Thoughts on the Certificate Authority Attack presented at CCC

It turns out that the group of international researchers have created their own legitimate CA (Certificate Authority) which can be used to sign any other cert they want and as such increase the likelihood of success when performing SSL man-in-the-middle types of attacks.

It is pointless to explain how the attack works. Go over the presentation slides or get the video/audio. What I would like to do is to present some of my thoughts regarding the attack and its impact. [...]

more | comments | comments rss | posted by

Audio From Black Hat USA 2008

We’ve got some audio from the past Black Hat conference I’ve already talked about over here and here.

Keep in mind that without the slides it will probably sound very boring. Both parts of the presentation can be found here and here.

more | comments | comments rss | posted by

My BH Las Vegas Slides

I believe that some of you may be interested to see my Black Hat slides. If you are not aware yet, the GNUCITIZEN Lab domain is now up. The slides have been there since yesterday.

The next post is all about the QuickTime vulnerability which I partially-disclosed over here.

UPDATE 2011/04/21: I included alternative download location.

more | comments | comments rss | posted by

Black Hat Las Vegas Baby

So, Black Hat is next week. Great! I will be happy to see you all there. You may even join me on the 6th at 13:45 – the Client-side Security talk. The details of my talk are here, which btw is the improved version of what I have over here.

I am still working on my slides, trying to add that edge-ness I am always striving to achieve combined with a severe doze of simplicity. Don’t you know? Simple is the new black.

This time around I am visiting the conference as a tourist. [...]

more | comments | comments rss | posted by

OWASP Europe 2008 Ghent

This year’s OWASP Europe event was based in Ghent, Belgium. I had to take an early train from London to Brussels, which is by the way dead easy from where I live. As usual the event was excellent.

Now there were a few funny things but the most funnies of all was that I’ve got flagged by Seba for having a sales pitch within my slides. Actually, my intentions were totally different. Moreover, it is silly to sell very niche services to wide-range of Web app guys. [...]

more | comments | comments rss | posted by

30mins Introductionary Presentation on Client-side Security

I was asked to have a 30 minutes long introductionary presentation on client-side security issues. Although the presentation is very basic and high-level oriented, as it was designed to serve as an overview rather then as an in depth analysis, I thought that still someone may find it useful or may use it in their own presentations.

You can download the PDF version from here and the ODT version from here. Let me know if it works for you.

more | comments | comments rss | posted by

Joe Walker on Web Application Security

The picture that you see is a work of art produced by the British street artist Banksy. Underneath, you will find a great summary on common Web Application security threats put together by Joe Walker for the The Ajax Experience event, which took place last week in Boston. It is highly recommended to check it out although you might be familiar with the content.

I would like to say just one thing: Great work Joe. I haven’t seen any presentation that puts it out in such a clear way.

more | comments | comments rss | posted by

6th OWASP Conference

Here you will be able find all materials that I used for my presentation at the 6th OWASP Conference. Further discussion and clarification on the subject to be expected very soon.

Be aware that the slides may not be very descriptive. In general, I try not to put too much information into my presentations in order to avoid unnecessary clutter. Feel free to drop a comment if something is unclear. [...]

more | comments | comments rss | posted by

Introduction To Intrusion Detection Systems

Introduction to Intrusion Detection Systems is a presentation I did with Rabia Barakat long time ago. There is a paper as well that will be available online as soon as I find it. Although, the depth of the research is not obvious from this presentation, a lot of effort had been put into this work.

Keep in mind that some of the topics covered in this presentation might be a little bit outdated.

more | comments | comments rss | posted by

Windows Defence and Attacks

Couple of years ago me and some of my friends had to do a presentation on common Windows related attacks. The presentation is all flash based. You need to use the keyboard arrows to navigate your way through the slides.

Keep in mind that some of the topics covered in this presentation might be a little bit outdated.

more | comments | comments rss | posted by