DEFCON 20: Owning Bad Guys {And Mafia} with Javascript Botnets
Рет қаралды 273,714
11 жыл бұрынConference delivered by Chema Alonso ( mypublicinbox.com/ChemaAlonso ) in Defcon 20 about How to own bad guys {and mafia} using Javascript Botnets created by a Rogue "Anonymous" Proxy Server. White Paper at: www.slideshare.net/chemai64/ow...
@IdoruFalls 9 жыл бұрын
Chema is great, very impressive that he can get through a 40 minute talk with pretty broken English and still remain not only perfectly coherent but very funny.
@MrSpiderman1321 9 жыл бұрын
his english is actually very good but he has such a strong accent
@BanAaron 9 жыл бұрын
Mr Wednesday Broken English? He speaks English more properly than most english people :P
@Kakerate2 9 жыл бұрын
Aaron Barratt lol more properly
@GamerShock 9 жыл бұрын
Paul Ahrenholtz not only does he make a great point, he reinforces it. well done.
@Freakschwimmer 8 жыл бұрын
+Mr Wednesday unfortunatiringtly his accent is extremly strong. Kinda makes listening to him quite tiring :/
@SomeInfo-ib3wz 9 жыл бұрын
This guy is a legend, great talk. Equal parts comedy and information. And he's multilingual...respect.
@igrewold 7 жыл бұрын
He is the real Mr. Robot ;D
@chrisdab- 3 жыл бұрын
English is the only language needed,. what?
@misterchief5378 7 жыл бұрын
chema is actually a legend in spain, he is so awesome.
@igrewold 7 жыл бұрын
He is great and I like his free style and jokes in the presentation but I find it weird that he never thought of using virtualization (VMware, VirtualBox, Qemu..etc.) as a solution at the end!
@Albinorama 7 жыл бұрын
no he is not.
@konic40 7 жыл бұрын
thumbs up for the guy that loves his country
@boo24998 7 жыл бұрын
Another way of being patriotic
@boo24998 7 жыл бұрын
I love that he still is willing to make fun of his country.
@knowmad1919 7 жыл бұрын
He is not patriotic, just likes and show some things in his country.
@shoegum7362 7 жыл бұрын
Came for the topic stayed for the dude
@Hexecutable 9 жыл бұрын
Wow this guy was amazing. Even though his english wasnt that clear he made it very easy to understand him. I hope to attend this event some time soon.
@quranalone5824 8 жыл бұрын
+ultimash00ter5 It's hold in America. Near Las Vegas. It's called DefCon.
@yam2050 7 жыл бұрын
ultimash00ter5 have you been there yet???
@dk0money 8 жыл бұрын
I like this, it illustrates the fact that at the end of the day you are going have to trust the administrator of the proxy machine, be that a company or your trusted hacking buddy who sets it up.
@yomocy 9 жыл бұрын
fucking modern day inigo Montoya right here
8 жыл бұрын
This was... quite simple.
@FuckitnFightit 8 жыл бұрын
i want to e'stay in e'spain sometime. Looks e'beautiful.
@tho207 8 жыл бұрын
haha don't make fun of us, we don't have words that start with s it's kind of unnoticeable if nobody tells us the first time or we don't realize
@FuckitnFightit 8 жыл бұрын
+TH it's all good brotha, I was just messing around.
@tho207 8 жыл бұрын
+LocChokingVMorningG I know I know, just commenting humorously ;)
@tho207 4 жыл бұрын
A C H my bad, I meant double closed consonants. and when we have we tend to relax them. consonants would become consonans. it's simply consonantes for us
@tho207 4 жыл бұрын
A C H yeah kinda the same. you can think of it as a more flexible version of the japanese pronunciation. obviously a trained spaniard would perfectly speak English, but there are almost no opportunities for that in the day to day life. yup, that's the magic of human languages and culture. it'd be interesting to see if a more complex language really correlates to anything valuable for the culture at issue.
@fred.flintstone4099 9 жыл бұрын
In modern browsers with modern JavaScript you can do interesting things. Such as run code in the background in WebWorkers, and connect to a C&C with bidirectional communication using WebSockets. Then you can perform denial-of-service attacks using loops with Ajax calls or looping the loading of images. Your C&C could also push code over WebSockets to be evaluated on the client-side with eval(), before the evaluation it could be decrypted.
