Here is a list of events going on this month in the information security space. IT Security World: September 13-19 VizSEC 2008: September 15 RAID 2008: September 15-17 Interop New York 2008: September 15-19 OWASP AppSec 2008: September 22-25 ToorCon X: September 24-28
Rob Fuller yesterday did an excellent guest post on the Zero Day ZDNet blog on the tools released at DEFCON 16. Here is the list of DEFCON 16 tools: Beholder: An open source wireless IDS program by Nelson Murilo and Luis Eduardo The Middler: The end-all be-all of MITM tools by Jay Beale ClientIPS: An [...]
Some videos from The Last Hope are now online via bittorrent. I hope more videos will come online soon, as many of the presentations sounded interesting. At the least, The Last Hope audio is all online at the offical The Last Hope site. Here is the list of videos currently being distributed: A Hacker's View [...]
Because the presenters have to submit their slides before the conference (so they can make the presentation discs), often the slides are outdated by the time the conference comes around. Thankfully a few presenters are posting their updated slides online, and here is a list of those that did. NTLM is Dead by Kurt Grutzmacher [...]
Black Hat USA is over, and I think everyone is still in recovery mode. There were tons of presentations, and here are some posts from various people recapping the event. Once I recover, I will be posting my overall thoughts on the conference as well. Day 1: BlackHat 2008 LiveBlog: Day 1 by Security Monkey [...]
Michael Boman is hosting the Black Hat USA 2008 presentations on his site. Here is a direct link to the Black Hat USA 2008 zip file, with a file size of 198,756,461 bytes, and a MD5 of a5551435ccce85d3fb26b90bc899c080. Thanks Michael!
Here are my notes from the Black Hat USA 2008 presentation called 'MetaPost Exploitation' by Val Smith and Colin Ames. The MetaPost Exploitation slides are now online, as well as demo movies at offensivecomputing.net. If you do any sort of enterprise level penetration testing, you should definitely check it out. Credential Management Wordpad and paper [...]
Yesterday Jeremiah Grossman and Trey Ford from WhiteHat Security gave a very interesting and fun presentation called 'Get Rich or Die Trying - Making Money on The Web, The Black Hat Way'. They went over several real world examples of business logic flaws, and in some cases profited (a lot) from those flaws. The Get [...]
Here are my notes from the Black Hat USA 2008 presentation called 'The Internet is Broken: Beyond Document.Cookie - Extreme Client Side Exploitation' by Nathan McFeters, John Heasman, and Rob Carter. GIFAR Hybrid .gif and .jar file .gif header is in the beginning of the file .jar header is in the end of the file [...]
Dan Kaminsky's Black Hat USA presentation was a bit different than what I was expecting, but it was still very interesting. Instead of going into details on the vulnerability, he spent the majority of time identifying the systems that would break if someone were able to manipulate the DNS system. He basically said that once [...]