- 82
- 662 121
BSides Cape Town
South Africa
เข้าร่วมเมื่อ 10 ธ.ค. 2016
Just like the other chapters of BSides around the world, BSides Cape Town is an annual Information / Security conference that is different. We are a volunteer organised event, put on by and for the community. Each year there is a staff of committee members and volunteers. Meet the Our current staff.
There is a nominal fee charged to the public to attend BSides Cape Town. Currently almost 100% of our costs are covered by our generous donors and sponsors, who share our vision of sharing information. The conversations we start are always relevant to what’s happening right now and in many instances include practical demos instead of the old school lecture style cons.
The Cape Town chapter of BSides can be dated back pre 2012.
There is a nominal fee charged to the public to attend BSides Cape Town. Currently almost 100% of our costs are covered by our generous donors and sponsors, who share our vision of sharing information. The conversations we start are always relevant to what’s happening right now and in many instances include practical demos instead of the old school lecture style cons.
The Cape Town chapter of BSides can be dated back pre 2012.
Prize Giving & Closing Address | BSides Cape Town 2023
Prize giving of the various CTFs and scavenger hunt as well as the closing address to thank sponsors, volunteers, organizers and everyone else that contributed to make the conference a success.
Filmed at BSides Cape Town 2023
AV Sponsored by BITM Cyber Security
Filmed at BSides Cape Town 2023
AV Sponsored by BITM Cyber Security
มุมมอง: 94
วีดีโอ
Securing A Derivatives Platform With Over $25b Volume - Kyle Riley | BSides Cape Town 2023
มุมมอง 1625 หลายเดือนก่อน
How would you approach exploiting a derivatives market? We’ll explore how we secured a perpetuals market averaging north of $100m in daily volume. It’ll be a technical deep dive beyond traditional pentesting concerns, focusing on abusing game theory and economic models for profit. In the high-stakes world of smart contracts, a single overlooked flaw could result in an instantaneous multi-millio...
Noooooooooo touch! - Michael Rodger | BSides Cape Town 2023
มุมมอง 6795 หลายเดือนก่อน
“No touch” sensors, the COVID-friendly access control. You don’t touch them, they open. But from how far can you not touch them? Through a glass door perhaps? Join me on a hardware dissection and research journey to see how these things work, determine whether they’re vulnerable to attack, and hopefully defeat them. Filmed at BSides Cape Town 2023 AV Sponsored by BITM Cyber Security
2023 Year in Review: Threads of nation-state dystopia - Jared Naude | BSides Cape Town 2023
มุมมอง 635 หลายเดือนก่อน
Looking back at past events is crucial for gaining insight into past mistakes and making informed decisions about the future. 2023 had a lot of nation-state shenanigans from ransomware response to disingenuous laws that are being proposed. In this talk, we look back at the major cyber security events over the past year and what we can learn from them. Retrospectives are a great tool to look bac...
LPE in enterprise software - Reino Mostert | BSides Cape Town 2023
มุมมอง 1065 หลายเดือนก่อน
I found a local privilege escalation bug in a popular enterprise teleconferencing software on Windows, and would like to share my journey, and the technique I discovered that prevented Defender from blocking the exploitation of it. Recently, I was given the task to obtain NT AUTHORITY\SYSTEM on an enterprise laptop, from a low-privileged employee account. While it may sound easy, on a fully pat...
Hack South: Home of the ubiquitous South - Charles "AngusRed" Wroth | BSides Cape Town 2023
มุมมอง 1615 หลายเดือนก่อน
Hack South has become a staple of the ZA Hacker community. Hack South has come a long way since lockdown, but what does the future hold, and where can you get involved? This talk will cover the following: It will briefly talk about the path and history of Hack South, and what inspired it, along with its transition over to Discord. We will highlight a few fond memories, then talk about where it ...
