headers
S. Praburaajan | 15 Apr 06:12

HITBSecConf2009 - Malaysia: Call for Papers

The Call for Papers for HITB Security Conference 2009 Malaysia is now open!

Talks that are more technical or that discuss new and never before seen
attack methods are of more interest than a subject that has been covered
several times before. Summaries not exceeding 1250 words should be
submitted (in plain text format) to cfp -at- hackinthebox.org for review
and possible inclusion in the programme.

Submissions are due no later than 31st July 2009

TOPICS

Topics of interest include, but are not limited to the following:

# 3G/4G Cellular Networks
# Apple / OS X security vulnerabilities
# SS7/Backbone telephony networks
# VoIP security
# Firewall technologies
# Intrusion detection
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# WIMAX Security
# Identification and Entity Authentication
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
(Continue reading)

Permalink | Reply | 0 comments |
headers
S. Praburaajan | 15 Apr 06:03

HITBSecConf2009 - Malaysia: Call for Papers

The Call for Papers for HITB Security Conference 2009 Malaysia is now open!

Talks that are more technical or that discuss new and never before seen
attack methods are of more interest than a subject that has been covered
several times before. Summaries not exceeding 1250 words should be
submitted (in plain text format) to cfp -at- hackinthebox.org for review
and possible inclusion in the programme.

Submissions are due no later than 31st July 2009

TOPICS

Topics of interest include, but are not limited to the following:

# 3G/4G Cellular Networks
# Apple / OS X security vulnerabilities
# SS7/Backbone telephony networks
# VoIP security
# Firewall technologies
# Intrusion detection
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# WIMAX Security
# Identification and Entity Authentication
# Network Protocol and Analysis
# Smart Card and Physical Security
# Virus and Worms
# WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
# Analysis of malicious code
# Applications of cryptographic techniques
(Continue reading)

Permalink | Reply | 0 comments |
headers
Praburaajan Selvarajan | 14 Mar 01:48

HITB2009 - Dubai: Conference Agenda & Noteworthy Presentations

The agenda for HITBSecConf2009 - Dubai is now online along with details
on both the conference keynote sessions. There are still another 4 more
weeks to grab your seats to the GCC's premier network security event!

Keynote 1 - Philippe Langlois (Founder, Qualys / Intrinsec / TSTF)
"From Hacking, Startups to HackLabs: Global Perspective and New Fields"

Keynote 2 - Mark Curphey (Director CISG, Microsoft Corp)
"Security Cogs and Levers"

Other noteworthy papers:

# Cross Domain Leakiness: Divulging Sensitive Information and Attacking
SSL Sessions - Chris Evans and Billy Rios

# VBootKit 2.0 - Attacking Windows 7 via Boot Sectors - Vipin & Nitin Kumar

# The Reverse Engineering Intermediate Language REIL and its
Applications - Sebastian Porst

# Pickpocketing mWallets: A Guide to Looting Mobile Financial Services -
The Grugq

# Psychotronica: Exposure, Control, and Deceit - Nitesh Dhanjani

# NKill - The Internet Killboard - Anthony 'kugutsumen' Zboralski

This is a new tool which gives  attackers the ability to discover
interesting relationships between seemingly unrelated hosts and
companies and to pull vulnerable hosts for a specific domain, company or
(Continue reading)

Permalink | Reply | 0 comments |
headers
Praburaajan Selvarajan | 14 Mar 01:45

HITB2009 - Dubai: Conference Agenda & Noteworthy Presentations

The agenda for HITBSecConf2009 - Dubai is now online along with details
on both the conference keynote sessions. There are still another 4 more
weeks to grab your seats to the GCC's premier network security event!

Keynote 1 - Philippe Langlois (Founder, Qualys / Intrinsec / TSTF)
"From Hacking, Startups to HackLabs: Global Perspective and New Fields"

Keynote 2 - Mark Curphey (Director CISG, Microsoft Corp)
"Security Cogs and Levers"

Other noteworthy papers:

# Cross Domain Leakiness: Divulging Sensitive Information and Attacking
SSL Sessions - Chris Evans and Billy Rios

# VBootKit 2.0 - Attacking Windows 7 via Boot Sectors - Vipin & Nitin Kumar

# The Reverse Engineering Intermediate Language REIL and its
Applications - Sebastian Porst

# Pickpocketing mWallets: A Guide to Looting Mobile Financial Services -
The Grugq

# Psychotronica: Exposure, Control, and Deceit - Nitesh Dhanjani

# NKill - The Internet Killboard - Anthony 'kugutsumen' Zboralski

This is a new tool which gives  attackers the ability to discover
interesting relationships between seemingly unrelated hosts and
companies and to pull vulnerable hosts for a specific domain, company or
(Continue reading)

Permalink | Reply | 0 comments |
headers
Praburaajan | 20 Jan 23:13

Videos from HITBSecConf2008 - Malaysia released!

