• BGA talk slides –
    Marshall twitted his BGA talk slides on twitter. You can download the pdf from here.
  • Building a Modern Security Engineering Organization –
    Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. This talk with discuss how security adapts effectively to these changes.
  • Car Hacker’s Handbook –
    Here you can download the book in several different formats for free!
  • CONFidence 2014 video from our talk on CTFs –
    The video from j00ru’s and Gynvael’s talk from this year’s CONFidence edition is now online. The talk was called “On the battlefield with the Dragons” and consisted of a selection of interesting CTF task solutions with some useful tips and trick near the end.
  • Slides from my HOPE/X Talk –
    Enjoy the slides and the paper; it’s solid academic quality research.


  • Introducing Burpbuddy –
    burpbuddy exposes Burp Suites’s extender API over the network through various mediums, with the goal of enabling development in any language without the restrictions of the JVM.


  • Real world exploitation of a misconfigured crossdomain.xml – –
    Seth Art was only able to really exploit the overly permissive crossdomain.xml file and gain access to the sensitive information. If Bing told authenticated users to use or get lost, he would not have had a very exciting demo.


Other News