Announcements & Shameless Plugs
PaulDotCom Security Weekly - Episode 268 for Thursday December 1st, 2011.
- Check out our new shows: Hack Naked TV with John Strand, Hack Naked At Night with Larry and Darren, PaulDotCom Espanol with Carlos Perez, and our only non-computer security related show dedicated to Cigar Enthusiasts Stogie Geeks with Paul Asadoorian and Tim "BugBear" Mugherini.
- Larry is teaching SEC580 Metasploit Kung Fu for Enterprise Pen Testing in San Antonio, TX December 4-5. Want 10% off of every class in San Antonio? Use the discount code Larry-SA10.
- Don't forget to Read our blog, Participate on our mailing list, Visit PaulDotCom Insider, Follow us on Twitter, Join the IRC channel at irc.freenode.net #pauldotcom, Watch our Videos and Add us on Facebook where we can be "friends"
- BSides, BSides, BSides everywhere
Guest Interview: Scott Moulton
6:00 PM EDT
Scott Moulton is known both for his trademark 'Forensic Unit' hat and his unholy knack for finding new data recovery techniques the other experts don't want you to know. Scott is owner of My Hard Drive Died.com and fills his days recovering data from all kinds of storage devices, testifying in court, and teaching others to do data recovery.
- What are some of the forensic challenges with SSD drives?
- Give us ten things we didnt know about our hard drives
- Tell us about your recent SkydogCon talk about SHA1 Hashes.
- Are you surprised by Wired's findings on cell phone provider retention periods?
Special Guest Tech Segment: Ariel Waissbein, Anibal Sacco and Matias Eissler talk OS X sandbox
Ariel, Anibal and Matias are respectively, Director, Senior Exploit Writer, and Senior Developers at CoreLabs, the research center of Core Security. They're joining us from the Lab's headquarters in Buenos Aires, Argentina. While their research focus is in attack technologies for workstations, servers and web applications, they are on tonight to discuss their recent research on Predefined Profiles Bypass for the OS X Sandbox.
Matias Eissler is a Sr. Developer at Core Security. He has been working on the fields of information gathering, attack planning, file infection and client-side capabilities. Lately he has joined the Exploit Writing Team where he contributes with exploit effectiveness and reliability.
Ariel Waissbein is the head of CoreLabs, the company's research and development center. As such, he is responsible for all day-to-day research and publishing activities as well as driving and protecting the Core's intelectual property. Lately, he co-lead the team that devised Core CloudInspect an automated pentesting service run from and targeting Amazon Web Services. Waissbein holds an undergraduate degree in Mathematics from Buenos Aires Univerity and is a Ph.D candidate in this same university. Prior to joining Core he started his carreer in research in the academia, within the realm of geometric elimination and computational number theory.
We host a lot of information in Core's Research website: http://corelabs.coresecurity.com/
Anibal Sacco is a Sr Exploit Writer and Reverse Engineer at CORE Security Technologies.He has been researching vulnerabilities and developing exploits for Windows, OS X and Linux for 6 years. Focusing first in windows kernel-mode vulnerabilities and rootkit development, and lately in OSX vulnerabilities.
He is currently in charge of the OS X exploits area and as researcher, he has talked in some of the most important security conferences like Black Hat, CanSecWest, SyScan and Ekoparty. He also published several advisories addressing different vulnerabilities. More information can be found at: http://corelabs.coresecurity.com/
His main interests are: Reverse engineering, vulnerability research, network security, malware analysis, fuzzing and embbeded devices.
- Why do you consider digital forensics tougher than other forensics fields?
- What's "Shotgun Forensics" and "Sniper Forensics"?
- What are the Guiding Principles for Sniper Forensics?
- Bring us thru Timeline Analysis - what it is and why its important.
- How have attackers changed with respect to memory dumping and other operations?
- Tell us what 3 things all malware must do.
- What are some good tips for malware that's packed or obfuscated?
- Nick indicated there were some interesting cases you were working on. Please share!