Conferences
HITB08 Slides available..
Slides from the latest Hack in the Box conference [are available] [SensePost slides are listed as owing / not there yet] SensePosters can grab a local copy [here]
OWASP NYC Talks Posted..
The full videos from the OWASP NYC Conf have been posted. At least one BlackHat re-run, but some look well worth the watching.. Most people can grab the videos and slide decks [here], SensePost’ers (except for those actually currently living in NY) can grab selected talks locally [here]
BlackHat/DefCon 2008 – Tool Release(s)
Hey guys.. Our BlackHat/Defcon talk this year featured a few tools that we promised to release.. The first tool, or set of tools is reDuh which can be found [here]. reDuh is made up of 2 parts, a local proxy and a server component (which is jsp, php or asp). If you run the local proxy on your machine while pointing it to the server component, you are able to…
BlackHat / DefCon 2008….
Hey guys.. Most of our BlackHat/Defcon team has arrived back home in one piece.. I landed with a fever and a lost voice (but to be honest i already caught something while in Vegas!) We will post some post-Vegas thoughts as soon as the dust settles, but i also promised: The slides from our talk The tools we released… A link to the slides is here: [Pushing a Camel through…
DefCon 16 – Hmm.. 2 of these talks seem familiar…
Some of the DC16 speaker summaries have been posted, and these 2 caught my eye: and Both descriptions seem pretty much spot on with what we did in our DefCon talk last year.. hmm.. wonder if its new twists on it, or a little more of the same? /mh
2 Winning quotes..
from the SourceBoston videos i blogged about: Dr Geer never dissapoints, and kicked it off with the 4 rules on his office wall: Work like hell, Share all you know, Abide by your handshake, Have fun. If he mentioned anything about foosball or pool.. i woulda sworn blind he was talking about SensePost! The 2nd quote that was awesome, (during the interview with the l0pht members) was from Dildog.. ex-l0pht,…
2 reasons to visit sourceboston.com (and 2 reasons to rejoice!)
SourceBoston completed its first conference earlier this month, and some of the slide decks and videos are up.. While the image of the young hax0rs indeed brings back fond memories of surfing blackcrawlarch and trying in vain to get mosaic chat to work in the lounge, it isnt one of the 2 reasons to rejoice.. The chance to watch Dr. Dan Geers talk (Dr Geer is one of those people…
RE: Sensepost at Cebit 2008
“SensePost have once again been invited to join the South African Department of Trade and Industry at Cebit, as one of 10 SA companies, to exhibit on their pavilion. Visitors to this show range in the region of 500,000 and approximately 5700 exhibitors fill the 27 Halls. Cebit is the biggest information and technology show in Europe and attracts exhibitors and visitors from all over the world.”
HBN Bootcamp @ Black Hat
Black Hat DC this year is supposed to be “a different kind of Black Hat”. There are four tracks over the two days with a special emphasis on wireless and speakers include Chris Wysopal, FX from Phenoelit, Job de Haas, and Adam Laurie. The smaller shows are always good fun and good value for money and DC this year promises to have an excellent line-up of speakers. As usual training…
Rob Auger from OWASP/WASC/CGiSecurity on Timing..
Rob had a rant on his site on the timing attack, with a CSRF twist.. We met him after our Vegas talk, but im not really sure how his attack differs from our published one.. my on-list response: -snip- From: haroon meer To: bugtraq@cgisecurity.net Cc: websecurity@webappsec.org Subject: Re: [WEB SECURITY] Performing Distributed Brute Forcing of CSRF vulnerable login pages Hi Robert.. Thanks for the kind words on the talk.. If…