#Zero-Day Vulnerabilities

Uncover the intricacies of Stuxnet, the groundbreaking cyberweapon that targeted Iran's nuclear facilities. Explore its sophisticated design, deployment methods, and global impact through a retired Windows engineer's perspective.

Add to list

1 Lesons

18 minutes

On-Demand

Free-Video

media.ccc.de

Operation Triangulation: Uncovering a Sophisticated Zero-Click Attack on iPhones - French Translation

Découverte et analyse d'une attaque zero-click sophistiquée ciblant les iPhones, exploitant quatre vulnérabilités zero-day et déployant un logiciel espion avancé. Présentation détaillée de l'opération Triangulation.

Add to list

1 Lesons

58 minutes

On-Demand

Free-Video

OWASP Foundation

Popular Approaches to Preventing Code Injection Attacks are Dangerously Wrong

Explores limitations of current code injection prevention methods and introduces Name Space Layout Randomization (NSLR) as a novel approach to secure Java applications against known and zero-day vulnerabilities.

Add to list

1 Lesons

46 minutes

On-Demand

Free-Video

OWASP Foundation

Open Source Approaches to Security for Applications and Services - Mozilla Case Study

Explore open-source security approaches for applications and services, covering threat modeling, bug bounties, and measuring security effectiveness in Mozilla's ecosystem.

Add to list

37 Lesons

44 minutes

On-Demand

Free-Video

Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software

Learn strategies for handling vulnerability disclosures in open source projects, including best practices for communication and mitigation, to enhance software security and protect against potential attacks.

Add to list

1 Lesons

1 hour 8 minutes

On-Demand

Free-Video

Breaking ML Services: Finding Zero-Days in Azure Machine Learning

Uncover critical vulnerabilities in Azure Machine Learning, including credential leaks, information disclosure, and persistence techniques. Learn assessment methods for cloud-based MLaaS platforms and shared responsibility models.

Add to list

1 Lesons

1 hour 6 minutes

On-Demand

Free-Video

Outsmarting IoT Defense - The Hacker's Perspective

Explore IoT security from a hacker's perspective, examining current defense inadequacies and innovative runtime protection methods for embedded devices to achieve sustainable, secure IoT solutions.

Add to list

1 Lesons

20 minutes

On-Demand

Free-Video

RSA Conference

Don't Let Zero Days Steal Your Weekends

Learn strategies to effectively handle zero-day threats, including mitigation techniques and real-world use cases, to prevent these emergencies from disrupting your team's work-life balance.

Add to list

1 Lesons

51 minutes

On-Demand

Free-Video

media.ccc.de

TETRA Radio Security: Uncovering Secret Cryptography in Law Enforcement Communications

Unveiling TETRA cryptography: Journey through radio jailbreaking, reverse-engineering, and exploiting vulnerabilities to analyze the proprietary algorithms used in critical communication systems worldwide.

Add to list

1 Lesons

48 minutes

On-Demand

Free-Video

Arvin Ash

Stuxnet: The World's First Cyberweapon and Its Impact on Physical Infrastructure

Explores Stuxnet, the first cyberweapon that physically damaged Iranian nuclear centrifuges, its creation, operation, detection, and implications for future cyber warfare and security.

Add to list

6 Lesons

14 minutes

On-Demand

Free-Video

DefCamp

Dev Ally, Zero-Days Foe - DefCamp Cluj-Napoca 2024

Explore cutting-edge cybersecurity insights with Ali Abdollahi's presentation on developer-friendly approaches to combat zero-day vulnerabilities at DefCamp Cluj-Napoca 2024.

Add to list

1 Lesons

54 minutes

On-Demand

Free-Video

DefCamp

macOS Red Teaming in 2023 - Zero-Day Edition

Explore cutting-edge macOS red teaming techniques, including 0-day vulnerabilities, presented by a principal security specialist at DefCamp 2023, a major cybersecurity conference.

Add to list

1 Lesons

35 minutes

On-Demand

Free-Video

Electronic Frontiers Forums at DragonCon

How Using Open Source Code Can Leave You Exposed to Hackers

Explore the security risks of open-source code, focusing on the Log4Shell vulnerability and its widespread impact on applications.

Add to list

1 Lesons

44 minutes

On-Demand

Free-Video

OWASP Foundation

Ad Hoc Mutable Infrastructure for Security Management - Cloud Service Security

Explore ad hoc mutable infrastructure for enhanced cloud security management, focusing on active directory identity management and automated threat mitigation techniques.

Add to list

18 Lesons

50 minutes

On-Demand

Free-Video

media.ccc.de

Operation Triangulation: Uncovering a Sophisticated Zero-Click Attack on iPhones

Unveiling a sophisticated zero-click iOS attack chain: discovery, analysis, and implications of Operation Triangulation, a highly advanced spyware targeting researchers' iPhones.

Add to list

1 Lesons

58 minutes

On-Demand

Free-Video

Software Composition Risk - Determining Actual Risk and Taking Action

Explore software composition risk assessment, mitigation strategies, and proactive processes to enhance enterprise security beyond vulnerability scanning and manual updates.

Add to list

1 Lesons

31 minutes

On-Demand

Free-Video

RingHopper: From User-Land to SMM - A Journey Through UEFI Vulnerabilities

Delve into the discovery of RingHopper, a critical UEFI vulnerability affecting billions of devices, exploring exploitation techniques and elevation methods across Windows and Linux systems.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

Hacking the Cloud Native Renaissance - Lowering Risk of Kubernetes Adoption

Explore Kubernetes adoption risks and security challenges in cloud-native systems. Learn from real-world hacks, container breakouts, and cloud compromises to enhance your system's resilience and protection.

Add to list

1 Lesons

32 minutes

On-Demand

Free-Video

Hacking the 0day Marketplace

Exploring the 0day vulnerability market's challenges and proposing solutions to improve efficiency, safety, and professionalism for all stakeholders in cybersecurity.

Add to list

16 Lesons

28 minutes

On-Demand

Free-Video

Going Deeper Into Schneider Modicon PAC Security

Exploración profunda de vulnerabilidades en controladores Modicon PAC de Schneider, analizando protocolos de comunicación privados y mecanismos de protección por contraseña. Incluye demostraciones de ataques y recomendaciones defensivas.

Add to list

32 Lesons

48 minutes

On-Demand

Free-Video

BSidesLV

Zero Days Should Not Be a Fire Drill

Strategies for effectively managing zero-day vulnerabilities, emphasizing proactive planning and rapid response to minimize organizational impact and enhance cybersecurity resilience.

Add to list

1 Lesons

49 minutes

On-Demand

Free-Video

nullcon

Capturing Zero Day Information

Explore techniques for identifying and capturing zero-day vulnerabilities in cybersecurity. Learn cutting-edge methods to stay ahead of emerging threats and enhance your defensive capabilities.

Add to list

1 Lesons

51 minutes

On-Demand

Free-Video

Security BSides San Francisco

Who's Breaking into Your Garden? - iOS & OS X Malware You May Not Know

Comprehensive analysis of recent iOS and OS X malware, exploring attack techniques, characteristics, and trends. Insights for enhancing security measures against emerging threats on Apple platforms.

Add to list

1 Lesons

52 minutes

On-Demand

Free-Video

Security BSides San Francisco

Goldilocks and the Three ATM Attacks

Explore three ATM attack case studies, from poor security to zero-day exploits, revealing vulnerabilities and prevention strategies in modern ATM systems.

Add to list

10 Lesons

28 minutes

On-Demand

Free-Video

Racing the Dark - A New TOCTTOU Story From Apple's Core

Unveils macOS kernel vulnerabilities, highlighting memory mapping issues and race conditions that bypass security updates. Emphasizes the need to reevaluate macOS/iOS memory mapping mechanisms.

Add to list

1 Lesons

35 minutes

On-Demand

Free-Video

In-Field Emulation and Fuzzing of PLCs to Uncover the Next Zero-Day Threat in Industrial Control Systems

Explore innovative techniques for uncovering vulnerabilities in Industrial Control Systems through in-field emulation and fuzzing of PLCs, focusing on proactive security measures beyond network-level exploits.

Add to list

1 Lesons

39 minutes

On-Demand

Free-Video

CDPwn - Taking Over Millions of Enterprise-Things with Layer 2 Zero-Days

Unveiling critical zero-day vulnerabilities in layer 2 protocols, demonstrating their impact on enterprise device and network security, and exploring potential exploitation techniques.

Add to list

1 Lesons

37 minutes

On-Demand

Free-Video

BLEEDINGBIT - Your APs Belong to Us

Explore BLEEDINGBIT vulnerabilities in BLE chips, allowing unauthenticated network penetration. Learn attack methods, packet structures, and prevention strategies for enterprise wireless access points.

Add to list

27 Lesons

47 minutes

On-Demand

Free-Video

NahamSec

Finding 0days in Enterprise Web Applications

Explore techniques for finding 0-day vulnerabilities in enterprise web applications, focusing on HCL Digital Experience, Solarwinds Web Help Desk, and Sitecore's Experience Platform.

Add to list

32 Lesons

35 minutes

On-Demand

Free-Video

How MySQL Servers Can Attack YOU

Novel attack vector using compromised MySQL servers to target clients, demonstrating remote code execution vulnerabilities in MySQL tools and libraries, including a zero-day exploit bypassing security patches.

Add to list

1 Lesons

53 minutes

On-Demand

Free-Video

Security BSides London

OEMs Considered Harmful - Hello New 0Days

Explores zero-day vulnerabilities in OEM Android customizations, demonstrating how these modifications can undermine Google's security measures and affect millions of devices worldwide.

Add to list

1 Lesons

24 minutes

On-Demand

Free-Video

Vulnerabilities and Ethics

Exploring ethical considerations in zero-day vulnerability trade, proposing a code of ethics to guide responsible acquisition and use while balancing national security needs with human rights concerns.

Add to list

1 Lesons

28 minutes

On-Demand

Free-Video

Extortion and Cooperation in the Zero-day Market

Análisis del mercado de vulnerabilidades zero-day desde la teoría de juegos, explorando estrategias de cooperación, extorsión y maximización de beneficios para compradores y vendedores.

