DEF CON 29 ICS Village - Javier Perez' & Juan Escobar's 'ICS Intrusion KillChain Explained' →
Our thanks to DEFCON for publishing their outstanding DEFCON 29 ICS Village videos on the organizations’ YouTube channel.
DEF CON 29 ICS Village - Mary Brooks' 'ICS Jeopardy' →
Our thanks to DEFCON for publishing their outstanding DEFCON 29 ICS Village videos on the organizations’ YouTube channel.
DEF CON 29 ICS Village - Dennis Skarr's, Christopher Von Reybyton's & Alexander Vigovskiy's 'Panel: Students Performing ICS Security Assessments' →
Our thanks to DEFCON for publishing their outstanding DEFCON 29 ICS Village videos on the organizations’ YouTube channel.
DEF CON 29 ICS Village - PW Singer's 'Keynote: Reading The Future With Useful Fiction' →
Our thanks to DEFCON for publishing their outstanding DEFCON 29 ICS Village videos on the organizations’ YouTube channel.
DEF CON 29 ICS Village - Thomas Pace's 'Leveraging SBOMs To Enhance ICS Security' →
Our thanks to DEFCON for publishing their outstanding DEFCON 29 ICS Village videos on the organizations’ YouTube channel.
DEF CON 29 ICS Village - Aaron Boyd's 'Living Off The Land In An ICS OT Penetration Test' →
Our thanks to DEFCON for publishing their outstanding DEFCON 29 ICS Village videos on the organizations’ YouTube channel.
DEF CON 29 ICS Village - Seth Grover's 'Network Traffic Analysis With Malcolm' →
Our thanks to DEFCON for publishing their outstanding DEFCON 29 ICS Village videos on the organizations’ YouTube channel.
SANS@MIC Talk - Threat Hunting via DNS With Eric Conrad →
Dave Lewis' 'Dude, Where's My Car With My Lunch?' →
via Dave Lewis, well-known Information Security professional, founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast and a contributing writer at the DUO Decipher blog, tells a fascinating story of a lashup of his Lunch an Autonomous Automobile and the Law of Unintended Consequences. Rather than spill the beans - travel, if you will - via our beloved Interwebs, to the Decipher blog, and luxuriate in the Tale Told by Mr. Lewis! Certainly Today's Security Must Read!
Unveiling the “United Cyber Caliphate” and the Birth of the E-Terrorist
Behold, Ladies and Gentlemen, an erudite paper detailing the notion of the eTerrorist, written by Professor Christina Schori Liang has made it's way into my my somestimes overloaded sphere of cogitatory field of vision. Well wrought, indeed! Professor Liang is leading The Terrorism and Organized Crime Cluster at the Geneva Centre for Security Policy and is a Visiting Professor at The Paris School of International Affairs.
In Public Sector or Private Sector, or simply interested in what very well may be the next evil surfactant in the Sea of Evil flotsam, jetsam, lagan, and derelict floating upon the Interwebs, pay attention and read Professor Liang's short, but enlightening work.
SAML Flaws Discovered With SSO Implications →
Kelby Ludwig - writing at Duo Lab's has just posted a fascinating blog entry detailing their recent discovery of SAML vulns potentially affecting a range of implementations and deployments. In this case, the vulnerability appears to be a zero knowledge scenario (of the attributes of the target's password). H/T
"This blog post describes a new vulnerability class that affects SAML-based single sign-on (SSO) systems. This vulnerability can allow an attacker with authenticated access to trick SAML systems into authenticating as a different user without knowledge of the victim user’s password. - via Duo Lab's Kelby Ludwig
Oops.
North Korean Computer Center Open Library Created →
Martyn Williams, writing at 38North, reports on the new North Korean Computer Center - ostensibly, an open library of Democratic People's Republic of Korea created (mostly modified) software. We strongly suggest caution when opening any files (eg., PDFs, DOCs, Binaries, et cetera and running any software from the library - especially with this caveat descendit onustus...:
"In publishing the PDF files, the team running the site had to strip out tracking code that had been inserted into the files by the Red Star OS. The software adds a hard-drive serial number to files when they are opened, potentially allowing the government the ability to determine all the computers on which a file has been viewed." - via Martyn Williams, writing at 38North
AWS GuardDuty: Human Security Employment Will Become Moot →
NIST CSD, ITL, CPP Slated to Host 8th Cloud Computing Forum →
NIST's Computer Security Division and the Information Technology Laboratory (ITL) along with the NIST Cloud Computing Program has announced hosting of the 8th Cloud Computing Forum and Workshop. Registration Information, etc. can be viewed here. Included with the announcement is the Call for Abstracts, noted below:
- Abstract Submission Deadline: May 15, 2015
- Abstracts Review Deadline: June 1, 2015
- Presentation Submission Deadline: July 1, 2015
Interested? Download the 8th Cloud Computing Forum and Workshop Abstract Submission form, additional information resides here.
Kim's Big Secret →
An End-to-End Encrypted Secret, that is...
Digital Weaponry, Vectored
Once again, Kim Zetters' superlative prose details the astounding story of Stuxnet; this time, in a new book titled 'Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon' [published by Crown Publishing Group a division of Random House]. Apparently, like many other 'infections' the vector [in this case] is the order-of-the-day... This month's MustRead.
Name'd →
Everything you would want to know about the naming of malware, via Violet Blue for Zero Day. Enjoy.