HackDig : Dig high-quality web security articles for hacker

Where 2 worlds collide: Bringing Mimikatz et al to UNIX

Presentation on Active Directory integration solutions for UNIX (as given at Black Hat Europe 2018). Over the past fifteen years there’s been an uptick in “interesting” UNIX infrastructures being integrated into customers’ existing AD forests. Whilst the threat models enabled by this should be quite familiar to anyone securing a heter
Publish At:2019-09-19 17:35 | Read:204 | Comments:0 | Tags:Presentations analysis auditing Black Hat Europe blue team c

An offensive introduction to Active Directory on UNIX

By way of an introduction to our talk at Black Hat Europe, Security Advisory EMEAR would like to share the background on our recent research into some common Active Directory integration solutions. Just as with Windows, these solutions can be utilized to join UNIX infrastructure to enterprises’ Active Directory forests. Background to Active Directory i
Publish At:2019-09-19 17:35 | Read:261 | Comments:0 | Tags:Blog analysis auditing Black Hat Europe blue team conference

Discover the secrets of the SOC

Presentation on building effective SOCs (as given at InfoSec Europe 2019 on the interactive workshop track). Simon Crocker, Cisco’s EMEAR lead for SOC Advisory looks at what goes into making a SOC work effectively. This talk discusses the core SOC requirements around monitoring and incident response function, but also touches on some of the other serv
Publish At:2019-09-19 17:35 | Read:136 | Comments:0 | Tags:Presentations blue team C-Suite conference InfoSec Europe SO

Is that really you? The importance of identity in breach response and recovery

Presentation on Zero Trust and the importance of identity in breach response and recovery (as given at InfoSec Europe 2019 on the tech talk track). Richard Dean, Cisco’s EMEAR Head Of Security Advisory Services looks at Cisco’s approach to zero trust. This talk discusses the need to monitoring your users’ access and privileges and how securing t
Publish At:2019-09-19 17:35 | Read:197 | Comments:0 | Tags:Presentations blue team C-Suite conference incident response

So you want to build a SOC: Lessons from the front line

Presentation on building an effective operational security capability (as given at Cisco Live US/Talos Threat Research Summit 2019). This talk will not help you build a SOC in only 60 minutes, but it will help you build a functional security operation over time. Building a SOC can be daunting. This talk will look at how to pick your fights and the key battle
Publish At:2019-09-19 17:35 | Read:76 | Comments:0 | Tags:Presentations blue team conference SOC TTRS

Security Engineering – A manifesto for defensive security

Presentation on the need to re-examine how we engineer systems (taking service providers as an example) and the implications on how we quantify cyber risk if we want to take this message into the board room (as given at BT’s SnoopCon 2019 and Cisco’s June 2019 Knowledge Network webinar for service providers). Having delivered security consultancy
Publish At:2019-09-19 17:35 | Read:168 | Comments:0 | Tags:Presentations C-Suite conference CRQ cyber risk quantificati

SSTIC 2017 wrap-up

This year, one member of the Portcullis team went to one of the biggest security events in France: SSTIC (Symposium sur la sécurité des technologies de l’information et des communications). This post will highlight the most interesting presentations. Many of the slides, articles and videos are available on the SSTIC website, but they are mostly in Fren
Publish At:2017-10-27 17:20 | Read:3461 | Comments:0 | Tags:Blog analysis conference SSTIC

BruCON Network 0x09 Wrap-Up

BruCON 0x09 is over! It’s time to have a look at the data captured during the last Thursday and Friday. As the previous years, the setup was almost the same: An Internet pipe with a bunch of access-points, everything interconnected through a pfSense firewall. The guest network (dedicated to attendees) traffic is captured and processed by a SecurityOnio
Publish At:2017-10-21 19:40 | Read:2703 | Comments:0 | Tags:Event BruCON Conference Wrap-up

Hack.lu 2017 Wrap-Up Day 1

Hack.lu is ongoing in Luxembourg, already the thirteen edition! I arrived yesterday to attend a pre-conference event: the MISP summit. Today the regular talks were scheduled. It seems that more attendees joined this edition. The number of talks scheduled is impressive this year: 11 talks today and 12 talks on Wednesday and Thursday… Here is my wrap-up of the
Publish At:2017-10-21 19:40 | Read:2235 | Comments:0 | Tags:Event Conference hack.lu Wrap-up

Hack.lu 2017 Wrap-Up Day 2

As said yesterday, the second day started very (too?) early… The winner of the first slot was Aaron Zauner who talked about pseudo-random numbers generators. The complete title of the talk was “Because ‘User Random’ isn’t everything: a deep dive into CSPRGNs in Operating Systems & Programming Languages”. He started with an overview of random numbers gene
Publish At:2017-10-21 19:40 | Read:2102 | Comments:0 | Tags:Event Conference hack.lu Wrap-up

Hack.lu 2017 Wrap-Up Day 3

Hack.lu is already over and I’m currently waiting for my connecting flight in Munich, that’s the perfect opportunity to write my wrap-up. This one is shorter because I had to leave early to catch my flight to Hacktivity and I missed some talks scheduled in the afternoon. Thank Lufthansa for rebooking my flight so early in the afternoon… Any
Publish At:2017-10-21 19:40 | Read:2501 | Comments:0 | Tags:Event Conference hack.lu Wrap-up

FSEC 2017 Wrap-Up Day #2

Here we go with a quick wrap-up of the second day. It started smoothly around 09:00 and was dedicated to more technical talks. After some refill of coffee, I was ready to follow all talks presented in the main track. It started with LiveOverflow who presented “Play CTF“. CTF games (“Capture The Flag”) are present on the schedule of many infosec conferences 
Publish At:2017-09-08 19:05 | Read:27307 | Comments:0 | Tags:Event Security Conference Croatia FSEC

FSEC 2017 Wrap-Up Day #1

There are more and more infosec events worldwide and it’s always nice to attend new events and meet new people. This time, it is the case with FSEC. First visit to this security conference organized in Varazdin, Croatia. I had the honor to be invited as a speaker. This is already the seventh edition. FSEC was born thanks to the initiative of Tonimir Ki
Publish At:2017-09-08 00:20 | Read:2734 | Comments:0 | Tags:Event Security Conference Croatia FSEC

SSTIC 2017 Wrap-Up Day #2

Here is my wrap-up for the second day. From my point of view, the morning sessions were quite hard with a lot of papers based on hardware research. Anaïs Gantet started with “CrashOS : recherche de vulnérabilités système dans les hyperviseurs”. The motivations behind this research are multiple: virtualization of computers is everywhere today, not only on ser
Publish At:2017-06-09 19:35 | Read:2465 | Comments:0 | Tags:Event Security Conference Rennes SSTIC

SSTIC 2017 Wrap-Up Day #3

Here is my wrap-up for the last day. Hopefully, after the yesterday’s social event, the organisers had the good idea to start later… The first set of talks was dedicated to presentation tools. The first slot was assigned to Florian Maury, Sébastien Mainand: “Réutilisez vos scripts d’audit avec PacketWeaver”. When you are performed audit, the same tasks are a
Publish At:2017-06-09 19:35 | Read:2950 | Comments:0 | Tags:Event Security Conference Rennes SSTIC

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud