14 күн бұрын
14 күн бұрын
Пікірлер
@nidhiverma4369 5 күн бұрын
Great session.
@ndrixxx 8 күн бұрын
Cool tshirt, JBW. :) Love the talk.
@ndrixxx 11 күн бұрын
Great presentation! :) <3 AntiSSRF.
@heroldovlucifer7455 12 күн бұрын
Reading books bad
@BubaCuba 15 күн бұрын
Bring some more researchers
@kantrasha Ай бұрын
Opening: Microsoft guy at Microsoft talk talks badly about C++ while proposing Rust as an alternative, right after mentioning bing as a powerful search engine.
@balajisbji5131 Ай бұрын
SuperB Dinesh
@rishabh6210 2 ай бұрын
Amazing
@TerryValdez-h8i 2 ай бұрын
Coty Route
@subodhharde8123 2 ай бұрын
It's nice and interesting Presentation is also very nice 👌
@swatikaushik1 2 ай бұрын
Nice 👍
@namanshah8525 2 ай бұрын
That’s pretty interesting !!
@AayushTygi 2 ай бұрын
Nice presentation! 👍
@Ichinin 2 ай бұрын
FFS, What kind of newb recorded this? Film the presentation - not the presenter walking to the left and right.
@lypanov 2 ай бұрын
Exactly. Unsubscribing given this trash.
@vallabhchole 2 ай бұрын
👍🏻
@parthghughriwala6799 2 ай бұрын
Interesting!!!
@gitgudsec 5 ай бұрын
brilliant, 5 years old can't believe i haven't heard more about it
4 ай бұрын
Love your videos!
@gitgudsec 4 ай бұрын
appreciate that thanks!
@Myself-yh9rr 6 ай бұрын
Though purple is not my favorite color it does look good there.
@M4XD4B0ZZ Ай бұрын
Purple silk screen looks great imo but i like the darker ones more
@Darkstar2342 6 ай бұрын
39:20 I think the biggest reason why the Xbox One security has lasted so long is that there are only a handful of Xbox One exclusive games (and except Forza and Halo 5 they are rather niche)... All other games are also available on Windows where they are much easier to crack/pirate (even Denuvo is not an obstacle anymore these days). So console hacking became rather uninteresting these days, at least for the Xbox ...
@MdMiraj2-m4o 7 ай бұрын
I need your help I don't understand how to solve my problem, I need your help
@normanhuntiii 9 ай бұрын
Great job to everyone. This is an important conversation. Also, great to see you in your element, Devin. Keep getting after it!
@pricedwayne 9 ай бұрын
Outstanding conversation and facilitation!
@larrymyers5989 9 ай бұрын
I hope I can one day work for Microsoft. I’ve always been into tech and worked in tech. I just made some bad choices as a young man that affected my life.
@sudheer269 9 ай бұрын
Octo Tempest, Lapsus will love this talk
@kumpadamian182 10 ай бұрын
Sería más bueno Wee UE se traduzca en español
@TimmyTSENGKaliOSCPpentest 11 ай бұрын
anyone have AI pentest tool project working on?
@ricsip 11 ай бұрын
There is a slightly longer version of this very same presentation (literally with the same title) on Platform Security Summit YT channel
@eniggma9353 11 ай бұрын
Great talk, thank you for sharing.
@MrTweetyhack 11 ай бұрын
Microsoft will sue you
@Nyxthewarlock1 8 ай бұрын
Why
@improvisedchaos8904 6 ай бұрын
ur goin' down u villians!!!!!
@mielole 11 ай бұрын
This doesn't feel like responsible disclosure to me. Sure, all of the attacks require physical access, and yet there is no mitigation strategy even discussed. Is facecam Windows Hello insecure too? Who knows...
@TonyFarley-gi2cv 11 ай бұрын
See sweetheart the public shouldn't have a cloud if you have a clown inside the public you have a construction of someone else's business that you're learning brainwave structure through to learn the placement of someone else's organization or the rotation of weight of gravity's movement in someone else is mine
@ricsip 8 ай бұрын
you should stop taking that new pill immediately!
@harrystein2000 11 ай бұрын
Thank you!
@watchrami Жыл бұрын
Actual review starts 20:52
@skraushaar Жыл бұрын
How did the fucking Synaptics chip pass certification? Its hard to imagine scenarios where that chip makes it to market without fraud. Microsoft: More dog food, less dog shit. Your least technically savvy userbase uses the Surface line. The breach of trust with that product's implementation is outrageous. Disgarded broken keyboards could be used to spoof a user. Is there facility to wipe them? Nope. Its so dumb.