Performance Hacking - how to hack your tools to go faster - singe | BSides Cape Town 2023
มุมมอง 3175 หลายเดือนก่อน
Rust, hacking, and password cracking - how I built a password cracker faster than hashcat on CPU, but also a large file reading approach faster than ripgrep. Rust, hacking and password cracking. All things I love dearly. But when an obsessive hacker wants to crack passwords efficiently, sometimes you can reach speeds faster than hashcat can produce on CPU! Efficient hash cracking is about perfo...
The cyber-pirate's guide to C2 development - Gerhard Botha | BSides Cape Town 2023
มุมมอง 3635 หลายเดือนก่อน
A beginner-friendly and somewhat technical talk about C2 development. It will go over the basics of what is a C2, why, and where you might want to use it. Then we'll dive into the madness behind developing one! The breakdown of the talk: Overview of a C2. This section will cover the fundamentals of what a C2 is and why/where it's used. Difference between a server and a framework. Dissecting the...
Let the Children play - Leveraging ADCS for persistence in Parent-Child configured forests
มุมมอง 785 หลายเดือนก่อน
Let the Children play - Leveraging AD CS for persistence and profit in Parent-Child configured forests - Tinus Green In 2021, Active Directory Certificate Services came under scrutiny because of the opportunities it provides attackers for credential theft, domain escalation, and persistence. It has become a household name for red and blue teams. This talk will cover new discoveries from two per...
Outsmarting cyber villains on a shoestring budget - Roshan Harneker | BSides Cape Town 2023
มุมมอง 1445 หลายเดือนก่อน
This presentation covers the most common cyber threats affecting South Africa and how to combat them by building your own cyber threat intelligence platform on a budget. This presentation focuses on practical steps to help you get started with building your own cyber threat intel programme for your organisation - importantly - on a budget! The start of the presentation looks at the cybercrime c...
The Wide World of Consent - Jonathon Everatt | BSides Cape Town 2023
มุมมอง 1185 หลายเดือนก่อน
The advent and adoption of cloud-based technologies by businesses and users has introduced new attack vectors that malicious actors can try to abuse. One of these attack vectors is a new type of phishing, called consent phishing. In Consent Phishing, an attacker-controlled application requests dangerous or sensitive permissions over a user's account or organisation's tenant. The talk will focus...
ed2root - how ancient IPC mechanisms can benefit you today - Connor du Plooy | BSides Cape Town 2023
มุมมอง 605 หลายเดือนก่อน
This talk will detail a vulnerability identified in a text editor on macOS that could be used to obtain root privileges, this specific vulnerability has gone unnoticed for - 8 years. The vulnerability was also identified in other packages and will include a short discussion on how it can be identified and exploited. Description: This talk will go over how I found a vulnerability in a text edito...
Forging Chains: The Java Blacksmith - Fabian Yamaguchi & David Baker Effendi | BSides Cape Town 2023
มุมมอง 2025 หลายเดือนก่อน
We present a tool to automatically extract gadget chains from arbitrary combinations of classes on the Java class path - outside the lab environment. The aim is to demonstrate that patching chains makes no sense: deserializing arbitrary attacker-controlled objects is the vulnerability, not the chain. When a program is found to write past the bounds of its buffer, developers will eagerly fix the...
Oops!!... did I reveal something? - Javan Mnjama | BSides Cape Town 2023
มุมมอง 1085 หลายเดือนก่อน
Protect your Azure infrastructure from insecure secrets in deployment templates with deployment grazor - an Azure PowerShell script that detects potential misconfigurations and leaked secrets. Infrastructure as Code (IaC) has been a valuable tool in the arsenal of DevOps teams globally. IaC tools such as Bicep and Terraform promote speed and consistency of deployments. These tools and associate...
Attacking Microsoft Exchange: Fusing LightNeuron with Cobalt Strike - Leon Jacobs | BSides Cape Town
มุมมอง 2455 หลายเดือนก่อน
Known for hacking many industries as well as developing their own custom tooling, the Russian-based threat actor known as Turla uses a stealthy Microsoft Exchange backdoor called LightNeuron. Using standard mail protocols, steganography and an unconventional mail rule engine (to name a few), in this talk I’ll demonstrate a re-imagination of this complex backdoor while extending it to be used wi...
