http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2011-11-29 23:06:27 - ...And You Will Know me by the Trail of Bits : Just in time to get warmed up for Pwn2Own, we are delivering a joint offering of the training courses Bug Hunting and Analysis 0 65 by Aaron Portnoy and Zef Cekaj as well as Assured Exploitation by Dino Dai Zovi and Alex Sotirov in New York City on January 31 February 3 Students may take http://www.secuobs.com/revue/news/344443.shtmlhttp://www.secuobs.com/revue/news/344443.shtml Secuobs.com : 2011-08-10 17:19:04 - ...And You Will Know me by the Trail of Bits - This year s BlackHat USA was the 12th year in a row that I ve attended and the 6th year in a row that I ve participated in as a presenter, trainer, and or co-organizer host of the Pwnie Awards And I made this year my busiest yet by delivering four days of training, a presentation, the Pwnie Awards, and http://www.secuobs.com/revue/news/322265.shtmlhttp://www.secuobs.com/revue/news/322265.shtml Secuobs.com : 2011-08-09 06:51:46 - ...And You Will Know me by the Trail of Bits - At SOURCE Boston this year, I gave my first conference keynote presentation I really appreciate the opportunity that Stacy Thayer and the rest of the SOURCE crew gave me The presentation was filmed by AT T and you can watch it on the AT T Tech Channel Another thanks goes out to Ryan Naraine for inviting me http://www.secuobs.com/revue/news/321878.shtmlhttp://www.secuobs.com/revue/news/321878.shtml Secuobs.com : 2011-05-04 00:03:35 - ...And You Will Know me by the Trail of Bits - On June 8-9, right before SummerC0n, Alex Sotirov and I will be giving a special New York City edition of our Assured Exploitation training class This is a great opportunity for anyone who was unable to take our class at CanSecWest this year The two-day class costs 2500 per student for registrations received before May http://www.secuobs.com/revue/news/302383.shtmlhttp://www.secuobs.com/revue/news/302383.shtml Secuobs.com : 2011-01-11 23:04:23 - ...And You Will Know me by the Trail of Bits - At BayThreat last month, I gave an updated and more much sober version of my Hacking at Mach Speed presentation from SummerC0n Now, since the 0day Mach RPC privilege de-escalation vulnerability has been fixed, I can include full details on it The presentation is meant to give a walkthrough on how to identify and enumerate http://www.secuobs.com/revue/news/277503.shtmlhttp://www.secuobs.com/revue/news/277503.shtml Secuobs.com : 2011-01-11 23:04:23 - ...And You Will Know me by the Trail of Bits - I m going to start out 2011 pretty busy on the information security events circuit Here are some of the events that I ll be participating in over the first few months in 2011 The Mac Exploit Kitchen Workshop w Vincenzo Iozzo at BlackHat DC Mac Hackin 2 Snow Leopard Boogaloo Presentation w Charlie Miller at IT-Defense http://www.secuobs.com/revue/news/277502.shtmlhttp://www.secuobs.com/revue/news/277502.shtml Secuobs.com : 2010-11-10 20:55:32 - ...And You Will Know me by the Trail of Bits - At the NY NJ OWASP meeting last week, I gave an experimental high-level ie not really technical talk that I call Memory Corruption, Exploitation, and You The talk is essentially a few rants stapled together, all relating to exploits, but also trying to predict where attackers in the wild will be headed in the next couple http://www.secuobs.com/revue/news/263992.shtmlhttp://www.secuobs.com/revue/news/263992.shtml Secuobs.com : 2010-07-21 20:08:26 - ...And You Will Know me by the Trail of Bits - BlackHat is going to be a busy one for me this year because I am still trying to quit my nasty over-committing habit But hopefully, I should have something that interests just about everybody If you love hate Macs and like hacking, you should check out the Mac Hacking Class training that I am giving with http://www.secuobs.com/revue/news/242587.shtmlhttp://www.secuobs.com/revue/news/242587.shtml Secuobs.com : 2010-07-21 20:08:26 - ...And You Will Know me by the Trail of Bits - Although I haven t done any development on KARMA for a little over 5 years at this point, many of the weaknesses that it demonstrates are still very present, especially with the proliferation of open 80211 Hotspots in public places A few weeks ago, I was invited to help prepare a demo of KARMA for CBS http://www.secuobs.com/revue/news/242586.shtmlhttp://www.secuobs.com/revue/news/242586.shtml