Event Related

  • Syscan 2013
    • SyScan 2013, Bochspwn paper and slides – gynvael.coldwind.pl
      In our SyScan presentation, we explained the concept of kernel race conditions in interacting with user-mode memory, gave a brief rundown on how they can be identified by using CPU-level instrumentation of an operating system session, and later focused on how they can be successfully exploited with the help of several generic techniques (on the example of three Windows vulnerabilities discovered by the Bochspwn project).
    • Syscan 2013 – antid0te.com
      Index of /syscan_2013/
  • Keynote Address on Cyber Security Federal Reserve Bank Risk Conference 2013 – viaforensics.com
    Below is the keynote address by Andrew Hoog, CEO of viaForensics, on April 9, 2013, at the Federal Reserve Bank’s Sixth Annual Risk Conference in Chicago, IL.
  • Memoirs of BSides London and Infosec Europe 2013 – j4vv4d.com
    It was the first day of Infosec – I had gotten up early and was already in a bit of a dilemma. I had a suit ready to wear for Infosec, but in the evening I was invited to the SC Magazine awards which was a black tie event (a dinner suit / tuxedo).

Resources

  • Android FDE is weak. – twitter.com
    Hashkill now cracks Android FDE images master password. Speed is ~135k on 6870, ~270k/s on 7970. Android FDE is weak.
  • The rise in the exploitation of old PDF vulnerabilities – blogs.technet.com
    Exploitation of software vulnerabilities continues to be a common way to infect computers with malware. Leveraging exploits allows malware authors to infect, disrupt, or take control of a computer without the user’s consent and typically without their knowledge.
  • The Fog of Cyber Defence – f-secure.com
    The Finnish National Defence University has published a 250-page book called The Fog of Cyber Defence. The book discusses cyber warfare, cyber arms race, and cyber defense from a Nordic viewpoint.
  • The State of Web Security – blog.whitehatsec.com
    After months of hard work, today we are releasing the 2013 WhiteHat Website Security Statistics Report.

Tools

Techniques

Vendor/Software Patches

Vulnerabilities

Other News