Defcon/Black Hat Papers, Presentations, Resources

I am a digital hoarder of sorts. Well, maybe not exactly a hoarder, as I don’t have a NAS with petabytes worth of files, but I do like to collect some good resources. Of course, those are all about Infosec/Cyber.

Thus, I’ve decided to share them with you! I am leaving a link to a shared Google Drive folder where I will be adding them. My idea here is to make them somewhat organized at least, as I don’t really want to dump ALL of them on you. The stuff in the drive is either collected by me, or other fellow collectors, and all the .pdfs and other stuff you will find there is free, and shared by their respective creators/owners!

I have to say that in my efforts to collect, I’ve had to rely on other such enthusiasts too, and what I’m sharing here was actually collected by Joas A Santos – a red teamer and an Infosec leader. Big shoutout, and thanks for allowing me to share, to Joas and also for his unceasing efforts to share the knowledge and resources with the community. All of the presentations and papers found in the drive are available online (and shared by their respective authors – I don’t want to infringe on anyone’s IP), I am just trying to curate them and organize them for a bit.

Stuff that’s currently in the gdrive:

Why Did You Lose the Last PS5 Restock to a Bot
Internal Server Exploitation With New Desynchronization Primitives
Taking A Dump In the Cloud
No Code Malware: Windows 11 At Your Service
Running Rootkits Like a Nation-State Hacker
The Darknet OpSec By a Veteran Darknet Vendor
Weaponizing Windows Syscalls as Modern 32-bit Shellcode
OopsSec – The Bad, the Worst, and the Ugly of APTs Operations Security
The Evil PLC Attack – Weaponizing PLCs
Phreaking 2.0 – Abusing Microsoft Teams Direct Routing
Let’s Dance In the Cache – Destabilizing Hash Table on Microsoft IIS
Trace Me If You Can – Bypassing Linux Syscall Tracing
How Russia Is Trying to Block TOR
Reversing the Original XBOX Live Protocols
Save the Environment (Variable) Hijacking Legitimate Applications With a Minimal Footprint
Android Universal Root- Exploiting xPU Drivers
Devils Are In the File Descriptors: It Is Time To Catch Them All
ELF Section Docking – Revisiting Stageless Payload Delivery
Better Privacy Through Offense: How To Build a Privacy Red Team
A Journey Into Fuzzing WebAssmebly Virtual Machines
Glitched on Earth by Humans: A Black-box Security Evaluation of the SpaceX Starlink User Terminal
Invisible Finger: Practical Electromagnetic Interference Attack on Touchscreen-based Electronic Devices
Trust Dies In the Darkness – Shedding Light on Samsung’s TrustZone Cryptographic Design
Broken Mesh: New Attack Surfaces of Bluetooth Mesh
Human or Not: Can You Really Detect the Fake Voices?
A New Trend For the Blue Team – Using a Practical Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
Tunable Replica Circuit For Fault-Injection Detection
Scaling the Security Researcher to Elminate OSS Vulnerabilities Once and for All
AAD Joined Machines – The New Lateral Movement
The Growth of Global Election Disinformation: The Role and Methodology of Government-linked Cyber Actors
Blasting Event-Driven Cornucopia: WMI-based User-space Attacks Blind SIEMs and EDRs
Dragon Tails: Preserving Supply-side Vulnerability Disclosure
IAM Whoever I Say IAM: Infiltrating Identity Providers Using 0Click Exploits
Attacks From a New Front Door in 4G & 5G Mobile Networks
Process Injection – Breaking All macOS Security Layers With a Single Vulnerability
Less SmartScreen More Caffeine – ClickOnce (Ab)Use for Trusted Code Execution
One Bootloader to Load Them All
Crossing the KASM: A Webapp Pentest Story

One last disclaimer, this time from me personally: I don’t have any political affiliations nor any sort of ideologically-driven agenda; I only care about the research/technical aspects of the linked resources, also, as mentioned before, these are shared freely.

Finally, here’s the link where you can find the above documents. Enjoy!

(I might also be uploading new stuff there, that’s currently not listed, so feel free to check it out from time to time, and if something’s not working for you feel free to ping me for access, or for me to send you the files)

Cover image by Sincerely Media

#infosec #black-hat #defcon #resources

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.

Hello!