Some Photos Of Slides From The NOC (Network Operations Center)

Here are a few photos of the presentation by the NOC at Def Con 27 (2019).  But first here is may favorite non-focused photo as it says a lot:

DSC01331-ANIMATIONSquirrels? 

DSC01334Some WIFI User Tracking

DSC01339Some Traffic Analysis

DSC01341High-Level Network Diagram #1 For 2019

DSC01345High-Level Network Diagram #2 For 2019

DSC01348Previous WIFI Architectures (Rio)

DSC01350Yuck! #1

DSC01354Yuck #2

DSC01356Bathrooms Make Great NOCs!

Other photos!


Some Favorite Slides From Def Con #27 (2019).

The following photos of slides that are some of my favorites from Def Con #27 (2019).

DSC01307Default Elevator Passwords

DSC01310SQL Injection's Found In Vendor Databases For Schools

DSC01319Radar Gun Frequencies

DSC01323Some References On How To "Mess With" Radar Guns

DSC01327Multi-Printer Attack Surfaces

DSC01329More Detail On Multi-Printer Attack Surfaces

DSC01361Sound Damage Levels


DEF CON 27 Notes & References

Defcon27-2019-collageHere are my DEF CON notes from the sessions that I attended in 2019 for DEF CON 27:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Screenshot 2019-08-12 at 11.25.43

Here some quick links to notes from previous years: 26 (2018), 25 (2017)24 (2016)23 (2015)22 (2014)21 (2013)20 (2012)19 (2011), & 18 (2010)

Some podcasts that covered news from Black Hat and Def Con (there are probably more -- send me links!):

Here are some more recent news links published since the conference:

  1. https://www.irishtimes.com/life-and-style/motors/10-700-in-speeding-tickets-after-invisibility-test-goes-wrong-1.3985905
  2. https://www.cisomag.com/smart-speakers-can-be-turned-into-cyber-weapons-to-make-aural-attacks-researcher/
  3. http://www.securitysystemsnews.com/blog/discovered-defcon-27-automated-license-plate-readers-alprs-being-hoodwinked-clothing
  4. https://www.csoonline.com/article/3432158/thoughts-from-defcon-27.html
  5. https://securityboulevard.com/2019/08/black-hat-2019-recap-transformation-the-new-cybersecurity-culture/
  6. https://timesofindia.indiatimes.com/gadgets-news/this-next-gen-weapon-is-sitting-in-your-room-and-you-dont-even-know/articleshow/70645696.cms
  7. https://edition.cnn.com/2019/08/12/politics/defcon-voting-village-darpa-dominion/
  8. https://www.bleepingcomputer.com/news/software/nmap-780-def-con-release-first-stable-version-in-over-a-year/
  9. https://www.infosecurity-magazine.com/news/defcon-cisa-improve-election/
  10. https://www.infosecurity-magazine.com/news/defcon-american-flaws-school/
  11. https://www.c4isrnet.com/battlefield-tech/2019/08/12/the-air-force-is-all-in-on-software/
  12. https://www.infosecurity-magazine.com/news/defcon-hackers-netflix-bank-acount/
  13. https://www.prnewswire.com/news-releases/carnegie-mellon-team-flexes-hacking-prowess-with-fifth-defcon-title-in-seven-years-300899772.html
  14. https://techspective.net/2019/08/14/qualys-has-a-prescription-for-better-cybersecurity/
  15. https://hub.packtpub.com/nmap-7-80-releases-with-a-new-npcap-windows-packet-capture-driver-and-other-80-improvements/
  16. https://futurism.com/the-byte/tesla-surveillance-hack
  17. https://www.cnet.com/news/anti-surveillance-clothes-foil-cameras-by-making-you-look-like-a-car/
  18. https://www.krdo.com/news/hacker-makes-iphone-cable-that-can-tap-into-computer/1109318553
  19. https://www.kare11.com/article/news/minnesota-team-places-2nd-in-national-hacking-competition/89-77305e34-dadd-4b55-afcb-c8d1af6165f9
  20. https://www.cmu.edu/news/stories/archives/2019/august/hacking-champs.html
  21. https://www.forbes.com/sites/jeanbaptiste/2019/08/14/defcon-27-how-hackers-used-a-netflix-account-to-steal-banking-information/#1f0f14a33710
  22. https://www.wired.com/story/null-license-plate-landed-one-hacker-ticket-hell/
  23. https://www.idgconnect.com/interviews/1502595/secret-cso-rick-howard-palo-alto-networks
  24. https://www.technologyreview.com/f/614175/a-new-clothing-line-confuses-automated-license-plate-readers/
  25. https://news.gcu.edu/2019/08/gcu-students-log-in-to-hacker-summer-camp/
  26. https://www.newsweek.com/cybersecurity-vulnerability-fighter-jet-f15-defcon-hacking-tads-flight-system-hack-pentagon-1454491
  27. https://www.thenewamerican.com/tech/item/33162-clothing-line-fools-big-brother-surveillance-by-making-you-look-like-a-car
  28. https://www.military.com/daily-news/2019/08/16/hackers-find-serious-vulnerabilities-f-15-fighter-jet-system.html
  29. https://www.timeslive.co.za/motoring/news/2019-08-16-go-for-it-try-to-hack-my-car/
  30. https://gizmodo.com/buttplug-hacker-talks-security-consent-and-why-he-hac-1837252628
  31. http://industrynewsreport24.com/congressmen-intelligence-members-rush-to-hackers-conference/412/
  32. https://www.soyacincau.com/2019/08/17/defcon-omg-apple-lightning-cable-hackers-hijack-computer/
  33. https://mashable.com/article/black-hat-conference-virus-measles/
  34. https://techxplore.com/news/2019-08-paris-sartorial-hacking-le-dernier.html
  35. https://arstechnica.com/information-technology/2019/08/badge-life-the-story-behind-defcons-hackable-crystal-electronic-badge/
  36. https://insideevs.com/news/366333/tesla-hack-mod-surveillance-detection-scout/
  37. https://www.dailymail.co.uk/news/article-7394157/Bluetooth-left-leaves-devices-vulnerable-hackers-attacks-cause-hearing-loss.html
  38. https://technical.ly/baltimore/2019/08/29/cybersecurity-annapolis-sixgen-grabbed-the-win-at-defcon-27s-capture-the-flag/
  39. https://www.wired.com/story/this-diy-implant-lets-you-stream-movies-from-inside-your-leg/

