF file that focuses on the utilization of Hadoop technology in the context of Big Data. Hadoop is a popular open-source framework for distributed storage and processing of large datasets. The document is expected to cover various aspects of working with big data, emphasizing the role of Hadoop in managing and analyzing vast amounts of information.
Big data using Hadoop, Hive, Sqoop with Installation
Big data using Hadoop, Hive, Sqoop with Installation
mellempudilavanya999
A short introduction to p2p computing
Introduction P2p
Introduction P2p
Davide Carboni
DIGITENS workshop, mai 2019
IIIF & Digital Humanities
IIIF & Digital Humanities
Jean-Philippe Moreux
Integrating OpenNMS with Modern Configuration Management
Who pulls the strings?
Who pulls the strings?
Ronny
PRESENTATION of CEH Tools
PRESENTATION of CEH Tools.pptx
PRESENTATION of CEH Tools.pptx
AadityaSaxena12
Excercises for pentesting workshop
Hackerworkshop exercises
Hackerworkshop exercises
Henrik Kramshøj
Quickly re-publish CSV/TSV files from existing repositories as FAIR Data with just a few mouse clicks! You select the columns to "project" as Linked Data, and the associated ontology terms. The FAIR Projector Builder will create a FAIR Projector for you: a Triple Pattern Fragment server to provide the Linked Data; a published DCAT Distribution containing metadata about those triples and their source; and an RML model (syntactic and semantic of the triples, to aid in third-party discovery of this novel projection. (current status - first prototype, not ready for public consumption) ------- Thanks to the NBDC/DBCLS for sponsoring the hackathon series. MDW also funded by Ministerio de Economía y Competitividad grant number TIN2014-55993-RM
FAIR Projector Builder
FAIR Projector Builder
Mark Wilkinson
Draft Slides for SDSU Microbiome Workshop 6/28/17
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Ben Busby
OpenSOC The Open Security Operations Center for Analyzing 1.2 Million Network Packets per Second in Real Time
Open Security Operations Center - OpenSOC
Open Security Operations Center - OpenSOC
Sheetal Dolas
PPT Network analyzer
an_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.ppt
Iwan89629
A lecture on Apace Spark, the well-known open source cluster computing framework. The course consisted of three parts: a) install the environment through Docker, b) introduction to Spark as well as advanced features, and c) hands-on training on three (out of five) of its APIs, namely Core, SQL \ Dataframes, and MLlib.
Apache Spark Workshop, Apr. 2016, Euangelos Linardos
Apache Spark Workshop, Apr. 2016, Euangelos Linardos
Euangelos Linardos
Short introduction to the Apache Pig solution and the Pig Latin language. Apache Pig is a mix between a procedural (C++) and a declarative (SQL) language to execute quieries on large amounts of data (BigData)
Eedc.apache.pig last
Eedc.apache.pig last
Francesc Lordan Gomis
Similar a Defcon 18: FOCA 2
(20)
La nueva FOCA 2.7
La nueva FOCA 2.7
Pentesting drivenbyfoca slides
Pentesting drivenbyfoca slides
Foca training hackcon6
Foca training hackcon6
FOCA 2.5.5 Training
FOCA 2.5.5 Training
4055-841_Project_ShailendraSadh
4055-841_Project_ShailendraSadh
HoneyNet SOTM 32 - Windows Malware Analysis
HoneyNet SOTM 32 - Windows Malware Analysis
Extreme Scripting July 2009
Extreme Scripting July 2009
Penetration Testing Boot CAMP
Penetration Testing Boot CAMP
Big data using Hadoop, Hive, Sqoop with Installation
Big data using Hadoop, Hive, Sqoop with Installation
Introduction P2p
Introduction P2p
IIIF & Digital Humanities
IIIF & Digital Humanities
Who pulls the strings?
Who pulls the strings?
