headers
Dave Aitel | 23 May 22:42
Favicon

"Jailbreaking"

So for those of you who do not follow the twitters...IntevyDis released
a new version of VulnDisco Mobile, which includes an "untethered"
jaibreak for the latest iOS.
http://www.idownloadblog.com/2012/05/22/new-jailbreak-vulndisco-mobile/

You can watch the movie to see a CANVAS node pop up as usual.

And for those of you who love movies, I'm going to be on Fox Live
tomorrow to discuss this one:
http://www.nextgov.com/cybersecurity/2012/05/al-qaeda-video-calls-electronic-jihad-government-computers/55886/?oref=ng-dropdown

Will there be buffy quotes? Who knows unless you tune in? :>

-dave

--

-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com


_______________________________________________
Dailydave mailing list
Dailydave <at> lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Permalink | Reply | 0 comments |
headers
dan | 22 May 06:11

zeus plug-in


Has anyone here analyzed the Leprechaun(sp?) plug-in for Zeus?

--dan
Permalink | Reply | 0 comments |
headers
Dave Aitel | 21 May 21:13
Favicon

Tool of the day!

So every sub-genre of hacker has their own set of specialized knowledge.
And in the sub-genre that "sees a lot of mailspools" (which you could
label "Unix Hackers") you often have this problem where you have a lot
of email, and you want to quickly distill it down to "files that are
interesting". Of course, emails come in all shapes and sizes and are all
decoded differently and it's a bit annoying to figure out how to decode
them all.

The best tool in my experience for this is Frank Pilhofer's UUDeview
(http://www.fpx.de/fp/Software/UUDeview/) . You just point it at a
directory of mail, and "it does the right thing", offering prompts up
when it needs to. Simple, easy, and effective.

-dave

--

-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com


_______________________________________________
Dailydave mailing list
Dailydave <at> lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Permalink | Reply | 0 comments |
headers
Dave Aitel | 18 May 16:01
Favicon

Howard Schmidt

“As for getting into the power grid, I can’t see that that’s realistic,” Schmidt said.


Likewise as that Threat Point article from the start of his time in the White House points out: 


“People have to recognize that when we close the door and go home, we are just normal netizens like anyone else,” Schmidt said. “I’ve been in the internet from the very beginning. We don’t want to see it changed to where it is no longer available and we don’t have the ability to do things anonymously as we choose to in certain realms.”


Also in that article you can see the initial tension between the NSA and the office of the Cyber Security Coordinator. And the last few weeks have been dominated by the NSA and White House together trying (and failing) to push forward legislation that regulates the security of critical infrastructure (such as the power grid).


But Schmidt's dream was always elsewhere - in the role of human identity and the internet. And you can see it in his trusted identities strategy. This also is where I see the largest influence from his Microsoft days, from the days the technologies Passport and CardSpace (remember them?) looked "promising".


But trusted identities is not necessarily where people want to go, even if it helps security in some way (or enables rather revolutionary things like Internet voting). And aside from a few favored vendors who wanted to make money implementing an identity scheme for every American, you don't see a groundswell of support.


Keep in mind that we have Aurora and the associated rise of "APT", Wikileaks, and the public hacking of various water utilities during his time in office. Also during his time America and Russia and China have connected on CyberSecurity more than you may have thought they would.  Most of what a Cyber Security Czar does is shrouded in secrecy, so it's hard to truly say what Howard's legacy will be, but it's probably safe to say a new identity management policy for the entire country will not be it.


-dave


-- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com 
_______________________________________________
Dailydave mailing list
Dailydave <at> lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Permalink | Reply | 0 comments |
headers
Dave Aitel | 17 May 16:28
Favicon

Ten years.

Immunity is ten years old now - and like any ten year old, it is
interested mostly in shiny things that bleep and bloop. :>

But also like any ten year old we are growing and always hungry, and so
if you're interested in working in the new DC office or Miami Beach HQ,
please let me know. We only have one perk and that is this: We'll keep
you entirely focused on breaking into things in one way or another.

-dave

--

-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com


_______________________________________________
Dailydave mailing list
Dailydave <at> lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Permalink | Reply | 0 comments |
headers
Dave Aitel | 14 May 21:07
Favicon

New INFILTRATE 2012 Movie is up! With surprise introduction by Halvar!

OH: "So....static analysis! Let's talk about it!" (Long pause follows.)

That's pretty much straight out of most parties I go to! Luckily, there
are a few people who can go into static analysis to great levels of
depth, and some of them give talks at INFILTRATE. :>

http://www.immunityinc.com/infiltratemovies/movies/JulienVanegue.mp4

-dave

--

-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com


_______________________________________________
Dailydave mailing list
Dailydave <at> lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Permalink | Reply | 0 comments |
headers
Hamid | 11 May 20:13
Favicon

Mobile Phone Security Survey


Hello DD!

Few weeks ago I had a writeup about (in)security trends in mobile phones
and now I've reached to a point that I need results of a survey to
validate and confirm some facts that are going to be covered in paper.

I would appreciate your help by participating in this survey, or be even
more awesome and spread it among your friends that are not security geeks!