The videos from HITBSecConf2008 - Malaysia are now available for download!

Day 1
=====

http://thepiratebay.org/torrent/4654588/HITBSecConf2008_-_Malaysia_Videos___Day_1
	
Keynote Address 1: The Art of Click-Jacking - Jeremiah Grossman
Keynote Address 2: Cyberwar is Bullshit - Marcus Ranum

Presentations:

- Delivering Identity Management 2.0 by Leveraging OPSS
- Bluepilling the Xen Hypervisor
- Pass the Hash Toolkit for Windows
- Internet Explorer 8 - Trustworthy Engineering and Browsing
- Full Process Reconsitution from Memory
- Hacking Internet Kiosks
- Analysis and Visualization of Common Packers
- A Fox in the Hen House - UPnP IGD
- MoocherHunting
- Browser Exploits: A New Model for Browser Security
- Time for a Free Hardware Foundation?
- Mac OS Xploitation
- Hacking a Bird in The Sky 2.0
- How the Leopard Hides His Spots - OS X Anti-Forensics Techniques

Day 2
=====
(Continue reading)

Permalink | Reply | 0 comments |
headers
brad.birch | 26 Nov 19:43

[SJ-JOB] Jr. Security Analyst, Leesburg

---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------
Position:       Jr. Security Analyst
Location:       Leesburg, Virginia, United States
Type:           Permanent F/T

Closing Date:   2008-12-19

Jr/Mid CSIRT Analyst (458)

Applicants selected will be subject to a government security investigation and must meet eligibility
requirements for access to classified information. DOD Secret clearance is required and must be
clearable to Top Secret. 

• Must be willing to work in a 24/7/365 security operations center working either a fixed 10 or 12 hour
shift. Must also be willing to work holidays and at least one weekend day/night per shift. 
• Must have one year experience administering Windows and/or UNIX-based systems and at least five to
six years network security analysis, using intrusion detection systems. 
• Must understand Windows Active Directory and associated services and common vulnerabilities 
• Should have had previous system administration experience with Windows, Unix/Linux systems and
peripherals 
• Must have a strong understanding of TCP/IP networking and at least a basic to mid-level
understanding of routing, switching, routing protocols, VPN concentrators, gateways, and proxies
– previous experience and/or certification in network engineering strongly preferred 
• Should have experience with Security Information Management Tools (ArcSight, netForensics,
e-Security, GuardedNet )– ArcSight experience is strongly preferred
(Continue reading)

Permalink | Reply | 0 comments |
headers
brad.birch | 26 Nov 19:43

[SJ-JOB] Sr. Security Analyst, Leesburg

---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------
Position:       Sr. Security Analyst
Location:       Leesburg, Virginia, United States
Type:           Permanent F/T

Closing Date:   2008-12-19

Sr. CSIRT Analyst (457)

Applicants selected will be subject to a government security investigation and must meet eligibility
requirements for access to classified information. DOD Secret clearance is required and must be
clearable to Top Secret. 

• Must be willing to work in a 24/7/365 security operations center working either a fixed 10 or 12 hour
shift. Must also be willing to work holidays and at least one weekend day/night per shift. 
• Must understand hacker motives, means, and methodologies 
• Must understand common vulnerabilities and exploits of Windows, Linux/Unix systems, and common
applications 
• Must understand Windows Active Directory and associated services and common vulnerabilities 
• Should have had previous system administration experience with Windows, Unix/Linux systems and
peripherals 
• Must have a strong understanding of TCP/IP networking and at least a basic to mid-level
understanding of routing, switching, routing protocols, VPN concentrators, gateways, and proxies
– previous experience and/or certification in network engineering strongly preferred 
• Should have experience with Security Information Management Tools (ArcSight, netForensics,
(Continue reading)

Permalink | Reply | 1 comment |
headers
brad.birch | 26 Nov 19:43

[SJ-JOB] Security Engineer, Colorado Springs

---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------
Position:       Security Engineer
Location:       Colorado Springs, Colorado, United States
Type:           Permanent F/T

Closing Date:   2008-12-19

McAfee Security Engineer (455)

Applicants selected will be subject to a government security investigation and must meet eligibility
requirements for access to classified information. Minimum Secret clearance is required; Top Secret is
preferred. 

