Contribuez à SecuObs en envoyant des bitcoins ou des dogecoins.
Nouveaux articles (fr): 1pwnthhW21zdnQ5WucjmnF3pk9puT5fDF
Amélioration du site: 1hckU85orcGCm8A9hk67391LCy4ECGJca

Contribute to SecuObs by sending bitcoins or dogecoins.

Chercher :
Newsletter :  


Revues :
- Presse
- Presse FR
- Vidéos
- Twitter
- Secuobs





Sommaires :
- Tendances
- Failles
- Virus
- Concours
- Reportages
- Acteurs
- Outils
- Breves
- Infrastructures
- Livres
- Tutoriels
- Interviews
- Podcasts
- Communiques
- USBsploit
- Commentaires


Revue Presse:
- Tous
- Francophone
- Par mot clé
- Par site
- Le tagwall


Top bi-hebdo:
- Ensemble
- Articles
- Revue
- Videos
- Twitter
- Auteurs


Articles :
- Par mot clé
- Par auteur
- Par organisme
- Le tagwall


Videos :
- Toutes
- Par mot clé
- Par site
- Le tagwall


Twitter :
- Tous
- Par mot clé
- Par compte
- Le tagwall


Commentaires :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS/XML :
- Articles
- Commentaires
- Revue
- Revue FR
- Videos
- Twitter


RSS SecuObs :
- sécurité
- exploit
- windows
- attaque
- outil
- microsoft


RSS Revue :
- security
- microsoft
- windows
- hacker
- attack
- network


RSS Videos :
- curit
- security
- biomet
- metasploit
- biometric
- cking


RSS Twitter :
- security
- linux
- botnet
- attack
- metasploit
- cisco


RSS Comments :
- Breves
- Virus
- Failles
- Outils
- Tutoriels
- Tendances
- Acteurs
- Reportages
- Infrastructures
- Interviews
- Concours
- Livres
- Communiques


RSS OPML :
- Français
- International











Revue de presse francophone :
- Appaloosa AppDome nouent un partenariat pour accompagner les entreprises dans le déploiement et la protection des applications mobiles
- D-Link offre une avec un routeur VPN sans fil AC
- 19 mai Paris Petit-Déjeuner Coreye Développer son business à l'abri des cyberattaques
- POYNTING PRESENTE LA NOUVELLE ANTENNE OMNI-291, SPECIALE MILIEU MARITIME, CÔTIER ET MILIEU HUMIDE
- Flexera Software Les utilisateurs français de PC progressent dans l'application de correctifs logiciels, mais des défis de tailles subsistent
- Riverbed lance SD-WAN basé sur le cloud
- Fujitsu multi-récompensé VMware lui décerne plusieurs Partner Innovation Awards à l'occasion du Partner Leadership Summit
- Zscaler Private Access sécuriser l'accès à distance en supprimant les risques inhérents aux réseaux privés virtuels
- QNAP annonce la sortie de QTS 4.2.1
- Une enquête réalisée par la société de cyber sécurité F-Secure a décelé des milliers de vulnérabilités graves, potentiellement utilisables par des cyber criminels pour infiltrer l'infrastru
- Trouver le juste équilibre entre une infrastructure dédiée et cloud le dilemme de la distribution numérique
- 3 juin - Fleurance - Cybersécurité Territoires
- Cyber-assurances Seules 40 pourcents des entreprises françaises sont couvertes contre les violations de sécurité et les pertes de données
- Des étudiants de l'ESIEA inventent CheckMyHTTPS un logiciel qui vérifie que vos connexions WEB sécurisées ne sont pas interceptées
- Les produits OmniSwitch d'Alcatel-Lucent Enterprise ALE gagnent en sécurité pour lutter contre les cyber-attaques modernes

