Hack In The Box Security Conference Courses

Physical to Cyber and Back - Fingerprint Scanner Security

Exploring vulnerabilities in fingerprint scanners and access control systems, demonstrating physical-to-virtual attacks, and discussing network persistency techniques in IoT devices.

• YouTube
• 58 minutes
• Self-Paced
• Conference Talk

DFEx - DNS File Exfiltration

Explore DNS file exfiltration techniques, including a unique protocol for bypassing NG Firewalls. Learn about HIPS tricks and innovative approaches to data transfer across networks.

• YouTube
• 53 minutes
• Self-Paced
• Conference Talk

Modern Automotive Attack Surfaces

Explore modern automotive cybersecurity threats, including V2X technologies, smart batteries, and wireless keys. Learn about vulnerabilities in upcoming car features and their implications for future vehicle security.

• YouTube
• 1 hour 4 minutes
• Self-Paced
• Conference Talk

Tracking Fake News Based on Deep Learning

Innovative deep learning model for tracking fake news authors by analyzing content and stylistic features, enabling identification of attackers spreading malicious rumors for financial gain.

• YouTube
• 29 minutes
• Self-Paced
• Conference Talk

Security Should Be Smarter Not Harder

Explore cybersecurity strategies, bug bounty programs, and hacker motivation with Katie Moussouris. Learn about industry myths, perverse incentives, and practical solutions for smarter security practices.

• YouTube
• 52 minutes
• Self-Paced
• Conference Talk

Hacking Jenkins

Exploring Jenkins vulnerabilities, including dynamic routing misuse and Groovy sandbox escape. Learn to build custom gadgets and exploit Jenkins through unconventional methods.

• YouTube
• 38 minutes
• Self-Paced
• Conference Talk

Binder - The Bridge To Root - Hongli Han and Mingjian Zhou

Exploración detallada de la vulnerabilidad "Waterdrop" en el controlador Binder de Android, que permite escalar privilegios y obtener acceso root en dispositivos populares, incluyendo los Pixel más recientes.

• YouTube
• 44 minutes
• Self-Paced
• Conference Talk

Sneaking Past Device Guard

Exploración de técnicas avanzadas para eludir Device Guard en Windows 10, incluyendo métodos que requieren privilegios de administrador y otros que utilizan aplicaciones nativas del sistema operativo.

• YouTube
• 51 minutes
• Self-Paced
• Conference Talk

A Successful Mess Between Hardening and Mitigation

In-depth analysis of Content Security Policy for XSS prevention, exploring its effectiveness, debunking myths, and sharing real-world data on successful XSS mitigation in sensitive applications.

• YouTube
• 1 hour 1 minute
• Self-Paced
• Conference Talk

Researching New Attack Interfaces on iOS and OSX

Exploración de nuevas interfaces de ataque en iOS y OSX, revelando vulnerabilidades del kernel y controladores mediante ingeniería inversa, análisis estático/dinámico y fuzzing mejorado.

• YouTube
• 53 minutes
• Self-Paced
• Conference Talk

Overcoming Fear - Reversing With Radare2

Comprehensive guide to reversing with Radare2, covering installation, basic commands, visual modes, configuration, and practical applications. Suitable for beginners and professionals in computer security.

• YouTube
• 2 hours 5 minutes
• Self-Paced
• Conference Talk

Duplicating Black Box Machine Learning Models

Exploración de técnicas avanzadas para duplicar modelos de aprendizaje automático de caja negra, destacando vulnerabilidades en servicios en la nube y proponiendo un nuevo método de ataque más eficiente.

• YouTube
• 39 minutes
• Self-Paced
• Conference Talk

Finding Vulnerabilities in iOS - MacOS Networking Code

Explore iOS/macOS networking vulnerabilities, focusing on mbuf processing in XNU kernel. Learn about network packet structures, vulnerability discovery techniques, and PoC exploit development.

• YouTube
• 50 minutes
• Self-Paced
• Conference Talk

TOCTOU Attacks Against Secure Boot and BootGuard

Explore TOCTOU attacks on Intel's BootGuard, learn about vulnerabilities in secure boot processes, and discover open-source tools for testing system security.

• YouTube
• 39 minutes
• Self-Paced
• Conference Talk

Hourglass Fuzz - A Quick Bug Hunting Method

Introducción a Hourglass Fuzz, un método rápido de búsqueda de errores para Android que supera las limitaciones de los sistemas de fuzzing típicos, con ejemplos de vulnerabilidades descubiertas en controladores gráficos y Bluetooth.

• YouTube
• 58 minutes
• Self-Paced
• Conference Talk