I plan on attending DEF CON 28.  Follow along real-time on Twitter @technewsradio.


DEF CON 26 Notes & References

ComboHere are my DEF CON notes from the sessions that I attended in 2018 for DEF CON 26:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Here some quick links to notes from previous years: 25 (2017)24 (2016)23 (2015)22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010)

I plan on attending DEF CON 27.  Follow along real-time on Twitter @technewsradio.

 


DEF CON 25 Notes & References

Defcon2017Here are my DEF CON notes from the sessions that I attended in 2017 for DEF CON 25:

Please fell free to do what you want with these notes.  I go to sessions so you don't have to.

Here some quick links to notes from previous years: 24 (2016)23 (2015)22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010)

I plan on attending DEF CON 26.  Follow along real-time on Twitter @technewsradio.

 


DEF CON 24 Notes & References

Defcon2016Here are my DEF CON notes from the sessions that I attended in 2016 for DEF CON 24:

Please feel free to do what you want with these notes.  I go to sessions so you don't have to.

Here some quick links to notes from previous years: 23 (2015)22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010)

I plan on attending DEF CON 25.  Follow along real-time on Twitter @technewsradio.

 


DEF CON 23 Notes & References

DEFCON-23Here are my DEF CON notes from the sessions that I attended and the presentation material that was shared:

In addition my previous notes (all in PDF) are available for 22 (2014), 21 (2013), 20 (2012), 19 (2011), & 18 (2010).  I wish I started going to DEF CON sooner but it is what it is.

Feel free to do what you want with the report - "I attend sessions so you don't have to." ;-)

I plan on attending DEF CON 24.  Follow along real-time on Twitter @technewsradio.

UPDATE (8/3/2016): If you are a Chvrches fan and want to be interviewed in person at DEF CON 24 then message me on Twitter @chvrchespodcast.


Review - Asus C720-2802 Chromebook

I recently picked up via Craigslist a "new in the box" Asus C720-2802 Chromebook to use as my new primary system for TechNewsRadio.com.  The main reason was that DEFCON22 is coming up soon in Las Vegas and I needed a "relatively" secure system to attend sessions and take notes for ~8 hours a day.  

