Event Related Our CanSecWest 2012 slides on passive DNS and Picviz – picviz.blogspot.fr Alexandre Dulaunoy from CIRCL.LU and Sebastien Tricaud from Picviz Labs have been talking at CanSecWest 2012 in Vancouver, Canada, on how to scrutinize a country using passive DNS and Picviz. SyScan 2012 Singapore slides – www.xchg.info Conference and slides of SyScan 2012 [...]

Event Related A cyber weapon – alexmgeorge.wordpress.com At RSA 2012 Dave Aitel made a presentation wherein he defined cyber weapons a bit outside of how people normally think. The tried and true metaphor (which I admit to using) is that exploits or frameworks are like guns, and if they’re like guns then it’s easy to [...]

Event Related Pwn2Own Lesson From Pwn2Own: Focus On Exploitability – darkreading.com The Pwn2Own contest earlier this month at the CanSecWest Conference showed off the speed with which knowledgeable security professionals can code exploits for known vulnerabilities. On the failings of Pwn2Own 2012 – scarybeastsecurity.blogspot.com This year’s Pwn2Own and Pwnium contests were interesting for many reasons. [...]

Event Related Black Hat Europe 2012 Summaries, Updates and Tools BlackHat Europe 2012 Day #1 Wrap-Up – blog.rootshell.be BlackHat is back in Europe and, this year, they moved back to Amsterdam! This edition also introduced a new format: A three-days conference with three simultaneous tracks. BlackHat Europe 2012 Day #2 Wrap-Up – rootshell.be And I’m [...]

Events Related OWASP ATL Presentation – intrepidusgroup.com I recently gave a presentation at OWASP ATL on the OWASP Mobile Top 10 and how to assess mobile applications. This was a light weight discussion of the OWASP Mobile Top 10 and some topical and technical concerns related to securing mobile applications. OWASP Benelux Days 2011 – [...]

Resources Strategies To Mitigate Targeted Cyber Intrusions – dsd.gov.au Australian computer networks are being targeted by adversaries seeking access to sensitive information. A commonly used technique is social engineering, where malicious “spear phishing” emails are tailored to entice the reader to open them. Users may be tempted to open malicious email attachments or follow embedded [...]

Events Related ENISA First 2011 The European Network & Information Security Agency (ENISA) formed in 2004. The agency supports the commission and the EU member states in the area of information security. Facilitate the exchange of information between EU institutions, the public sector and the private sector. Security Challenges for Future Systems – blog.c22.cc #First2011-Remediating [...]

Events Related: OWASP threat modeling project – myappsecurity.blogspot.com We are starting an OWASP threat modeling project to standardize a threat modeling approach which can be used by various companies. Resources: Neil Daswani Reveals His Process for Security Research – resources.infosecinstitute.com In our ongoing series of interviews, this week Neil Daswani answered a few questions and [...]

Events Related Hop Hacking Hedy – cutawaysecurity.com Although this started as one of my first full-fledged hardware projects, the intent was always to evaluate ways to cheaply assess deployments frequency hopping spread spectrum (FHSS) technologies (please review and I’ll assume you did). OWASP Summit 2011 Results – diniscruz.blogspot.com As you can see by the Summit’s highlights, [...]

Events Related ShmooCon 2011 Getting to ShmooCon each year is always challenging (as is trying to get home). Mother Nature seems to enjoy disrupting the travel to and from the conference, which is held in Washington, D.C in January or February of each year. ShmooCon 2011 – intrepidusgroup.com ShmooCon 2011 Conference Wrap Up – blog.tenablesecurity.com [...]