Secuobs.com : 2010-07-21 18:35:57 - ...And You Will Know me by the Trail of Bits - In The Mac Hacker s Handbook and a few Mac-related presentations last year, I described my return-oriented exploitation technique for Mac OS X Leopard 105 for x86 This technique involved returning into the setjmp function within dyld the Mac OS X dynamic linker, which is loaded at a static location to write out the values of http://www.secuobs.com/revue/news/242544.shtmlhttp://www.secuobs.com/revue/news/242544.shtml Secuobs.com : 2010-06-23 22:47:29 - ...And You Will Know me by the Trail of Bits - The first ever NYC SummerCon last weekend was a blast and everyone seemed to have a great time As promised, there was 0day at the conference and hopefully no one remembered it because they were too drunk Here are the slides for my presentation, they are really no substitute for the live SummerCon experience This http://www.secuobs.com/revue/news/234300.shtmlhttp://www.secuobs.com/revue/news/234300.shtml Secuobs.com : 2010-04-20 04:18:58 - ...And You Will Know me by the Trail of Bits - This year, Alex Sotirov and I will be teaching our first Assured Exploitation training class at CanSecWest This training class is focused on various topics in advanced exploitation of memory corruption vulnerabilities This includes a thorough understanding of exploitation mitigations where they are effective and where they aren t , heap manipulation, return-oriented programming, and ensuring a http://www.secuobs.com/revue/news/213881.shtmlhttp://www.secuobs.com/revue/news/213881.shtml Secuobs.com : 2009-08-18 22:50:19 - ...And You Will Know me by the Trail of Bits - Chris Eagle s long-awaited The IDA Pro Book has a very straightforward title, but it is perhaps the most descriptive title possible for this book It is simply the IDA Pro book The book weighs in at 640 pages and really does an excellent job of covering everything from the basic usage of IDA to using the SDK http://www.secuobs.com/revue/news/132059.shtmlhttp://www.secuobs.com/revue/news/132059.shtml Secuobs.com : 2009-08-18 22:50:19 - ...And You Will Know me by the Trail of Bits - For today s installment of Dead Bugs Society, I m going to dig up another one of my favorite exploits This exploit is actually the second exploit that I wrote for the Apple File Server FPLoginExt stack overflow that DaveG found while we were both working for stake I will also take this time to apologize to http://www.secuobs.com/revue/news/132058.shtmlhttp://www.secuobs.com/revue/news/132058.shtml Secuobs.com : 2009-08-18 22:50:19 - ...And You Will Know me by the Trail of Bits - The Mac Hacker s Handbook by Charlie Miller and myself has just been published and is now shipping from Amazon I have even spotted it in several bookstores where you can usually find it in the Mac section The book is all about Mac OS X-specific vulnerability discovery, reverse-engineering, exploitation, and post-exploitation For me, this book is a http://www.secuobs.com/revue/news/132057.shtmlhttp://www.secuobs.com/revue/news/132057.shtml Secuobs.com : 2009-08-10 19:43:44 - ...And You Will Know me by the Trail of Bits - At BlackHat USA 2009, I presented Advanced Mac OS X Rootkits covering a number of Mach-based rootkit techniques and some tools that I have developed to demonstrate them While the majority of Mac OS X rootkits employ known and traditional Unix-based rootkit techniques, these Mach-based techniques show what else is possible using the powerful Mach http://www.secuobs.com/revue/news/129489.shtmlhttp://www.secuobs.com/revue/news/129489.shtml Secuobs.com : 2009-03-15 19:03:16 - ...And You Will Know me by the Trail of Bits - The Mac Hacker’s Handbook by Charlie Miller and myself has just beenpublished and is now shipping from Amazon I have even spotted it inseveral bookstores where you can usually find it in the Mac sectionThe book is all about Mac OS X-specific vulnerability discovery,reverse-engineering, exploitation, and post-exploitation For me, thisbook is a http://www.secuobs.com/revue/news/71225.shtmlhttp://www.secuobs.com/revue/news/71225.shtml Secuobs.com : 2008-12-10 04:25:32 - ...And You Will Know me by the Trail of Bits - At Hack in the Box in Kuala Lumpur this year, I was interviewed by SumnerLemon of IDG about various Mac and iPhone-related security topics Oneof the topics was the relative security of ARM versus x86 processorsand my comments on this seem to have bounced around the internets abit There seems to http://www.secuobs.com/revue/news/42417.shtmlhttp://www.secuobs.com/revue/news/42417.