PRESENTATION of CEH Tools.pptx
PRESENTATION of CEH Tools.pptx
Hackerworkshop exercises
Hackerworkshop exercises
FAIR Projector Builder
FAIR Projector Builder
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Datasets and tools_from_ncbi_and_elsewhere_for_microbiome_research_v_62817
Open Security Operations Center - OpenSOC
Open Security Operations Center - OpenSOC
an_introduction_to_network_analyzers_new.ppt
an_introduction_to_network_analyzers_new.ppt
Apache Spark Workshop, Apr. 2016, Euangelos Linardos
Apache Spark Workshop, Apr. 2016, Euangelos Linardos
Eedc.apache.pig last
Eedc.apache.pig last
Más de Chema Alonso
Índice del libro Pentesting con Kali Linux 2.0 que ha publicado la editorial 0xWord http://0xword.com/es/libros/40-libro-pentesting-kali.html
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0
Chema Alonso
Tutorial realizado por Joc sobre cómo instalar y configurar Latch en el framework Magento. El plugin puede descargarse desde https://github.com/jochhop/magento-latch y tienes un vídeo descriptivo de su uso en http://www.elladodelmal.com/2015/10/configurar-y-utilizar-latch-en-magento.html
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en Magento
Chema Alonso
Diapositivas de la presentación impartida por Chema Alonso durante el congreso CELAES 2015 el 15 de Octubre en Panamá. En ella se habla de cómo en Eleven Paths y Telefónica se utilizan las tecnologías Tacyt, Sinfonier y Faast para luchar contra el e-crime.
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Chema Alonso
Technicall report created by Gartner analyst in which they explore Telefonica & Eleven Paths technologies to provide Authentication & Authorization as a Service. In it they analyse Mobile Connect, Latch, SealSign and SmartID
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
Chema Alonso
Los últimos meses la contrainteligencia británica ha avanzado a pasos agigantados en la localización de agentes rusos activos en suelo inglés. Los avances en criptoanálisis, del ahora ascendido Capitán Torregrosa, han permitido localizar el punto central de trabajo de los agentes rusos. Después de días vigilando “Royal China Club”, no se observa ningún movimiento, da la sensación que no es un lugar de encuentro habitual, aunque según las informaciones recopiladas los datos más sensibles de los operativos rusos se encuentran en esa localización. Por este motivo, se decide entrar en el club y copiar toda la información para analizarla. Entre las cosas más curiosas encontradas, se observa un póster en la pared con una imagen algo rara y una especie de crucigrama, así como un texto impreso en una mesa. Ningún aparato electrónico excepcional ni nada aparentemente cifrado. ¿Podrá la inteligencia británica dar por fin con los agentes rusos? El tiempo corre en su contra…
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
Chema Alonso
Talk delivered by Chema Alonso at RootedCON Satellite (Saturday 12th of September 2015) about how to do hacking & pentesting using dorks over Tacyt, a Big Data of Android Apps
Dorking & Pentesting with Tacyt
Dorking & Pentesting with Tacyt
Chema Alonso
Índice del libro "Pentesting con PowerShell" de 0xWord.com. Tienes más información y puedes adquirirlo en la siguiente URL: http://0xword.com/es/libros/69-pentesting-con-powershell.html
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWord
Chema Alonso
Manual de cómo usar la API de FOCA para poder desarrollar plugins. Ejemplo de un plugin sencillo en .NET
Foca API v0.1
Foca API v0.1
Chema Alonso
Artículo de Windows Técnico que muestra cómo recuperar dispositivos de sonido en Windows Vista y Windows 7 cuando estos desaparecen. Más información en http://www.elladodelmal.com
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Chema Alonso
Charla impartida por Chema Alonso en el congreso Internet 3.0 el 24 de Abril de 2015 en Alicante sobre cómo la gente que cree en las soluciones mágicas y gratuitas acaba siendo estafada o víctima de fraude. Todas las partes de la presentación llevan sus enlaces a los artículos correspondientes para ampliar información.
It's a Kind of Magic
It's a Kind of Magic
Chema Alonso
Conferencia impartida por Chema Alonso en el Primer Congreso Europeo de Ingenieros Informático realizado en Madrid el 20 de Abril de 2015 dentro de las actividades de la Semana de la Informática 2015. El vídeo de la conferencia está en la siguiente URL: https://www.youtube.com/watch?v=m6WPZmx7WoI
Ingenieros y hackers
Ingenieros y hackers
Chema Alonso
Cuarta Edición del Curso Online de Especialización en Seguridad Informática para la Ciberdefensa Del 4 de mayo al 4 de junio de 2015 Orientado a: - Responsables de seguridad. - Cuerpos y fuerzas de seguridad del Estado. - Agencias militares. - Ingenieros de sistemas o similar. - Estudiantes de tecnologías de la información
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Chema Alonso
Informe con los resultados de la fase II del proceso de auditoría del software de cifrado de TrueCrypt que buscaba bugs y posibles puertas traseras en el código.
