Week 47 In Review – 2016

Events Related BSides DC 2016 - Opening - www.youtube.com Alex Norman does what Alex Norman does best. Open the con. Inspirational, motivational and most importantly... short. AppSecUSA 2016 - www.youtube.com Recordings from AppSecUSA 2016 in Washington, DC Highlights from the O'Reilly Security Conference in Amsterdam 2016 - www.oreilly.com Watch highlights covering security, defense, tools, and [...]

Week 31 In Review – 2014

Resources REcon 2014 Videos – recon.cx REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. Here is the index of REcon 2014 videos. Watch and download the videos from here. RVAsec 2014 Videos – rvasec.com Miss a talk or even the entire conference? No problem! All of the speaker videos [...]

Week 19 In Review – 2014

Resources Web security tricks – bugscollector.com Bugs Collector is a database of web security breaches and tricks collected from all over the world. Tricks are available here. ShowMeCon 2014 Videos – irongeek.com These are the videos of ShowMeCon 2014. You can watch and download all the videos from here. LayerOne 2013 – layerone.org Archives of the videos of [...]

Week 6 In Review – 2014

Resources Why PLCpwn Is Important for ICS Cyber Weapons – www.digitalbond.com The interesting question is what happens when organizations and governments stumble across one of these deployed attack systems and covert channels? S4x14 Video: Stephen Hilt on PLCpwn -digitalbond.com Cheat Sheets – packetlife.net Here are Cheet sheets by packetlife. You can download all from here. OWASP Cheat Sheet [...]

Week 46 In Review – 2013

Tools WCE v1.42beta released (32bit) – hexale.blogspot.com WCE v1.42beta released (32bit). This is a minor release. Download it from here. heapLib 2.0 – blog.ioactive.com Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Techniques Unpacking [...]

Week 38 In Review – 2013

Resources Heuristic methods used in sqlmap – unconciousmind.blogspot.com You can find slides for Miroslav Štampar talk "Heuristic methods used in sqlmap" held at FSec 2013 conference (Croatia / Varazdin 19th September 2013) here. Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network – blog.spiderlabs.com It’s always surprising how insecure some internal networks turn out to [...]

Week 9 in Review – 2013

Event Related Juniper Networks intros global cloud-based 'attacker database' - zdnet.com At the start of RSA 2013, Juniper Networks is rolling out a global database to track attacks on individual devices. MASTIFF Analysis of APT1 - novainfosec.com At Shmoocon this year we were please to find that there is a project focused on this specifically [...]

Week 13 in Review – 2012

Event Related Pwn2Own Lesson From Pwn2Own: Focus On Exploitability - darkreading.com The Pwn2Own contest earlier this month at the CanSecWest Conference showed off the speed with which knowledgeable security professionals can code exploits for known vulnerabilities. On the failings of Pwn2Own 2012 - scarybeastsecurity.blogspot.com This year's Pwn2Own and Pwnium contests were interesting for many reasons. [...]

Week 4 in Review – 2012

Event Related Shmoocon 2012 ShmooCon 2012: Raising The White Flag - blog.c22.cc Whitelisting is often touted as a replacement for AV. Despite the fact that something better than AV is needed, application whitelisting isn’t the solution. Their purpose seems good, for the execution is lacking. Things are headed in the right direction, but using simple [...]