- Hackito Ergo Sum 2012
- TALKS // Hackito Ergo Sum 2012 – 2012.hackitoergosum.org
In this presentation we will cover critical aspects of web applications, and how these techniques can be used on real life scenario on big (and highly “secured”) websites. These bugs and methods will be able to assist you in your next bug-hunting in your pentest or (god-forbid) bounty program.
We will reveal several vulnerabilities found on real big scale and important websites.
- Hackito Ergo Sum 2012 – breakingcode.wordpress.com
The event took place at the headquarters of the French Communist Party, and I have to say the conference room was quite impressive. It was an underground dome all covered with white metallic plates and lamps behind, giving a peculiar visual effect.
- Notacon 9 (2012) Videos (Hacking Illustrated Series InfoSec Tutorial Videos) – irongeek.com
These are the videos from the 9th Notacon conference held April 12th-15th, 2012. Not all of them are security related, but I hope my viewers will enjoy them anyway.
- SOURCE Boston Security Conference and Training 2012 Day 2 – Dan Geer Keynote, Android Modding and Cloud Security – securelist.com
Dan Geer’s fantastic Keynote Speech kicked off Day 2 of SOURCE Conference Boston this morning. The talk itself was heady and complex, something to keep up with. Notable talks also were Jeremey Westerman’s “Covering *aaS – Cloud Security Case Studies for SaaS, PaaS and IaaS”, and Dan Rosenberg’s “Android Modding for the Security Practitioner”.
- Troy Hunt: 5 interesting security trends from Verizons 2012 data breach report
This report is based on 855 incidents in 2011 (don’t be confused by the year in the title!) and because Verizon does this each year, there’s lots of data on how trends are changing.
- VLAN Network Segmentation and Security- Chapter 5 – resources.infosecinstitute.com
In this chapter, we step through a description of VLAN technology, how to secure it (including basic switch security), and how to control packets to increase the overall strength of attack surface defense. I use the term packet instead of frame to refer to transmission entities at both the network and the data link layers.
- Penetration Testing for iPhone Applications- Part 2 – resources.infosecinstitute.com
Every iPhone has an associated unique device Identifier derived from a set of hardware attributes called UDID. UDID is burned into the device and one cannot remove or change it. However, it can be spoofed with the help of tools like UDID Faker.
- From LOW to PWNED