Difference between revisions of "Episode254"

From Paul's Security Weekly
Jump to: navigation, search
(Guest Tech SegmentCon: A Special Night with Trustwave's SpiderLabs!)
(Announcements)
Line 13: Line 13:
 
* [http://www.sans.org/new-york-2011-cs-2/description.php?tid=4467 SANS 617 - Wireless Ethical Hacking, Penetration Testing, and Defenses ] with Larry in the salsa capital of the world: NYC on August 22nd - 27th.  
 
* [http://www.sans.org/new-york-2011-cs-2/description.php?tid=4467 SANS 617 - Wireless Ethical Hacking, Penetration Testing, and Defenses ] with Larry in the salsa capital of the world: NYC on August 22nd - 27th.  
 
* Jack wants us to pimp [http://www.secburnout.org Sec Burn Out]
 
* Jack wants us to pimp [http://www.secburnout.org Sec Burn Out]
* Don't forget to [http://pauldotcom.com/ Read our blog], [http://mail.pauldotcom.com/listinfo Participate on our mailing list], [http://pauldotcom.com/insider/ Visit PaulDotCom Insider], [http://twitter.com/pauldotcom Follow us on Twitter], [irc://irc.freenode.net/pauldotcom Join the IRC channel at irc.freenode.net #pauldotcom], and [http://pauldotcom.blip.tv Watch our Videos]!
+
* Don't forget to [http://pauldotcom.com/ Read our blog], [http://mail.pauldotcom.com/listinfo Participate on our mailing list], [http://pauldotcom.com/insider/ Visit PaulDotCom Insider], [http://twitter.com/pauldotcom Follow us on Twitter], [irc://irc.freenode.net/pauldotcom Join the IRC channel at irc.freenode.net #pauldotcom], [http://pauldotcom.blip.tv Watch our Videos] and [http://www.facebook.com/therealpauldotcom Add us on Facebook] where we can be "friends"
** You can [http://www.facebook.com/therealpauldotcom Add us on Facebook] where we can be "friends"
+
  
 
= Guest Tech Segment Mini-Marathon: A Special Night with Trustwave's SpiderLabs!=
 
= Guest Tech Segment Mini-Marathon: A Special Night with Trustwave's SpiderLabs!=

Revision as of 16:00, 11 August 2011

Palo Alto Networks
Tenable Network Security
The SANS Institute
Pwnie Express
Black Hills Information Security
BlackSquirrel
Onapsis


Announcements

PaulDotCom Security Weekly - Episode 254 for Thursday August 11th, 2011.

  • Los episodios de PaulDotCom Espanol con Julio Canto, Lorenzo Martinez, Chema Alonso, Ruben Santamarta y Raul Siles esta disponible aqui.

Guest Tech Segment Mini-Marathon: A Special Night with Trustwave's SpiderLabs!

Amazingly True Stories of Real Penetration Tests with Rob Havelt & Wendel Henrique

7:30 PM EDT / 6:30 p.m. CST

Rob Havelt, director of penetration testing, and Wendel Henrique, security consultant, will present Earth vs. The Giant Spider: Amazingly True Stories of Real Penetration Tests.

Rob is Director of SpiderLabs' Penetration Testing Practice, where he oversees all aspects of network and infrastructure security testing and wireless network testing. Formerly a bourbon-fueled absurdist, raconteur, and man about town, Rob is currently a sardonic workaholic occasionally seeking meaning in the finer things in life — Rob is, and will always be, a career hacker.

Wendel is a consultant for pen testing at Trustwave, where he has discovered vulnerabilities across a diverse set of technologies including webmail systems, wireless access points, remote access systems, web application firewalls, IP cameras, and IP telephony applications.

  1. The unique opportunity to see real, interesting, uncommon and some non- trivial attacks that can't be found by automated tools.
  2. Culled from the more than 2300 penetration tests delivered last year by SpiderLabs - only the coolest and freakiest were selected to present at DEFCON 19.
  3. By the end of this presentation, they hope to have the you thinking about systems and applications that organizations use every day, and how they may be used against them.

The attacks are:

  • Do you want Fries with that Hack?
  • One PBX Will Rule Them All Hack.
  • The Inside-Out VPN Hack.
  • The Island Nation and Port 0 Hack.
  • The Caucasian-Asian Love Hack.
  • In Soviet Russia Hackers Monitor You Hack.
  • Oracle and The New Tool Hack

Traps of Gold by Andrew Wilson & Michael Brooks

Traps of Gold is a study which examines the offenses and defenses of web application security and introduces "maneuverability" - a new strategy for fighting back.

8PM EDT / 7:00 p.m. CST

Andrew specializes in application security assessment, penetration testing, threat modeling and secure development life cycle. Andrew is active as a leader of the Phoenix OWASP and is a Microsoft MVP in Windows Azure. He is not a Cabal member.

Michael works for SiteWatch, where he composes exploit code, which he considers a challenging and privileged art form. Michael is on PaulDotCom because he believes secure software is a luxury that should be shared. He's also in the April - June 2011 edition of the Google Security Hall of Fame.

TrapsofGold.jpg

Speaking with Cryptographic Oracles by Dan Crowley

Speaking with Cryptographic Oracles is a discussion of methods for finding and exploiting encryption, decryption, and padding oracles from a black box perspective.

Dan is an Application Security Consultant for Trustwave's SpiderLabs and is particularly focused on vulnerabilities caused by a failure to account for little known or even undocumented properties of the platforms on which applications run. He especially enjoys playing around with Web based technologies and rock climbing, has been known to be a unicorn Furnace, and makes a mean chili quite worthy of a PaulDotCom post-exploitation towel.

  1. What is an Oracle?
  2. How can people really bad at math translate cihpertext into plaintext?
  3. How can this help us evade detection and prevention of web app attacks?

Steve Holden, DefCon wrap-up

Steve is a senior systems engineer for a U.S. Navy R&D organization in San Diego. His key research focus areas include: information technology systems, enterprise computing, computer network security, and project management. Steve is on to give us a wrap-up of DefCon 19.

Stories For Discussion

Larry's Stories

Paul's Stories