Daily Dave

Syndicate content
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Updated: 9 min 34 sec ago


16 April, 2019 - 10:57

Posted by Dave Aitel on Apr 16

There's a bunch of stuff in the new SPECTRE CANVAS Module for Windows that
I can't go into, partially to avoid boring a large segment of this mailing
list with implementation details, and partially because everyone should
just buy CANVAS and read the code. :)

But one thing I think people forget is that in back in the day when
everyone wrote 0day you'd often see months get spent on one bug, often from
multiple teams who solved the...

The Gods of Malice

15 April, 2019 - 10:12

Posted by Dave Aitel on Apr 15

So if you have not, I highly recommend watching the first two episodes of
our INFILTRATE 2019 series:

https://vimeo.com/322257258 (Part 1: XANADU)
https://vimeo.com/329589102 (Part 2: Rise of the Demiurge)

One major thing Infiltrate does differently is the Dry Runs that we have
every speaker do. There are a lot of advantages to this but one advantage
of watching every talk over two weeks time and thinking hard to provide
good feedback is that...

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

11 April, 2019 - 08:56

Posted by Rodrigo Rubira Branco (BSDaemon) on Apr 11

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

The call for papers for H2HC 16th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, on 26th and 27th of
October 2019.


For another consecutive year and past success we have been having, the
annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
on 26 and 27 of october of 2019 and aims to get together industry,...

Re: CVSS is the worst compression algorithm ever

11 April, 2019 - 08:54

Posted by Christian Heinrich on Apr 11


For the record, Bruce from https://www.first.org/members/teams/oracle
represented their feedback to cvss-sig () lists first org

Please refer to the "Addition Of Partial+ Rating" section of
under "CVSS Version 2.0" heading.

Please refer to "3.7. Vulnerability Chaining" section of

Manual vs Automated analysis

4 April, 2019 - 09:05

Posted by Dave Aitel on Apr 04

I think looking at the entire suite of reverse engineering tools available
(Ghidra/IDAPro/Binary Ninja/R2/etc) now is exciting in the sense that they
all have different philosophies from the beginning design. However, since
I'm not a full time reverser anymore, I wanted to talk to the team over at
Vector35 about it, and we did it on WebEx so you can listen in. :)

Some topics covered (and illustrated by the below screenshot) include:


t2'19: Call For Papers 2019 (Helsinki, Finland)

3 April, 2019 - 07:21

Posted by Tomi Tuominen on Apr 03

# t2'19 - Call For Papers
# We’re back. October 24-25 in Helsinki. CFP and ticket sales are now open.

Looking for an event worthy of your 0days or world class research? Prefer conference disclosure over jumping through
hoops with uninterested vendors? Worried of sponsors doing shady backroom deals to block your talk? We’ve got your
back. As an independent, vendor-neutral, practically-non-profit conference we value freedom of...


19 March, 2019 - 10:02

Posted by Dave Aitel on Mar 19

It's almost INFILTRATE dry-run time! Some part of me prefers the slow pace
of two talks a day to the firehose that is a one-track focused conference
where each speaker has been told to not walk us through the basics. This is
the balance of "We liked a ton more talks than we have slots" and "my brain

Because there's about a thousand conferences now, there's also so many
talks you could do nothing but...

(no subject)

27 February, 2019 - 13:53

Posted by Steve Lord on Feb 27

44CON is the UK's premier annual technical security conference and
training event. From the evening of the
11th of September till the 13th of September 2019, expect a top-tier
international technical conference
with fast wifi, loose 0day, a village pub and of course, Gin O'Clock.

__ __ __ __ __________ _ __
/ // / / // / / ____/ __ \/ | / / | "You can hack us
/ // /_/ // /_/ / / / / / |/ / | You can...