Resources Hakin9 Magazine Cloud Security Issue – mytalkoot.com Comprehensive cloud-centric resources and articles now available for download. Club Hack Magazine May Issue On browser Security – professionalsecuritytesters.org Here we are again with the latest issue of ClubHack Magazine. This time also the issue is dedicated to Browser security. Hacking Illustrated – irongeek.com In this section [...]

Events Related: OWASP threat modeling project – myappsecurity.blogspot.com We are starting an OWASP threat modeling project to standardize a threat modeling approach which can be used by various companies. Resources: Neil Daswani Reveals His Process for Security Research – resources.infosecinstitute.com In our ongoing series of interviews, this week Neil Daswani answered a few questions and [...]

Resources CanSecWest Vancouver 2011 Presentation Files – cansecwest.com Comprehensive list of presentations during the recently concluded CanSecWest 2011 The Symantec Internet Secuirty Threat Report Volume 16 Is Here! – symantec.com We are pleased to announce that Volume 16 of the Symantec Internet Security Threat Report (ISTR) is now available. Jeremiah Grossman Reveals His Process For [...]

Events Related ShmooCon CTF 2011 Ghost In the Shellcode – ghostintheshellcode.com Congratulations to ppp for winning the second GitS CTF! The game board as it was when the contest ended is now live, though answers are not accepted, nor are any of the exploitable services running. Just like the real thing – blog.uncommonsensesecurity.com The goal is [...]

Events Related: A Shmoocon Preview – blogs.macafee.com At about a third of the size of a larger conference like Black Hat, it’s much easier to talk to the speakers without fighting with a crowd. Past years have had good presentations on mobile phone security and this year is no exception. Black Hat DC 2011 We are [...]

Events Related Shmoocon CTF Warm up Contest – JavaScrimpd – blog.stalkr.net Last week-end was ShmooCon CTF Warmup Contest. Three challenges, the last one being an ELF binary + hostname of a server. Tools OWASP Zed Attack Proxy 1.2.0 Released – vulnerabilitydatabase.com/toolswatch/2011 The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding [...]

Events Related: Derbycon I will admit there is limited spacing, we rented the entire second floor of the Hyatt and tickets will go fast. new hacker con, hell of speaker list: DerbyCon – reddit.com Derbycon Teaser Video and website launch date announced – secmaniac.com ShmooCon CTF Warmup 2011 – cylab.cmu.edu A couple of PPP members [...]

Events Related: RSnake, Web Security and a few beers – andlabs.org Reminiscing Black Hat Abu Dhabi. DojoCon Follow-Up – novainfosecportal.com Although there was a formal CFP, everything else followed a traditional unconference format. SANS SEC660: Post Mortem – c22.cc The class is designed to cover the ground between the SEC560 Network Penetration Testing class and [...]

Events Related: OWASP BeNeLux Day 2010 Wrap Up – rootshell.be Yesterday, the three OWASP Benelux chapters organized together their annual OWASP BeNeLux day. Ok folks, secwest11@cansecwest.com is live and the countdown timer goes to December 29th for entries to CanSecWest 2011 Call For Papers – twitter.com, @dragosr BayThreat was awesome, do it again! – mckeay.net Which [...]

Resources: Impersonating The Domain Administrator via SQL Server – commonexploits.com A recent presentation I gave for 7Safe. It demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled. RuxCon 2010 Materials – ruxcon.org.au Talk PDFs now posted. Nuff said. New SANS Course – [...]