@boxbox6290 9 жыл бұрын
Ill be bsrnybif u teach me n intro helder
@Elyx0 9 жыл бұрын
***** Ajax might be less powerful indeed because of cross domain, even if a lot of ressources (ie:robots.txt & such) are still "ajaxable." (Cf the IE seclists.org/fulldisclosure/2015/Feb/0 )
@arsaeterna4285 6 жыл бұрын
50% awesome presentation 50% awesome accent
@TheTurlututuchapeaup 8 жыл бұрын
Great video, injecting JS payload is a simple way to get over HTTPS, but nothing mentionned about the fact to add a Content-Security-Policy in response header from webapp (if CORS not required). It should prevent from this kind of JS payload.
@tzisorey 8 жыл бұрын
I wonder what results you'd have if you put a .JS file online, downloaded it again using various proxy services, and compared them to the original.
@coooooooooool1000 7 жыл бұрын
the result would be that is slightly bigger
@SamJakob 6 жыл бұрын
Tzisorey Tigerwuf that's actually a cool hypothesis
@michaellewis4750 7 жыл бұрын
this guy is so cool. I imagine he's a fun guy to chill with
@dom252 6 жыл бұрын
I haven't seen that many, but this is my favourite Defcon talk so far :)
@RiDankulous 9 жыл бұрын
Entertaining! The humor helps a lot for technical presentations.
@TheFatlazyguy 7 жыл бұрын
Favorite defcon talk. Guy was hilarious and English wasn't even his first language.
@mysticx0 7 жыл бұрын
what a genuine guy. absolutely great talk!!
@spydergs07 7 жыл бұрын
This is why if I ever need to connect to anonymously I use TOR and proxies. Also always runs on a live linux USB :) After you are down, shut down and boot back into the live USB and it's like a whole new clean system.
@99devops63 7 жыл бұрын
Hacker who was hacking was hacked.. nice...
@shareb1t 5 жыл бұрын
And that guy was me lol
@boo24998 7 жыл бұрын
I love this guy
@kevinflorenzdaus 9 жыл бұрын
Your a good speaker! Awesome presentation man!
@mishevi3071 9 жыл бұрын
Congrat's !!..Great show...Thank you!!! Greetings from Macedonia!!!
@Prydestalker 9 жыл бұрын
Prejak show ima Chema. :D
@gevanlappido1304 4 жыл бұрын
Hod did you zoom in on a windows machine that nicely??
@SoftDatCLS 7 жыл бұрын
Good Job !! Thanks for your video Conference Chema
@thejohnmcduffie 9 жыл бұрын
I'm a bit late, but so what? This was interesting. I was hooked from, "you only have to run faster than the bulls." While off topic, the topic was interesting also.
@iii-ei5cv 8 жыл бұрын
bro I love this!! quite hilarious!
@0one1zero 10 жыл бұрын
this guy is hilarious :D
@josemariarodriguez3226 9 жыл бұрын
yeha, but ikd
@MichaelBerthelsen 7 жыл бұрын
I love how he can't say Spain without putting the 'E' in front... =D
@GrantWill 7 жыл бұрын
They were using proxies and not vpns?
@TheCrystalon 7 жыл бұрын
After listening to this, I am reading all of the comments in his voice. I can't help it, I hear his voice in everything now. XD
@007mrthomas 7 жыл бұрын
great talk, great guy
@SheikhAltijdGezeikhh 9 жыл бұрын
I cried at 'linke-ding' x'D
@quranalone5824 8 жыл бұрын
+SheikhAltijdGezeikhh LOL.
@TheJeorgen 6 жыл бұрын
Just when i red it he said it HAHAHA
@Blxckmxtt3r 2 жыл бұрын
maestro!
@Reth_Hard 8 жыл бұрын
Very nice talk! I always suspected anonymous proxy servers. You know, when it's too good to be true... Also, people tend to under-estimate the Javascript exploits's potential. Javascript is Evil! :D
@Sacre0493 10 жыл бұрын
Magic Alonso!!!
@tehKap0w 8 жыл бұрын
So fucking simple, too. Thanks Chema, for a great talk.
@bcassol 9 жыл бұрын
Awesome!
@GAFO777 7 жыл бұрын
his jokes are just awesome hahah xD
@fanenthusiast3802 7 жыл бұрын
Cool vid bro
@arpitrohela1596 8 жыл бұрын
this guy is legend......
@ismaelkababasmillah1690 8 жыл бұрын
I love his voice and he is slick
@dannyphehe 8 жыл бұрын
Spain has good heroin.
