Quantcast

Archive: Mar 2014

Prowling Peer-to-Peer Botnets after Dark 2: Architecture and Protocols

Tillmann Werner delves into the details of peer-to-peer botnet architecture and describes protocols used in the Miner and different versions of ZeroAccess. Interestingly, for all botnets that you’ve seen on the previous list the architecture is not purely peer-to-peer. It’s hybrid architecture. That’s...

Prowling Peer-to-Peer Botnets after Dark: Ins and Outs of the P2P Underworld

CrowdStrike’s researcher Tillmann Werner provides an extensive overview of peer-to-peer botnets, covering the essentials and architecture details thereof. Welcome to my presentation! I’m Tillmann Werner; I work for a company called CrowdStrike which is an American startup that deals with targeted...

A Password Is Not Enough 6: Disk Encryption with the Phalanx Toolset

Description of the Phalanx, a disk encryption tool released by Daniel Selifonov, some security assumptions and general conclusions are what this part is about. And so, the tool I’m releasing – it’s, really, a proof-of-concept experimental code; I call it Phalanx (see right-hand image). It is a patched...

A Password Is Not Enough 5: Secure Architecture Design

Daniel Selifonov dissects a blueprint reflecting virtually attack-proof system architecture that prevents disk encryption from being seriously compromised. So, let’s look at a blueprint (see right-hand image), what I think we should have for getting a system from a cold boot up into when we have our...

A Password Is Not Enough 4: Using TPM to Combat Specific Attacks

Based on Daniel Selifonov’s perspective, learn the security measures prior to authenticating to a PC and the way TPM protects from hardware and reset attacks. We want to then develop a protocol that a user can run against the computer so that they can verify that the computer has not been tampered with...

A Password Is Not Enough 3: Trusted Platform Module as a Means for Measured Boot

The subjects being touched upon by Daniel Selifonov here include securing the sensitive data stored in main memory and computer integrity verification issue. Can we do anything about a DMA attack angle? As it turns out, yes we can. Recently, as part of new technologies for enhancing server virtualization,...

A Password Is Not Enough 2: Crypto Attack Vectors

Daniel Selifonov now delves into the prevalent types of attacks one could pull off to compromise encrypted data on a computer. I break attacks into three fundamental tiers (see right-hand image). First off, non-invasive, which is something that you might be able to execute with just a flash drive; you...

A Password Is Not Enough: Why Disk Encryption Is Broken and How We Might Fix It

Software engineer Daniel Selifonov taking the floor at Defcon 21 to touch upon aspects of full disk encryption, including the motivations, methods, and hurdles. Hi! We’re here to talk about full disk encryption; why you’re not really as secure as you might think you are. How many of you encrypt the hard...

That Awesome Time I Was Sued for Two Billion Dollars 5: Inglorious End of the Insane Case

Jason Scott tops his instructive presentation off with narrating on how the weird legal case against him fell apart and what conclusions he drew out of it. By this point, he’s summarized the damages (see right-hand image) such that the summary for reasonable counsel’s fees, that is to say, himself suing...