Dernier articles de SecuObs :
- DIP, solution de partage d'informations automatisée
- Sqreen, protection applicative intelligente de nouvelle génération
- Renaud Bidou (Deny All): "L'innovation dans le domaine des WAFs s'oriente vers plus de bon sens et d'intelligence, plus de flexibilité et plus d'ergonomie"
- Mises à jour en perspective pour le système Vigik
- Les russes ont-ils pwn le système AEGIS ?
- Le ministère de l'intérieur censure une conférence au Canada
- Saut d'air gap, audit de firmware et (in)sécurité mobile au programme de Cansecwest 2014
- GCHQ: Le JTRIG torpille Anonymous qui torpille le JTRIG (ou pas)
- #FIC2014: Entrée en territoire inconnu
- Le Sénat investit dans les monnaies virtuelles

Revue de presse internationale :
- VEHICLE CYBERSECURITY DOT and Industry Have Efforts Under Way, but DOT Needs to Define Its Role in Responding to a Real-world Attack
- Demand letter served on poll body over disastrous Comeleak breach
- The Minimin Aims To Be The Simplest Theremin
- Hacking group PLATINUM used Windows own patching system against it
- Hacker With Victims in 100 Nations Gets 7 Years in Prison
- HPR2018 How to make Komboucha Tea
- Circuit Bender Artist bends Fresnel Lens for Art
- FBI Director Suggests iPhone Hacking Method May Remain Secret
- 2016 Hack Miami Conference May 13-15, 2016
- 8-bit Video Wall Made From 160 Gaming Keyboards
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance
- BeautifulPeople.com experiences data breach 1m affected
- Swedish Air Space Infringed, Aircraft Not Required
- Why cybercriminals attack healthcare more than any other industry
- Setting the Benchmark in the Network Security Forensics Industry

Annuaire des videos
- FUZZING ON LINE PART THREE
- Official Maltego tutorial 5 Writing your own transforms
- Official Maltego tutorial 6 Integrating with SQL DBs
- Official Maltego tutorial 3 Importing CSVs spreadsheets
- install zeus botnet
- Eloy Magalhaes
- Official Maltego tutorial 1 Google s websites
- Official Maltego tutorial 4 Social Networks
- Blind String SQL Injection
- backdoor linux root from r57 php shell VPS khg crew redc00de
- How To Attaque Pc With Back Track 5 In Arabique
- RSA Todd Schomburg talks about Roundup Ready lines available in 2013
- Nessus Diagnostics Troubleshooting
- Panda Security Vidcast Panda GateDefender Performa Parte 2 de 2
- MultiPyInjector Shellcode Injection

Revue Twitter
- RT @fpalumbo: Cisco consistently leading the way ? buys vCider to boost its distributed cloud vision #CiscoONE
- @mckeay Looks odd... not much to go on (prob some slideshow/vid app under Linux)
- [SuggestedReading] Using the HTML5 Fullscreen API for Phishing Attacks
- RT @BrianHonan: Our problems are not technical but cultural. OWASP top 10 has not changed over the years @joshcorman #RSAC
- RT @mikko: Wow. Apple kernels actually have a function called PE_i_can_has_debugger:
- [Blog Spam] Metasploit and PowerShell payloads
- PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box: For the second time thi...
- @mikko @fslabs y'all wldn't happen to have lat/long data sets for other botnets, wld you? Doing some research (free/open info rls when done)
- RT @nickhacks: Want to crash a remote host running Snow Leopard? Just use: nmap -P0 -6 --script=targets-ipv6-multicast-mld #wishiwaskidding
- An inexpensive proxy service called is actually a front for #malware distribution -

Mini-Tagwall
Revue de presse : security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone

+ de mots clés pour la revue de presse

Annuaires des videos : curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit

+ de mots clés pour les videos

Revue Twitter : security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall

+ de mots clés pour la revue Twitter

Top bi-hebdo des articles de SecuObs
- [Ettercap – Partie 2] Ettercap par l'exemple - Man In the Middle et SSL sniffing
- [Infratech - release] version 0.6 de Bluetooth Stack Smasher
- [IDS Snort Windows – Partie 2] Installation et configuration
- [Infratech - vulnérabilité] Nouvelle version 0.8 de Bluetooth Stack Smasher
- Mises à jour en perspective pour le système Vigik
- USBDumper 2 nouvelle version nouvelles fonctions !
- EFIPW récupère automatiquement le mot de passe BIOS EFI des Macbook Pro avec processeurs Intel
- La sécurité des clés USB mise à mal par USBDUMPER
- Une faille critique de Firefox expose les utilisateurs de Tor Browser Bundle
- Installation sécurisée d'Apache Openssl, Php4, Mysql, Mod_ssl, Mod_rewrite, Mod_perl , Mod_security

Top bi-hebdo de la revue de presse
- StackScrambler and the Tale of a Packet Parsing Bug

Top bi-hebdo de l'annuaire des videos
- DC++ Botnet. How To DDos A Hub With Fake IPs.
- Comment creer un server botnet!!!!(Réseau de pc zombies)
- Defcon 14 Hard Drive Recovery Part 3

Top bi-hebdo de la revue Twitter
- RT @secureideas: I believe that all the XSS flaws announced are fixed in CVS. Will test again tomorrow if so, release 1.4.3. #BASESnort
- Currently, we do not support 100% of the advanced PDF features found in Adobe Reader... At least that's a good idea.
- VPN (google): German Foreign Office Selects Orange Business for Terrestrial Wide: Full
- @DisK0nn3cT Not really, mostly permission issues/info leak...they've had a couple of XSS vulns but nothing direct.
- Swatting phreaker swatted and heading to jail: A 19-year-old American has been sentenced to eleven years in pris..
- RT @fjserna You are not a true hacker if the calc.exe payload is not the scientific one... infosuck.org/0x0035.png

Top des articles les plus commentés
- [Metasploit 2.x – Partie 1] Introduction et présentation
- Microsoft !Exploitable un nouvel outil gratuit pour aider les développeurs à évaluer automatiquement les risques
- Webshag, un outil d'audit de serveur web
- Les navigateurs internet, des mini-systèmes d’exploitation hors de contrôle ?
- Yellowsn0w un utilitaire de déblocage SIM pour le firmware 2.2 des Iphone 3G
- CAINE un Live[CD|USB] pour faciliter la recherche légale de preuves numériques de compromission
- Nessus 4.0 placé sous le signe de la performance, de l'unification et de la personnalisation
- [Renforcement des fonctions de sécurité du noyau Linux – Partie 1] Présentation
- [IDS Snort Windows – Partie 1] Introduction aux IDS et à SNORT
- Origami pour forger, analyser et manipuler des fichiers PDF malicieux

Les Tweets pour alexsotirov

Si vous voulez bloquer un compte Twitter ou nous en proposer un

Menu > Elements de la revue Twitter : - l'ensemble [tous] - par mots clé [tous] - par compte [tous] - le tagwall [voir]

S'abonner au fil RSS global de la revue Twitter


Suivants


Les Tweets filtrés pour "alexsotirov" (212 résultats)
S'abonner au fil RSS SecuObs pour le compte Twitter alexsotirov


[2012-06-13] - 16:31:06 - RT @trailofbits: We have published our initial analysis of Flame's MD5 collision capabilities http://t.co/rsvSp6ud

[2012-06-09] - 11:23:54 - RT @AmberBaldet: Tonight @alexsotirov took time from writing his @SummerC0n Flame MD5 collision slides to take me to the ballet #Gentlem ...

[2012-06-08] - 18:36:15 - I will present my analysis of the MD5 collision in Flame tomorrow at @SummerC0n. It's one of the most interesting attacks this year!

[2012-06-08] - 18:36:15 - RT @nicowaisman: We have confirmed that Flame uses a yet unknown MD5 chosen-prefix collision attack http://t.co/VesKZ9Fl

[2012-06-07] - 08:18:41 - Working on a blog post about the MD5 collision in Flame. Does anyone have a previously activated Windows Terminal Services Licensing Server?

[2012-06-07] - 08:18:41 - @nicowaisman Haha, I wish I had found this back then. Our MD5 collision paper was so close!