@tecmedimagen 7 жыл бұрын
dannyphehe 😂😂
@FranciscoSoteloWeb 10 жыл бұрын
8:35 con los protagonistas de bricomanía llevando camisetas de foca juajuajua
@Carlomanization 10 жыл бұрын
Eh, tío, pero cuelga el código!
@asderamen 7 жыл бұрын
el chema se ha sacado la ciberpolla
@imshaunnurse 5 жыл бұрын
i know this was suggested to me because ive been watching def con but I also play a game called brown dust and its the tomatina even where they want you to spend money and sure enough.... boom he talks about tomatina
@undergroundcentral 6 жыл бұрын
Legend
@mattw2135 9 жыл бұрын
what botnet was he using and what bots will work with this?
@svenhoek 9 жыл бұрын
Matt W If you had to ask, you need not know
@TerryTheTutor 9 жыл бұрын
+Conky Jr And if you know, you need only ask.
@quranalone5824 8 жыл бұрын
+Terry The Tutor Ask, Know.
@tarikahmed5795 9 жыл бұрын
So amusing.
@eprofessio 3 жыл бұрын
I had a dream I was showing someone a dvd player that used to run on java that I hacked into a mini pc.
@conductive13 11 жыл бұрын
I hope your crops are going well....
@sayamqazi 5 жыл бұрын
It sucks to see that the ID cards of people getting scammed with UK job were from my country.
@ericsbuds 8 жыл бұрын
wow.. those Microsoft tiles... I thought that was a new thing LOL
@reboureyn139 6 жыл бұрын
he says cookie very funny. i love it. coo key
@reformCopyright 6 жыл бұрын
Volkswagen probably can help you detect when your DNS is being tested.
@Infinity-wf3my 8 жыл бұрын
grate
@herreroarriero 7 жыл бұрын
Topicazos..
@theeyenzier8190 3 жыл бұрын
its not mr.robot its Señor robot
@SRFColonel 8 жыл бұрын
Great talk, but seriously, anybody know the name of the girl at 18:40? It's for academic purposes.
@solux3324 8 жыл бұрын
+Marcus Romul No, sorry we can not help your _academic_ purposes. ;)
@quranalone5824 8 жыл бұрын
+Marcus Romul Lol you really sound like those creeps in the show.
@NatiiixLP 8 жыл бұрын
+Marcus Rommul, FAP = For Academic Purposes
@SamJakob 6 жыл бұрын
M Romul axionqueen 😉
@MegaTroy12 8 жыл бұрын
he is cool,want to visit spain,
@IMredesMMIX 11 жыл бұрын
ahí ahí, fomentando el turismo para combatir la crisis xD
@pissfiss 4 жыл бұрын
Gansta
@BlasterTheMaster 7 жыл бұрын
I wish I knew hacker language. This seems super interesting.
@skypeon1 7 жыл бұрын
Grantastic this is not hacker speech, more like programming basics used a little bit malicious, start from html, and other basic scripting languages, learn about proxyes and youll get it
@BlasterTheMaster 7 жыл бұрын
Thanks, I appreciate it
@hate2009 7 жыл бұрын
Pionell Winters so if I learned computer programming , is this what hackers learn ?? I always wanted to know what background do the have??
@skypeon1 7 жыл бұрын
yes, hacking is mostly knowing programming and it's various languages and in that way you know the weaknesses of code that you can use in various ways. Learn programming, if you will - you will learn hacking somewhere down the line
@SamJakob 6 жыл бұрын
Grantastic Nono you misunderstood, he speaks Spanish
@bastianlv1653 4 жыл бұрын
5:06 es very difficult sin internet
@tRuStThEsCiEnCeBiGoT 5 жыл бұрын
"No good, I've known too many Spaniards..."
@Berberetxo 7 жыл бұрын
La diapositiva de los de Bricomanía xD De verdad se pusieron vuestra camiseta o es fotomón? La referencia es cojonuda, cola blanca y tubillones..ez
@inwencja2009 8 жыл бұрын
Oh... I know Javascript! :3
@quranalone5824 8 жыл бұрын
+Magdalena Bartosiewicz Lol.
@inwencja2009 8 жыл бұрын
Old comment.
@quranalone5824 8 жыл бұрын
LOL, even more now XD. What are you going got do with basic js skills XD. This swizzle is complex XD.
@inwencja2009 8 жыл бұрын
I made a functional text editor in JavaScript.
@quranalone5824 8 жыл бұрын
Magdalena Bartosiewicz Nice. How did you do that?
