Events Related BlackHat 2011 Leftover media, articles, and resources Sights and SOund sof BlackHat USA 2011 (Gallery) - darkreading.com LDAP/XPATH Injection Tools - notsosecure.com BlackHat 2011 Resource Portal - blackhat.com DefCon 19 Interesting stuff from Vegas Five Questions About Aaron Barr's DefCon - threatpost.com DefCon 2011: SSL and the future of payloads - nakedsecurity.sophos.com Resources Cisco [...]
Events Related BlackHat 2011 Leftover notes and resources. Defcon/BlackHat Slides, Whitepaper, Tools - mcgrewsecurity.com BlackHat According to Twitter - blog.thinkst.com BlackHat Twitter Feed port 4848 - twitter.com BlackHat Twitter Feed Ws-attacks.org - twitter.com BlackHat Twitter Feed Tools For Soap - twitter.com Bit-squatting, DNS Hijacking Without Exploitation - nakedsecurity.sophos.com New Free Tool Helps Gather Attacker's Footprints [...]
Events Related Notes from BlackHat 2011 Below are more than a dozen updates and resource portals for the recently concluded BlackHat conference. Tavis Ormandy's Sophail Presentation - anti-virus-rants.blogspot.com BlackHat 2011 Presentation - sensepost.com Black Hat USA 2011 - f-secure.com BH2011: Hacking Google Chome OS - nakedsecurity.sophos.com BlackHat 2011: Macs in the age of the APT [...]
Resources Strategies To Mitigate Targeted Cyber Intrusions - dsd.gov.au Australian computer networks are being targeted by adversaries seeking access to sensitive information. A commonly used technique is social engineering, where malicious “spear phishing” emails are tailored to entice the reader to open them. Users may be tempted to open malicious email attachments or follow embedded [...]
Events Related Training At CanSecWest 2011: Analysis of Malicious Documents - esec-lab.sogeti.com Jean-Baptiste and Guillaume will give a course about malicious document analysis during the next CanSecWest Dojo session at Vancouver (March 7th/8th). The course deals with two major cases: PDF and Microsoft Office documents. Nowadays those two file formats have become a common vector [...]
Resources A Look Inside Targeted Email Attacks - symantec.com The number of targeted attacks has increased dramatically in recent years. Major companies, government agencies, and political organizations alike have reported being the target of attacks. The rule of the thumb is, the more sensitive the information that an organization handles, the higher the possibility of [...]
Resources Electronic Frontier Foundation Know Your Rights! Guide Your computer, your phone, and your other digital devices hold vast amounts of personal information about you and your family. Can police officers enter your home to search your laptop? The Electronic Frontier Foundation (EFF) has answers to these questions in our new "Know Your Digital Rights" [...]
Resources ToorCon Seattle 2011 Browser Exploit Packs - secniche.blogspot.com We gave a talk at ToorCon about the high level details of BlackHole. We will be releasing more details and complete talk in the upcoming conferences that are scheduled later this year. OWASP DC's videos - vimeo.com Video archive of OWASP DC lectures and presentations. Notacon [...]
Events Related ENISA First 2011 The European Network & Information Security Agency (ENISA) formed in 2004. The agency supports the commission and the EU member states in the area of information security. Facilitate the exchange of information between EU institutions, the public sector and the private sector. Security Challenges for Future Systems - blog.c22.cc #First2011-Remediating [...]
Events Related Defcon 19 Quals For the third year, I competed with team Shellphish in the Defcon quals. We pulled through with some amazing points at the end to finish in 8th place. My successful contributions, however, were really only with respect to Forensics 100 and 300 Defcon 19 Quals Forensics 100 and Forensics 300 [...]