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - I can be pretty skeptical and cynical at times part of what drives myinterest in security and I am especially skeptical of massively hypedvulnerabilities If anything, I tend to underhype what I do and letothers hype it for me if they think that it warrants more attentionWith all of the hype http://www.secuobs.com/revue/news/41385.shtmlhttp://www.secuobs.com/revue/news/41385.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - This is just a friendly reminder that the nominations for the PwnieAwards close today You can nominate your peers for the followingcategories: Best Server-Side Bug Best Client-Side Bug Mass 0wnage MostInnovative Research Lamest Vendor Response Most Overhyped Bug BestSong Most Epic FAIL Lifetime Achievement Award And of course, pleasecome join us for the Pwnie Awards Ceremony at the BlackHat BriefingsUSA Conference http://www.secuobs.com/revue/news/41384.shtmlhttp://www.secuobs.com/revue/news/41384.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - Finally, the moment that everyone has been waiting for: the announcementof the nominees for the 2008 Pwnie Awards After receiving 134submissions, we have painstakingly narrowed down the submissions to 37nominees across 9 award categories The awards ceremony will be heldon Wednesday, August 6 at 6:00pm in the Palace 2 ballroom at Caesar’shttp://www.secuobs.com/revue/news/41383.shtmlhttp://www.secuobs.com/revue/news/41383.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - This weekend at The Last HOPE, Jacob Appelbaum, Karsten Nohl and I gavethe following presentation on the Debian OpenSSL weak PRNGvulnerability In May 2008, a weakness in Debian was discovered whichmakes cryptographic keys predictable A Debian-specific patch toOpenSSL broke the pseudo-random number generator two years ago, whichled to guessable SSL and http://www.secuobs.com/revue/news/41382.shtmlhttp://www.secuobs.com/revue/news/41382.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - In evolutionary biology, the theory of punctuated equilibiria states thatevolution is not a gradual process but instead consists of longperiods of stasis interrupted by rapid, catastrophic change This issupported by fossil evidence that shows little variation within aspecies and new species that appear to come out of nowhere Thesechanges are http://www.secuobs.com/revue/news/41381.shtmlhttp://www.secuobs.com/revue/news/41381.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - It’s that time again It’s 110 degrees in Las Vegas and if that wasn’tcausing the locals enough worry, the yearly invasion of hackers thisweek certainly will Expect to see more humungous LCD displays bluescreen and guys walking around in the heat wearing black leathertrenchcoats that’s dedication Anyway, it looks like there willhttp://www.secuobs.com/revue/news/41380.shtmlhttp://www.secuobs.com/revue/news/41380.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - Congratulations to all of the nominees and winners of the 2008 PwnieAwards We had a much larger turnout for the ceremony this year and weactually had people present to accept their awards and give acceptancespeeches In case you missed the awards, you can see the list ofwinners at the Pwnie Awards site http://www.secuobs.com/revue/news/41379.shtmlhttp://www.secuobs.com/revue/news/41379.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - Chris Eagle’s long-awaited The IDA Pro Book has a very straightforwardtitle, but it is perhaps the most descriptive title possible for thisbook It is simply the IDA Pro book The book weighs in at 640 pagesand really does an excellent job of covering everything from the basicusage of IDA to using the SDK http://www.secuobs.com/revue/news/41378.shtmlhttp://www.secuobs.com/revue/news/41378.shtml Secuobs.com : 2008-12-08 15:31:52 - ...And You Will Know me by the Trail of Bits - For today’s installment of Dead Bugs Society, I’m going to dig up anotherone of my favorite exploits This exploit is actually the secondexploit that I wrote for the Apple File Server FPLoginExt stackoverflow that DaveG found while we were both working for @stake Iwill also take this time to apologize to http://www.secuobs.com/revue/news/41377.shtmlhttp://www.secuobs.com/revue/news/41377.shtml