CanSecWest 2010 banners Tom Gallagher and David Conger from Microsoft talk about distributed file fuzzing and the Microsoft Office 2010 security model.    Some other notes from their talk: Office supports 300 file formats. each can have different sub formats .wpd extension has 3 different parsers. fuzzing surface=huge Microsoft built their own distributed fuzzer system [...]

Events Related: Security BSides San Francisco and Austin – uncommonsensesecurity.com Reminiscing about past BSides. Pwn2Own 2010 Day 1 Overview – liquidmatrix.org A look back into the events of the first day of Pwn2Own. Outerz0ne 2010 Videos – archive.org Talks from their latest event. Resources: VERIS Incident Classification Mindmap – verizonbusiness.com VERIS employs the A4 Threat [...]

Events Related: Belated RSA postings Some last-minute RSA catchups RSA 2010 – Day 1 Metricon – chuvakin.blogspot.com RSA 2010 – Day 2-3 – chuvakin.blogspot.com RSA 2010 – Day 4-5 – chuvakin.blogspot.com Ninja Networks Twitter – twitter.com Follow ninjanetworks @ twitter leading up to and during DEFCON for Ninja badge and event information. Hackers In Japan [...]

Events Related: ShmooCon 2010 Presentations – shmoocon.org Slides and video from sessions during the DC conference. Some posts related to the RSA Conference RSA 2010 Coverage – novainfosecportal.com Videos from RSA Conference 2010 – rsa.com Some BSides SF posts BSidesSanFrancisco Official Site – securitybsides.org BsidesSF Videos – ustream.com Resources: Verizon Incident Metrics Framework Released – [...]

Events Related: Pwn2Own 2010 Now in its fourth year, the Pwn2Own competition will award up to $100,000 for exploits that successfully penetrate various hardware and software systems. Contest offers $100,000 for smartphone, browser hacks – theregister.co.uk Pwn2Own 2010 – tippingpoint.com Resources: 2010 SANS Top 25 Most Dangerous Programming Errors Released – cgisecurity.com This is a [...]

The ShmooCon 2010 East coast hacker convention ran from Friday, February 5 to February 7, 2010. Here are some of the fantastic photos and images from the ShmooCon 2010 information security event.

ShmooCon 2010 East Coast Hacker Convention – Three days of demonstrations on technology exploitation, software and hardware solutions, and discussions of critical information security issues; information disclosure, authentication, vulnerabilities, tools, and more.

Tools: fimap v0.7A Released – security-database.com Tool for determining local and remote file inclusion bugs in webapps updated with show-my-ip, experimental HTTP proxy support and experimental blindmode, among others. Mr-T smbenum and Firefox userprefs – ha.ckers.org An update to the Master Recon Tool was released to include both the default Firefox preferences and the smbenum of Internet [...]

Events Related: CSAW CTF 2009 – trailofbits.com A set of capture the flag challenges over at NYU-Poly finished its final round on Nov. 13th. OWASP 2009 (AppSecDV) Thoughts – preachsecurity.blogspot.com An look back at the events of the recent security conference SANS WhatWorks in Incident Detection Summit 2009 – eatingsecurity.blogspot.com An announcement on the new [...]

Events Related: Diutinus Defense Technologies Corp. – ddtek.biz The site of the team managing the DEFCON CTF games. SecureTubeCon – securitytubecon.org This conference will be held completely online! Tools: Aircrack-ng v1.0 – aircrack-ng.org Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Bsqlbf [...]