Survey link:

http://goo.gl/pQO02

Thank you!
Hamid
Permalink | Reply | 1 comment |
headers
Dave Aitel | 1 May 16:05
Favicon

With a real team, it's not about the numbers

I find articles like the recent one in Forbes quite funny in a way - and likewise talks about "rootite" and bug mining and so forth. Part of this is because philosophically I know that teams who focus on the money tend to lose. Obviously you need a lot of money to get things done in this industry, but I think it's a slippery slope from that to looking for where the money really is, which is defense. And when you're doing defense, you're not writing exploits, you're creating "security tests". You're not as concerned with "where will this exploit get me" so much as meeting this month's exploit quota. "How many checks do you have?" is the kind of customer you're competing for. This month CANVAS released one exploit. And that one exploit in Samba is worth more to me than a hundred "security tests" in random bits of Microsoft software no one interesting has ever installed. [1] You can see it in action here, or if you have CANVAS, you can download it as of last night. http://partners.immunityinc.com/movies/CANVAS-SambaNDR.mov -dave [1] As a side note, you'll notice none of the static analysis companies can find this bug. [2] Also you should read Kostya's blog post today just because it's in English. -- INFILTRATE - the world's best offensive information security conference. April 2013 in Miami Beach www.infiltratecon.com 
_______________________________________________
Dailydave mailing list
Dailydave <at> lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Permalink | Reply | 0 comments |
headers
Shari Bermudez | 26 Apr 22:49
Favicon

72 hours


Just a reminder that there are only 72 business hours remaining before
registration closes for the WebHacking and Master training classes.
Sign up today. Call 786-220-0600 or email training <at> immunityinc.com.
The 20% discount offer for re-tweeting still stands.

http://immunityinc.com/education-currentschedule.shtml

--
INFILTRATE 2013 is being held at the famous Fontainebleau Hotel in
Miami Beach, FL from April 11-12, 2013.  Do not miss out.  Early
registration is now open.
http://infiltratecon.com/

Shari Bermudez
Project Manager
Immunity Services LLC-a division of Immunity Inc.
1130 Washington Ave.8th FL
Miami Beach, FL 33139
(p) 786-220-0600 (f) 786-513-8100
(e) shari <at> immunityinc.com
Permalink | Reply | 0 comments |
headers
Dave Aitel | 26 Apr 15:55
Favicon

Spooked at RSA 2012

So we put my RSA 2012 talk up, along with the comments from the viewers that RSA collected. 

I 100% agree with every comment in the feedback form, which include such bon mots such as "You reek of pride".
Frankly, I am quite proud of what the offensive community has been able to do over the last ten years. And I
was a bit hurried during the actual talk (the one below is from my 6am-dry-run-in-hotel-room since they
didn't record the talk itself) - I got spooked by the 20-minutes-left sign like a novice.  

http://partners.immunityinc.com/movies/RSA2012.mov
https://immunityinc.com/downloads/RSA2012.pdf

--

-- 
INFILTRATE - the world's best offensive information security conference.
April 2013 in Miami Beach
www.infiltratecon.com


_______________________________________________
Dailydave mailing list
Dailydave <at> lists.immunityinc.com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Permalink | Reply | 0 comments |
headers
Thomas Lim | 19 Apr 07:36
Favicon

What's happening at SyScan'12 Singapore

Dear Dailydave readers

Do you know what's going to happen at SyScan'12 Singapore next week?

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

13 AWESOME SPEAKERS:
a. Stefan Esser (i0n1c)
b. Chris Valasek (nudeaberdasher)
c. Tarjei Mandt (kernelpool)
d. Alex Ionescu
e. Edgar Barbosa (0pC0de)
f. Jon Oberheide
g. Brett Moore (antic0de)
h. James Burton (Jayji)
i. Seung Jin Lee (Beist)
j. Ryan MacArthur (Backpacker)
k. Loukas (snare)
l. Aaron LeMasters (AaXon)
m. Paul Craig

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

11 INCREDIBLE PRESENTATIONS, 7 BRAND NEW ONES:
a. Heaps of Doom (Brand NEW)
b. De Mysteriis Dom Jobsivs (Sub New)
c. Owning entire organisations with regional software..(Brand NEW)
d. I/O, You own (Brand NEW)
e. Entomology: A case study of rare and interesting bugs
f. Exploiting the Linux Kernel
g. ACPI 5.0 Rootkit Attacks against Windows 8 (Brand NEW)
h. iOS Kernel Heap Armageddon (Brand NEW)
i. Post Exploitation Process Continuation
k. iOS Applications - Different Developers, Same Mistakes (Brand NEW)
l. Automating the Identification of Data Structures (Brand NEW)

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

SECURE CODING COMPETITION WITH $10,000, $7,000 AND $3,000 CASH

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....

PHONES4PWN WITH $15,000 CASH

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....BEER, BEER, BEER,
BEER, BEER, BEER, BEER, BEER....BEER, BEER, BEER, BEER, BEER, BEER,
BEER, BEER....

SHACK <at> PATTAYA

BEER, BEER, BEER, BEER, BEER, BEER, BEER, BEER....LADYBOYS, LADYBOYS,
LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS...BEER, BEER,
BEER, BEER, CHAMPAGNE, CIGARS, BEER, BEER....LADYBOYS, LADYBOYS,
LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS...BEER, BEER,
BEER, BEER, BEER, BEER, BEER, BEER....LADYBOYS, LADYBOYS, LADYBOYS,
LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS, LADYBOYS...

--

-- 
Thank you
Thomas Lim
Permalink | Reply | 0 comments |

Gmane