- 7 Aug 2009
Defcon 17
DefCon 17 featured technical talks covering diverse cybersecurity topics including wireless sensor exploitation, USB security vulnerabilities, and router hacking. Presentations explored critical security issues such as extracting encryption keys, inline hooking techniques, and vulnerability disclosure strategies. The conference highlighted emerging research on hardware and software vulnerabilities across technological domains.
-
Rafael Dominguez Vega - 4 Aug 2009
Fun with Plug & 0wn
Rafael Dominguez Vega presented USB security research at Defcon 17 in Las Vegas on August 2nd, 2009. The presentation materials discussing USB security vulnerabilities are available for download. The talk focused on research findings related to USB security.
- 4 Jun 2009
EuSecWest 2009 Run Down
EuSecWest 2009 featured technical presentations on cybersecurity vulnerabilities and attack techniques across multiple domains. Talks covered Microsoft exploit mitigations, PCI bus attacks, Trusted Computing vulnerabilities, iPhone security exploits, and Firefox extension risks. The conference provided insights into emerging cybersecurity research and potential system vulnerabilities.
- John Fitzpatrick
- 7 May 2009
HashCookies - A Simple Recipe
HashCookies is a session security technique that uses random salt and hashing to generate browser-specific session cookies. The method prevents session hijacking by making stolen session IDs unusable without the original salt. Implementation requires support from both web browsers and web servers to generate secure, context-specific session identifiers.
- 13 Mar 2009
Have you got bad timing?
Timing attacks exploit variations in system response times to extract sensitive information. A specific example involving Citrix Access Gateway revealed that authentication attempts with valid Active Directory usernames took slightly longer to return failed login messages. This timing difference could potentially allow attackers to identify valid usernames and assist in password guessing attempts.
- Rafael Dominguez Vega
- 15 Nov 2008
DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks
At DeepSec 2008, Rafael Dominguez Vega presented research on administrative web application attacks. The presentation focused on script injection vulnerabilities in SSID and DHCP systems. Demonstration techniques for exploiting administrative web interfaces were discussed in the talk.
- Rafael Dominguez Vega
- 15 Nov 2008
Presentation: DeepSec 2008 - Behind Enemy Lines: Administrative Web Application Attacks
A presentation at DeepSec 2008 by Rafael Dominguez Vega explored administrative web application attacks. The talk focused on script injection vulnerabilities discovered through SSID and DHCP attack vectors. Presentation slides are available for download and review.
- 15 Sep 2008
Stockholm Sec-T Conference Roundup
The inaugural Sec-T conference in Stockholm featured diverse cybersecurity presentations covering virtualization security, cybercrime, and emerging technological threats. Speakers discussed organized criminal activities, vulnerabilities in operating systems, and enterprise software security challenges. The conference provided insights into cutting-edge security research across multiple domains of information technology.
- John Fitzpatrick
- 12 Aug 2008
DefCon16 - Virtually Hacking
A presentation by John Fitzpatrick from MWR InfoSecurity at DefCon 16 explored VMware security vulnerabilities. The talk focused on potential attack vectors in virtualized environments. The full presentation is available for download from the MWR InfoSecurity labs website.
- 11 Aug 2008
Defcon 16 Talk Review: Advanced Software Armouring and Polymorphic Kung-Fu
Nick Harbour presented PE-Scrambler, an advanced Windows executable packer that manipulates binary code at the disassembly level to obstruct reverse engineering. The tool uses sophisticated techniques like destroying call trees, relocating code chunks, and creating ambiguous disassembly to make binary analysis challenging. Additionally, Harbour demonstrated FindEvil, a tool that detects packed binaries by comparing disassembly size to binary size.
- 11 Aug 2008
Defcon 16 Talk Review: The Pentest is Dead, Long Live the Pentest
The article reviews a Defcon 16 talk about the evolution of penetration testing from an underground practice to a professional service. It highlights the shift from ad-hoc, tool-driven approaches to a more strategic, methodology-focused discipline. Key recommendations include developing creative testing methods, producing context-rich reports, and maintaining ongoing client partnerships.
- 11 Aug 2008
Defcon 16 Talk Review: Time-Based Blind SQL Injection Using Heavy Queries and the Marathon Tool
A summary of a DEF CON talk on advanced SQL injection attacks.