[2012-05-25] - 12:52:51 - The system date at boot on my 4.77MHz IBM XT was always 1/1/1980. I still enter this as my date of birth on any site that asks.

[2012-04-15] - 10:56:33 - 25 years of SummerCon in the latest issue of Phrack: http://t.co/4HwEjiVa I'm looking forward to SummerCon 2012!

[2012-03-07] - 07:46:26 - Just finished our first completely sold out Assured Exploitation class at CanSecWest 2012. Thanks to all our students for their hard work!

[2012-02-16] - 04:07:47 - RT @trailofbits: Sign up for @dinodaizovi and @alexsotirov's Assured Exploitation dojo at CanSecWest http://t.co/E0rdhXu9

[2012-02-07] - 17:23:04 - @agl__ I'm not complaining, I think the Chrome team is doing a great job.

[2012-01-04] - 04:04:38 - RT @dinodaizovi: Just a reminder that the prices for the Pwn2Own Pre-Game training classes in NYC (http://t.co/GZRHVRcx) go up on Friday ...

[2011-12-28] - 12:12:05 - @dannydulai I'm not counting on sqlite being easily readable 30 years from now. My long-term archives are stored in plaintext or simple HTML

[2011-11-30] - 23:10:46 - RT @dinodaizovi: Announcing the Pwn2Own Pre-Game trainings in NYC 1/31-2/3, Bug Hunting and Analysis 0x65 and Assured Exploitation: ...

[2011-11-04] - 12:52:36 - RT @AmberBaldet: Can't we just airdrop free candy into Los Zetas territory until they all become diabetic, and then let @barnaby_jack ha ...

[2011-11-01] - 06:00:13 - JavaScript is hard: http://t.co/2XP7AR62

[2011-10-29] - 13:51:25 - @aaronportnoy Or find an application that relies on an optional DLL to implement a security mechanism and corrupt it so LoadLibrary fails.

[2011-09-28] - 01:47:27 - @agl__ Can Chrome try TLS 1.2 or the workaround first and if it fails, fall back to the old behavior and show the broken padlock icon?

[2011-09-07] - 06:23:35 - @schmoilito We told them, but they didn't care. At least the MD5 collision certificate exercised the browser revocation process in advance.

[2011-09-07] - 06:23:35 - @lrigknat The CAs will pay for the pentests as a cost of doing business.

[2011-09-07] - 06:23:35 - @JSyversen I would like to see professional pentesting companies compete for the bounty as a business, rather than just individual hackers.

[2011-08-31] - 11:48:45 - Releasing a new browser version just to blacklist a SSL cert seems wasteful. Why not host a CRL at crl.mozilla.org and check it once a day?

[2011-08-17] - 23:40:32 - RT @hdmoore: Neat! A wiggly approach to smartphone keylogging: http://t.co/K1WU58p

[2011-08-09] - 11:05:39 - @savagejen @iameltonjohn Oh, @amberbaldet is worth at least an SSH remote :-)

[2011-07-28] - 06:16:36 - @s7ephen They are most likely just querying the Caller ID database using the VOIP spoofing method described here: http://t.co/RAH25QB

[2011-07-13] - 22:32:48 - Page 21 in the SDL Progress Report (http://t.co/DrRCLOg) has an excellent summary of the exploitation mitigations in all Windows versions.

[2011-07-07] - 05:50:25 - @tqbf Good developers do not rely on pentesters to find every single instance of a bug class that could be remedied at an earlier SDL stage.

[2011-07-07] - 05:50:25 - @tqbf If bad developers are happy to pay your rates, sure. But that doesn't make you a better pentester than @chriseng, just less naive :-)

[2011-06-10] - 21:42:19 - RT @sirus: I now know heapfu thanks to @alexsotirov and @dinodaizovi s Assured Exploitation class. Would highly recommend!

[2011-05-17] - 04:22:47 - @taviso The presentation by @dguido shows that mass malware attackers do not write their own exploits. Your Java 0day directly helped them.