A Practical Supply Chain Hack: Blinking RGBs for fun & profit - Dale Nunns | BSides Cape Town 2023
มุมมอง 1955 หลายเดือนก่อน
A Practical Supply Chain Hack: Blinking RGBs for fun & profit - Dale Nunns | BSides Cape Town 2023
Embracing Dystopia: Building Secure Web Applications in the Age of Fast Development - Jessie Auguste
มุมมอง 1305 หลายเดือนก่อน
Embracing Dystopia: Building Secure Web Applications in the Age of Fast Development - Jessie Auguste
Hacking "AAA" Unreal Engine Games with... Python? - Ross Simpson | BSides Cape Town 2023
มุมมอง 2.8K5 หลายเดือนก่อน
Hacking "AAA" Unreal Engine Games with... Python? - Ross Simpson | BSides Cape Town 2023
How to sink a UBoot: Understanding bootloader attack surface - Keith Makan | BSides Cape Town 2023
มุมมอง 5055 หลายเดือนก่อน
How to sink a UBoot: Understanding bootloader attack surface - Keith Makan | BSides Cape Town 2023
Impose Cost: Our defences eventually fail & we need to take the the fight to the criminals | Keynote
มุมมอง 7755 หลายเดือนก่อน
Impose Cost: Our defences eventually fail & we need to take the the fight to the criminals | Keynote
Opening Address - BSides Cape Town 2023
มุมมอง 1715 หลายเดือนก่อน
Opening Address - BSides Cape Town 2023
(Final Keynote) DECEPTION VIA PERCEPTION: Jayson E Street
มุมมอง 1107 หลายเดือนก่อน
(Final Keynote) DECEPTION VIA PERCEPTION: Jayson E Street
The Russia-Ukraine War: A retrospective - Jared Naude
มุมมอง 1217 หลายเดือนก่อน
The Russia-Ukraine War: A retrospective - Jared Naude
Home Alone isn’t scary, it’s inspiration - Dev Dua, Tyron Kemp, Denver Abrey
มุมมอง 668 หลายเดือนก่อน
Home Alone isn’t scary, it’s inspiration - Dev Dua, Tyron Kemp, Denver Abrey
Securing a cloud native open source microservice based core banking system- Ntando Mngomezulu
มุมมอง 458 หลายเดือนก่อน
Securing a cloud native open source microservice based core banking system- Ntando Mngomezulu
(Keynote) Made in SA - For the world - Haroon Meer
มุมมอง 738 หลายเดือนก่อน
(Keynote) Made in SA - For the world - Haroon Meer
Permanently bricking smart contracts for fun and profit- Ashiq Amien
มุมมอง 528 หลายเดือนก่อน
Permanently bricking smart contracts for fun and profit- Ashiq Amien
For those curious about where he got the visual of the ATC at 22:09 that is the android game called Endless ATC.
You normally set squawk to 7000 before atc has given you a squawk code to enter into your transponder
Audio and video could do with some work otherwise great talk❤
I am having one of these and I am trying to Reverse Engineer it. I will definitely be able to so.
What make/model is the logic analyser you are using?
I have done this kind of all experiements to find something (from last 2016 to 2020) looks interesting to match to produce 5g collaboration nodes...still practical
Hello sir i need to get GSM voice and location track i have rtl sdr
Such an awesome tech talk! It takes a lot of skill to cram so much info into a presentation while keeping it so engaging. Gotta see if I can find more of his talks.
Thank you for sharing this research with us; great presentation!
Great research!
hello hello
Gates have been using rolling codes for decades. Ask me how I know.
Not sure if right place to ask. I seen these USB SDR with few small antennas. Think they only receive. Not able to broadcast. Must one have an license to buy one ? Wanna use for generic radio listen and maybe weather channels and astronomy. I have no need to be able to speak 2way like a normal 2way radio.
For most countries you dont need a license for just listening. Even if you do needed a license to listen, how will they ever find out?
New York is a sanctuary city. It’s your own friggin fault, NY NY! Tell your leftist communist president Biden to close the borders. Stupid is as stupid does.
