lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4F38ED0E.7010100@tehtri-security.com>
Date: Mon, 13 Feb 2012 11:59:26 +0100
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot-ml@...tri-security.com>
To: full-disclosure@...ts.grok.org.uk
Cc: Laurent Estieux - CTO at TEHTRI-Security
	<laurent.estieux-ml@...tri-security.com>
Subject: [TEHTRI-Security] 0days at HITB Amsterdam 2012

Dear contacts,

During the next "Hack In The Box" event in Amsterdam (22nd & 23rd May
2012), TEHTRI-Security will come again, and propose an updated training
called *Hunting Web Attackers* with offensive cyber weapons shared with
our students.

For example, during the final live hacking exercise, we will show how to
strike-back against a team of attackers, thanks to multiple kind of
0days (hacking: web applications + client-side + network, etc).

Beyond our cyber-weapons against kits used by cyber-criminals (0days
against Zeus, Crimepack, etc), our students will also get more hacking
tricks that can make the difference during asymmetric cyber conflicts.

Examples ? We will share 0days that can help at bypassing a firewall, in
order to pown a remote evil LAN used by cyber-criminals (live demo
shared with students in our lab: bypassing an updated Cisco product).

To get our hacking tricks, do not hesitate to register soon, while seats
are still available. 100% of seats were taken last time.

_HITB Training link_
http://conference.hitb.org/hitbsecconf2012ams/tech-training-1-hunting-web-attackers/

Moreover, if you're interesting about *mobile hacking*, we wrote some
lines related to vulnerabilities about Gmail App on iPhone/iPad. Feel
free to read our thoughts/findings on our blog:

_TEHTRIS Blog link_
http://blog.tehtri-security.com/2012/01/gmail-app-security-issues-on.html

We essentially saw that the famous GX cookie was written in clear-text
on an iOS device, while Apple suggests to use Keychains capabilities to
store sensitive information (see Apple devel doc).

According to us, App vendors should do offensive pentests against mobile
applications. This year, we found plenty of vulnerabilities against iOS
app or MDM infrastructure (hacking thousands of devices)..
And we are not the only company feeling this big trouble in the Force,
for IT Security and Mobile stuff.

Best regards,

Laurent Estieux (CTO) & Laurent Oudot (CEO)
TEHTRI-Security - "This is not a Game"
http://www.tehtri-security.com/
@tehtris

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