IT Security and Hacking knowledge base

Time is on my Side

Sebastian Schinzel

March 18, 2012

Time is on my Side

Sebastian Schinzel

March 17, 2012

Time is on my Side

Sebastian Schinzel

March 16, 2012

Hacking MFPs

Andrei Costin

March 16, 2012

Hacking MFPs

Andrei Costin

February 26, 2012

A Linguistic Platform for Threat Development

Ben Kurtz

DEFCON 13

February 25, 2012

A Linguistic Platform for Threat Development

Ben Kurtz

DEFCON 13

February 04, 2012

New Ways I'm Going to Hack Your Web App

Jesse Ou Rich Lundeen

Black Hat Abu Dhabi 2011

February 04, 2012

New Ways I'm Going to Hack Your Web App

Jesse Ou Rich Lundeen

Black Hat Abu Dhabi 2011

January 30, 2012

Exposing Vulnerabilities in Media Software

David Thiel

January 30, 2012

Exposing Vulnerabilities in Media Software

David Thiel

January 28, 2012

0-Day Patch -Exposing Vendors (In)Security Performance

Bernard Tellenbach Stefan Frei

January 27, 2012

0-Day Patch -Exposing Vendors (In)Security Performance

Bernard Tellenbach Stefan Frei

January 19, 2012

Attacking with Character Encoding for Profit and Fun

Yosuke Hasegawa

Black Hat Asia 2008

January 17, 2012

Angel Recon System (ARS) Prototype: Heuristic Vulnerability Analysis and Attack

Drew Copley

Black Hat Federal 2006

January 15, 2012

Skeletons in Microsoft's Closet - Silently Fixed Vulnerabilities

Andre Protas Steve Manzuik

Black Hat EU 2006

January 12, 2012

Attacking Internationalized Software

Scott Stender

Black Hat USA 2006

January 01, 2012

Attacking Internationalized Software

Scott Stender

Black Hat Asia 2006

December 31, 2011

Automatically Detecting Web Application Vulnerabilities by Variable Flow Reconstruction

Stefano Zanero

Black Hat EU 2005

December 25, 2011

Injection Flaws: Stop Validating Your Input

Mike Pomraning

Black Hat USA 2005

December 23, 2011

Top Ten Issues in Computer Security

Jennifer Granick

Black Hat USA 2005

December 18, 2011

Architecture Flaws in Common Security Tools

David Maynor

Black Hat Asia 2005

November 21, 2011

The Politics of Vulnerabilities

Scott Blake

Black Hat USA 2002

October 29, 2011

Politics of Vulnerability Reporting

Scott Blake

Black Hat EU 2001

October 27, 2011

National Information Assurance Partnership

Terry Losonsky

Black Hat USA 2000

October 11, 2011

Adversary Characterization and Scoring Systems

Black Hat USA 2003

October 08, 2011

More (Vulnerable) Embedded Systems

Felix 'FX' Lindner

Black Hat USA 2003

October 06, 2011

Cisco Vulnerabilities - Yesterday, Today and Tomorrow

Felix 'FX' Lindner

Black Hat Federal 2003

October 05, 2011

Adversary Characterization and Scoring Systems

Tom Parker

Black Hat Federal 2003

September 27, 2011

Finger Pointing for Fun, Profit and War?

Tom Parker

Black Hat USA 2010

July 31, 2011

Being Explicit about Software Weaknesses

Robert A. Martin Sean Barnum Steve Christey

July 31, 2011

Being Explicit about Software Weaknesses

Robert A. Martin Sean Barnum Steve Christey

July 27, 2011

Attack Patterns: Knowing Your Enemies in Order to Defeat Them

Sean Barnum

July 27, 2011

Attack Patterns: Knowing Your Enemies in Order to Defeat Them

Sean Barnum

July 16, 2011

Challenging Malicious Inputs with Fault Tolerance Techniques

Bruno Luiz

Black Hat EU 2007

July 16, 2011

Challenging Malicious Inputs with Fault Tolerance Techniques

Bruno Luiz

Black Hat EU 2007

June 08, 2011

Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage

Jeff Morin

June 08, 2011

Type Conversion Errors: How a Little Data Type Can Do a Whole Lot of Damage

Jeff Morin

April 27, 2011

Unforgivable Vulnerabilities

Steve Christey

April 27, 2011

Unforgivable Vulnerabilities

Steve Christey

January 27, 2011

Bad Memories

Baptiste Gourdin Elie Bursztein Gustav Rydstedt

DEFCON 18

January 27, 2011

Bad Memories

Baptiste Gourdin Elie Bursztein Gustav Rydstedt

DEFCON 18

December 24, 2010

Padding Oracle for the Masses

Nicolas Waisman

December 23, 2010

Killing the Elephant in the Room - Enterprise Vulnerability Management Tactics

December 22, 2010

Breaking Virtualization by switching the CPU to Virtual 8086 Mode

Jonathan Brossard

December 21, 2010

Milking a Horse or Executing Remote Code in Modern Java Web Frameworks

Meder Kydyraliev

December 06, 2010

400 Apps in 40 Days

Nish Bhalla Sahba Kazerooni

December 06, 2010

400 Apps in 40 Days

Nish Bhalla Sahba Kazerooni

December 06, 2010

How Many Vulnerabilities? And Other Wrong Questions

David Mortman

December 06, 2010

How Many Vulnerabilities? And Other Wrong Questions

David Mortman

November 23, 2010

Keynote: Involuntary Case Studies in Data Security

Mike Rothman

November 23, 2010

Keynote: Involuntary Case Studies in Data Security

Mike Rothman

November 19, 2010

Introduction to Vulnerability Analysis

PhreakNIC 11

October 31, 2010

Responsible Disclosure

Michael Kemp

LayerOne 2007

October 31, 2010

Responsible Disclosure

Michael Kemp

LayerOne 2007

October 22, 2010

Static Analysis Tool Exposition (SATE 2010) Workshop

Choosing SATE Test Cases Based on CVEs

Sue Wang

October 21, 2010

Static Analysis Tool Exposition (SATE 2010) Workshop

Bugs that Matter - Static Analysis True Positives and False Negatives

Paul Anderson

October 20, 2010

Hack In The Box 2010 Malaysia

Can you trust your workers?

Paul Theriault

October 19, 2010

Hack In The Box 2010 Malaysia

iPhone security model & vulnerabilities

Cedric Halbronn Jean Sigwald

October 07, 2010

Case study of recent Windows vulnerabilities

Gynvael Coldwind Mateusz Jurczyk

October 07, 2010

Case study of recent Windows vulnerabilities

Gynvael Coldwind Mateusz Jurczyk

October 07, 2010

Case study of recent Windows vulnerabilities

Gynvael Coldwind Mateusz Jurczyk

October 07, 2010

Well known vulnerabilities in human brain and behavior – common admin mistakes

Wojciech Bojdol

October 07, 2010

Analysis of Software Vulnerabilities

Celil Ünüver Ulascan Aytlolun

October 07, 2010

Analysis of Software Vulnerabilities

Celil Ünüver Ulascan Aytlolun

October 07, 2010

Well known vulnerabilities in human brain and behavior – common admin mistakes

Wojciech Bojdol

October 07, 2010

Well known vulnerabilities in human brain and behavior – common admin mistakes

Wojciech Bojdol

October 04, 2010

Hack In The Box 2010 Dubai

Case Study of Recent Windows Vulnerabilities

Gynvael Coldwind Mateusz Jurczyk

August 30, 2010

One Cell is Enough to Break Tor's Anonymity

Xinwen Fu

August 30, 2010

One Cell is Enough to Break Tor's Anonymity

Xinwen Fu

August 30, 2010

One Cell is Enough to Break Tor's Anonymity

Xinwen Fu

August 18, 2010

Blinded by Flash: Widespread Security Risks Flash Developers Don't See

Prajakta Jagdale

June 24, 2010

Predictable RNG in the Vulnerable Debian OpenSSL package, the What and the How

Luciano Bello Maximiliano Bertacchini

Black Hat USA 2008

June 24, 2010

Predictable RNG in the Vulnerable Debian OpenSSL package, the What and the How

Luciano Bello Maximiliano Bertacchini

Black Hat USA 2008

June 22, 2010

Hiding in the Familiar: Steganography and Vulnerabilities in Popular Archives Formats

