Daily Dave

Syndicate content
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Updated: 3 sec ago

Re: Command And Control

26 March, 2020 - 09:59

Posted by Moses Frost on Mar 26

As I sit here in my pseudo shelter in place status about 40 miles north of
you, I am releasing all of my long held thoughts of the past as I mindly
remote work in front of a WebEx/Zoom/Slack/GoToMeeting/etc hoping to
contact with actual lifeforms one day outside of the few that I live with.
While all this is happening I was mulling over the realization of a few
things.

1. The biggest threat to an organization happened during the big migration...

Command And Control

25 March, 2020 - 15:10

Posted by Dave Aitel on Mar 25

I just listened to a webinar on threat hunting. It's a thing you can do.
Anyways, at one point the presenter talked about how he really preferred to
threat hunt by looking at network protocols for threat hunting, and he
focused on beaconing and C2.

Every time someone says that, I flash back to this amazing post from
BitDefender, which is about how Flame did C2 over USB....

Re: The best bugclass is whatever the defender is most mentally invested in

25 March, 2020 - 08:32

Posted by Laura on Mar 25

ESSAY: What if AI waged war?

The Fatal Flaw
<https://jessicaanneeise.files.wordpress.com/2019/05/what-if-ai-waged-war_eise_creative-writing.pdf
>,
by Jessica Eise (Short Story)

For your ears!

24 March, 2020 - 14:13

Posted by Dave Aitel on Mar 24

I don't even know how to promote this, because it seems narcissistic in the
extreme. But if you want to make fun of me with gritty details, or hear a
secret history of the NSA, you should peruse this podcast that Ryan Naraine
did last week! :)

https://securityconversations.fireside.fm/dave-aitel-immunity

-dave

Hackers 2 Hackers Conference 17th Edition Call For Papers

23 March, 2020 - 12:24

Posted by Rodrigo Rubira Branco (BSDaemon) on Mar 23

CALL FOR PAPERS - Hackers 2 Hackers Conference 17th edition

The call for papers for H2HC 17th edition is now open.  H2HC is a hacker
conference taking place in Sao Paulo, Brazil, on 24th and 25th of
October 2020.

[ - INTRODUCTION - ]

For another consecutive year and past success we have been having, the
annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
on 24 and 25 of October of 2020 and aims to get together industry,...

Re: The best bugclass is whatever the defender is most mentally invested in

23 March, 2020 - 12:23

Posted by Konrads Smelkovs on Mar 23

Big shame most of list don’t read In Russian else I would recommend works
by Victor Pelevin who in his fiction describes sharply a variety of ways
how to screw up a society using weaponised narratives.

In one of his works - “Heavenly sutras of Al-EfesBee” he describes AI
drones who must produce a small talk show using virtual hosts who agnosise
over the drone strike justifying it and disagreeing - all to placate public
at home. Al-EfEsbee...

Big Moods about the Cyberspace Solarium

5 March, 2020 - 14:00

Posted by Dave Aitel on Mar 05

[image: image.png]
(
https://carnegieendowment.org/2020/03/04/cyberspace-solarium-commission-international-impact-event-7293
)

There are roughly one million podcasts about the Cyberspace Solarium
Project where members of the team "hint" at their recommendations, which
come out next week. The Youtube video above has some of the best and
funniest bits (thanks largely to Ellen Nakashima's great pushbacks on the
all-too-obvious BS),...

The best bugclass is whatever the defender is most mentally invested in

4 March, 2020 - 19:58

Posted by Dave Aitel on Mar 04

A decade or so ago I got pneumonia and then tried to give a talk about why
attackers tend to win
<https://www.youtube.com/watch?v=p1zSlUBfSUg&list=PLIrw3NtUvbxPffyw9LvE-NnWwxPJarF2V&index=1>
at cyber stuff. The usual answer you will hear, the *RSAC* answer, if you
will, is total BS. If someone says "Attackers only need to get in once, but
defenders need to succeed every time!" then they are officially a moron and
it's...

INFILTRATE!

2 March, 2020 - 15:13

Posted by Dave Aitel on Mar 02

So it's a fun time to organize a conference of global attendees and
speakers! :) But while we track COVID carefully, I wanted to highlight one
of our sponsors you may not know about: ZecOps <https://www.zecops.com/>.
I've, of course, followed Zuk Avraham and co for a while (as many of you
have on the twitters <https://twitter.com/ihackbanme>), but we're happy to
have them sponsoring INFILTRATE
<...

RootedCON 2020 - Registration, Trainings, Speakers and Hacker Night

16 February, 2020 - 16:09

Posted by omarbv on Feb 16

______ _ _ ____ ___ _ _
/ / _ \ ___ ___ | |_ ___ __| |/ ___/ _ \| \ | |
/ /| |_) / _ \ / _ \| __/ _ \/ _` | | | | | | \| |
/ / | _ < (_) | (_) | || __/ (_| | |__| |_| | |\ |
/_/ |_| \_\___/ \___/ \__\___|\__,_|\____\___/|_| \_|

Rooted CON 2020 will be held from 5th to 7th 2020 in Kinepolis cinemas
in Madrid (Spain). All talks are both in English and Spanish as there is
simultaneous translation (...