Evrone is an engineering company successfully delivering high-quality digital products for more than nine years. With extensive experience in a wide range of modern software technologies, we are here to help you to design unique complex web projects and startups. Our websites: https://evrone.com/ https://evrone.ru
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
…
continue reading
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2007 was held August 1-3 in Las Vegas at Caesars Palace. Two days, sixteen tracks, over 95 presentations. Three keynote speakers: Richard Clarke, Tony Sager and Bruce Schneier. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-07/bh-usa-07-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and ...
…
continue reading
1
Дмитрий Шевченко [Surf] / PWA на Flutter из мобильного приложения
20:02
20:02
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
20:02
Доклад посвящен одной из злободневной теме, мы постараемся ответить на вопрос, как защитить мобильное приложение от удаления из сторов? В рамках доклада мы рассмотрим подход при котором мобильное приложение на Flutter без проблем можно запустить в вебе в режиме PWADe către From Evrone with love
…
continue reading
1
Андрей Хайлов [Evrone] / Многозадачность и многопоточность во Flutter
11:05
11:05
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
11:05
Dart — однопоточный а Flutter использует Dart. Тяжелые синхронные операции, работа с сетевыми запросами, конвертация данных. Все это отнимает драгоценное время на отрисовку интерфейса и следовательно влияет на производительность и частоту кадров. В докладе будет изложены основные принципы разделения сложных вычислений и вынесение их из главного пот…
…
continue reading
1
Александр Шерман [Самокат] / Ruby под нагрузкой, или меняем Puma на Falcon за неделю до релиза
14:27
14:27
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
14:27
Про Ruby редко говорят в контексте высоких нагрузок. C приходом всинхронных файберов в 3-й версии языка все поменялось, и самые смелые разработчики уже пробуют повторить успех FastAPI и Go в построении асинхронных систем с высоким RPS. Александр из "Самоката" расскажет про их смелые эксперименты, поделится цифрами и результатами.…
…
continue reading
1
Марсель Мустафин [UScreen] / Как мы еще не перешли с Vue.js на Hotwire
15:23
15:23
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
15:23
Hotwire было представлено вместе с 7-ми рельсами менее года назад, и мало кто уже попробовал технологию в проде. В UScreen - попробовали! Марсель расскажет, как много лет в компании искали устраивающий их стек фронтенд технологий, чем не утраивали существующие и почему так "зашел" Hotwire.De către From Evrone with love
…
continue reading
1
Дмитрий Матвеев [Поток.Диджитал] / Node.js for ruby developer - личный опыт
16:18
16:18
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
16:18
Есть легенда, что рубисты - фуллстеки и любой рубист может писать на JavaScript не только фронтенд, но и бэкенд. Подключайтесь к докладу Дмитрия Матвеева, который расскажет как это бывает: когда рубистам достается код на Node.js и надо что-то делать.De către From Evrone with love
…
continue reading
1
Александр Панасюк [СберМаркет] / Чиним отставание реплик, не меняя архитектуру ruby монолита
15:38
15:38
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
15:38
Хайлоад чаще всего приходит к нам, чтобы полакомиться базой данных. Но у нас есть ответы! Кеширование, денормализация, шардирование, реплици - каждый со своими достоинствами и недостатками. Александр из СберМаркета расскажет об одном из недостатков репликации: реплики могут отставать, и это не всегда можно игнорировать. Про некоторые способы борьбы…
…
continue reading
1
Анвар Туйкин и Михаил Поспелов [Toptal] / Сказ о неработающих гайдлайнах: Toptal, GraphQL и линтеры
16:22
16:22
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
16:22
Toptal это огромный монолит на Ruby: сотни разработчиков и миллионы написанных строк кода. Мы используем GraphQL, которого при таких масштабах тоже немало: больше 20 схем. Чтобы раз за разом не повторять типовых ошибок и писать похожий код, мы разработали правила "готовки" для GraphQL внутри компании. Но правила не работают сами по себе, поэтому в …
…
continue reading
1
Евгений Демин [Toptal] / ActiveRecord Schema Consistency - а если проверю?