Mario Vuksan Tomislav Pericin Brian Karney

Black Hat EU 2010

June 22, 2010

Hiding in the Familiar: Steganography and Vulnerabilities in Popular Archives Formats

Mario Vuksan Tomislav Pericin Brian Karney

Black Hat EU 2010

June 04, 2010

Why the Google Aurora Attack Will Happen Again. How to Analyze your Defenses and Stay Out of the Headlines

Vikram Phatak

June 02, 2010

Bullseye on Your Back - Life on the Adobe Product Incident Response Team

Wendy Poland David Lenoe

June 02, 2010

Linux Kernel Exploitation: Earning Its Pwnie a Vuln at a Time: Earning Its Pwnie a Vuln at a Time

Jon Oberheide

May 31, 2010

Panel: Vulnerability Management

May 27, 2010

Drinking from the Firehose: Ten Years of Vulnerabilities through the CVE Lens

Steve Christey

April 24, 2010

The security risks of Web 2.0

David Rook

April 24, 2010

The security risks of Web 2.0

David Rook

April 24, 2010

The security risks of Web 2.0

David Rook

April 24, 2010

0-day, gh0stnet and the inside story of the Adobe JBIG2 vulnerability

Matt Richard Steven Adair

April 24, 2010

0-day, gh0stnet and the inside story of the Adobe JBIG2 vulnerability

Matt Richard Steven Adair

April 09, 2010

Clobbering the Cloud

Haroon Meer Marco Slaviero Nicholas Arvanitis

April 09, 2010

Clobbering the Cloud

Haroon Meer Marco Slaviero Nicholas Arvanitis

April 09, 2010

Clobbering the Cloud

Haroon Meer Marco Slaviero Nicholas Arvanitis

April 08, 2010

More Tricks For Defeating SSL

Moxie Marlinspike

April 07, 2010

More Tricks For Defeating SSL

Moxie Marlinspike

March 27, 2010

Attacks Against 2wire Residential Gateways

Pedro Joaquin

March 27, 2010

Attacks Against 2wire Residential Gateways

Pedro Joaquin

March 27, 2010

Attacks Against 2wire Residential Gateways

Pedro Joaquin

February 19, 2010

Vulnerabilities in FreeBSD Kernel

Przemysław Frasunek

Confidence 2009 Warszawa

January 30, 2010

Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication

Steven J. Murdoch Ross Anderson

January 04, 2010

Owning the Linksys wrtp54g VOIP Router

Arias Hung

January 04, 2010

Owning the Linksys wrtp54g VOIP Router

Arias Hung

January 01, 2010

Revealing the Secrets: Source Code Disclosure, Techniques and Impacts

Anant Kochar

ClubHack2009

December 25, 2009

Ripples in the Gene Pool: Creating Genetic Mutations to Survive the Vulerability Window

Chris Eagle

December 25, 2009

Ripples in the Gene Pool: Creating Genetic Mutations to Survive the Vulerability Window

Chris Eagle

December 24, 2009

Ripples in the Gene Pool: Creating Genetic Mutations to Survive the Vulerability Window

