Quantcast

Articles

Get all-in-one coverage of Internet security and online privacy issues brought up by the industry’s leading experts at security conferences and seminars.

Web Application Hacking 2: Components of Public Key Infrastructure

From this entry, which is a follow-up on the dedicated lecture at FSU, you can learn an in-depth outline of how digital certificates and certificate authorities work. Certificates are composed of a public and a private key. I should mention that there was a point where there was only one root certificate...

Web Application Hacking – SSL / TLS Infrastructure and Attacks

This article highlights the issues raised at the Florida State University lecture for “Offensive Security” regarding SSL and TLS protocols, namely their background, infrastructure, flaws and known crypto attacks. The outline for today’s talk is we’re going to go over SSL and TLS and cover its...

CuteCats.exe and the Arab Spring 3: Surveillance Malware in Libya and Bahrain

Morgan Marquis-Boire finishes his Black Hat presentation with analysis of governmental cyber operations held during protests in a number of other Arab states. Syria isn’t the only country in this region that has experienced these types of operations though. After the success of the revolution in Tunisia,...

CuteCats.exe and the Arab Spring 2: Social Engineering and Remote Access Toolkits

Google’s Morgan Marquis-Boire is focusing on governmental use of topical social engineering, surveillance malware and remote access toolkits in Arab countries. While we’ve seen a steady stream of Facebook phishing attacks, we’ve also seen attacks focusing on Skype and YouTube. Many of you may have...

CuteCats.exe and the Arab Spring: Governments vs Dissidents

Morgan Marquis-Boire, Security Engineer at Google Incident Response Team, analyzes the digital aspect of activism and anti-dissident activities during the Arab Spring. Hello and welcome to CuteCats.exe and the Arab Spring. My name is Morgan Marquis-Boire and I work on the Google Incident Response Team....

The State of Web Exploit Toolkits 4: Phoenix and Newer Kits

The presentation ends with the analysis of the Phoenix exploit kit’s features, details on newer kits from all over the world, and a summary of the research. Phoenix Exploit Kit The next kit I’m going to talk about is Phoenix. It’s been around since 2007, it’s pretty old, it’s up to version 3. They...

The State of Web Exploit Toolkits 3: How BlackHole Works

Jason Jones covers herein some of the specific features inherent to BlackHole kit, including JavaScript and PDF obfuscation details, JavaScript shellcode, etc. Now I’ll actually get a little bit more into how it works. Running all these things through our sandbox, we’ve looked a lot at URLs that it...

The State of Web Exploit Toolkits 2: BlackHole Kit Scrutinized

Jason Jones now provides an intro to the notorious BlackHole exploit kit, explaining some of its background as well as showing the interface that criminals use. The first kit I’m really going to delve into is BlackHole. It’s been around for a couple of years. It’s definitely become the most popular...

The State of Web Exploit Toolkits – Turnkey Cybercrime Software

During his Black Hat briefing, Jason Jones, the Team Lead for ASI at HP DVLabs, presents a professional extensive analysis of the present-day web exploit kits. I’m going to be talking about the state of web exploit toolkits, which is a lot of what I’ve been doing on my job. I’m the Lead for Advanced...

From Russia with Love.exe 5: Questions and Answers

This is the final part of the study where The Grugq and Fyodor Yarochkin are explaining more details of the Russian hacking business during the Q&A section. Yarochkin: Alright, do you have any questions? Question: On your point about the ratios: so, this guy was offering the best ratio; do you know any...