[2011-05-11] - 18:08:49 - @taviso @justinschuh Flash bugs are equivalent to Chrome sandbox escapes from an attacker's perspective. You're thinking like developers.

[2011-04-13] - 04:21:18 - @dlitchfield Chrome also supports plugin whitelisting, so you can enable Flash only on a few sites and block it everywhere else.

[2011-04-08] - 03:53:33 - Has anyone looked at the ASLR implementation in iOS 4.3 yet? Did they do it right?

[2011-03-30] - 14:08:21 - @i0n1c Of course after that it will get ripped off, but you'll make some money initially at least. Add enough obfuscation to slow them down.

[2011-03-29] - 01:26:59 - Interesting article about the engineering frustrations at Google: http://bit.ly/gVbCUx

[2011-03-15] - 15:27:58 - @_____C I said rewrite from scratch using the SDL. Neither Win7 nor Adobe Reader were rewritten, they are still using lots of legacy code.

[2011-03-15] - 15:27:58 - @_____C IIS7 and SQL Server 2005 have had almost no vulnerabilities, a huge improvement over the older versions. This shows that SDL works.

[2011-03-15] - 06:18:21 - @dlitchfield The existence of 0day should be a part of every realistic threat model. What's the problem with VUPEN keeping theirs private?

[2011-03-15] - 06:18:21 - @dlitchfield Reporting and patching bugs one by one doesn't improve security. Security today means learning to live with and mitigate 0day.

[2011-03-15] - 06:18:21 - @dlitchfield Step 1: mitigate exploits. Step 2: rewrite the code under the SDL. Step 3: patch the few remaining bugs. Browsers are at step 0

[2011-03-15] - 06:18:21 - @dlitchfield Reporting vulns in browsers today distracts vendors from the need to do steps 1 and 2. More 0days will get us to step 3 faster.

[2011-03-13] - 17:39:23 - @mdowd @scarybeasts Next year: Goolge pays reporters $20k *not* to write about pwn2own :-)

[2011-03-12] - 05:48:40 - @scarybeasts Chrome most likely survived because of its sandbox, but Firefox's survival is just a statistical oddity.

[2011-03-07] - 02:44:25 - Putting the final touches on our Assured Exploitation training at CanSecWest. The class is sold out and will be even better than last year!

[2011-02-26] - 02:07:11 - This year's CanSecWest agenda is beyond impressive. I'm seriously considering going to every single talk: http://cansecwest.com/agenda.html

[2011-02-24] - 23:52:15 - @0xcharlie I'm sure we'll see improvements in Lion, perhaps even full ASLR. But that doesn't count as innovation in 2011 :-)

[2011-02-23] - 01:28:29 - Chrome has built-in blocking of JavaScript and plugins, with whitelisting and UI notifications! It's in Under the Hood - Content Settings.

[2011-02-18] - 07:43:51 - @scarybeasts @aaronportnoy Pwn2own is an exploit development contest, not just outsourced QA. Don't turn it into that.

[2011-02-18] - 07:43:51 - @scarybeasts Real attackers will wait until the right point in the Chrome update cycle to get max coverage. Pwn2own needs to model that.

[2011-02-18] - 07:43:51 - @scarybeasts If Chrome autoupdates before the exploit is updated, I can simply try again. A contest on a fixed date doesn't allow for that.

[2011-02-18] - 07:43:51 - @scarybeasts By the way, autoupdating actually makes 0day exploits easier, because you don't have to worry about running on old versions.

[2011-02-16] - 20:59:11 - RT @dragosr: Wow, if these partythings come through this might be the most epic CanSecWest do yet.


Suivants


S'abonner au fil RSS global de la revue Twitter

Menu > Elements de la revue Twitter : - l'ensemble [tous] - par mots clé [tous] - par compte [tous] - le tagwall [voir]




SecuToolBox :

Mini-Tagwall des articles publiés sur SecuObs :

Mini-Tagwall de l'annuaire video :

Mini-Tagwall des articles de la revue de presse :

Mini-Tagwall des Tweets de la revue Twitter :