Chris Eagle

December 20, 2009

Improving Application Security with Data Flow Assertions

December 14, 2009

Breaking Forensics Software: Weaknesses in Critical Evidence Collection

Chris Palmer Alex Stamos

December 14, 2009

OpenBSD remote Exploit and another IPv6 vulnerabilities

Alfredo Ortega

December 05, 2009

Kernel Wars

November 27, 2009

Discovering Mac OS X Weaknesses and Fixing Them with the New Bastille OS X Port

Jay Beale

November 27, 2009

Discovering Mac OS X Weaknesses and Fixing Them with the New Bastille OS X Port

Jay Beale

November 27, 2009

Discovering Mac OS X Weaknesses and Fixing Them with the New Bastille OS X Port

Jay Beale

November 19, 2009

Gaming - The Next Overlooked Security Hole

Ferdinand Schober

November 12, 2009

DNS Goodness

Dan Kaminsky

November 12, 2009

DNS Goodness

Dan Kaminsky

November 11, 2009

Race-2-Zero Unpacked

Simon Howard

November 11, 2009

Race-2-Zero Unpacked

Simon Howard

November 07, 2009

de-Tor-iorate Anonymity

Christian Grothoff Nathan Evans

November 06, 2009

Security and Anonymity Vulnerabilities in Tor: Past, Present, and Future

Roger Dingledine

November 05, 2009

Climbing Everest: An Insider's Look at one State's Voting Systems

Sandy Clark

November 03, 2009

Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade

Alex Stamos Andrew Becherer Nathan Wilcox

November 01, 2009

Predictable RNG in the Vulnerable Debian OpenSSL Package, the What and the How

Luciano Bello Maximiliano Bertacchini

October 31, 2009

VulnCatcher: Fun with Vtrace and Programmatic Debugging

October 18, 2009

x509 is considered harmful

Dan Kaminsky

October 17, 2009

WebAppInSec : 101 threats

Jacco van Tuijl

October 17, 2009

Classic Mistakes

Roel Verdult

October 17, 2009

Classic Mistakes

Roel Verdult

October 04, 2009

Cloud Computing Models and Vulnerabilities: Raining on the Trendy New Parade

Alex Stamos Andrew Becherer Nathan Wilcox

September 23, 2009

Worst of the Best of the Best

Kevin Stadmeyer Garrett Held

September 23, 2009

Worst of the Best of the Best

Kevin Stadmeyer Garrett Held

September 19, 2009

Fight Against 1-day Exploits: Diffing Binaries vs Anti-diffing Binaries

Jeongwook Oh

September 19, 2009

Fight Against 1-day Exploits: Diffing Binaries vs Anti-diffing Binaries

Jeongwook Oh

September 19, 2009

A Black Hat Vulnerability Risk Assessment

David Mortman

September 18, 2009

Clobbering the Cloud!

Haroon Meer Marco Slaviero Nick Arvanitis

August 26, 2009

Embedded Management Interfaces: Emerging Massive Insecurity

Hristo Bojinov Dan Boneh Elie Bursztein

August 26, 2009

Embedded Management Interfaces: Emerging Massive Insecurity

Hristo Bojinov Dan Boneh Elie Bursztein

July 08, 2009

Breaking Forensics Software: Weaknesses in Critical Evidence Collection

Chris Palmer Alex Stamos

July 08, 2009

Breaking Forensics Software: Weaknesses in Critical Evidence Collection

Chris Palmer Alex Stamos

July 03, 2009

OpenBSD remote Exploit and another IPv6 vulnerabilities

Alfredo Ortega

July 03, 2009

OpenBSD remote Exploit and another IPv6 vulnerabilities

Alfredo Ortega

July 03, 2009

OpenBSD remote Exploit and another IPv6 vulnerabilities

Alfredo Ortega

June 27, 2009

Java and JEE Vulnerabilities explained

Marc Schoenefeld

June 25, 2009

Remote Rootshell on a SOHO Router

Michał Sajdak

June 25, 2009

I thought you were my friend Malicious markup, browser issues and other obscurities

Mario Heiderich

June 20, 2009

A Pentester’s Guide to Credit Card Theft Techniques

Adrian Pastor

June 09, 2009

Kernel Wars

June 09, 2009

Kernel Wars

June 09, 2009

Kernel Wars

May 29, 2009

Stranger in a Strange Land: Reflections on a Linux Guy's First Year at Microsoft

Crispin Cowan

May 29, 2009

Stranger in a Strange Land: Reflections on a Linux Guy's First Year at Microsoft

Crispin Cowan

May 24, 2009

Fail 2.0: Further Musings on Attacking Social Networks

May 24, 2009

Fail 2.0: Further Musings on Attacking Social Networks

May 23, 2009

Blinded By Flash: Widespread Security Risks Flash Developers Dont See

Prajakta Jagdale

May 17, 2009

Cracking into embedded devices and beyond!

