DEF CON 23 – Sean Pierce – Abusing Native Shims for Post Exploitation

DEF CON 23 – Sean Pierce – Abusing Native Shims for Post Exploitation

Shims offer a powerful rootkit-like framework that is natively implemented in most all modern Windows Operating Systems. This talk will focus on the wide array of post-exploitation options that a novice attacker could utilize to subvert the integrity of virtually any Windows application. I will demonstrate how Shim Database Files (sdb files / shims) are simple to create, easy to install, flexible, and stealthy. I will also show that there are other far more advanced applications such as in-memory patching, malware obfuscation, evasion, and system integrity subversion. For defenders, I am releasing 6 open source tools to prevent, detect, and block malicious shims. Speaker Bio: Sean Pierce is a Technical Intelligence Analyst for iSIGHT Partners. Sean currently specializes in reverse engineering malware & threat emulation and in the past has worked on incident response, botnet tracking, security research, automation, and quality control. Prior working at iSIGHT Partners, he was an academic researcher and part time lecturer at the University of Texas at Arlington where he earned a Bachelors of Computer Engineering with a minor in Math. Sean also does freelance consulting, penetration testing, forensics, and computer security education. He is an Eagle Scout and enjoys learning how things work. Twitter: @secure_sean For More Information Please Visit: –



Facial recognition study sheds new light on threat response and the ‘spidey sense’

Facial recognition study sheds new light on threat response and the ‘spidey sense’

It turns out that everyday anxiety is actually an advantage, in the form of a “sixth sense” for danger.

ExtremeTech » News & Updates For Hardcore Tech Fans | ExtremeTech

Microsoft Will Warn You If Your Government Tries To Hack You

Microsoft Will Warn You If Your Government Tries To Hack You

microsoft windows 10 spying governmentShort Bytes: Following the footsteps of Google, Twitter, Facebook and others, Microsoft has announced that it will start notifying the users if their accounts are attacked by some government. Labeling the state-sponsored attacks as more sophisticated, Microsoft said that such attacks need extra defense layers.

In a recent announcement, Microsoft has said that it will start notifying users if it believes that your government is trying to hack your account and sniff your data. The company said that it’s committed to help the users keep their personal data safe and private.

“We will now notify you if we believe your account has been targeted or compromised by an individual or group working on behalf of a nation state,” Microsoft writes in a blog post. At many occasions, the “state-sponsored” attacks are more sophisticated. Hence, to sustain these attacks, such extra steps need to be taken.

If Redmond believes that your Microsoft accounts are attacked, it will send you a notification. However, this notification doesn’t necessarily mean that Microsoft’s systems have been compromised. So, if you receive such notifications by Microsoft, you need to take extra caution and make sure that your devices are clean.

In the past, Google, Facebook, Twitter, Yahoo and other companies have already taken such initiatives.

Microsoft Tells How To Keep Your Accounts Safe

Along with this announcement, Redmond also listed some precautionary methods that one should take to sustain hacking attacks. These methods are:

  • Use two-step verification login
  • Use a strong password and keep updating it
  • Keep looking for suspicious activities on your account
  • Be careful of suspicious websites and emails
  • Use an updated anti-virus program
  • Keep updating your OS and software on your computer

Continuing its blog post about the increased state-sponsored threats, Microsoft writes: “The evidence we collect in any active investigation may be sensitive, so we do not plan on providing detailed or specific information about the attackers or their methods But when the evidence reasonably suggests the attacker is ’state sponsored,’ we will say so.”

Share your thoughts about this step taken by Microsoft in the comments below.

The post Microsoft Will Warn You If Your Government Tries To Hack You appeared first on fossBytes.


DEF CON 23 – Matt Cagle and Eric Cheng – Who Will Rule the Sky: The Coming Drone Policy

DEF CON 23 – Matt Cagle and Eric Cheng – Who Will Rule the Sky: The Coming Drone Policy

Your private drone opens up limitless possibilities – how can manufacturers and policymakers ensure you are able to realize them? As private drone ownership becomes the norm, drone makers and lawmakers will need to make important policy decisions that account for the privacy and free speech issues raised by this new technology. What legal and technical rules are being considered right now, and how might they affect your ability to do things like record footage at a city park, monitor police at a protest, or fly near a government building? These decisions will dictate the technical limitations (or lack thereof) placed on drones, and the legal consequences of operating them. Join Eric Cheng, General Manager of DJI SF and DJI’s Director of Aerial Imaging, and Matt Cagle, a Technology and Civil Liberties Policy Attorney with the ACLU of Northern California, to discuss the policy issues at this leading edge of law and consumer technologies. Speaker Bios: Matt Cagle is a Technology and Civil Liberties Policy Attorney at the ACLU of Northern California. At the ACLU-NC, Matt’s work focuses on the privacy and free speech issues raised by new services and technologies, including surveillance equipment, social media services, and connected devices. Last fall, Matt co-authored Making Smart Decisions About Surveillance: A Guide for Communities, a paper that provides a framework for communities considering surveillance technology proposals. Matt has worked in private practice advising technology companies on the privacy issues related to new products and services. Matt has substantial experience responding to state and federal law enforcement requests for online user information, and he co-authored reddit’s first ever transparency report. Matt regularly speaks at conferences ranging from SXSW to RightsCon, and he served on the privacy committee for Oakland’s controversial surveillance complex, the Domain Awareness Center. He grew up in Southern Arizona, studied Latin American history in Guatemala, and holds a JD from Stanford Law School. Twitter: @matt_cagle Eric Cheng is an award-winning photographer and publisher, and is the Director of Aerial Imaging and General Manager of the San Francisco office at DJI, the creators of the popular Phantom aerial-imaging quadcopter. Throughout his career, Cheng has straddled passions for photography, entrepreneurship, technology and communication. He publishes, the leading underwater-photography community on the web, and writes about his aerial-imaging pursuits at His work as a photographer has been featured at the Smithsonian’s Natural History Museum and in many media outlets including Wired, Outdoor Photographer, Popular Photography, Washington Post, Wall Street Journal, Make, ABC, Good Morning America, CBS, CNN and others. His video work has been shown on the Discovery Channel, National Geographic Channel, and on virtually every news network around the world. Caught between technical and creative pursuits, Eric holds bachelor’s and master’s degrees in computer science from Stanford University, where he also studied classical cello performance. He leads regular photography expeditions and workshops around the world, and has given seminars and lectures internationally at events including TEDx, the Churchill Club, Photoshelter Luminance, CES, SXSW, AsiaD, DEMA, and others. Twitter: @echeng For More Information Please Visit: –



Debian Linux Founder Ian Murdock Has Died

Debian Linux Founder Ian Murdock Has Died

rip debian founder ian murdock
Short Bytes:
Debian founder and Docker employee Ian Murdock has died. The cause of his death is unclear at the moment. However, on Monday, his Twitter account posted multiple tweets that suggested that he would commit suicide that night.

We are sorry to inform our readers that Debian Linux Operating system founder Ian Murdock has died. He was 42.

His dead has been confirmed by the Docker blog, where Ian worked as technical staff. “This is a tragic loss for his family, for the Docker community, and the broader open source world; we all mourn his passing. To Ian’s children, family and loved ones, we offer our full support and deepest sympathies,” the Docker blog writes.

At the moment, the San Fransisco Police Department hasn’t revealed the reason behind this death. However, Murdock’s Twitter account posted multiple tweets on Monday that suggested that he would commit suicide that night.

While some speculated that his Twitter account was hacked, at the moment it’s deleted.

ian murdock tweet about suicide debain founder

Murdock created Debian Linux Operating system in August 1993 and he is the “IAN” in “debIAN”. It was one of the first Linux distros to be forged and is one of the most successful open source projects ever created.

Rest in peace, Mr. Murdock!

“In the past decade, Ian’s contributions to the tech community continued, as CTO of the Linux Foundation, as a senior leader at Sun Microsystems (including serving as Chief architect of Project Indiana); and most recently as Vice President of Platforms at Indianapolis-based ExactTarget, which became part of Salesforce in 2012,” the Docker blog writes about his contributions to the tech world.

“With a heavy heart, Debian mourns the passing of Ian Murdock, stalwart proponent of Free Open Source Software, Father, Son, and the ‘ian’ in Debian,” the Debian organization said in a statement.

Rest in peace.

The post Debian Linux Founder Ian Murdock Has Died appeared first on fossBytes.


