HackDig : Dig high-quality web security articles for hacker

BSidesSF CTF wrap-up

Welcome! While this is technically a CTF writeup, like I frequently do, this one is going to be a bit backwards: this is for a CTF I ran, instead of one I played! I've gotta say, it's been a little while since I played in a CTF, but I had a really good time running the BSidesSF CTF! I just wanted to thank the other organizers - in alphabetical order - @bmenr
Publish At:2017-02-23 00:15 | Read:3569 | Comments:0 | Tags:Conferences CTFs

The Top 13 Information Security Conferences of 2017

2017 is finally here. You know what that means: another information security conference season is upon us. We couldn’t be more excited!Just like we did last year, we at The State of Security have assembled a list of the top 13 conferences in information security for 2017. We hope you’ll have the chance to attend at least one of these events this
Publish At:2017-01-11 12:55 | Read:4242 | Comments:0 | Tags:Off Topic Conferences CTF hacking Information Security pente

How to hunt for rare malware

At SAS 2017, on April 1st and 2nd on St. Maarten, Global Director of GReAT Costin Raiu and Principal Security Researchers Vitaly Kamluk and Sergey Mineev will provide YARA training for incident response specialists and malware researchers, who need an effective arsenal for finding malware. During the training, the experts will give participants access to som
Publish At:2017-01-09 21:30 | Read:6212 | Comments:0 | Tags:Blog Events APT Conferences TheSAS2017

Update from the chaos – 33c3 in Hamburg

Every year, the Chaos Communication Congress summons hackers from around the globe, this time again in Hamburg. The four days between Christmas and New year are packed with talks, workshops and events all over the location at the CCH. Large hackerspaces hosts groups and projects from all areas such as lock-picking, art, music, software projects of all kind a
Publish At:2016-12-29 10:37 | Read:3588 | Comments:0 | Tags:Blog Events Conferences Hackers

Black Hat 2016 Summary Part 2.1

A few months ago I had the oportunity to visit this year’s Black Hat in Las Vegas. Due to a few weeks of vacation following the conference here are my delayed 2 cents (part 1) Abusing Bleeding Edge Web Standards For AppSec Glory – Bryant Zadegan & Ryan Lester Slides Bryant and Ryan talked about new web standards which are already implemented in par
Publish At:2016-10-06 15:45 | Read:2251 | Comments:0 | Tags:Conferences Black Hat conferences

Attacking BaseStations @Defcon24

Hello Guys, back from my vacation I’d like to give you some impressions about Defcon 24 and our talk “Attacking BaseStations”. Defcon itself had a couple of great talks but was a very crowded location. Anyhow, we had a couple of great discussions with the people before and after our talk. The talk “Attacking BaseStations” focus
Publish At:2016-09-21 10:20 | Read:2281 | Comments:0 | Tags:Conferences Insecurity Uncategorized 4G Defcon eNB eNodeB LT

BSides LV 2016: Recap

Hey everyone, Just a short recap from my side regarding this year’s BSide in Las Vegas, NV. It was my first time there and I pretty much enjoyed it. After entering the venue on the first con day (Tuesday) I was a little bit shocked, as the staff sent me to the “end of the line just around the corner” – the end being many corners and m
Publish At:2016-09-19 21:45 | Read:1678 | Comments:0 | Tags:Conferences


Today I had to give the pleasure to give a keynote at the SIGS DC Day on the need to evaluate Cloud Service Providers in a way that looks behind (or at least tries to) security whitepapers and certification reports. The slides can be found here. I also particularly enjoyed the following two talks: Sean O’Tool from Swisscom AG covered challenges of an i
Publish At:2016-09-16 20:35 | Read:3121 | Comments:0 | Tags:Conferences cloud

25th USENIX Security Symposium & WOOT Workshop

Last month the annual USENIX Security Symposium with its co-located workshops (WOOT, CSET, FOCI, ASE, and HotSec) was held in Austin, Texas. The program of the conference together with the published papers can be found here and information on the workshops can be found here. The research topics were quite diverse and included subjects such as low-level attac
Publish At:2016-09-13 01:20 | Read:3971 | Comments:0 | Tags:Conferences USENIX WOOT

SnoopCon Guest Day

This year I had the pleasure to join the guest day of BT’s SnoopCon. There were quite a number of interesting talks throughout the day such as Saumil Shah‘s presentation on Stegosploit (as well as his rant about the state of information security) Dr. Grigorios Fragkos‘ talk on airplane security (where he presented some maybe not-so-pleasa
Publish At:2016-07-01 21:50 | Read:3477 | Comments:0 | Tags:Conferences snoopcon

VoLTE Security Analysis, part 2

In our talk IMSEcure – Attacking VoLTE Brian and me presented some theoretical and practical attacks against IP Multimedia Subsystems (IMS). Some of the attacks already have been introduced in a former blogpost and Ahmad continued with a deeper analysis of the Flooding and targeted DoS scenario. But still, there are some open topics I’d like to c
Publish At:2016-06-24 07:20 | Read:3879 | Comments:0 | Tags:Conferences Insecurity LTE VoLTE

Area41 Conference 2016

Last Friday, Brian and I were at the  Area41 Security Conference. The conference is a branch of Defcon conference and is more or less a small conference of the Swiss hacker community. Being in a “rock music club”, the speakers presented on a stage where usually the rock stars are performing – which gives the conference a very special flair
Publish At:2016-06-18 23:35 | Read:2795 | Comments:0 | Tags:Conferences Area41 Badge conferences LTE VoLTE

New Methods for Exploiting ORM Injections in Java Applications (HITB16)

The HITBSecConf or “Hack In The Box” in Amsterdam is a well known security conference in Europe. We also attended this year too, and there were quite some interesting talks at the HITBSecConf16 conference. One of the talks was about “New Methods for Exploiting ORM Injections in Java Applications” by the security researchers Mikhail Eg
Publish At:2016-06-02 23:25 | Read:3546 | Comments:0 | Tags:Conferences conference hacking HITB web application exploit

Telescope – Peering Into the Depths of TLS Traffc in Real-Time (HITB16)

Last week we have visited the HITBSecConf16 – conference in Amsterdam. There were many interesting talks, and in this post I am going to tell you about a talk held by Radu Caragea – “Telescope: Peering Into the Depths of TLS Traffic in Real-Time”. While performing a dynamic malware analysis one often needs to analyze network traffic
Publish At:2016-05-30 22:25 | Read:3403 | Comments:0 | Tags:Conferences HITB talks

The Beauty of IPv6 Link-Local Addressing. Not

In November 2014, after quite some controversy in the IETF OPSEC working group (for those interested look at the archives), the Informational RFC 7404 “Using Only Link-Local Addressing inside an IPv6 Network” was published. It is authored by Michael Behringer and Eric Vyncke and discusses the advantages & disadvantages of an approach using &#
Publish At:2016-05-28 15:40 | Read:4262 | Comments:0 | Tags:Conferences ERNW Security IPv6 RIPE


Share high-quality web security related articles with you:)


Tag Cloud