- Technical Sessions – usenix.org
The full 21st USENIX Security Symposium Proceedings are now available.
- Workshop Program for HotSec’12 – usenix.org
All sessions will be held in the Auditorium unless otherwise noted.
- Workshop Program for Foci’12 – usenix.org
This is the workshop program for the FOCI’12.
- Workshop Program for HealthSec’12 – usenix.org
All sessions will be held in Grand IJ unless otherwise noted.
- Workshop Program for woot ’12 – usenix.org
All sessions will be held in Grand AB unless otherwise noted.
- Toorcamp 2012
- ToorCamp 2012: Tribes & Technology – tripwire.com
I recently returned from a week on the Olympic Peninsula at ToorCamp where I presented a talk and stayed the week attending workshops, learning electronics, picking locks and other activities.
- Toorcamp 2012 -flickr.com
Pictures for Toorcamp 2012
- BSides Las Vegas 2012 Videos – irongeek.com
These are the videos from the BSides Las Vegas conference. Thanks to all of the BSides Crew for having me out to help record and render the videos.
- Bsides London 2012, Robin Wood – “Breaking into Security” – youtube.com
At Security Bsides London 2012, Robin (@digininja) Wood answers the oft-asked question of, “How do I get into information security” or “how do I become a pen tester.”
- Mobile Hacking 101 – ethicalhacker.net
Next item on the board meeting agenda: the war on smartphones! For some time now, smartphones have been quietly creeping into our society and slowly infiltrating our families and companies. It started off simply enough: the CEO’s husband bought her an iPad for Christmas, and she thought it would be pretty savvy to be able to answer work email on it at a business meeting half way around the world.
- Black Hat USA 2012 update – census.labs.com
This year we have presented our research work at Black Hat USA 2012, the leading information security conference. Our researchers Patroklos Argyroudis and Chariton Karamitas visited Caesar’s Palace at Las Vegas, Nevada and delivered the talk.
- Ghost USB Honeypot Part 1- Interview with Project Leader Sebastian Poeplau – resources.infosecinstitute.com
Malware threats have become very common these days. In the past, many honeypots have been created to detect malware propagation over the network. These honeypots trick the malware into believing that they are a part of the network.
- SecureLogix Releases 2012 State of Voice Security Report – voipsecurityblog.typepad.com
SecureLogix has officially released our State of Voice/UC Security report for 2012. I co-authored this report with Rod Wallace, our VP of services. The report has been out since March, but we have made it available for any and all via our website.
- New Linux Distro for Mobile Security, Malware Analysis, and Forensics – resources.infosecinstitute.com
Yes, you read the title right and I hope I just grabbed your attention! A new GNU/Linux distribution or distro designed for helping you in every aspect of your mobile forensics, mobile malware analysis, reverse engineering and security testing needs and experience has just been unleashed and its alpha version is now available for download for you to try out.
- SQL Server 2008 Local Administrator Privilege Escalation – netspi.com
Unlike previous versions, SQL Server 2008 and 2012 don’t provide local system administrators with database administrator rights by default. This was a great idea by Microsoft to reinforce the practices of least privilege and separation of duties. However, in spite of the fact that their heart was in the right place, it was implemented in such a way that any local administrator (or attacker) can bypass the restriction.
- Why I Choose PowerShell as an Attack Platform – exploit-monday.com
Since the inception of PowerShell, it has been a blessing for Windows administrators everywhere. As Don Jones so eloquently puts it, “you can either learn PowerShell, or learn to ask, ‘would you like fries with that?’” I couldn’t agree with that sentiment more. After all, with server core being the default installation option of Windows Server 2012, knowledge of PowerShell is becoming increasingly crucial.
- The Exploit Magazine 01/2012 – theexploitmag.com
Dear Readers, we proudly present you The ExploitMag. We decided to launch entirely new magazine devoted to exploits. In this very first issue we focused on Metasploit Framework. In the nearest future, you can expect publications on: DoS Attacks, SOAP, WSDL hacking and more.
- White hats publish DDoS hijacking manual, turn tables on attackers -arstechnica.com
Turning the tables on miscreants who paralyze websites with torrents of junk data, security researchers have published a detailed manual that shows how to neutralize some of the Internet’s most popular denial-of-service tools.
- Simple but Extremely Useful Windows Tricks – blog.opensecurityresearch.com
Navigating Windows in the most efficient manner possible can be seen as wizardry– it almost seems as if Microsoft tries to make it increasingly more difficult to accomplish simple things. However, there are plenty of very useful tricks and shortcuts built into Windows, the problem is they are not publicized very well. Students in our Ultimate Hacking Courses usually find these Windows tips useful, so we figured we would share them.
- Stealing the Keys to the Kingdom through SQL injection – pentestgeek.com
Recently I was conducting a penetration test for a very large high profile client. The network itself had over 5500+ nodes and nearly 400 subnets. I started out using one of my new tactics by utilizing Nmap’s new http-screenshot.nse script.
- building isecpartners ios-ssl-kill-switch tweak – greenoperator.tumblr.com
For some time it has been a challenge to trap SSL traffic from iOS applications in a web proxy tools such as Fiddler or WebScarab. iOS application in many cases performed Certificate Pinning which checked for specific information within the SSL certificate before accepting allowing the application to complete a request.