Whitepapers and conference presentations produced by iSEC’s security researchers.

Presentations - 2013

Wireless

• I Can Hear You Now: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell
  • Black Hat US, August 2013, Las Vegas, USA
  • Defcon, August 2013, Las Vegas, USA
• Bluetooth Smart: The Good, The Bad, The Ugly…and The Fix
  • Black Hat US, August 2013, Las Vegas, USA
  • USENIX Security WOOT, August 2013, Washington, DC
  • ShmooCon, February 2013, Washington, DC
• BYOD PEAP Show
  • Ruxcon, October 2013, Melbourne, Australia
  • Defcon, August 2013, Las Vegas, USA
• Arduino Based Open Source Zigbee Stack
  • LinuxFest Northwest, April 2013, Bellingham, WA

Cryptography

• Cryptopocalypse
  • Black Hat US, August 2013, Las Vegas, USA

Misc

• Introspy: Security Profiling for Blackbox iOS and Android
  • Ruxcon, October 2013, Melbourne, Australia
• The Outer Limits: Hacking the Samsung Smart TV
  • Black Hat US, August 2013, Las Vegas, USA
  • Defcon, August 2013, Las Vegas, USA
  • Toorcon 15, October 19th, San Diego, USA
• Shattering Illusions in Lock-Free Worlds: Compiler/Hardware behaviors in OSes and VMs
  • Black Hat US, August 2013, Las Vegas, USA
• Funderbolt: Adventures in Thunderbolt DMA Attacks
  • Black Hat US, August 2013, Las Vegas, USA
• Untwining Twine
  • Black Hat US, August 2013, Las Vegas, USA
• Automated Electromechanical PIN Cracking: R2B2 and C3BO
  • Black Hat US, August 2013, Las Vegas, USA
  • Defcon, August 2013, Las Vegas, USA
• Digital Reconnaissance: Information Gathering for a Security Review
  • LinuxFest Northwest, April 2013, Bellingham, WA

Web

• Harnessing GP²Us: Building Better Browser Based Botnets
  • Black Hat EU, March 2013, Amsterdam, Netherlands
• An Introduction to ModSecurity - Securing your Apache Web Applications
  • LinuxFest Northwest, April 2013, Bellingham, WA
• Content Security Policy: Preventing Content Injection
  • OWASP Seattle, September 2013

Whitepapers

Web

• HTML5 Security - The Modern Web Browser Perspective
• Cross-Site Request Forgery
• Content Security Policy Best Practices
• Login Service Security

SSL / TLS

• Attacks on SSL: A Comprehensive Study of BEAST, CRIME, TIME, BREACH, Lucky 13 & RC4 Biases
• Fixing Revocation for Web Browsers on the Internet
• Everything You’ve Always Wanted to Know About Certificate Validation with OpenSSL (but Were Afraid to Ask)

Cryptography

• Perfect Forward Security
• An Introduction to Authenticated Encryption
• An Adaptive-Ciphertext Attack Against “I ⊕ C” Block Cipher Modes With an Oracle

Mobile

• Auditing Enterprise Class Applications and Secure Containers on Android
• Windows Phone 7 Application Security Survey

Misc

• Creating a Safer OAuth User Experience
• Common Flaws of Distributed Identity and Authentication Systems
• Weaknesses and Best Practices of Public Key Kerberos with Smart Cards
• Password Managers — Exposing Passwords Everywhere