Daily Dave

Syndicate content
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Updated: 13 min 55 sec ago

The Past is not the Past

17 May, 2019 - 09:22

Posted by Dave Aitel on May 17

https://techblog.mediaservice.net/2019/05/raptor-at-infiltrate-2019/ <--Marco
Ivaldi's blogpost on INFILTRATE.

I would go into more depth in this email but I feel like you should just go
read his post and watch his talk: https://vimeo.com/335197685.


Video Teleconferencing for Fun and Profit

14 May, 2019 - 08:47

Posted by Dave Aitel on May 14

We were not going to release videos in this order, but since for some
reason everyone is suddenly interested in the security of various video
teleconferencing software, here is
Natalie Silvanovich's hilarious talk on the subject from just a couple
weeks ago at INFILTRATE 2019!

Of course, if you want to attend or sponsor INFILTRATE 2020, now is the
time to get in (just email infiltrate () immunityinc com)! Diamond...


16 April, 2019 - 10:57

Posted by Dave Aitel on Apr 16

There's a bunch of stuff in the new SPECTRE CANVAS Module for Windows that
I can't go into, partially to avoid boring a large segment of this mailing
list with implementation details, and partially because everyone should
just buy CANVAS and read the code. :)

But one thing I think people forget is that in back in the day when
everyone wrote 0day you'd often see months get spent on one bug, often from
multiple teams who solved the...

The Gods of Malice

15 April, 2019 - 10:12

Posted by Dave Aitel on Apr 15

So if you have not, I highly recommend watching the first two episodes of
our INFILTRATE 2019 series:

https://vimeo.com/322257258 (Part 1: XANADU)
https://vimeo.com/329589102 (Part 2: Rise of the Demiurge)

One major thing Infiltrate does differently is the Dry Runs that we have
every speaker do. There are a lot of advantages to this but one advantage
of watching every talk over two weeks time and thinking hard to provide
good feedback is that...

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

11 April, 2019 - 08:56

Posted by Rodrigo Rubira Branco (BSDaemon) on Apr 11

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

The call for papers for H2HC 16th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, on 26th and 27th of
October 2019.


For another consecutive year and past success we have been having, the
annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
on 26 and 27 of october of 2019 and aims to get together industry,...

Re: CVSS is the worst compression algorithm ever

11 April, 2019 - 08:54

Posted by Christian Heinrich on Apr 11


For the record, Bruce from https://www.first.org/members/teams/oracle
represented their feedback to cvss-sig () lists first org

Please refer to the "Addition Of Partial+ Rating" section of
under "CVSS Version 2.0" heading.

Please refer to "3.7. Vulnerability Chaining" section of