Event Related CCDC WRCCDC - A Red Team Members Perspective - blog.strategiccyber.com Western Regional CCDC was pretty epic. Given the level of interest in red activity, I’d like to share what I can. So much happened, I couldn’t keep up with all of it. Web Application Defender's Cookbook: CCDC Blue Team Cheatsheet - blog.spiderlabs.com Trustwave [...]
Event Related Blackhat Europe 2013 Arsenal Tools Event Wrap-up - toolswatch.org I finally found time to write a wrap-up about the activities of the Arsenal Tools Event during the last session of Blackhat Amsterdam Europe 2013. IPv6 Focus Month: IPv6 over IPv4 Preference - isc.sans.edu Initially, most IPv6 deployments will be "Dual Stack". In this [...]
Event Related IPv6 Focus Month IPv6 Focus Month: What is changing with DHCP - isc.sans.edu Among the different methods to configure IPv6 addresses, most managed networks will likely stick with DHCP. DHCPv6 however is a bit different then DHCPv4. We will summarize here some of the basic differences between DHCPv4 and DHCPv6. IPv6 Focus Month: [...]
Event Related ShmooCon 2013 ShmooCon Epilogue 2013 Videos Recut per speaker / talk - excivity.com I was one of the people helping out with streaming this year’s ShmooCon Epilogue talks. Google Hangouts was kind enough to record everything for us, but lumped it into one large file. ShmooCon 2013 Videos Posted - shmoocon.org Videos for [...]
Event Related DEP-ASLR bypass without ROP-JIT.pdf - docs.google.com This is a pdf file from the event CanSecWest 2013 Pwn2Own: IE10, Firefox, Chrome, Reader, Java hacks land $500k - theregister.co.uk It's back to the drawing board for coders at Microsoft, Google, Adobe, Mozilla, and Oracle after entrants in the annual Pwn2Own contest waltzed off with over [...]
Event Related Juniper Networks intros global cloud-based 'attacker database' - zdnet.com At the start of RSA 2013, Juniper Networks is rolling out a global database to track attacks on individual devices. MASTIFF Analysis of APT1 - novainfosec.com At Shmoocon this year we were please to find that there is a project focused on this specifically [...]
Event Related ShmooCon Firetalks 2013 - irongeek.com These are the videos I have for the ShmooCon Firetalks 2013. Resources APT 1 APT 1: Exposing One of China's Cyber Espionage Units - intelreport.mandiant.com APT1: Exposing One of China's Cyber Espionage Units Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure: The Nitty Gritty - [...]
Event Related S4x13 Video: Atlas on RF Comms Security and Insecurity - digitalbond.com RF Comms are often ignored in SCADA assessments. Big mistake as atlas 0f d00m shows RF hacking session at S4x13. #Shmoocon Presentation Links - mainframed767.tumblr.com So I talked fast and furious and ran out of time, but 20 minutes is not a [...]
Resources "Security Engineering" now available free online - lightbluetouchpaper.org I’m delighted to announce that my book Security Engineering – A Guide to Building Dependable Distributed Systems is now available free online in its entirety. You may download any or all of the chapters from the book’s web page. The Anatomy of Unsecure Configuration: Reality Bites [...]
Event Related Pentest & Reverse: iOS Application Hacking - esec-pentest.sogeti.com Last month, we gave some lectures about iOS application Hacking first at GreHack (Grenoble, France) and then at Hack.Lu (Luxembourg, Luxembourg). Here you will find the slides and the paper. Don't hesitate to send us your questions. Resources The Red team Mindset Course Part 1 [...]