Never Ending Security

It starts all here

Tag Archives: Documents & Manuals




  1. Crosby, Goldberg, Johnson, Song, Wagner: Cryptanalyzing HDCP (2001)

  2. Wagner, Schneier: Analysis of the SSL 3.0 Protocol

  3. Lucks, Schuler, Tews, Weinmann, Wenzel: Security of DECT

  4. Kohno: Analysis of WinZip Encryption

  5. Stubblefield, Ioannidis, Rubin: Breaking WEP

  6. Bellare, Kohno, Namprempre: Breaking and Repairing SSH

  7. Burrows, Abadi and Needham: A Logic of Authentication

  8. DTLA: DTCP Additional Localization Protocol

Side Channel Attacks

  1. Bar-el: Introduction to Side Channel Attacks (white paper)

  2. Kocher: Timing attack on RSA & DL systems

  3. Brumley, Boneh: Remote Timing Attacks are Practical

  4. Bernstein: Cache Timing Attack on AES.  Osvik, Shamir, Tromer: Attacks and Countermeasures

  5. Eisenbarth, Kasper, Moradi, Paar, Salmasizadeh, Shalmani: Attacking KeeLoq (SpringerLink)

  6. Shamir, Tromer: Acoustic Cryptanalysis

  7. Pellegrini, Bertacco, Austin: Fault-Based Attack of RSA Authentication

  8. Aciicmez, Koc, Seifert: Branch Prediction Analysis (very advanced)

Dictionary Attacks: Optimization & Mitigation

  1. Alexander: Password Protection for Modern OSes

  2. RSA Laboratories: PKCS #5 2.0: Password-Based Cryptography Standard

  3. Provos and Mazières: “Future-adaptable” password schemes

  4. Stamp: Once Upon a Time Space Tradeoff

  5. Oeschslin: Rainbow Tables (includes papers & demo)

  6. Canetti, Halevi, Steiner: Mitigating (offline) Dictionary Attacks with Reverse-Turing Tests

    Securing Internet Infrastructure

  7. Jackson, Barth, Bortz, Shao, Boneh: Protecting Browsers from DNS Rebinding Attacks

  8. Kaminsky: It’s the End of the (DNS) Cache As We Know It (Black Hat 2008 – 101MB)

  9. DNS Security Extensions (standards & resources)

  10. Ptacek: A case against DNSSEC

  11. Kent, Lynn and Seo: Secure BGP

  12. Secure BGP resources

Digital Rights Management & Conditional Access

  1. Lawson: Designing and Attacking DRM (presentation)

  2. Edwards: A technical description of the Content Scrambling System (CSS)

  3. Henry, Sui, Zhong: Overview of AACS — and full AACS Specification

  4. ISE: A Comparison of SPDC (technology behind BD+) and AACS (2005)

  5. Craver, Wu, Liu, Stubblefield, Swartzlander, Wallach, Dean, Felten: Watermarking & SDMI

  6. Kuhn: Analysis of the Nagravision Video Scrambling Method (analog scrambling)

  7. Naor, Naor and Lotspiech: Revocation and Tracing Schemes for Stateless Receivers

Software, Physical Security, Backdoors

  1. Halderman et al.: Cold Boot Attacks on Encryption Keys & RSA Key Reconstruction

  2. Young, Yung: Cryptovirology: extortion-based security threats and countermeasures (IEEE)

  3. Dowd: Application-Specific Attacks: Leveraging the ActionScript Virtual Machine

  4. Steil: 17 Mistakes Microsoft Made in the XBox Security (2005)

  5. Bartolozzo et al.: Attacking and Fixing PKCS#11 Security Tokens

