| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4F38ED0E.7010100@tehtri-security.com> Date: Mon, 13 Feb 2012 11:59:26 +0100 From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml@...tri-security.com> To: full-disclosure@...ts.grok.org.uk Cc: Laurent Estieux - CTO at TEHTRI-Security <laurent.estieux-ml@...tri-security.com> Subject: [TEHTRI-Security] 0days at HITB Amsterdam 2012 Dear contacts, During the next "Hack In The Box" event in Amsterdam (22nd & 23rd May 2012), TEHTRI-Security will come again, and propose an updated training called *Hunting Web Attackers* with offensive cyber weapons shared with our students. For example, during the final live hacking exercise, we will show how to strike-back against a team of attackers, thanks to multiple kind of 0days (hacking: web applications + client-side + network, etc). Beyond our cyber-weapons against kits used by cyber-criminals (0days against Zeus, Crimepack, etc), our students will also get more hacking tricks that can make the difference during asymmetric cyber conflicts. Examples ? We will share 0days that can help at bypassing a firewall, in order to pown a remote evil LAN used by cyber-criminals (live demo shared with students in our lab: bypassing an updated Cisco product). To get our hacking tricks, do not hesitate to register soon, while seats are still available. 100% of seats were taken last time. _HITB Training link_ http://conference.hitb.org/hitbsecconf2012ams/tech-training-1-hunting-web-attackers/ Moreover, if you're interesting about *mobile hacking*, we wrote some lines related to vulnerabilities about Gmail App on iPhone/iPad. Feel free to read our thoughts/findings on our blog: _TEHTRIS Blog link_ http://blog.tehtri-security.com/2012/01/gmail-app-security-issues-on.html We essentially saw that the famous GX cookie was written in clear-text on an iOS device, while Apple suggests to use Keychains capabilities to store sensitive information (see Apple devel doc). According to us, App vendors should do offensive pentests against mobile applications. This year, we found plenty of vulnerabilities against iOS app or MDM infrastructure (hacking thousands of devices).. And we are not the only company feeling this big trouble in the Force, for IT Security and Mobile stuff. Best regards, Laurent Estieux (CTO) & Laurent Oudot (CEO) TEHTRI-Security - "This is not a Game" http://www.tehtri-security.com/ @tehtris _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists