CarolinaCon
About this original series
CarolinaCon is an annual conference in North Carolina that is dedicated to sharing knowledge about technology, security and information rights. CarolinaCon also serves to enhance the local and international awareness of current technology related issues and developments. CarolinaCon also strives to mix in enough entertainment and side contests/challenges to make for a truly fun event.
-
# Episodes
49 episodes -
Rating
TV-UN
Episodes of CarolinaCon
-
-
Protect This House - Zackary Mayo
Tales from the Collegiate Cyber Defense Competition
-
-
Release date
May 22, 2012
-
Runtime
26:07
-
-
Raspberry Pi's Impact on Hacking - DJ Palombo
A “burner computer” will cause all of the same problems that a burner phone previously caused for law enforcement. The burner phone allowed illegal activities to be conducted with minimal risk to the user. The potential “burner computer” can be set up with nearly any lightweight distro of Linux and can be programmed to do nearly any task. For example, a member of a “cyber terrorist” organization can purchase Raspberry Pi and set it up with a script that will allow it to be part of a DDoS attac...
-
-
Release date
May 22, 2012
-
Runtime
30:32
-
-
Declarative Web Security: DEP for the Web - Stev...
Right now web security requires writing perfect software. Let's face it; We just aren't ever going to get that done. Using declarative tools like Content Security Policy, Strict Transport Security and other TLAs, we can give ourselves a fighting chance to get things right, and even an optional system to alert us when things go wrong. Steve Pinkham is a Security Consultant for Maven Security Consulting, and the current leader of the Raleigh OWASP chapter. His current focus is web and mobile sec...
-
-
Release date
May 22, 2012
-
Runtime
29:47
-
-
Malware Retooled - Big-O
There has been a recent surge in the release of malware source code, which involves crimepack authors from different locations working together to refine their products. Crimeware authors are leveraging the release of source to further develop their already sophisticated and well developed threats as well as add modularity and functionality to their software. In addition the release of Zeus and TDL3 source adds to the wealth of information already available further lowering the entry barrier f...
-
-
Release date
May 22, 2012
-
Runtime
26:57
-
-
DevHack: Pre-Product Exploitation - Snide
When it comes to penetration testing, developers are sometimes smarter than your average user and can be overlooked. Generally they hold elevated privileges and have access to more resources, making them an attractive target. In this presentation, we'll explore methods to exploit developers and products under development by targeting dependency management repositories. I've been working on a project that is intended to be able to exploit developers or products under development by hijacking a ...
-
-
Release date
May 22, 2012
-
Runtime
34:22
-
-
Bypassing Android Permissions - Georgia Weidman
When giving a security talk on the Android platform, one of the most common questions is can the permissions model be bypassed? Can an Android app, short of exploiting the phone and gaining root privileges gain additional permissions? In this talk we will look at multiple ways to bypass the permission model including: bypassing through application updates, bypassing through using multiple apps, taking advantage of insecure storage practices in other installed apps, and piggybacking on other ap...
-
-
Release date
May 22, 2012
-
Runtime
41:45
-
-
It's 2012 and My Network Got Hacked - Omar Santos
Abstract: Many times security professionals, network engineers, and management ask "why did I spend all this money in network security equipment if I still got hacked?" For example, often questions like these run through their minds: "Am I not buying the right security products? Am I not configuring or deploying them correctly? Do I have the right staff to run my network?" The security lifecycle requires measuring the current network state, creating a baseline and providing constant improvemen...
-
-
Release date
May 22, 2012
-
Runtime
51:37
-
-
Why your password policy sucks - Martin (purehat...
Passwords are the weakest link in any network configuration. Recent breaches have shown us some large databases of passwords and upon analyzing those passwords we have discovered that password policies are not working. Even with strict password policies in place, humans are creatures of habit and will construct passwords in the same way every time. These types of patterns are easily guessable. During this talk we will analyze the cracked passwords from 4-5 of the largest breaches in 2010-2011 ...
-
-
Release date
May 5, 2011
-
Runtime
57:40
-
-
Serial Killers: USB as an Attack Vector - Nick F...
Love it or hate it, the Universal Serial Bus is the preferred protocol for transferring files, connecting peripherals, and a host of other applications. This talk will cover the basics of using microcontrollers for the purpose of attacking a machine over USB. This talk will focus on attacking a machine through it's implementation of the USB protocol. It will also focus on how to take advantage of the trusting nature inherent in the protocol to trick software that supposedly protects against US...
-
-
Release date
May 5, 2011
-
Runtime
55:12
-
-
Dissecting the Hack: Malware Analysis 101 - Gerr...
Dissecting the Hack: Malware Analysis 101 is designed to be an introduction into the world of malware analysis. This presentation will begin with a brief 5 to 10 minute introduction on some malware analysis theory, followed by a live demonstration that will take the audience through an in depth behavioral and code analysis of a select piece of malware. This demonstration will include techniques using free open source tools and will include such techniques as detecting packers and unpacking, fi...
-
-
Release date
May 5, 2011
-
Runtime
55:26
-
-
