Not Safe For Organizing: The state of targeted attacks against civil society

Groups that work to protect human rights and civil liberties around the world are under attack by the many of the same attackers who target industry and government. These groups and organizations have far fewer resources to defend themselves, yet the stakes of the attacks are often much higher. This talk will give an update on the state of affairs, emphasizing two cases drawn from CItizen Lab’s recent work: attacks against the Tibetan community, and the Packrat group in Latin America.
Continue reading…


Stupid Pentester Tricks

Stumped in a pentest? You tried *everything* and yet have not been able to breach your target?
“Stupid Pentest Tricks” presents several dirty tricks/cheats/ways to compromise your target in *creative ways*!

Improve your ProxMark cloning skills, open doors using a universal RFID card, steal keys (no pickpocketing or impressioning skills needed), improve your phishing game and learn the mindset to cheat in a pentest. All this in a 30 minute talk.
Continue reading…


Law, Metaphor and the Encrypted Machine

Encryption technology raises unavoidable and ideologically loaded problems for courts—as recent cases like the FBI v Apple debate have bluntly illustrated. This tension has meant a real risk of shortsighted policy decisions that both jeopardize our civil liberties and compromise commercial interests. We all have a stake in the outcome of these debates, but the legal arguments are normally murky… at best.

Judges reason through analogy and metaphor, using conceptual bridges to transition between old and new technologies in the law. But when new technologies inherit old metaphors, they also inherit old rules, models and limitations. So how do courts and lawmakers think about the encrypted machine—and how should they? Continue reading…


Advanced Web Security Testing with Burp Pro

This training is designed for Web penetration testers familiar with the Burp Suite Pro auditing tool. Based on the Mastering Burp Suite Pro – 100% hands-on class, this session is expected to go much faster, while covering most problems faced in everyday engagements and significantly enhancing your automation skills. The numerous elaborately designed challenges will guide trainees during these 2 days of intense-but-fun Burp Suite Pro practice. Continue reading…