@BusinessWolf1 2 жыл бұрын
Remember when that ceo guy said to hire lazy people? This is why.
@davidgjam7600 6 жыл бұрын
He looks like parrappa the rappa
@richcohen5936 3 жыл бұрын
LMAO he literally sounds like Brüno!!!
@jesushimself00 7 жыл бұрын
/* FIXME: add subtitles
@cmdrhighwarlord6304 6 жыл бұрын
Espain
@jayl5628 8 жыл бұрын
That's not Ibiza dude... it's "sao tome and principe"...
@semiruu 8 жыл бұрын
Have you been to Ibiza? Probably not, otherwise you wouldnt have made that comment :p
@jayl5628 8 жыл бұрын
It turns out that I'm from Barcelona and I've been working in Ibiza MANY summers, and I know pretty well all the locations (calas, beaches, discos, etc). So... NO, that's not Ibiza. A simple reverse lookup of the image in images.google.com can confirm you the correct location.
@kyebrewer563 7 жыл бұрын
Yeah, It is listed on many sites as Ibiza, but it is clearly Thailand. Looks like Koh Phi Phi
@lakas1tos 11 жыл бұрын
Eres un crack Chema, WE ARE SPANIARDS!!!!
@WakeMister 6 жыл бұрын
Young Clooney :D
@shareb1t 5 жыл бұрын
its was me and friend who hack the website back in years and watching this video 6 years later seeing this lmao
@kinglouie8554 7 жыл бұрын
thats a funny guy
@ProNoobDev 7 жыл бұрын
LMAO ! respect
@elguezj 7 жыл бұрын
What should of gave away that the girl's dating profile was fake was that she was from Keller, Texas hahahahahaha
@Zhak7 8 жыл бұрын
11:10 XD
@prodKossi 6 жыл бұрын
Amazing talk, but ads every 10 minutes is annoying as hell..
@jameseverett4372 4 жыл бұрын
adblockplus.org/
@MrQuickPro 5 жыл бұрын
vpn's
@kennethwhite9720 8 жыл бұрын
Because Spaniards.....
@quranalone5824 8 жыл бұрын
+The Mad-Mapper You just created an infinite loop in PHP. lol.
@scottcombs3254 9 жыл бұрын
If I have to watch this mexican cowboy ad one more time...
@boxbox6290 9 жыл бұрын
Adblock. comnthnk me later with a pic of your wife
@Zei33 9 жыл бұрын
10000th :P
@aarenskov 5 жыл бұрын
he eentendido mejor tu ingles que el de un estadounidense nativo lol
@Smart.Potato 8 жыл бұрын
MBP = Macbook Pro.
@quranalone5824 8 жыл бұрын
+tejas_jj Or Media BOOZER Piew
@zxcxx 11 жыл бұрын
LMAO.. :p
@beto154yetc5 2 жыл бұрын
ajjajaja...
@nonameplsno8828 7 жыл бұрын
it sounds as if he has an acorn up his nose
@aequabit 8 жыл бұрын
First thought: Micrososft Windows Tech Support
@hackinfo2488 8 жыл бұрын
you mean non-microsoft tech scammers...
@Secretforest100 8 жыл бұрын
guy turned out to be a turkish
@semiruu 8 жыл бұрын
he isnt, thats a spanish-english accent, also the way how he pronnounced Ibiza made it clear :p
@igrewold 7 жыл бұрын
+SEMIRU interesting remark.
@nescius2 7 жыл бұрын
atrocious pronunciation! still fun
@jsmithnevinsky 6 жыл бұрын
Are his coding skills as broken as his language skills?
@alextwist8 7 жыл бұрын
His accent really bothers me. I would rather hear this in spanish.
@chasgiver1258 8 жыл бұрын
Suggest speaking more slowly, deeper, clearer and get English speaking training. I had to stop listening it hurt so much.
@FuckitnFightit 8 жыл бұрын
i want to e'stay in e'spain sometime. Looks e'beautiful.
@ANGRYmuffin9000 8 жыл бұрын
I have never seen a Spaniard that at least tries to improve their accent
@tomb2623 8 жыл бұрын
+LocChokingVMorningG Much profit!
DEFCONConference
Рет қаралды 514 М.
HackersOnBoard
Рет қаралды 898 М.
HackersOnBoard
Рет қаралды 295 М.
David Bombal
Рет қаралды 58 М.
DEFCONConference
Рет қаралды 355 М.