Event Related Workshop on the Economics of Information Security 2012 - lightbluetouchpaper.org I’m liveblogging WEIS 2012, as I did in 2011, 2010 and 2009. The event is being held today and tomorrow at the Academy of Sciences in Berlin. Blackhat Arsenal Tools Vegas 2012 LineUp - toolswatch.org I’m very pleased to announce that Blackhat Team [...]
Event Related Hack in Paris 2012 Hack in Paris 2012 Wrap-Up Day #1 - blog.rootshell.be The title was “Where are we and where are we going?“. Mikko is working in the security field for 21 years and always so busy! In fact, why can’t we get rid of vulnerabilities? Because applications and systems have… bugs! [...]
Event Related Recon 2012 Review – Exploit the Magic School Bus to Success - infosecalways.com Hands down Day 1 of Recon the Magic Bus by Travis Goodspeed and Sergey Bratus took the show. Great informational and entertaining presentation! I encourage anyone to check out the hardware Travis has developed and his papers if you are [...]
Resources Efficient Padding Oracle Attacks on Cryptographic Hardware - hal.inria.fr Stealing RSA private keys from hardware using oracle attacks in a few hours. JSLR - thespanner.co.uk Cross-Site Scripting (XSS) has been around for ages – with first incidents being reported in the late nineties. Despite the attack technique not being the most complex of all, [...]
Event Related HITB Security Conference 2012 Amsterdam - Materials - conference.hitb.org The Materials of HITB Security Conference 2012 – Amsterdam has been published. Resources iOS iPhone Forensics Analysis of iOS 5 backups : Part 2 - resources.infosecinstitute.com In the first part of this article, we discussed the techniques to read iTunes backups. The following article [...]
Event Related HITB2012 Amsterdam Day 1 HITB2012AMS Day 1 – One Flew Over The Cuckoos Nest - corelan.be Claudio Guarnieri, senior researcher at iSight Partner, and part of the Shadowserver Foundation and the HoneyPot project. He works with malware on a daily basis, maintains malwr.com and is the main developer of the Cuckoo Sandbox, which [...]
Resources Mobile Threat Report, Q1 2012- f-secure.comIt's time to publicly release our latest Mobile Threat Report, covering the 1st quarter of 2012. Our Q4 2011 report was quite popular and this new one for Q1 is even better. More content (and pages) for your reading pleasure. A closer look into the RSA SecureID software token- [...]
Resources Research for SharePoint (MOSS) - owasp.org This page contains research notes on Microsoft's SharePoint MOSS and WSS MS SQL - Useful Stored Procedures for SQL Injection and Ports Info - pentesticles.com The following post lists and describes various useful stored procedures and port information for MS SQL. Portable Executable 101 - a windows executable [...]
Resources Breaking in to Security - Survey Conclusions, Part 1 - digininja.org To collect the data I created an online survey and sent it out through as many sources as I could, to date I've got over 300 results and I'd like to say a huge thanks to everyone who completed it and helped with [...]
Event Related Our CanSecWest 2012 slides on passive DNS and Picviz - picviz.blogspot.fr Alexandre Dulaunoy from CIRCL.LU and Sebastien Tricaud from Picviz Labs have been talking at CanSecWest 2012 in Vancouver, Canada, on how to scrutinize a country using passive DNS and Picviz. SyScan 2012 Singapore slides - www.xchg.info Conference and slides of SyScan 2012 [...]