Acer_c720-chromebook

My previous note taking system was relatively old ThinkPad that I had 3 sets of extra batteries for. So, I dropped about 6 pounds by moving to the C720.  And I don't have to configure a fresh system to take to DEFCON and then scrub after.

This version (2802) seems like the middle build release (~Feb2014) from the original that was in late 2013 and the most current $199 version that uses the Intel Celeron 2955U processor (2848).  There is also a newer more expensive C720 with an Intel Core i3 processor available.

The positivies:

  1. Keyboard is great.
  2. Integration with my Google account was flawless.
  3. Integration with all my core online services was flawless.
  4. Working offline seems to work as expected.

The negatives:

  1. Can't seem to check IMAP email with an extension or a native Chrome application.

The still to be determined:

  1. Will it get hacked at DEFCON?
  2. How to edit audio?
  3. Will it let me take notes all day at DEFCON?

POST DEFCON REPORT: There is now an IMAP client - CloudMagic.  I am pretty sure I didn't get hacked at DEFCON.  I was able to take notes all day long at DEFCON without any issues.  I have not found a good solution for editing audio.


DEFCON 21 (and 20 oops!)

Defcon-21-badge+stuffDEFCON 21 was in Las Vegas, NV from August 02-04, 2013 and we were there.  Our real-time posts, references, and links are available over on @Technewsradio on Twitter.  

We have a detailed report (PDF) from the sessions attended if you are interested.  Just drop us an email to get the full report or a request via message on Twitter.  A podcast summary is planned but not promised at this time.

Things that we are "worried about" from an Enterprise computing perspective:

  • Social Engineering against users is like a hot knife cutting butter. Only defense seems to be training and awareness. Traditional information assurance (IA) protections: virus scanning, IDS, firewall, etc are not effective.
  • You can't secure what you don't manage.
  • Basic system administration tools and infrastructure services in the Microsoft Windows world can be used for evil: PowerShell, .NET, DNS, browsers, PKI, and SCOM.
  • USB is not your friend.
  • Mobile computing and Bring Your Own Device (BYOD) are really not your friend.
  • Cloud computing could be your friend but probably won't.
  • Developers writing code for an organization without a security focus is just asking for trouble.
  • If you think your stuff is secure just because you have it behind a lock and a key you are in denial.
  • In a year or less, penetration testing is going to include inexpensive mobile assault options via semi-autonomous very-small drones and robots.

P.S. x 1: We were also at DEFCON 20 and have that report available if you are interested. Just drop us an email or message on Twitter for a link.

P.S. x 2: There are also DEFCON 18 and DEFCON 19 reports.  They are surprisingly still relevant IMHO -- same bat channel.


Updates from Twitter - iPad, DEFCON 19, Podcasts, Mobile, Amazon, Etc

The following items were recently posted on @technewsradio:

  • USB hub allows simultaneous syncing of 49 iPads http://t.co/OO9H7HW
  • DEFCON 19 Podcast Review #security #news #research #hacker #conference http://t.co/rbCr7hK
  • SpokenWord.org gets about 1000 new programs every day & they are looking for curators of categories to make the content more organized
  • BigBlueButton is a open source collaboration and training system that integrates a bunch of open source projects http://t.co/mEL5dDS  
  • PC World has more details on the recent news from Qualcomm about their planned updated Snapdragon mobile processor http://t.co/lQQO8y4  
  • YouTube has a great overview presentation on how "Prezi for iPad" works http://t.co/sHFJBSo  
  • Amazon EC2 is now supporting Virtual Machine (VM) Import to Amazon EC2 instances http://t.co/35n2UtJ  
  • IObit has announced a freeware version of Game Booster v2 for Windows that is geared for improving game performance http://t.co/Q0lWB4D  
  • Via Box.net ... you can get e-signatures features via DocuSign services integrated with documents stored on Box.net  
  • Getting started with project management? - "scope, time & "cost" - a good reference at Wikipedia http://t.co/oVIzQIX  
  • "Heroes of the Computer Revolution" original book looked at hackers & nerds from the late 1950s to the early 1980s http://t.co/H4Vz2kM   
  • arborjs.org - a graph visualization library using web workers and jQuery http://t.co/Zao0gyv