Add to list

1 Lesons

36 minutes

On-Demand

Free-Video

All New Ø-Day

Explore cutting-edge zero-day vulnerabilities and advanced hacking techniques with expert David Litchfield in this Black Hat USA 2004 presentation on emerging cybersecurity threats.

Add to list

1 Lesons

1 hour 33 minutes

On-Demand

Free-Video

16 Zero-Day Vulnerabilities Affecting CODESYS Framework Leading to Remote Code Execution

Découverte de 16 vulnérabilités zero-day dans CODESYS, un framework logiciel pour automates programmables industriels, affectant potentiellement des millions d'appareils dans divers secteurs industriels.

Add to list

1 Lesons

34 minutes

On-Demand

Free-Video

New Shiny in the Metasploit Framework

Explore new features in Metasploit Framework, including infrastructure updates, exploitation techniques, and enhancements for various platforms and protocols.

Add to list

35 Lesons

45 minutes

On-Demand

Free-Video

Wolf in Shell's Clothing - Why You Should Be Skeptical of Your Trusted Tools

Explore the skepticism towards trusted security tools, data breaches, and vulnerabilities. Learn about manual hijacking, drive-by downloads, and strategies to enhance network protection.

Add to list

35 Lesons

38 minutes

On-Demand

Free-Video

State of Security and 2016 Predictions

Explore cybersecurity trends, threats, and predictions for 2016, covering topics like cyber crime, threat intelligence, phishing, and government responses to security challenges.

Add to list

19 Lesons

31 minutes

On-Demand

Free-Video

0Day to HeroDay - Bringing a Company from Scorched Earth to a Modern Security Organization

Transforming a company's security posture from vulnerable to robust, detailing strategies and best practices for building a modern, effective cybersecurity organization.

Add to list

1 Lesons

34 minutes

On-Demand

Free-Video

Inside Dash Cam Custom Protocols and Security Vulnerabilities

Delve into comprehensive security analysis of network-connected dash cams, exploring vulnerabilities in boot processes, custom protocols, and configuration systems across multiple international manufacturers.

Add to list

1 Lesons

19 minutes

On-Demand

Free-Video

Finding Zero-Day Vulnerabilities in Vilo Home Routers - Security Research Process and Discoveries

Discover how student researchers uncovered 9 zero-day vulnerabilities in Vilo routers through hardware hacking, firmware analysis, and cloud infrastructure investigation, highlighting IoT security challenges.

Add to list

1 Lesons

28 minutes

On-Demand

Free-Video

Exploiting Localhost APIs From The Browser - Zero-Day Vulnerability and Attack Techniques

Discover how browser-based attacks exploit localhost services through a zero-day vulnerability, featuring live demonstrations of remote code execution and novel attack techniques targeting developers behind firewalls.

Add to list

1 Lesons

27 minutes

On-Demand

Free-Video

DevSecCon

From Novice to Catalyst - Scaling Security Tools with Metrics

Discover how to implement and scale security metrics effectively, from data extraction to visualization, while learning to leverage the Multivac framework for enhanced threat management and risk reduction.

Add to list

1 Lesons

14 minutes

On-Demand

Free-Video

When Windows Defender Updates Become a Security Risk

Dive into Windows Defender's architecture and signature update vulnerabilities, exploring how unprivileged users can exploit security flaws to compromise Windows systems and manipulate EDR functionality.

Add to list

1 Lesons

39 minutes

On-Demand

Free-Video

The Hack, the Crash and Two Smoking Barrels - Automotive Cybersecurity Challenges

Dive into automotive cybersecurity challenges through real-world stories and demonstrations, exploring vehicle architecture vulnerabilities and industry practices while witnessing live ECU hacking and security testing scenarios.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

Defeating ATM Disk Encryption - Security Vulnerabilities in Vynamic Security Suite

Delve into critical ATM security vulnerabilities, focusing on Diebold Nixdorf's VSS encryption weaknesses, exploitation methods, and essential defense strategies for financial systems protection.

Add to list

1 Lesons

39 minutes

On-Demand

Free-Video

What to Expect When You're Exploiting - Zero-Day Vulnerabilities in Baby Monitors and Wi-Fi Cameras

Uncover critical security vulnerabilities in Wi-Fi cameras and baby monitors, exploring attack surfaces, privacy issues, and zero-day exploits while learning practical remediation strategies for IoT devices.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

Eclipse Foundation

Software Vulnerabilities: From Log4J and SpringShell to Cyber Warfare

Explore cybersecurity threats through Log4Shell and SpringShell cases, understanding vulnerability exploitation, cyber warfare evolution, and essential defensive practices for safer software development.

Add to list

1 Lesons

33 minutes

On-Demand

Free-Video

RSA Conference

Unveiling the Secrets of Codesys V3 - Zero Days, Forensic Artifacts and More

Explore Codesys V3 SDK, its use in ICS devices, forensic artifact collection, and the discovery of 31 zero-day vulnerabilities affecting millions of devices worldwide.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

USENIX

Vulnerability-oriented Testing for RESTful APIs