@thevibeinc Жыл бұрын
Mygawd BRO!! It seems as though public speaking makes you a little nervous which is common. You can clearly tell by your breathing. The gum chewing really amplifies all these little things. I really hate to be that person but this was serious topic and that gum, breathing, and savage borderline choke swallowing midsentence was too much.🥴 This is definitely your fault but I would definitely ask your bros why they all let you carry on without giving you a signal or even text. I ended up reformatting the transcript and listened to a gun free ai. Great information and appreciate the teams work!
@rickglorie Жыл бұрын
This will result in some wild and totally unsecure NTLM hack, I guarantee it.
@beemeerm4332 Жыл бұрын
Nice. Good job. I wish you tested Fingerprint cards (FPC) sensor to. I wonder if there was a specific reason not to?
@pizzlerot2730 Жыл бұрын
This was a specific case of integrated fingerprint sensors, representing the typical implementation of a direct-from-device-manufacturer fingerprint scanner utilized by Windows Hello for enhanced security, ie a typical use case for a Microsoft user (for example in the business world). The realm of third party fingerprint sensor peripherals is so vast in both size and quality that it would be very difficult to adequately evaluate in its own case study, much less in one also including integrated biometrics. Another big sticking point is that proper implementation of security standards with these integrated devices depends on Microsoft working with device manufacturers. That isn't really a thing in the peripherals market, except for maybe a couple of choice partners (maybe, idk for sure in this case, that's just how it usually goes), so it would really muddy the waters when it comes time to draw conclusions about what Microsoft could do to improve their security feature. Remember, at the end of the day, this is security science research, not consumer product testing; and effective research is all about controlling the variables.
@BillyONeal Жыл бұрын
"the problem is you have to turn credential guard on" 🤣🤣
@islandfireballkill Жыл бұрын
Hopefully, they can fix this with a firmware and software update. Also totally astonishing that the Linux implementation is just completely unauthenticated.
@paulmackenzie5526 Жыл бұрын
anyone ever get a ping in your head , or ears at the same kind of times. like a pattern >?
@chiwaukum5418 Жыл бұрын
Firmware in modern vehicles is going to be a huge vulnerability as well, I think... I doubt that most cars/trucks are well protected, and updating/overriding firmware could lead to some very interesting (if not outright catastrophic) attacks. A good subplot for a modern thriller movie... :)
@reginanova2882 Жыл бұрын
Happy to find you here! Great talk. I use MSTICPy regularly and it’s a part of my job. Hope to get in touch and discuss features.
@Cooliofamily Жыл бұрын
Is this this gentleman’s research? There is an American who did a talk at defcon 31 who used this exact talk schematic, down to the calculator demo!!
@rahulramteke3338 Жыл бұрын
Stök is Swedish
@Cooliofamily Жыл бұрын
@@rahulramteke3338 not stok it was another speaker
@umlal 4 ай бұрын
To be fair he did shout out to David..
@umlal 4 ай бұрын
Also a calculator demo is used often to illustrate the ability to run apps/executables when you're not supposed to.
@Cooliofamily 4 ай бұрын
@@umlal it just seemed ripped unfortunately, not saying that this dude isn’t intelligent or understands the content, but I think my analysis stands and is valid
@alexisfibonacci Жыл бұрын
How about Zig? Won't it be an easier transition for existing projects even if new projects do Rust?
@KhoaNguyen96 Жыл бұрын
Zig is NOT a safe language, rewrite them in Zig is meaningless.
@lucasjames8281 11 ай бұрын
Just started the talk, but Zig isn’t suitable for secure OS code
@AdamFiregate 11 ай бұрын
Nim and Odin are in a more mature state than Zig. Both are after v1.0.
@alexisfibonacci 10 ай бұрын
@@AdamFiregateokay, I wasn't aware of those ones. I will check them out.
@lucasjames8281 10 ай бұрын
@@AdamFiregate Nim documentation is ass
@harriehausenman8623 Жыл бұрын
anyone knows what he says @38:55 ? "Meeting model", "Ming Model" ?
@StraightTalkSecurity Жыл бұрын
this is excellent secure by design for embedded devices. we need all the ICS OT IIoT IoT embedded systems and cyber-physical systems devices and components people to start doing the same thing for PLC, IED, IPC, HMI, VFD, medical devices etc etc
@jadedengineeringstudent Жыл бұрын
In R**t, we trust
@HotCakeX Жыл бұрын
Awesome conference as always 👍👍
@cherilynjeswald4881 Жыл бұрын
*Promo SM* 🤷
@chloefletcher9612 Жыл бұрын
Dan has always been interesting and relatable. I think I'm of a similar age and have those same sort of teenage stories, so I guess that makes him someone who I find great to listen to.