DEF CON 23 - Bruce Potter - A Hacker's Guide to Risk
When the latest and greatest vulnerability is announced, the media and PR frenzy can be dizzying. However, when the dust settles, how do we actually measure the risk represented by a given vulnerability. When pen testers find holes in an organization, is it really “ZOMG, you’re SO 0WNED!” or is it something more manageable and controlled? When you’re attempting to convince the boss of the necessity of the latest security technology, how do really rank the importance of the technology against the threats facing the organization. Understanding risk can be tricky, especially in an industry that often works on gut feelings and values quantity over quality. But risk and risk management doesn’t need to be complicated. With a few basic formulas and access to some simple models, understanding risk can be a straightforward process. This talk will discuss risk, why its important, and the poor job the hacker community has done when it comes to properly assessing risk. It will also touch on some existing risk assessment and management systems, as well as provide worked examples of real world vulnerabilities and systems and the risks they pose. Finally, this talk will examine some practical guidance on how you, as hackers, security researchers, and security practitioners can better measure risk in your day to day life Speaker bio: Bruce Potter is the founder of The Shmoo Group, one of the organizers of ShmooCon, and a director at KEYW Corporation. Bruce's lack of degrees and certifications hasn't stopped him from discussing infosec in numerous articles, books, and presentations. Bruce has been in the computer security field for nearly 2 decades which means he is getting old and increasingly jaded. His primary focus areas are trusted computing, cyber security risk management (yikes!), and large scale vulnerability analysis. Bruce believes that while attackers have the upper hand, we can still do better with the tools we have than most people realize. Bruce also believes in using fake names when ordering coffee but occasionally uses his real name to throw people off his scent. Twitter: @gdead
DEF CON 23 - Chris Domas - Repsych: Psychological Warfare in Reverse Engineering
DEF CON 33 - Stories from a Tor dev - Roger 'arma' Dingledine
DEF CON 32 - Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox
DEF CON 33 - China's 5+ year campaign to penetrate perimeter network defenses - Andrew Brandt
The Biggest Hacking Mystery of Our Time: Shadow Brokers
Hack All The Things: 20 Devices in 45 Minutes
Don't Get Popped: Vulnerability Management Do's and Don'ts
DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix
Defcon 21 - How my Botnet Purchased Millions of Dollars in Cars and Defeated the Russian Hackers
Bill Swearingen - HAKC THE POLICE - DEF CON 27 Conference
DEF CON 30 - Sam Bent - Tor - Darknet Opsec By a Veteran Darknet Vendor
DEF CON 32 - Counter Deception: Defending Yourself in a World Full of Lies - Tom Cross, Greg Conti
DEFCON 19: Steal Everything, Kill Everyone, Cause Total Financial Ruin! (w speaker)
Hacker Shows the Most Insane Gadgets in His EDC
DEF CON 32 - Disenshittify or die! How hackers can seize the means of computation - Cory Doctorow
DEFCON 16: Advanced Physical Attacks: Going Beyond Social Engineering and Dumpster Diving
DEF CON 33 - Kill List: Hacking an Assassination Site on the Dark Web - Carl Miller, Chris Monteiro
DEFCON 17: Making Fun of Your Malware
DEF CON 23 - Chris Rock - I Will Kill You
