New writeup from @_specters_ and I: we're finally allowed to disclose a vulnerability reported to Kia which would've allowed an attacker to remotely control almost all vehicles made after 2013 using only the license plate.
Full disclosure:
https://t.co/e2EwvUMgqw
First time @defcon and first time creating a badge. The badge has a simple LED effect and an (optional) SAO connector. There are three different configurations of LEDs. All badges come with a unique Van Gogh inspired lanyard. #badgelife
Check thread on info how to get one 👇
COWORKER: we need to find the root cause asap
ME: *takes long drag* the root cause is that our processes are not robust enough to prevent a person from making this mistake
COWORKER: amy please not right now
😈 Getting Started with Exploit Development
How to get started with exploit development, and turn memory corruption bugs into arbitrary code execution
Recommends:
* Pwn College
* ROP Emporium,
* Open Security Training
By @dayzerosec
https://t.co/iYPtI8CH83
@JXoaT@defcon wear good shoes, have water/snacks, take a look at the schedule (or HackerTracker) beforehand and mark stuff that looks interesting, but know that there's always more to see than time available
also, random convos in the hallways/etc is one of the best parts. have fun!
When a Microsoft engineer alerted managers of a flaw in one of the company’s products, “Everyone violently agreed with me that this is a huge issue,” he said.
But also “Everyone violently disagreed with me that we should move quickly to fix it."
https://t.co/AhJrKAYCgg
this is a great talk from @snyff: insightful, empathetic, and funny. There's advice in here for everyone from newbies to more experienced, highly recommend watching
https://t.co/wZfh4Y2oJl
@K4rm4ness thanks! 😄 and sure, although we're sold out for Defcon (info on the next round will be posted in our Discord, https://t.co/OTIVgNAWxM and also here on Twitter)
@Evil_Mog thanks! we're somehow sold out already (?!) but we'll be doing another round after Defcon for folks who either aren't attending or otherwise didn't get one. I'll post a link once we've got that set up