Daily Dave

Syndicate content
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Updated: 3 min 36 sec ago

RootedCON 2020 - Registration, Trainings, Speakers and Hacker Night

16 February, 2020 - 16:09

Posted by omarbv on Feb 16

______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|

Rooted CON 2020 will be held from 5th to 7th 2020 in Kinepolis cinemas
in Madrid (Spain). All talks are both in English and Spanish as there is
simultaneous translation (...


1 February, 2020 - 22:22

Posted by Dave Aitel on Feb 01

[image: image.png]
Last week I had a conversation with a well known cyber policy expert and he
was like "I just finished reading Cryptonomicon and you always say it's
some sort of masters degree in cyber policy but I can't figure out why..."

But this US-CERT tweet, and the entire activity of behavior around the
Citrix RCE demonstrates exactly why. Because Cryptonomicon is about
vulnerabilities and the flow of information and...

Re: "Defending Forward" in time

24 January, 2020 - 11:08

Posted by John Lampe on Jan 24

imo, it's a general mentality that attackers have. I blogged about this 14
years ago and it seems still applicable today (
https://blogs.securiteam.com/index.php/archives/170 )

Indecision can stem from too little information or too much information.
The defender *should* have the ability to influence both of those...


"Defending Forward" in time

24 January, 2020 - 10:28

Posted by Dave Aitel on Jan 24

So I went to S4 this week, which is a good conference here in Miami Beach,
mostly about hacking/protecting utilities and other critical infrastructure
components. But I had the good fortune to run into a friend
<https://www.gocomics.com/calvinandhobbes/2018/01/16> I'd never met before.
Anyways, they were telling me about how some Android State surveillance
spyware installed at the border on everyone's phone looked for some file...

Reverse Engineering LOLs

16 January, 2020 - 14:58

Posted by Dave Aitel on Jan 16

If you've ever rolled with a world-class black-belt you know that no matter
how hard you are trying, they catch submissions seeming effortlessly. They
simply have a different understanding of space and movement and momentum
than you do. And the same thing is true in the cyber operations field. In
this way, the movies get the emotions around hacking completely wrong, the
dark room, the "I'm IN!" moment, the tension.

When you...

Knock knock, Neo.

14 January, 2020 - 11:02

Posted by Dave Aitel on Jan 14

I rewatched The Matrix recently with my kids. It holds up through the test
of time, like a few movies do, but which obviously Star Wars will not. I
gave my kids $40 to go watch the Rise of Skywalker and they decided to go
get ice cream and play TF2 instead, as a metric for cultural lock-in.

There's a lot of flashy fighting in The Matrix, none of which interests
kids above the age of 8, since they have seen every variation on superhero...

YSTS 14th Edition - Call for Papers

23 December, 2019 - 13:49

Posted by Luiz Eduardo on Dec 23

Where: Sao Paulo, Brazil

When: May 25th, 2020

Call for Papers Opens: December 15th, 2019

Call for Papers Close: February 29th, 2020




you Sh0t the Sheriff is a very unique one-day, one-track event dedicated to
bringing cutting edge infosec content to the top-notch

professionals of the Brazilian Information Security Community.

YSTS is a an exclusive, invite-only security conference, usually...