  6. Bardou et al.: Efficient Padding Oracle Attacks on Cryptographic Hardware

Privacy and Anonymity

  1. Dingledine, Mathewson, Syverson: Tor: The Second Generation Onion Router

  2. McCoy, Bauer, Grunwald, Kohno, Sicker: Analyzing Tor Usage

  3. Murdoch, Danezis: Low-cost Traffic Analysis of Tor

  4. Murdoch: Hot Or Not: Using clock skew to locate hidden services

  5. Wang, Chen, Jajodia: Tracking Anonymized VoIP Calls

Hash Functions and Random Oracles

  1. Coron, Dodis, Malinaud, Puniya: Merkle-Damgård Revisited

  2. Wang, Yu: How to break MD5 and other hash functions

  3. Stevens, Lenstra, de Weger: Target collisions for MD5

  4. Kaminsky: MD5 To Be Considered Harmful Someday

  5. Sotirov et al.: MD5 considered harmful today (building a rogue CA cert)

  6. Wang, Yin, Yu: SHA1 broken (at least, on its way…)

  7. NIST: “SHA3” competition: list of first round candidates (December 2008)

  8. Canetti, Goldreich, Halevi: Random oracles revisited, and…

  9. Bellare, Boldyreva, Palacio: A more natural uninstantiable Random-Oracle-Model scheme

  10. Coron, Patarin, Seurin: The random oracle model and the ideal cipher model are equivalent

  11. Bellare, Canetti, Krawczyk: HMAC

Symmetric Crypto

  1. Bellare, Namprempre: Authenticated encryption, generic composition

  2. Ferguson: Authentication weaknesses in GCM.  McGrew, Viega: Response & Update.

Public Key Crypto

Bleichenbacher: CCA Attacks against Protocols (SSL) based on PKCS #1

Bellare, Rogaway: Optimal Asymmetric Encryption Padding (OAEP)

Manger: CCA Attacks against Implementations of OAEP

Bernstein: An Introduction to Post-Quantum Cryptography

Random Number Generation

  1. Dorrendorf, Gutterman, Pinkas: RNG Weaknesses in Windows 2000

  2. Gutterman, Pinkas: Flaws in the Linux RNG

  3. Barker, Kelsey: NIST Special Pub. 800-90: Recommendations for PRNGs

  4. Kelsey, Schneier, Wagner, Hall: Cryptanalytic attacks on PRNGs

  5. Schoenmakers, Sidorenko: Dual EC not kosher

  6. Shumow, Ferguson: There May Be a Backdoor in Dual EC.

  7. Keller: ANSI X9.31 (Block cipher-based PRNG). Various artists: FIPS 186-2 (see Appendix 3)

Implementation Issues

  1. Gutmann: Lessons Learned in Implementing and Deploying Crypto Software

  2. Berson: Security Evaluation of Skype (2005, conducted at Skype’s request)

  3. Biondi, Desclaux: Silver Needle in the Skype (2006, REing of Skype binary)

Financial Services

  1. Berkman, Ostrovsky: The Unbearable Lightness of PIN cracking

  2. Bond, Zieliński: Decimalisation table attacks for PIN cracking

  3. Murdoch, Drimer, Anderson, Bond: Chip and PIN is Broken

RFID and Wireless

  1. Nohl, Evans, Starbug, Plötz: Reverse-Engineering a Cryptographic RFID Tag

  2. Bono, Green, Stubblefield, Juels, Rubin, Szydlo: Security Analysis of TI DST Tags


  1. Halperin et al.: Pacemakers and ICDs (no crypto)

  2. Ellis: Non-secret Encryption (historically very interesting)

  3. TheGrugq: Opsec for Freedom Fighters

Documents from Def Con 22 (7 to 10-08-2014)

