Workshops & Training

DEF CON 25 (2017) - Game of Drones

We’ve taken a MythBusters-style approach to testing the effectiveness of a variety of drone defense solutions, pitting them against our DangerDrone. Videos demonstrating the results should be almost as fun for you to watch as they were for us to produce. Expect to witness epic aerial battles against an assortment of drone defense types.

Workshops & Training

Drone Hacking: SKYNET Shotgun Shells - Drone Net Shell Testing

Defeating net-based drone defense products by using a protective chicken wire bubble: The SKYNET 12 gauge shotgun shells blew a hole right through our chicken wire protective cage.

Workshops & Training

DeepHack Demo - Exploiting SQLi by Using an Open-source Hacking AI Tool

At risk of appearing like mad scientists, reveling in our latest unholy creation, we proudly introduce you to DeepHack: the open-source hacking AI. This bot learns how to break into web applications using a neural network, trial-and-error, and a frightening disregard for humankind.

Workshops & Training

Lord of the Bing - Search Engine Hacking

This presentation picks up the subtle art of search engine hacking at the current state and discusses why these techniques fail. We will then reveal several new search engine hacking techniques that have resulted in remarkable breakthroughs against both Google and Bing.

Workshops & Training

How We Can Stop Email Spoofing

According to our research, 98 percent of the internet is not protected against email spoofing, which is a relatively easy problem to solve. If you’re concerned that your domain may be vulnerable to spoofing, check out SpoofCheck, our tool that diagnoses web and email domains.

Workshops & Training

Danger Drone - Arsenal DEMO

Some quick live footage of flying the Danger Drone, a free penetration testing platform from Bishop Fox. She handles great!

Workshops & Training

Drone Hacking: Live Footage of Danger Drone

Some quick live footage of flying the Danger Drone, a free penetration testing platform from Bishop Fox. She handles great!

Workshops & Training

If You Can't Break Crypto, Break the Client

CVE-2016-1764, fixed by Apple in March of 2016, is an application-layer bug that leads to the remote disclosure of all message content and attachments in plaintext by exploiting the OS X Messages client.

Workshops & Training

Bypass Surgery - Abusing CDNs with SSRF Flash and DNS

It is unlikely when a bug affects almost every CDN and it becomes vulnerable, but when this happens the possibilities are endless and potentially disastrous. This is a story of exploit development with fascinating consequences.

Workshops & Training

RFIDiggity - Pentester Guide to Hacking HF/NFC and UHF RFID

Have you ever attended an RFID hacking presentation and walked away with more questions than answers? This talk will finally provide practical guidance for penetration testers on hacking High Frequency (HF - 13.56 MHz) and Ultra-High Frequency (UHF – 840-960 MHz).

Workshops & Training

Brink's Smart Safe Hacking

It’s possible for a thief to plug a USB drive into Brink’s CompuSafe Galileo, automate hacking the safe, and steal the cash inside. Our video explains this exploit in under 60 seconds.

Bsides LV 2014 - Untwisting The Mersenne Twister: How I killed the PRNG

Untwister is a tool designed to help pentesters predict random number sequences when an application generates them using an insecure algorithm. This presentation focuses on weaponizing what used to be theoretical into our tool: untwister.