Event Related Pwn2Own Lesson From Pwn2Own: Focus On Exploitability - darkreading.com The Pwn2Own contest earlier this month at the CanSecWest Conference showed off the speed with which knowledgeable security professionals can code exploits for known vulnerabilities. On the failings of Pwn2Own 2012 - scarybeastsecurity.blogspot.com This year's Pwn2Own and Pwnium contests were interesting for many reasons. [...]
Event Related CanSecWest 2012 Hardware Involved Software Attack - forristal.com Material for CanSecWest 2012 by Jeff ForristralVulnerability analysis, practical data flow analysis and visualization - blogs.technet.com Recently at CanSecWest 2012, we presented on the technology we use for analyzing malicious samples and PoC files. As malware often actively attempts to exploit software vulnerabilities these days, [...]
Event Related Black Hat Europe 2012 Summaries, Updates and Tools BlackHat Europe 2012 Day #1 Wrap-Up - blog.rootshell.be BlackHat is back in Europe and, this year, they moved back to Amsterdam! This edition also introduced a new format: A three-days conference with three simultaneous tracks. BlackHat Europe 2012 Day #2 Wrap-Up - rootshell.be And I’m [...]
Event Related CanSecWest CanSecWest evolving - blog.securiteam.com Let me say, right off the top, that I love CanSecWest. I am tired of “vendor” conferences, where you pay outrageous fees for the privilege of sitting through a bunch of sales pitches. At least CanSecWest has real information, as opposed to virtual information. CanSecWest Day 1 Pen [...]
Event Related RSA Conference 2012 RSA Conference 2012: Stress and burnout in infosec careers- csoonline.com IT security professionals are experiencing extreme levels of stress and burnout, but they have few places to turn for help. RSA Conference Photos- tripwire.com Here are our photos from the RSA Conference 2012. Each day of the show, we asked [...]
Resources A look at ASLR in Android Ice Cream Sandwich 4.0 - blog.duosecurity.com For the uninitiated, ASLR randomizes where various areas of memory (eg. stack, heap, libs, etc) are mapped in the address space of a process. The Ultimate OS X Hardening Guide Collection - isc.sans.edu Many security professionals tend to use OS X systems. [...]
Event Related OWASP AppSec USA 2011 Schedule/Slides/Video - appsecusa.org Schedule, slides, and video for OWASP AppSec USA 2011 - September 20-23 ShmooCon 2012 - January 27-29 - Presentations - shmoocon.org ShmooCon 2012 Presentations and Videos available here. FOSDEM 2012 - First video recordings uploaded! - fosdem.org We are pleased to announce that the first video [...]
Event Related ShmooCon Firetalks 2012 ShmooCon Firetalks 2012 - irongeek.com These are the videos I have for the ShmooCon Firetalks 2012. ShmooCon Epilogue 2012 - irongeek.com These are the videos I have for ShmooCon Epilogue 2012. Georgia recorded the live parts, and my rig was used for the slides. Sorry that there are some missing [...]
Event Related ShmooCon 2012 Updates, Videos, Slides and Presentation Five Ways We’re Killing Our Own Privacy - scribd.com/doc Slides from ShmooCon and Firetalks Presentation Attacking Prox Card Systems - opensecurityresearch.com Slides and Code from Brad Antoniewicz's awesome talk on Attacking Prox Card Systems Shmoocon 2012 - tombom.co.uk In the absence of an “official” download link [...]
Event Related Shmoocon 2012 ShmooCon 2012: Raising The White Flag - blog.c22.cc Whitelisting is often touted as a replacement for AV. Despite the fact that something better than AV is needed, application whitelisting isn’t the solution. Their purpose seems good, for the execution is lacking. Things are headed in the right direction, but using simple [...]