Category: PRESENTATION

PRESENTATION | August 17, 2022

Vulnerability and Patch Management: Every Day is a Zero Day

By John Sheehy

SC Media on-demand presentation | John Sheehy, SVP of Research and Strategy, participated as a panelist on the CyberRisk Alliance’s eSummit live broadcast.
Patch management can be an especially precarious proposition when you’re operating in a work environment where machines and devices must constantly remain operational. Hospitals, factories and power plants are among the many examples of settings where security professionals need to “keep the lights on,” even as they strive to ensure that software and hardware are hardened against the latest vulnerabilities and exploits. The discussion focused on the challenges of patching in ICS/OT/IoT environments, and strategies for balancing security with operational continuity. access it here

PRESENTATION | September 12, 2018

Reverse Engineering & Bug Hunting on KMDF Drivers

By Enrique Nissim

Enrique Nissim’s presentation from 44CON. September 12, 2018.

  • The focus will be on finding bugs and not on exploitation.
  • This will highlight interesting functions and how to find them.
  • See MSDN and references for full details on KMDF.
PRESENTATION | August 22, 2017

Heavy Trucks and Electronic Logging Devices: What Could Go Wrong?

By Corey Thuen

Former IOActive researcher, Corey Thuen, provides a security overview presentation of the various vulnerabilities affecting the trucking industry systems, with a focus on ELD vulnerabilities. (presentation PDF – Black Hat 2017)

PRESENTATION | August 1, 2017

IOActive Labs: Breaking Embedded Devices (Black Hat)

By Mike Davis Josh Hammond & Thomas Kilbride

IOActive researchers give you an inside view of the IOActive Labs research facilities and highlight research hacking ATMs, Segways, and skimmers. (more…)

PRESENTATION | July 30, 2014

DC22 Talk: Killing the Rootkit

By Shane Macaulay

I’ll  be at DefCon22 a to present information about a high assurance tool/technique that helps to detect hidden processes (hidden by a DKOM type rootkit).  It works very well with little bit testing required (not very “abortable” http://takahiroharuyama.github.io/blog/2014/04/21/memory-forensics-still-aborted/). The process  also works recursively (detect host and guest processes inside a host memory dump).
Plus, I will also be at our IOAsis (http://ioasislasvegas.eventbrite.com/?aff=PRIOASIS) , so come through for a discussion and a demo.
PRESENTATION | June 16, 2014

Video: Building Custom Android Malware for Penetration Testing

By Robert Erbes  @rr_dot 
 
In this presentation, I provide a brief overview of the Android environment and a somewhat philosophical discussion of malware. I also take look at possible Android attacks in order to help you pentest your organization’s defenses against the increasingly common Bring Your Own Device scenario.