HITB2014AMS – Day 2 – Keynote 4: Hack It Forward
Good morning Amsterdam, good morning readers, welcome to the second day of the Hack In The Box conference. The speaker for the first keynote didn’t show up, so we’ll jump right into the next keynote. Jennifer starts her keynote by explaining that she’s fortunate to be able to travel to a lot of conferences and […]
HITB2014AMS – Interview with Katie Moussouris
Hi all, I had the pleasure to meet with Katie Moussouris after her keynote at Hack In The Box. After the announcement that she has left Microsoft and now serves as Chief Policy Offer (CPO) at HackerOne. I wanted to ask her 2 questions about this new step in her carreer: Peter: Why HackerOne? Katie: […]
HITB2014AMS – Day 1 – Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing
Vulnerability Hunting Active security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property. It applies to all kinds of vulnerabilities, not just limited to buffer overflows or memory corruption bugs. Blackbox and whitebox/greybox testing (both static and dynamic) are ways to perform […]
HITB2014AMS – Day 1 – Keynote 1: Security at the End of the Universe
Good morning friends, welcome to Hack In The Box 2014, hosted at “De Beurs van Berlage” in the beautiful city of Amsterdam. This year’s edition starts with a keynote by Katie Moussouris, previous lead at Microsoft Security Response Center (MSRC) and now the brand new Chief Policy Officer at HackerOne. Katie starts the keynote by […]
BlackHatEU2013 – Day2 – Who’s really attacking your ICS devices ?
Kyle Wilhoit, Threat researcher at Trend Micro, explains that he will provide an overview of ICS systems before looking at some interesting attacks at ICS systems. Concerns/Overview of ICS Security and Typical deployments ICS devices are used in production of virtually anything. They are used in water/gas/energy/automobile/manufacturing, etc. They are notoriously insecure in many ways. Software […]
BlackHatEU2013 – Day 1 – To dock or not to dock
Time flies ! After hanging out with @repmovsb and @botherder, it’s time for the last talk of the day. In the “To dock or not to dock, that is the question” talk, Andy Davis, research director at NCC Group shares his research around using laptop docking stations as hardware-based attack platforms. Why docking stations as […]
Corelan T-Shirt contest – Derbycon 2012
If you didn’t register your ticket for the Corelan Live Exploit Development training at Derbycon 2012, then there is bad news for you… We’re sold out. Not all is lost though. For the second year in a row, Corelan Team is giving away one free ticket to the Corelan Live training at Derbycon 2012, which […]
HITB2012AMS Day 1 – Window Shopping
Window Shopping: Browser Bugs Hunting in 2012 In the last talk of Day 1, Roberto Suggi Liverani and Scott Bell (not present during the presentation), security consultants at Security-Assessment.com, will share the results of some intensive browser bug hunting research, and will drop 5 0days. Roberto starts by apologizing about the fact that Scott was not […]
Reversing 101 – Solving a protection scheme
In this post, we’ll look at an application reversing challenge from HTS (hackthissite.org) resembling a real-life protection scheme.
Put simple, the program creates a key for your username, and compares it to the one you enter.
The goal of the HTS challenge is to create a key generator, but I just want to demonstrate how to retrieve the password.
Continue reading
DLL Hijacking (KB 2269637) – the unofficial list
This page hosts an unofficial list of applications that are said to be vulnerable to the dll hijacking flaw (or feature or whatever you want to call it). Note that I did not test these applications myself. If you have found other applications to be vulnerable and want to add them to the list, send […]
Donate
Your donation will help funding server hosting.