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase II
Chema Alonso
Presentación utilizada en charlas sobre ciberguerra, ciberespionaje y ciberinteligencia con fuentes OSINT.
El juego es el mismo
El juego es el mismo
Chema Alonso
La mayoría de la gente tiene una buena concepción del hardware de Apple. En este artículo, José Antonio Rodriguez García intenta desmontar algunos mitos.
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?
Chema Alonso
Artículo de cómo fortifica Linux (Ubuntu) con Latch: El cerrojo digital. El paper ha sido escrito por Bilal Jebari http://www.bilaljebari.tk/index.php/es/blog/5-latch-en-ubuntu
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digital
Chema Alonso
Índice de contenidos del libro "Hacking con Python" escrito por Daniel Echevarri y publicado por 0xWord. Más información en: http://0xword.com/es/libros/67-hacking-con-python.html
Hacking con Python
Hacking con Python
Chema Alonso
Talk delivered by Chema Alonso in CyberCamp ES 2014 about Shuabang Botnet discoverd by Eleven Paths. http://www.slideshare.net/elevenpaths/shuabang-with-new-techniques-in-google-play
Shuabang Botnet
Shuabang Botnet
Chema Alonso
Charla dada por Chema Alonso en Five Talks sobre cómo funciona la seguridad de iPhone. Más información y detalles en el libro Hacking iOS {iPhone & iPad} http://0xword.com/es/libros/39-libro-hacking-dispositivos-ios-iphone-ipad.html
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu Windows
Chema Alonso
Talk delivered by Chema Alonso in Codemotion 2014 ES {Madrid}. It is about passwords, second factor authentication and Second Factor Authorization using Latch... with a Breaking Bad touch.
Codemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & Humility
Chema Alonso
Más de Chema Alonso
(20)
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en Magento
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
Dorking & Pentesting with Tacyt
Dorking & Pentesting with Tacyt
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWord
Foca API v0.1
Foca API v0.1
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7
It's a Kind of Magic
It's a Kind of Magic
Ingenieros y hackers
Ingenieros y hackers
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase II
El juego es el mismo
El juego es el mismo
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?
Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digital
Hacking con Python
Hacking con Python
Shuabang Botnet
Shuabang Botnet
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu Windows
Codemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & Humility
Defcon 18: FOCA 2
1.
FOCA 2.5 Chema
Alonso José Palazón «PALAKO»
2.
What our FOCA
is not
3.
What our FOCA
is not
4.
What’s a FOCA?
5.
FOCA on Linux?
6.
Previously on FOCA….
7.
FOCA 0.X
8.
9.
What can be
found?
10.
Pictures with GPS
info..
11.
Demo: Single files
12.
Sample: mda.mil Total:
1075 files
13.
Sample: FBI.gov Total:
4841 files
14.
15.
DNS Prediction
16.
Google Sets
Prediction
17.
Sample: Printer info
found in odf files returned by Google
18.
Demo: Whitehouse.gov
19.
Yes, we can!
20.
FOCA 2.0
21.
22.
FOCA 2.5: Exalead
23.
PTR Scannig
24.
Bing IP
25.
FOCA 2.5 &
Shodan
26.
27.
28.
29.
30.
FOCA 2.5 URL
Analysis
31.
FOCA 2.5 URL
Analysis
32.
Demo: Whitehouse.gov
33.
Yes, we can!
34.
DNS Cache Snooping
35.
FOCA Reporting Module
36.
FOCA Reporting Module
37.
Demo: DNS Cache
Snooping
38.
FOCA Online http://www.informatica64.com/FOCA
39.
IIS MetaShield Protector
http://www.metashieldprotector.com
40.
41.
42.
… and
Tomorrow here at 19:00
43.
Demo: US
Army
Descargar ahora