Super cool! I appreciate you sharing
🤷 Promo*SM
I want a radio receiver like RTL, with the difference that the range is up to 6 GHz. Thank you, if you know a device, let me know. I want to emphasize that I want a device that is only a receiver. I don't want a device like HackRF with both transmitter and receiver.
Hertz doesn't have an 's' in the name, and isn't the only SI derived unit to use s^-1
Awesome talk
Excellent talk!! I genrally don't watch talks anymore, as I find most of them are a waste of time, but this was really awesome. Great work! 👏 *Off to hack some games*
😎😁😎
Do you not understand what a liquidation actually is? A liquidation is just a forced close of position. Meaning it still needs to match an opposite order in the order book.... It's still matched 1:1. How you explained it isn't how it works at all.... you can't just "liquidate" another player in the market. The exhange liquidates the position. You are welcome to get a fill from that liquidation.... to fill your position.... but every contract is 1:1. Even if you use a model like FTX had where backstop liquidity providers take over the position.... they still need to close that position in exactly the same way by matching another opposite order in the book. How you explain it, doesn't even make sense. You appear to have a fundamental misunderstanding of how this actually works. What you're explaining is just straight up fraud or running a scam exchange..... Not an attack. This is amateur hour to the extreme.
He is talking about on-chain derivatives platforms that often use external parties to perform liquidations by calling a smart contract function. The function of course checks whether the position should indeed be liquidated
The talk is about on-chain perps markets, not CEX perps markets - the dynamics are very different . There's no concept of an order book and liquidations are forced onto liquidity providers who are reimbursed by market fees for the additional risk.
Rust is gonna rule our hearts, (somewhere in the near future)
useless man in the earth
cool talk =]
As always, a super entertaining and informative talk. It's pretty scary how someone could use this kind of thing! Dale, next time teach us to make the perfect pizza!
Brings me back to my days of reversing Gameguard. Nice talk!
Excellent talk Jessie, and you sure leave us with some questions to ponder. The QA session at the end was quite a nice touch to cap off the talk.
Incredible job Ross, you're a natural presenter.
Another phenomenal and magical talk by Hypn!
Ross you legend you! This is excellent stuff - and damn scary too
I would love to have a discussion around the foosball table with you to highlight everything that you got wrong in this talk. But I can't mainly because we don't work in the same office anymore but also because I actually agree with you on this :) Good keynote mate!
Reuploading a reupload? Interesting strategy.
Fixing the audio based on feedback.
Very Cool!
Just unsubbed because you totally flooded my feed and stopped me seeing my other recent subs uploads.. Spread them out a little eh?
I am interested about spying sats, if you find any of that let me know. There are a lots of them, and they spying everyone. There is even an app where can see sats, but no-one will say are used to spy us
Alot of useful simple clear informations in this video
the photos are CGI wtf this is bullshit
Good work man ..
Engaging and illuminates one of the things I think most surprised me when I started getting into sdr -- Just how much "secret" information is buzzing about us at all times. Such a fun way to interact with our world. Thanks!
Can someone give an idea on how to transfer text from one place to another using satellite communication. For my Engineering project anyone got a thing?
cant hear.
73 to your dad's memory! I likely have spoken to him. Ham (and prof radio systems engr) here and enjoyed your talk. Kudu's from me. Best wishes WA2KBZ.
This is absolutely true the reason why TH-cam was created for.
I agree that he is brilliant and that this is fascinating, but what it is NOT is funny. Stop with the dry jokes and going down rabbit trails. I can’t count how many times he says “Anyway”, to attempt to get back on track.
This guy is a god of bad deals. I found that receiver thingie for 8 bucks instead of 300 bucks lol
It seems like the fake ADSB broadcast problem could be solved if a unique time limited code was appended. Similar to how one time passwords and authenticator apps work. If the unit is registered or the secret key is issued by an airport prior to take off, it could help determine the legitimacy of the broadcast. The only issue it the requirement of legacy support. Otherwise it's a good reason not to completely get rid of conventional radar from airports.