Nov 4, 2013
Description: Extracts and outputs HTML/JS comments from HTTP responses. Why would someone use the tool or technique ? : "The attached script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information may be present within HTML comments. While this does not necessarily represent a breach in security, it can give an attacker leverage useful for exploitation."
Oct 16, 2013
Jack's rantapocalypse, popping penguins, the Yahoo bounty, Paul wants a new phone and the Blackhole kit guy goes down. We think.
Oct 12, 2013
Heather Mahalik is a senior digital forensics analyst at Basis Technology. As the on-site project manager, she uses her experience to manage the cell phone exploitation team and supports media and cell phone forensics efforts in the U.S. government. Heather is a certified SANS instructor and teaching the upcoming course Advanced Smartphone and Mobile Device Forensics.
Oct 12, 2013
Thierry has 14 years experience in information security, designing resistant architectures and systems, managing development and information security teams, ISM policies and high profile penetration tests. Thierry has a security blog over at blog.zoller.lu . Thierry is currently now working as a Practice Lead for Threat and Vulnerability Management at Verizon Business.
Oct 7, 2013
The team goes off on some pretty big tangents this week and does a lot more rambling than actual discussion of stories. However, they did get in talk about DerbyCon, the Yahoo bug bounty and a couple of hacks this week. If you're not hardcore about having the whole segment about published security articles, you might enjoy this on as well.
Oct 6, 2013
Jared DeMott has spoken at security conferences such as Black Hat, Defcon, ToorCon, Shakacon, DakotaCon, GRRCon, and DerbyCon. He is active in the security community by teaching his Application Security course, and has co-authored a book on Fuzzing.
Oct 4, 2013
Jaime enjoys long walks on the beach while his computer equipment is busy fuzzing software, cracking passwords, or spidering the internet. He's also the creator of the gitDigger project as well as staff of DEFCON's wireless village.
Sep 26, 2013
Vivek Ramachandran is a world renowned security researcher and evangelist. His expertise includes computer and network security, exploit research, wireless security, computer forensics, embedded systems security, compliance and e-Governance. He is the founder of Security Tube and Pentester Academy .
Sep 26, 2013
Before the gang heads off for Derby Con, we still have the stories of the week. Paul, Greg and Patrick are here to talk about Shodan searches, Dropbox opening your docs, 10 things to never say during a presentation and a whole lot more!
Sep 13, 2013
The last segment from episode 345 features Dave, Martin, Adrian and Nick, the DerbyCon organizers to talk about the upcoming third edition of their conference in Louisville. Find out how they planned it to be bigger and better this year! Plus, a couple stories of the week!
Sep 13, 2013
Pete Finnigan works as an independent Oracle security consultant for his own company PeteFinnigan.com Limited . Pete specializes in performing detailed Oracle security IT Health checks against Oracle databases using a detailed methodology developed by Pete from many years of experience in securing databases.
Sep 13, 2013
Rich has twenty years experience in information security, physical security, and risk management. He is the founder of Securosis and specializes in data security, application security, emerging security technologies, and security management.
Sep 9, 2013
Want to try to scam John Strand? That might not be the best of ideas. Burp got updated, Rsnake's "joke", opting out to watch porn, 5 Guys Burgers on security and maybe a new way to prevent CSRF.
Sep 9, 2013
Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He relaunched the security blog ThreatChaos.com and is the founder of IT-Harvest.
Sep 5, 2013
You got Paul and Larry this week as they take you through all the fun that is hacking geolocators, Java 6, getting sudo on an OSX machine, and a great story from the pentesting field by Larry. Plus a whole lot more!
Sep 5, 2013
Carlos Perez is also known as @DarkOperator, He spends his time reverse engineering, and practicing PowerShell Kung-Fu. Known by his motto "Shell is only the Beginning".
Sep 4, 2013
Ira Winkler, CISSP is President of Secure Mentem. Ira is one of the foremost experts in the human elements of cyber security and is known for the extensive espionage and social engineering simulations that he has conducted for Fortune 500 companies globally, and has been named a “Modern Day James Bond” by the media.
Sep 4, 2013
Matt is a long time volunteer of BruCon and is going to let us know all the great things in store for 2013.
Aug 28, 2013
Philip Young, aka Soldier of Fortran, is a mainframe phreak! His love of mainframes goes back to when he watched Tron, wide eyed, for the first time. Though it would be decades until he actually got his hands on one he was always interested in their strangeness. Phil has always been in to security since his days as a sysop and playing around on Datapac (the Telenet of Canada). Some people build toy trains, others model airplanes, but Phil's hobby is mainframe security.
Aug 28, 2013
Zach will be going over how he does research on exploiting embedded systems and his exploit development framework bowcaster. Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation techniques targeting embedded systems and network infrastructure. Since 2003, Zach has worked either directly for or with the National Security Agency in various capacities. Before embracing a lifestyle of ripped jeans and untucked shirts, he spent six years in the US Air Force, parting ways at the rank of Captain. Zach holds an undergraduate degree from Texas A&M University and a master's degree from Johns Hopkins University.
Aug 28, 2013
From the Bradley Manning sentencing to DDOSing your former employer, the guys at PSW cover all the interesting stories of the week.
Aug 16, 2013
Trying to wake up sleeping babies through hacking the baby monitor. Fire in the studio. Male to male plugs. Updating your pooty...and firefox. Fun ways to log in to your Leap Motion controlled Windows box and the iLO authentication bypass. Plus more on this week's Drunken Security News!
Aug 16, 2013
Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of Privacy on the Line: The Politics of Wiretapping and Encryption