Daily Dave

Syndicate content
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Updated: 9 min 2 sec ago

The Past is not the Past

17 May, 2019 - 09:22

Posted by Dave Aitel on May 17

https://techblog.mediaservice.net/2019/05/raptor-at-infiltrate-2019/ <--Marco
Ivaldi's blogpost on INFILTRATE.

I would go into more depth in this email but I feel like you should just go
read his post and watch his talk: https://vimeo.com/335197685.

-dave

Video Teleconferencing for Fun and Profit

14 May, 2019 - 08:47

Posted by Dave Aitel on May 14

We were not going to release videos in this order, but since for some
reason everyone is suddenly interested in the security of various video
teleconferencing software, here is
Natalie Silvanovich's hilarious talk on the subject from just a couple
weeks ago at INFILTRATE 2019!
https://vimeo.com/335950239

Of course, if you want to attend or sponsor INFILTRATE 2020, now is the
time to get in (just email infiltrate () immunityinc com)! Diamond...

SPECTRE

16 April, 2019 - 10:57

Posted by Dave Aitel on Apr 16

There's a bunch of stuff in the new SPECTRE CANVAS Module for Windows that
I can't go into, partially to avoid boring a large segment of this mailing
list with implementation details, and partially because everyone should
just buy CANVAS and read the code. :)

But one thing I think people forget is that in back in the day when
everyone wrote 0day you'd often see months get spent on one bug, often from
multiple teams who solved the...

The Gods of Malice

15 April, 2019 - 10:12

Posted by Dave Aitel on Apr 15

So if you have not, I highly recommend watching the first two episodes of
our INFILTRATE 2019 series:

https://vimeo.com/322257258 (Part 1: XANADU)
https://vimeo.com/329589102 (Part 2: Rise of the Demiurge)

One major thing Infiltrate does differently is the Dry Runs that we have
every speaker do. There are a lot of advantages to this but one advantage
of watching every talk over two weeks time and thinking hard to provide
good feedback is that...

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

11 April, 2019 - 08:56

Posted by Rodrigo Rubira Branco (BSDaemon) on Apr 11

CALL FOR PAPERS - Hackers 2 Hackers Conference 16th edition

The call for papers for H2HC 16th edition is now open. H2HC is a hacker
conference taking place in Sao Paulo, Brazil, on 26th and 27th of
October 2019.

[ - INTRODUCTION - ]

For another consecutive year and past success we have been having, the
annual Hackers 2 Hackers Conference will be held again in Sao Paulo,
on 26 and 27 of october of 2019 and aims to get together industry,...

Re: CVSS is the worst compression algorithm ever

11 April, 2019 - 08:54

Posted by Christian Heinrich on Apr 11

Dave,

For the record, Bruce from https://www.first.org/members/teams/oracle
represented their feedback to cvss-sig () lists first org

Please refer to the "Addition Of Partial+ Rating" section of
https://www.oracle.com/technetwork/topics/security/cvssscoringsystem-091884.html
under "CVSS Version 2.0" heading.

Please refer to "3.7. Vulnerability Chaining" section of
https://www.first.org/cvss/user-guide

Manual vs Automated analysis

4 April, 2019 - 09:05

Posted by Dave Aitel on Apr 04

I think looking at the entire suite of reverse engineering tools available
(Ghidra/IDAPro/Binary Ninja/R2/etc) now is exciting in the sense that they
all have different philosophies from the beginning design. However, since
I'm not a full time reverser anymore, I wanted to talk to the team over at
Vector35 about it, and we did it on WebEx so you can listen in. :)

Some topics covered (and illustrated by the below screenshot) include:

-...

t2'19: Call For Papers 2019 (Helsinki, Finland)

3 April, 2019 - 07:21

Posted by Tomi Tuominen on Apr 03

#
# t2'19 - Call For Papers
# We’re back. October 24-25 in Helsinki. CFP and ticket sales are now open.
#

Looking for an event worthy of your 0days or world class research? Prefer conference disclosure over jumping through
hoops with uninterested vendors? Worried of sponsors doing shady backroom deals to block your talk? We’ve got your
back. As an independent, vendor-neutral, practically-non-profit conference we value freedom of...