Adrian Pastor

May 17, 2009

Cracking into embedded devices and beyond!

Adrian Pastor

May 16, 2009

Security Challenges in Virtualized Environments

Joanna Rutkowska

May 16, 2009

Security Challenges in Virtualized Environments

Joanna Rutkowska

May 15, 2009

Passports Reloaded Goes Mobile

Jeroen van Beek

May 11, 2009

Stripping SSL To Defeat HTTPS In Practice

Moxie Marlinspike

May 07, 2009

OpenOffice Security Design Weaknesses

Eric Filiol

May 07, 2009

OpenOffice Security Design Weaknesses

Eric Filiol

May 03, 2009

Predictable RNG in the vulnerable Debian OpenSSL package

May 02, 2009

Blinded by Flash: Widespread Security Risks Flash Developers Don't See

Prajakta Jagdale

May 02, 2009

Blinded by Flash: Widespread Security Risks Flash Developers Don't See

Prajakta Jagdale

May 02, 2009

One Cell is Enough to Break Tor's Anonymity

Xinwen Fu

May 02, 2009

Security and anonymity vulnerabilities in Tor

Roger Dingledine

May 02, 2009

Hacking SecondLife

Michael Thumann

Troopers 2008

April 18, 2009

Synthesizing PDF Attacks

Aditya K Sood

EUSecWest 2008

April 18, 2009

Abusing X.509 certificate features

Alexander Klink

EUSecWest 2008

April 18, 2009

Advances in attacking interpreted languages

Justin Ferguson

EUSecWest 2008

April 16, 2009

Bug classes we have found in *BSD, OS X and Solaris kernels

CanSecWest 2009

April 10, 2009

Gaming - The Next Overlooked Security Hole

Ferdinand Schober

April 10, 2009

Gaming - The Next Overlooked Security Hole

Ferdinand Schober

April 08, 2009

TCP Denial of Service Vulnerabilities

Fabian Yamaguchi

March 29, 2009

Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg"

March 29, 2009

de-Tor-iorate Anonymity

Nathan Evans Christian Grothoff

March 29, 2009

de-Tor-iorate Anonymity

Nathan Evans Christian Grothoff

March 28, 2009

Security and Anonymity Vulnerabilities in Tor: Past, Present, and Future

Roger Dingledine

March 26, 2009

Climbing Everest: An Insider's Look at one State's Voting Systems

Sandy Clark

March 26, 2009

Climbing Everest: An Insider's Look at one State's Voting Systems

Sandy Clark

March 24, 2009

uCon Security Conference 2008

Increasing the reliability of exploits for non-trivial remote vulnerabilities

March 22, 2009

uCon Security Conference 2009

Hacking PDF Readers

March 14, 2009

Predictable RNG in the Vulnerable Debian OpenSSL Package, the What and the How

Maximiliano Bertacchini Luciano Bello

March 13, 2009

Vulnerability discovery in encrypted closed source PHP applications

Stefan Esser

March 12, 2009

VulnCatcher: Fun with Vtrace and Programmatic Debugging

March 08, 2009

VulnCatcher: Fun with Vtrace and Programmatic Debugging

January 28, 2009

MD5 considered harmful today

Alexander Sotirov

January 28, 2009

Predictable RNG in the vulnerable Debian OpenSSL package

Luciano Bello

January 03, 2009

Network Vulnerability Assessments: Lessons Learned

Chris Goggans

ClubHack2008

July 18, 2008

Website Vulnerabilities Revealed: What everyone knew, but afraid to believe

Jeremiah Grossman

January 27, 2008

Responsible Vulnerability Disclosure Process

Steve Christey

January 27, 2008

Introducing constructive vulnerability disclosures

January 27, 2008

An informal analysis of vendor acknowledgement of vulnerabilities

Steve Christey

January 27, 2008

Vulnerability Reporting: Bugs in the bug reporting process

Ivan Arce

January 27, 2008

Windows of Vulnerability: A Case Study Analysis

William A. Arbaugh

January 27, 2008

The Vulnerability Process: a tiger team approach to resolving vulnerability cases

January 24, 2008