DEF CON 23 – McNeil and Owen – Sorry Wrong Number: Mysteries Of The Phone System

DEF CON 23 – McNeil and Owen – Sorry Wrong Number: Mysteries Of The Phone System

Exploring the phone system was once the new and exciting realm of “phone phreaks,” an ancestor of today’s computer “hackers.” The first phreaks “owned” and explored the vague mysteries of the telephone network for a time until their activities drew too much attention from the phone companies and law enforcement. The phone system evolved, somewhat, in an attempt to shut them out, and phreaking became both difficult and legally dangerous. Such events paralleled a new personal computer “revolution” wherein phone phreaks made the transition from the secret subtleties of telephony to the new and mystical frontier of personal computing. Private BBS(s) and, eventually, the Internet was not only the next logical step forward, but also provided “safer” alternatives that still allowed for the thrill of exploring the mysteries of a new modern age. Telephony, and voice security in general, became, as the years passed, something of a lost art to all but those who remember… In this presentation we begin our adventure with a journey back in time, starting in the post-war Film Noir era of the 40’s and 50’s, when users required an operator at the switchboard to make a call, investigating some of the early roots of phreaking that many have forgotten. We will briefly take a look at the weaknesses of early telephone systems and the emergence of the original phreaks in the 50’s and 60’s who found and exploited them. Our journey will also allow us to demonstrate how some of the same basic phreaking approaches are still applicable to today’s “advanced” VoIP systems. Certainly the initial creation and emergence of VoIP opened a variety of attack vectors that were covered at security conferences at the time. Commercial VoIP adoption, however, remained stagnant until standards and carriers caught up. Some VoIP hacking tools were left unmaintained, and VoIP wasn’t the sexy and mysterious attack vector it once was with the exception of tricksters who found old or insecure systems to be easy targets. Due to increased VoIP adoption over the last few years, however, telephony attacks are provocative once again. As hardboiled VoIP detectives, we’ll unravel the mysteries of the curious, shadowy, and secretive world of phreaks, tricksters, and VoIP hackers. We’ll compare and contrast old school phreaking with new advances in VoIP hacking. We’ll explain how voice systems are targeted, how they are attacked using old and new methods, and how to secure them – with demonstrations along with practical and actionable tips along the way. We may even drop a new VoIP telephony phishing tool to fuse the past and the present.. Speaker Bios: Patrick spoke about telephony fraud last year at DEF CON Skytalks (“How To Make Money Fast Using A Pwned PBX”), and is a #telephreak at heart. He has over twenty years of experience, mostly with telecom manufacturers, and spent time in charge of product security for the communications security business of a fortune 100 company. When not working you can find him practicing Kung Fu, brewing beer, or picking locks with Oak City Locksport. Twitter: @unregistered436 Owen used to be a professional developer code monkey. He’s worked in various IT fields including Server Administration, DevOps, Application Security and most recently as a penetration tester. He enjoys tinkering with various technologies, and has experimented for prolonged periods with PBXs and the obscure side of VoIP For More Information Please Visit: –



Disney Makes Robot Car Vertigo That Can Climb Up Walls

Disney Makes Robot Car Vertigo That Can Climb Up Walls

Vertigo robotShort Bytes: Vertigo, a Disney made robot, can climb a wall on wheels with agility and again return to the ground to show its capability of running through urban as well as natural environment. Know more about the robot and watch the video below.

Believe me or not when I read this news, the first thing that came into my mind was Vertigo movie from 1950s by Alfred Hitchcock, starring James Stewart. Then, I saw Disney and another eye on Vertigo robot climbing the wall and that made my day.

Well, Vertigo can literally transform into a robot just like seen in the Transformer movies from the ground when it comes to climbing the wall. Vertigo has been created in collaboration of Disney Research Zurich and ETH. No wonder, people from Switzerland rank number one on innovation chart.

Vertigo has two tiltable propellers that provide thrust onto the wall. Out of four wheels, one pair of wheels is steerable, and each propeller has two degrees of freedom for adjusting the direction of thrust.

Also read: Yamaha Builds A Robot That Drives Motorcycles and Challenges World Champion Rossi

The choice of two propellers rather than one enables a floor-to-wall transition – thrust is applied both towards the wall using the rear propeller and in an upward direction using the front propeller, resulting in a flip onto the wall.

By transitioning from the ground to a wall and back again. This whole capability makes Vertigo extend its capability to travel through urban and indoor environments.

Watch the video below:

Add your views about this amazing wall climbing video in the comments below.

Also read: China Just Made These Anti-Terror Robots Armed With “Guns And Grenades”

Download our Google chrome, Mozilla firefox and Opera extension to get instant updates –
fossbytes google chrome extension fossbytes firefox extension fossbytes opera extension fossbytes google chrome app

The post Disney Makes Robot Car Vertigo That Can Climb Up Walls appeared first on fossBytes.


Why we can’t plug Southern California’s massive methane leak

Why we can’t plug Southern California’s massive methane leak

There’s a massive methane leak in Los Angeles, and city officials and the company that owns the property can’t do anything to stop it in the short term. We investigate the issue, and the seriousness of the problem.

ExtremeTech » News & Updates For Hardcore Tech Fans | ExtremeTech