Event Related AppSecDC AppSecDC Recap: Old Webshells, New Tricks – novainfosecportal.com Back in the day web shells were all the rage so I was curious what “new” was happening in this area. Ryan Kazanciyan started off with a summary of some of the more poplar web shells he’s seen in the past several years. AppSecDC [...]

Events Related Training At CanSecWest 2011: Analysis of Malicious Documents – esec-lab.sogeti.com Jean-Baptiste and Guillaume will give a course about malicious document analysis during the next CanSecWest Dojo session at Vancouver (March 7th/8th). The course deals with two major cases: PDF and Microsoft Office documents. Nowadays those two file formats have become a common vector [...]

Resources CanSecWest Vancouver 2011 Presentation Files – cansecwest.com Comprehensive list of presentations during the recently concluded CanSecWest 2011 The Symantec Internet Secuirty Threat Report Volume 16 Is Here! – symantec.com We are pleased to announce that Volume 16 of the Symantec Internet Security Threat Report (ISTR) is now available. Jeremiah Grossman Reveals His Process For [...]

Events Related CanSecWest Event debriefing CanSecWest, a decade later and still growing – privasectech.com CanSecWest 2011 day 1 – the-interweb.com CanSecWest 2011 day 2 – the-interweb.com CanSecWest 2011 day 3 – the-interweb.com Highlights of CanSecWest Day 1 – blogs.mcafee.com Highlights of CanSecWest Day 2 – blogs.mcafee.com Understanding and Exploiting Flash Vulnerabilities – log.fortinet.com CanSecWest Presentations [...]

Here are the information security events in North America this month: The 2011 Governance, Risk Management, and Compliance Summit: March 1 to 3 in San Francisco Atlantic Security Conference 2011: March 3 to 5 in Halifax BSides Halifax: March 5 to 6 in Halifax SANS AppSec 2011: March 7 to 15 in San Francisco CanSecWest [...]

Events Related: OWASP BeNeLux Day 2010 Wrap Up – rootshell.be Yesterday, the three OWASP Benelux chapters organized together their annual OWASP BeNeLux day. Ok folks, secwest11@cansecwest.com is live and the countdown timer goes to December 29th for entries to CanSecWest 2011 Call For Papers – twitter.com, @dragosr BayThreat was awesome, do it again! – mckeay.net Which [...]

CanSecWest 2010 banners Tom Gallagher and David Conger from Microsoft talk about distributed file fuzzing and the Microsoft Office 2010 security model.    Some other notes from their talk: Office supports 300 file formats. each can have different sub formats .wpd extension has 3 different parsers. fuzzing surface=huge Microsoft built their own distributed fuzzer system [...]

Dragos Ruiu just announced the speaker lineup for this year’s CanSecWest conference, being held next month in Vancouver Canada. The Smart-Phones Nightmare – Sergio ‘shadown’ Alvarez Getting into the SMRAM: SMM Reloaded – Loíc Duflot Network design for effective HTTP traffic filtering – Jeff "rfp"  Forristal, Zscaler Ninja Scanning – Fyodor, Insecure.org On Approaches and [...]

Another great event ran by Dragos and crew. I want to thank them for letting me cover the event on Twitter and the Infosec Events blog. My pictures are now up on flickr, and Ryo’s flickr page has a ton of pictures as well. Now lets celebrate another successful event by opening a champagne bottle [...]