Showing Posts From

August 2008

DefCon16 - Virtually Hacking

A presentation by John Fitzpatrick from MWR InfoSecurity at DefCon 16 explored VMware security vulnerabilities. The talk focused on potential attack vectors in virtualized environments. The full presentation is available for download from the MWR InfoSecurity labs website.

  • 11 Aug 2008

Defcon 16 Talk Review: Advanced Software Armouring and Polymorphic Kung-Fu

Nick Harbour presented PE-Scrambler, an advanced Windows executable packer that manipulates binary code at the disassembly level to obstruct reverse engineering. The tool uses sophisticated techniques like destroying call trees, relocating code chunks, and creating ambiguous disassembly to make binary analysis challenging. Additionally, Harbour demonstrated FindEvil, a tool that detects packed binaries by comparing disassembly size to binary size.

  • 11 Aug 2008

Defcon 16 Talk Review: The Pentest is Dead, Long Live the Pentest

The article reviews a Defcon 16 talk about the evolution of penetration testing from an underground practice to a professional service. It highlights the shift from ad-hoc, tool-driven approaches to a more strategic, methodology-focused discipline. Key recommendations include developing creative testing methods, producing context-rich reports, and maintaining ongoing client partnerships.

  • 11 Aug 2008

Defcon 16 Talk Review: Time-Based Blind SQL Injection Using Heavy Queries and the Marathon Tool

A summary of a DEF CON talk on advanced SQL injection attacks.