I had a lot of trouble finding this on the site, but: the DEFCON 27 media server is here.
- “Say Cheese – How I Ransomwared Your DSLR Camera”. Here’s the writeup from the CheckPoint Research website, which is the most detailed I’ve been able to find.
- Also from CheckPoint Research: the white paper for “SELECT code_execution FROM * USING SQLite;—Gaining code execution using a malicious SQLite database“.
- GitHub repo for the BAL Xilinx package. This is part of the “Defeating Cisco Trust Anchor: A Case-Study of Recent Advancements in Direct FPGA Bitstream Manipulation” presentation, and includes links to the slides and white paper.
- I believe these are the most up-to-date slides for “GSM: We Can Hear Everyone Now!“
- Stumbled across this while looking for other stuff: “MITRE ATT&CK: The Play at Home Edition“. Slides here.
- There’s a long blog post at the McAfee Labs website about vulnerabilities in an industrial control system by Delta Controls. As I understand it, this is the basis for the “HVACking: Understand the Difference Between Security and Reality!” talk at DEFCON.
- PenTest Partners post on “Reverse-Engineering 4g Hotspots for Fun, Bugs and Net Financial Loss“.
I’ve got to wrap this up for now, as my lunch hour is almost over. I may try to do a second post tonight, if I find enough additional material to justify one. Otherwise, please share, enjoy, comment, and thank any presenters whose work you found particularly enjoyable or valuable.