Candidates will be working as an extension of the McAfee Worldwide Professional Services team to deploy,
configure, tune, and maintain products such as: ePO, HIPS, IntruShield and more. Assignments will vary
in length and will include anything from installation and deployment support, to security network
engineering/architecture support. 

JOB REQUIREMENTS
---------------------------------------------------
Candidates must have experience administering and configuring McAfee ePO 4.0 and HIPS. Experience with
IntruShield is strongly desired. Additional McAfee product experience is a plus. 

Candidates should have a strong background in systems administration and/or network engineering.
Deployment experience with McAfee or similar product is highly desired.
(Continue reading)

Permalink | Reply | 1 comment |
headers
matthew.towne | 26 Nov 19:43
Gravatar

[SJ-JOB] Forensics Engineer, San Antonio

---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------
Position:       Forensics Engineer
Location:       San Antonio, Texas, United States
Type:           Permanent F/T

Closing Date:   2008-12-25

MacAulay-Brown, Inc (MacB) is a technical and management services company founded in 1979 and
headquartered in Dayton, OH. Operating as woman-owned, small business, MacBs principal areas of
business focus on acquisition management support, SETA support, information warfare, intelligence,
electronic combat systems, C4I systems, and threat exploitation.

Description: 
The individual will work with an exceptional five-person team that provides computer security technical
support to the US Air Force Office of Special Investigations (AFOSI). Primary efforts are to analyze
malicious computer binaries, protect Air Force networks, provide Special Agent training, participate
in incident response, and expand existing computer network operational tools. This candidate will fill
the Malware and/or Reverse Engineer position to: 
1) Conduct Malware binary analysis
2) Generate Malicious documentation reports and brief AFOSI, and
3) Develop small-to-moderately sized software operational tools primarily on the Microsoft platform
and possibly over multiple platform architectures. 
Additionally, individual will answer AFOSI computer-related technical questions, conduct
research/analysis as required, support special agents during active intrusion investigation(s), and
provide feedback to appropriate authorities as needed.
(Continue reading)

Permalink | Reply | 0 comments |
headers
nathan.ollestad | 26 Nov 19:43

[SJ-JOB] Security Consultant, Seattle

---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------
Position:       Security Consultant
Location:       Seattle, Washington, United States
Type:           Permanent F/T

Closing Date:   2008-12-22

**JOB TITLE: Security Project Manager**

"Captured the flag" in the past?  ...these guys are good...very good.  

Our client, a Security Software Consulting company is in need of a Sr. Security Project Manager to step in
and manage a variety of current ongoing projects.   This will transition into managing  a full pipeline of
future projects, with budgets ranging from $40,000-$200,000, as well. You’ll be responsible for
scoping, driving and completing these projects in conjunction with a team of hands on technical
consultants/security engineers.  All of whom will be client facing.  

Due to the nature of this work, additional details will be provided to interested parties
directly…for now: 

The perfect candidate will possess the following skills:

- 5+ years in the Security Software industry
- 3+ years managing projects with minimum budgets of $200,000
(Continue reading)

Permalink | Reply | 0 comments |
headers
mickeymabus | 26 Nov 19:43
Picon
Favicon

[SJ-JOB] Penetration Engineer, Manila

---------------------------------------------------
SECURITYFOCUS JOBS - NEW OPPORTUNITY
---------------------------------------------------

JOB DESCRIPTION
---------------------------------------------------
Position:       Penetration Engineer
Location:       Manila, , Philippines
Type:           Contract

Closing Date:   2008-12-24

We are currently looking for experienced penetration tester.
There is a strong focus on application and operating system security.
The work is based in Manila, with some travel involving consulting and your training.

You will work within a dynamic team of friendly, experienced and qualified professionals.

We will test your technical and communication skills, to make sure you are ready.

JOB REQUIREMENTS
---------------------------------------------------
Technical Skills Matrix
 
Network Security - Vulnerability Assessment & Penetration testing.
Operating Systems Security - Standards, Guidelines, Hardening. Windows, Linux and Unix.
Application Security - Web Applications, Databases, Web Servers.
Risk Management/assessment, Disaster Recovery, Business based security analysis.

Qualifications:
(Continue reading)

Permalink | Reply | 1 comment |

Gmane