Latest Videos

DEF CON 19 - Sam Bowne - Three Generations of DoS Attacks

Denial-of-service (DoS) attacks are very common. They are used for extortion, political protest, revenge, or just LULz. Most of them use old, inefficient methods like UDP Floods, which require thousands of attackers to bring down a Web server. The newer Layer 7 attacks like Slowloris and Rudy are more powerful, and can stop a Web server from a single attacker with incomplete Http requests. The newest and most powerful attack uses IPv6 multicasts, and can bring down all the Windows machines on an entire network from a single attacker.

I will explain and demonstrate these tools: Low Orbit Ion Cannon, OWASP Http DoS Tool, and flood_router6 from the thc-ipv6 attack suite. This deadly IPv6 Router Advertisement Flood attack is a zero-day attack--Microsoft has known about it since June 2010 but has not patched it yet (as of May 4, 2011).

Audience Participation: Bring a device to test for vulnerability to the Router Advertisement Flood! Some cell phones and game consoles have been reported to be vulnerable--let's find out! If your device crashes, please come to the Q&A room so we can video-record it and arrange disclosure to the vendor.

Sam Bowne has been teaching computer networking and security classes at CCSF since 2000. He has given talks at DEFCON, Toorcon and BayThreat, and taught classes and seminars at many other schools and teaching conferences.

Sam has a B.S. in Physics from Edinboro University of Pennsylvania and a Ph.D. in Physics from University of Illinois, Urbana-Champaign. His Industry Certifications are: Associate of (ISC)^2, Certified Ethical Hacker, Microsoft: MCP, MCDST, MCTS: Vista; Network+, Security+, Hurricane Electric IPv6 Guru, CCENT.


DEF CON 22 - Gene Bransfield - Weaponizing Your Pets: The War Kitteh and the Denial of Service Dog



This guys' got a great sense of humor.


WarKitteh: In my job I have to deliver frequent Information Security briefings to both technical and non-technical professionals. I noticed that as the material got more technical, I began to lose the non-technical crowd. Therefore, I started including humorous pictures of cats and made the briefings include stories about those cats. This worked, and I soon became notorious for my presentation style. After delivering one of those presentations, an audience member offered to lend me their cat tracking collar. The collar contained a GPS device and a cellular component and would track your cats movements throughout the neighborhood. Me being the guy I am, I thought “All you need now is a WiFi sniffing device and you'd have a War Kitteh.” I laughed, and started working on it.

DoS Dog: With apologies to LadyMerlin (who has since blessed the project) I attended Outerz0ne one year and LadyMerlin brought her dog. They had labeled the puppy the “Denial of Service Dog” as the pooch demanded so much attention that it was impossible to complete any task other than petting the dog. I thought that if you loaded a doggie backpack with different equipment (e.g. a Pineapple) you could create a Denial of Service Dog of a different kind.