Daily Dave

Syndicate content
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Updated: 4 min 57 sec ago

Re: CTFs

20 November, 2018 - 11:14

Posted by Jordan Wiens on Nov 20

For more context for those that haven't seen it, here's the game we made
for the CTF:


We're continuing our quest to make hacking a first-class video game
mechanic. Now, instead of hacking the game itself to win, you hack inside
the game using in-game elements.

Re: CTFs

20 November, 2018 - 11:12

Posted by Arun Koshy on Nov 20

It's reasonable posture to never go to cons with any devices that you
care about or has actual telemetry on you or your org in any way. Not
sure why most of the industry does not follow the standard above.

Re: CTFs

20 November, 2018 - 11:10

Posted by Edward Prevost on Nov 20

If I'm understanding correctly, you're proposing to setup a system, at it's hardened state, and upon arrival all
attendees are made aware of the access particulars and details of said system, and then encouraged to assail it? If so,
this sounds great... kind of like "CommunityCrowdSourcing", for fun.

I'll note, the one thing that makes the CTF at DEFCON enjoyable for most observers, is the graphical displays....


19 November, 2018 - 09:30

Posted by Dave Aitel on Nov 19

So at CSAW a couple weeks ago there was a CTF, and like most conferences,
it worked out well. I mean part of it is Vector35 doing their magic and a
set of players who had both skills and focus. (Vector35 will be back with a
bigger class at INFILTRATE this year!)

Anyways, I both love and hate CTFs and security conferences. At DEFCON I
find they're the only thing I really watch. But for most conferences I feel
like the people who should MOST...

Elephants and information leaks

14 November, 2018 - 15:32

Posted by Dave Aitel on Nov 14


We don't usually detail publicly the amount of engineering that goes into a
CANVAS exploit. But above is a blogpost about some of our recent work. If
you are a CANVAS Early Update customer, the Windows effort is available for
download - otherwise if you are a CANVAS customer, you already have the
Linux exploit. :)

For various other reasons, I'm...

2019 Keynote: WINDOW SNYDER

13 November, 2018 - 11:28

Posted by Dave Aitel on Nov 13

https://vimeo.com/135888545 - Andrew Cushman, 2012

I wanted to highlight how much I lie awake at night thinking about
keynotes. And I think we have a good record on them, if for no other reason
than we refuse to do the standard drill.

At other conferences, keynotes go to sponsors or to people you pay because
they are famous. I think a better way is to find the voices in industry
with something to say that they have not been able to say on a...


7 November, 2018 - 15:12

Posted by Dave Aitel on Nov 07

So we're announcing the INFILTRATE keynote tomorrow, and as I was on
vacation last week, sitting on a different beach from the beach I normally
sit on, I spent some time reflecting on what INFILTRATE really looks like,
you know, as part of my effort to "find myself" or whatever I was doing.

Honestly, what I was doing was reading this book on Quantum Mechanics

probably known but FWIW

7 November, 2018 - 15:10

Posted by Richard Thieme on Nov 07

*We have cracked GandCrab encryption in a joint effort with Europol, the
Romanian Police and the Federal Bureau of Investigations.*

The decryption tool is available for free on Bitdefender Labs

RootedCON 2019 Call For Papers is open!

7 November, 2018 - 15:09

Posted by omarbv on Nov 07

▄▄▄▄▄▄ ▄▄
██▀▀▀▀██ ██ ██
██ ██ ▄████▄ ▄████▄ ███████ ▄████▄ ▄███▄██
███████ ██▀ ▀██ ██▀ ▀██ ██...

Wormy worms.

22 October, 2018 - 08:33

Posted by Dave Aitel on Oct 22


So I spent some time last week watching this talk, and a few of the other
Hack.lu talks. A large part of this talk is about a historical walkthrough
of both public work on the subject, and public examples of various worms
which operated as semi-parasitic patching cycles.

It left me with a lot of questions though:

- In the future, will all worms patch hosts as they move through, as a
form of...

INFILTRATE 2019 - How Far Is The Horizon?

18 October, 2018 - 09:50

Posted by Dave Aitel on Oct 18

[image: IMG_20181016_075725-EFFECTS.jpg]
Come talk at INFILTRATE this year! CFP Here <http://infiltratecon.org/cfp/>.

Here is why you should:

- This is the only conference where the audience is other exploit writers
- You get a very valuable peer review of your talk, for free!
- Obviously we treat you well, pay your way, and even have profit
sharing on the conference
- We have the best food and venue of any security...


16 October, 2018 - 13:23

Posted by Dave Aitel on Oct 16

Brainspace multi-language dogs vs cats video:

Exploiting branch target prediction, Jann Horn, INFILTRATE 2018

So I wanted to point people at the above videos today, in case you missed
them on Twitter, or in case you are not even on Twitter because social
media is evil and you want to save your mana for dealing with people in the
local PTA.

The INFILTRATE 2019 CFP is about to...