  • Protecting SCADA From the Ground Up – PDF
  • Detecting Bluetooth Surveillance Systems – PDF
  • Dropping Docs on Darknets: How People Got Caught – PDF
  • Hacking 911: Adventures in Disruption, Destruction, and Death – PDF
  • How to Disclose an Exploit Without Getting in Trouble – PDF
  • Reverse Engineering Mac Malware – PDF
  • NSA Playset: PCIe – PDF
  • The Monkey in the Middle: A pentesters guide to playing in traffic. – PDF
  • Investigating PowerShell Attacks – PDF
  • Is This Your Pipe? Hijacking the Build Pipeline. – PDF
  • Screw Becoming A Pentester – When I Grow Up I Want To Be A Bug Bounty Hunter! – PDF
  • Home Alone with localhost: Automating Home Defense – PDF
  • Meddle: Framework for Piggy-back Fuzzing and Tool Development – PDF
  • Instrumenting Point-of-Sale Malware: A Case Study in Communicating Malware Analysis More Effectively – PDF White Paper
  • One Man Shop: Building an effective security program all by yourself – PDF
  • RF Penetration Testing, Your Air Stinks – PDF
  • Touring the Darkside of the Internet. An Introduction to Tor, Darknets, and Bitcoin – PDF
  • USB for all! – PDF
  • ShareEnum: We Wrapped Samba So You Don’t Have To – PDF
  • An Introduction to Back Dooring Operating Systems for Fun and Trolling – PDF
  • Android Hacker Protection Level 0 – PDF
  • Anatomy of a Pentest; Poppin’ Boxes like a Pro – PDF
  • Bug Bounty Programs Evolution – PDF Extras
  • Practical Foxhunting 101 – PDF
  • Client-Side HTTP Cookie Security: Attack and Defense – PDF
  • Bypass firewalls, application white lists, secure remote desktops under 20 seconds – PDF
  • PropLANE: Kind of keeping the NSA from watching you pee – PDF
  • Getting Windows to Play with Itself: A Hacker’s Guide to Windows API Abuse – PDF
  • Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog – PDF
  • Through the Looking-Glass, and What Eve Found There – PDF White Paper
  • Summary of Attacks Against BIOS and Secure Boot – PDF
  • I am a legend: Hacking Hearthstone with machine learning – PDF
  • The Secret Life of Krbtgt – PDF
  • The $env:PATH less Traveled is Full of Easy Privilege Escalation Vulns – PDF
  • Hacking US (and UK, Australia, France, etc.) traffic control systems – PDF
  • The Cavalry Year[0] & a Path Forward for Public Safety – PDF
  • NSA Playset: DIY WAGONBED Hardware Implant over I2C – PDF
  • Abuse of Blind Automation in Security Tools – PDF
  • Why Don’t You Just Tell Me Where The ROP Isn’t Suppose To Go – PDF
  • Steganography in Commonly Used HF Radio Protocols – PDF Extras
  • Saving Cyberspace by Reinventing File Sharing – PDF
  • Empowering Hackers to Create a Positive Impact – PDF
  • Just What The Doctor Ordered? – PDF
  • Check Your Fingerprints: Cloning the Strong Set – PDF
  • Shellcodes for ARM: Your Pills Don’t Work on Me, x86 – PDF
  • Blowing up the Celly – Building Your Own SMS/MMS Fuzzer – PDF
  • Mass Scanning the Internet: Tips, Tricks, Results – PDF
  • Deconstructing the Circuit Board Sandwich: Effective Techniques for PCB Reverse Engineering – PDF
  • Saving the Internet (for the Future) – PDF
  • Burner Phone DDOS 2 dollars a day : 70 Calls a Minute – PDF
  • Hack All The Things: 20 Devices in 45 Minutes – PDF
  • Stolen Data Markets: An Economic and Organizational Assessment – PDF
  • Raspberry MoCA – A recipe for compromise – PDF White Paper 1 White Paper 2
  • Girl… Fault-Interrupted. – PDF
  • Extreme Privilege Escalation On Windows 8/UEFI Systems – PDF White Paper
  • NinjaTV – Increasing Your Smart TV’s IQ Without Bricking It – PDF
  • Oracle Data Redaction is Broken – PDF
  • Weird-Machine Motivated Practical Page Table Shellcode & Finding Out What’s Running on Your System – PDF
  • Catching Malware En Masse: DNS and IP Style – PDF White Paper
  • Attacking the Internet of Things using Time – PDF
  • Open Source Fairy Dust – PDF
  • Learn how to control every room at a luxury hotel remotely: the dangers of insecure home automation deployment – PDF White Paper
  • Generating ROP payloads from numbers – PDF
  • DEF CON Comedy Jam Part VII, Is This The One With The Whales? – PDF
  • The NSA Playset: RF Retroreflectors – PDF 1 PDF 2
  • VoIP Wars: Attack of the Cisco Phones – PDF
  • Playing with Car Firmware or How to Brick your Car – PDF
  • Measuring the IQ of your Threat Intelligence feeds – PDF
  • Secure Because Math: A Deep Dive On Machine Learning-Based Monitoring – PDF
  • Abusing Software Defined Networks – PDF
  • NSA Playset : GSM Sniffing – PDF
  • Cyberhijacking Airplanes: Truth or Fiction? – PDF
  • Am I Being Spied On? Low-tech Ways Of Detecting High-tech Surveillance – PDF
  • Detecting and Defending Against a Surveillance State – PDF
  • Acquire current user hashes without admin privileges – PDF
  • You’re Leaking Trade Secrets – PDF
  • Veil-Pillage: Post-exploitation 2.0 – PDF
  • From Raxacoricofallapatorius With Love: Case Studies In Insider Threat – PDF
  • Don’t DDoS Me Bro: Practical DDoS Defense – PDF
  • Advanced Red Teaming: All Your Badges Are Belong To Us – PDF
  • I Hunt TR-069 Admins: Pwning ISPs Like a Boss – PDF
  • The Only Way to Tell the Truth is in Fiction: The Dynamics of Life in the National Security State – PDF
  • A Journey to Protect Points-of-sale – PDF
  • Impostor — Polluting Tor Metadata – PDF
  • Domain Name Problems and Solutions – PDF White Paper
  • Optical Surgery; Implanting a DropCam – PDF
  • Manna from Heaven: Improving the state of wireless rogue AP attacks – PDF
  • The Open Crypto Audit Project – PDF
  • Practical Aerial Hacking & Surveillance – PDF White Paper
  • From root to SPECIAL: Pwning IBM Mainframes – PDF
  • PoS Attacking the Traveling Salesman – PDF
  • Don’t Fuck It Up! – PDF

Documents from Black Hat USA 2-7 August 2014