Resources Strategies To Mitigate Targeted Cyber Intrusions - dsd.gov.au Australian computer networks are being targeted by adversaries seeking access to sensitive information. A commonly used technique is social engineering, where malicious “spear phishing” emails are tailored to entice the reader to open them. Users may be tempted to open malicious email attachments or follow embedded [...]
Here are information security events in North America this month: BSides Las Vegas: August 3 to August 5 in Las Vegas DefCon 19: August 4 to August 8 in Las Vegas SANS Boston: August 6 to August 15 in Boston BSides Los Angeles: August 18 to August 20 in Los Angeles SANS Security Architecture: August [...]
Events Related Training At CanSecWest 2011: Analysis of Malicious Documents - esec-lab.sogeti.com Jean-Baptiste and Guillaume will give a course about malicious document analysis during the next CanSecWest Dojo session at Vancouver (March 7th/8th). The course deals with two major cases: PDF and Microsoft Office documents. Nowadays those two file formats have become a common vector [...]
Resources A Look Inside Targeted Email Attacks - symantec.com The number of targeted attacks has increased dramatically in recent years. Major companies, government agencies, and political organizations alike have reported being the target of attacks. The rule of the thumb is, the more sensitive the information that an organization handles, the higher the possibility of [...]
Events Related OWASP AppSec 2011 Capture The Flag briefings Capture The Flag - www.appsecusa.org/ctf.html AppSecUSA CTF! Another Write Up - notsosecure.com Resources Whitepaper "Python Arsenal For Reverse Engineering" - dsecrg.com This whitepaper (beta release) is a collection of various Python engines, extensions, libraries, shells, that aids in the job code for understanding, analyzing and sometimes breaking. [...]
Resources Electronic Frontier Foundation Know Your Rights! Guide Your computer, your phone, and your other digital devices hold vast amounts of personal information about you and your family. Can police officers enter your home to search your laptop? The Electronic Frontier Foundation (EFF) has answers to these questions in our new "Know Your Digital Rights" [...]
Here are information security events in North America this month: ReCon 2011: July 8 to July 11 in Montreal SANSFIRE 2011: July 15 to July 25 in Washinton, DC SOUPS 2011: July 20 to July 23 in Pittsburgh TRISC 2011: July 24 to July 27 in Austin PETS 2011: July 27 to July 30 in [...]
Resources ToorCon Seattle 2011 Browser Exploit Packs - secniche.blogspot.com We gave a talk at ToorCon about the high level details of BlackHole. We will be releasing more details and complete talk in the upcoming conferences that are scheduled later this year. OWASP DC's videos - vimeo.com Video archive of OWASP DC lectures and presentations. Notacon [...]
Events Related ENISA First 2011 The European Network & Information Security Agency (ENISA) formed in 2004. The agency supports the commission and the EU member states in the area of information security. Facilitate the exchange of information between EU institutions, the public sector and the private sector. Security Challenges for Future Systems - blog.c22.cc #First2011-Remediating [...]
Events Related Defcon 19 Quals For the third year, I competed with team Shellphish in the Defcon quals. We pulled through with some amazing points at the end to finish in 8th place. My successful contributions, however, were really only with respect to Forensics 100 and 300 Defcon 19 Quals Forensics 100 and Forensics 300 [...]