33c3 works for me

Here's a summary of some of the talks I've seen at the 33C3.

I haven't had time to see all the talks (obviously), therefore for a complete list of the talks see the Additional links's section below. By the way this list is in no particular order but the starred (*) talks are the ones I appreciated the most.

What could possibly go wrong with <insert x86 instruction here* by Clémentine Maurice and Moritz Lipp was very interesting. They presented their work on cache-attacks starting with a general explanation on cache attacks followed with specific examples:

  • Covert channel attacks and SSH connection over the cache
  • Crypto side-channel attacks (AES T-tables attack and kernel ASLR bypass)
  • Keylogger by monitoring cache line access

The video is available here.

How do I crack satellite and cable pay tv by Chris Gerlinsky gives an overview of his extended work on hacking into set-up boxes and reverse engineering the different protocols and cryptographic techniques used in pay-tv software/hardware. A must see for those into the field. For the recording, go here.

Joseph Cox gave in his talk Law enforcement are hacking the planet an overview of the different attacks performed by the NSA worldwide and how they were trespassing their rights (operation Pacifier, operation Torpedo, ...). The video is available here.

If you're using (or planning to use) N26 app by FinTech, you might want to have a look at the talk by Vincent Haupert Shut up and take my money*. He identified several flaws and security vulnerabilities which made N26 very vulnerable. For the record it seems they have since fixed the disclosed issues. The video is available here.

You can -j REJECT but you can not hide: Global scanning of the IPv6 Internet is a talk by Tobias Fiebig on using DNS queries to discover IPv6 hosts. This talk, despite its name, does mostly focus on discovering IPv6 hosts than actually scanning them. You can find the video under this link.

Rich Jones in his talk Gone in 60 Milliseconds walks us to the hacking of AWS event-driven micro-services (AWS lambda, s3 buckets, ...) through exploitation and ex-filtration techniques. The recording is available here.

If you ever wondered how bank transactions work and why international payments take usually a lot of time, have a look at the talk by Mark van Cuijk A world without blockchain. The recording is available here.

The Radare demystified* talk by pancake is a must see for anyone interested by r2 or using it. This talk gives a great overview of the different features available. A must see ! Video available under this link.

Anna and Andre Meister in their talk 3 Years After Snowden: Is Germany fighting State Surveillance? show us what has happened since the Snowden's revelations in Germany. How the BND collaborates with the NSA to spy on its own citizen but also helping the US to perform their mass surveillance. Video is available here.

The talk Build your own NSA* by Andreas Dewes and sveckert gives a very interesting work on de-anonymization or how are we actually identifiable through our browsing history. As a hint, do not trust WoT (Web of Trust). A must see. The video is available under this link.

Ever wondered what it would take to build an elevator to the moon ? The talk An Elevator to the Moon (and back) by Markus Landgraf will give you an overview of the different challenges to face. Find the video here.

Have fun watching those talks !

Additional links