- SOURCE Boston Re-Cap – tenablesecurity.com
The SOURCE conferences, founded by Stacy Thayer, are small in size but big on content.
- Google’s cheesy web app course
Google has released a new online training course for Web application developers designed to teach them how to avoid common programming mistakes
- Didier Stevens on PDF Hacking and Security – threatpost.com
Dennis Fisher talks with Didier Stevens, the security researcher who developed the innovative method for using the /launch command in PDF readers to execute code on remote machines.
- My Best PCI DSS Presentation EVER! – chuvakin.blogspot.com
Addressing an audience of about 130 mostly University IT, IT security and finance (!) professionals in charge of their payment and PCI DSS programs was a fun challenge.
- Netsparker Community Edition – “The Sparkler” – securityaegis.com
Netsparker announced today that it is releasing a community edition, lacking only a few features of the pro version.
- Wireshark 1.2.8, 1.0.13, and 1.3.5 Released – wireshark.org
The new versions pack in the usual security fixes and a fix for the DOCSIS and interface bugs.
- FUU v0.1 – code.google.com/p/fuu/
FUU (Faster Universal Unpacker) is a GUI Windows Tool with a set of tools (plugins) to help you to unpack, decompress and decrypt most of the programs packed with programs like UPX, ASPack, FSG, ACProtect, etc.
- Why Buffer Overflow Exploitation Took So Long to Mature, a two-part series
Executing code via a buffer overflow was published at least as early as 1972.
- Bad “Visual” PDF – pandasecurity.com
Last week a PDF document which downloaded malware fell into my hands.
- More with Metasploit and WebDAV – carnal0wnage.attackresearch.com
You’ll want to make sure you pay attention to the part about allowing your IUSR_WHATEVER account to have have write access or you can set up a windows account to use authentication.
- Writing WIN32 Shellcode With a C-compiler – didierstevens.com
The advantage of my method is that you can debug your shellcode inside the Visual Studio IDE.
- Metasploit Lotus Domino Version Scanner – carnal0wnage.attackresearch.com
I pushed out the first of a few Lotus Domino modules I’ve been working on to the metasploit trunk last nite