Week 12 In Review – 2017

Events Related BSidesSF 2017 - Security BSides San Francisco is a two-day information security conference. It is a conference by the community for the community. Hackers Earns big at Pwn2Own Hackers managed to take down Microsoft Edge and escape a virtual machine to boot on the third day of Pwn2Own early Friday. Members from Qihoo’s [...]

Week 12 In Review – 2016

Events Related Pwn2Own 2016: Hackers Earn $460,000 for 21 New Flaws - On the first day, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari [...]

Week 12 In Review – 2014

Events Related Three Things to Take Away from CanSecWest, Pwn2Own – Browsers, brokers and BIOS: you could safely call that triumvirate the past, present and future of security, but you’d be wrong. If last week’s CanSecWest conference, and Pwn2Own and Pwnium contests are indeed a point-in-time snapshot of the technical side of information security, then [...]

Week 46 In Review – 2013

Tools WCE v1.42beta released (32bit) – WCE v1.42beta released (32bit). This is a minor release. Download it from here. heapLib 2.0 – Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Techniques Unpacking [...]

Week 10 in Review – 2013

Event Related DEP-ASLR bypass without ROP-JIT.pdf - This is a pdf file from the event CanSecWest 2013 Pwn2Own: IE10, Firefox, Chrome, Reader, Java hacks land $500k - It's back to the drawing board for coders at Microsoft, Google, Adobe, Mozilla, and Oracle after entrants in the annual Pwn2Own contest waltzed off with over [...]

Week 13 in Review – 2012

Event Related Pwn2Own Lesson From Pwn2Own: Focus On Exploitability - The Pwn2Own contest earlier this month at the CanSecWest Conference showed off the speed with which knowledgeable security professionals can code exploits for known vulnerabilities. On the failings of Pwn2Own 2012 - This year's Pwn2Own and Pwnium contests were interesting for many reasons. [...]

Week 11 in Review – 2012

Event Related Black Hat Europe 2012 Summaries, Updates and Tools BlackHat Europe 2012 Day #1 Wrap-Up - BlackHat is back in Europe and, this year, they moved back to Amsterdam! This edition also introduced a new format: A three-days conference with three simultaneous tracks. BlackHat Europe 2012 Day #2 Wrap-Up - And I’m [...]

Week 10 in Review – 2012

Event Related CanSecWest CanSecWest evolving - Let me say, right off the top, that I love CanSecWest. I am tired of “vendor” conferences, where you pay outrageous fees for the privilege of sitting through a bunch of sales pitches. At least CanSecWest has real information, as opposed to virtual information. CanSecWest Day 1 Pen [...]

Week 10 in Review – 2011

Events Related CanSecWest Event debriefing CanSecWest, a decade later and still growing - CanSecWest 2011 day 1 - CanSecWest 2011 day 2 - CanSecWest 2011 day 3 - Highlights of CanSecWest Day 1 - Highlights of CanSecWest Day 2 - Understanding and Exploiting Flash Vulnerabilities - CanSecWest Presentations [...]

Week 5 In Review – 2011

Events Related ShmooCon 2011 Getting to ShmooCon each year is always challenging (as is trying to get home). Mother Nature seems to enjoy disrupting the travel to and from the conference, which is held in Washington, D.C in January or February of each year. ShmooCon 2011 - ShmooCon 2011 Conference Wrap Up - [...]