Event Related SyScan 2013 SyScan13: Revisiting Mac OS X Rootkits presentation – reverse.put.as SyScan 2013, 10th anniversary edition is over! It is a great conference and I hope it does not end here. I had lots of fun and met new interesting people. Thomas is an awesome host! It helps that I really like Singapore [...]

Event Related Syscan 2013 SyScan 2013, Bochspwn paper and slides – gynvael.coldwind.pl In our SyScan presentation, we explained the concept of kernel race conditions in interacting with user-mode memory, gave a brief rundown on how they can be identified by using CPU-level instrumentation of an operating system session, and later focused on how they can [...]

Event Related OWASP OWASP AppSec 2012 Presentation: SQL Server Exploitation, Escalation, and Pilfering – netspi.com During this presentation attendees will be introduced to lesser known, yet significant vulnerabilities in SQL Server implementations related to common trust relationships, misconfigurations, and weak default settings. XSS & CSRF with HTML5 – Attack, Exploit and Defense – shreeraj.blogspot.com HTML5 [...]

Event Related Columbus OWASP Meeting Presentation – stateofsecurity.com Last week, I presented at the Columbus OWASP meeting on defensive fuzzing, tampering with production web applications as a defensive tactic and some of the other odd stuff we have done in that arena. Charlie Miller & Dino Dai Zovi at CodenomiCON 2012: iOS Hacker’s Update – [...]

Event Related Man on the SecurityStreet Man on the SecurityStreet – Day 2 Continued. – community.rapid7.com Dave Kennedy, the founder of TrustedSec, gave an entertaining presentation called Going on the Offensive – Proactive Measures in Security your Company. Just like HD’s earlier presentation, we had our staff artist plot out the entire speech, which you [...]

Resources Elderwood Project ‘Elderwood’ Crew, Tied to Google Aurora Attack, Targeting Defense, Energy, Finance Companies – threatpost.com The same team that attacked Google in the Aurora campaign in 2009 is still active and has been conducting a long-term campaign targeting defense contractors, financial services companies, energy companies, human rights organizations and government agencies using a [...]

Event Related OWASP DC’s Videos – vimeo.com Here are all of the videos that OWASP DC has uploaded to Vimeo. Appearances are videos that OWASP DC has been credited in by others. Stripe CTF 2 – Web Challenges – abiusx.com I participated in the Stripe CTF Web Attacks and thus far it was the most [...]

Event Related DefCon 20 Defcon Wi-Fi hack called no threat to enterprise WLANs – networkworld.com Enterprise Wi-Fi networks can keep using WPA2 security safely, despite a recent Defcon exploit that has been widely, but wrongly, interpreted as rendering it useless. Is WPA2 Security Broken Due to Defcon MS-CHAPv2 Cracking? – revolutionwifi.blogspot.ca A lot of press [...]

Event Related Bsides Cleveland 2012 Videos – irongeek.com These are the videos from the Bsides Cleveland conference. Resources Hashcat Per Position Markov Chains – blog.spiderlabs.com The Markov model is a mathematical system that has had numerous uses and variations since it’s inception over a hundred years ago. Most notable, in terms of computer science, is [...]

Event Related S16 Networks: Presentations – si6networks.com The complete list of our presentations is available here. Resources Low Hanging Fruit – averagesecurityguy.info I decided to write a Python script to automate this task for me. Lhf.py takes a single Nessus v2 XML file and prints a summary HTML file with all of the low hanging [...]