lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 15 Mar 2007 17:44:58 -0500 (CDT)
From: Gadi Evron <ge@...uxbox.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Tel Aviv University Security Forum - 18th of March

TAUSEC - The Security Forum, hosted by Tel-Aviv University, next meeting
will take place on: Sunday, March 18, at 18:30.

Location: Tel-Aviv University, Lev Auditorium
Map: http://www2.tau.ac.il/map/unimapl1.asp

Attendance is free, light refreshments will be served

Schedule:
---------
18:30 - A taxonomy & tool for automated vulnerability chaining and path
	discovery Topic Synopsis
	- Toby Kohlenberg
	
	Level: Technical/High
	Language: English

	Abstract:

-----------------

	Vulnerabilities are occurring with increasing frequency and the
resources required to manage mitigation are increasing in parallel.

 Unfortunately, current best practices still evaluate the majority of
vulnerabilities as unique unrelated events. This method of evaluation is
an understandable choice but does not accurately reflect how the
vulnerabilities may be used by attackers. In this project we attempted
to find a way to evaluate combinations of vulnerabilities in an
automated fashion. 
 
 We created a taxonomy that allows us to describe vulnerabilities and
their connections to each other. We then used these descriptions to
create a graph showing the interconnections between the vulnerabilities
and used that to find pathways to complete system compromise. 
 
 The system we used to judge the effectiveness of this approach is a
feature rich web application which allows a user to quickly and easily
describe a vulnerability and its interactions and then explore its
relationship to other vulnerabilities.  

-----------------


Sicne the lecture begins late, we will have only one speaker.

More details and past lectures can be seen at:
http://www.cs.tau.ac.il/tausec/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