11:49
11:49
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
11:49
Однажды Евгению из Toptal надоело находить ошибки неконсистентности между ActiveRecord и базой данных. Он сделал линтер, натравил его на всю кодовую базу и... Что было дальше он расскажет в новом эпизоде нашего подкаста.De către From Evrone with love
…
continue reading
1
Сергей Плешанов [Домклик] / Готовим крафтовые API-клиенты без головной боли
16:07
16:07
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
16:07
Генерация API клиентов - отдельное искусство. Множество подходов и решений без явного лучшего способа для всех. Сергей из Домлик расскажет про их собственный генератор, который разделяет код гемов на "сгенерированный", "общий для всех" и "написанный вручную для конкретного сервиса".De către From Evrone with love
…
continue reading
1
Дмитрий Клейменов [Evrone] / 3 попытки и 8 лет перехода с Ruby на Elixir
14:19
14:19
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
14:19
Elixir для рубистов - возможность создавать быстрые микросервисы "почти на руби". Но так ли легко освоить стек, уходящий своими корнями в не самый дружественный для программиста Erlang? Дмитрий из Evrone расскажет про свой путь в мир эликсира и что поджидает всех тех, кто хочет запилить очередной микросервис не на гошечке, а на чем-то более удобном…
…
continue reading
1
Егор Шморгун [Level Travel] / Чем dry-rb (не) полезен мне
17:27
17:27
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
17:27
Каждый год на RubyRussia собирается больше тысячи рубистов. Зачем? Чтобы поговорить про разработку! Спикеры помогают направить обсуждение в выбранные темы, одна из которых - dry-rb. Егор из Level Travel расскажет, что лично ему нравится и не нравится в этом "швейцарском ноже паттернов" и вместе с вами обсудит границы применимости dry в наших проект…
…
continue reading
1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
1:13:39
1:13:39
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:13:39
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …
…
continue reading
1
Gadi Evron: Estonia: Information Warfare and Strategic Lessons
1:13:39
1:13:39
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:13:39
In this talk we will discuss what is now referred to as "The 'first' Internet War" where Estonia was under massive online attacks for a period of three weeks, following tensions with the local Russian population. Following a riot in the streets of Tallinn, an online assault begun, resulting in a large-scale coordination of the Estonian defenses on …
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 2
1:12:12
1:12:12
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:12:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
1
HD Moore & Valsmith: Tactical Exploitation-Part 2
1:12:12
1:12:12
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:12:12
Penetration testing often focuses on individual vulnerabilities and services. This talk introduces a tactical approach that does not rely on exploiting known vulnerabilities. Using combination of new tools and obscure techniques, I will walk through the process of compromising an organization without the use of normal exploit code. Many of the tool…
…
continue reading
1
Jon Callas: Traffic Analysis -- The Most Powerful and Least Understood Attack Methods
51:51
51:51
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
51:51
Traffic analysis is gathering information about parties not by analyzing the content of their communications, but through the metadata of those communications. It is not a single technique, but a family of techniques that are powerful and hard to defend against. Traffic analysis is also one of the least studied and least well understood techniques …
…
continue reading
1
Dan Kaminsky: Black Ops 2007: Design Reviewing The Web
55:14
55:14
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
55:14
Design bugs are really difficult to fix -- nobody ever takes a dependency on a buffer overflow, after all. Few things have had their design stretched as far as the web; as such, I've been starting to take a look at some interesting aspects of the "Web 2.0" craze. Here's a few things I've been looking at: Slirpie: VPN'ing into Protected Networks Wit…
…
continue reading
1
Krishna Kurapati: Vulnerabilities in Wi-Fi/Dual-Mode VoIP Phones
1:10:32
1:10:32
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:10:32
Dual-mode phones are used to automatically switch between WiFi and cellular networks thus providing lower costs, improved connectivity and a rich set of converged services utilizing protocols like SIP. Among several other VoIP products and services, Sipera VIPER Lab conducted vulnerability assessment on a sample group of dual-mode/Wi-Fi phones and …
…
continue reading
1
Mikko Hypponen: Status of Cell Phone Malware in 2007
1:08:35
1:08:35
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:08:35
First real viruses infecting mobile phones were found during late 2004. Since then, hundreds of different viruses have been found, most of them targeting smartphones running the Symbian operating system. Mobile phone viruses use new spreading vectors such as Multimedia messages and Bluetooth. Why is this mostly a Symbian problem? Why hasn't Windows…
…
continue reading
1
Greg Hoglund: Active Reversing: The Next Generation of Reverse Engineering
1:06:23
1:06:23
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:06:23
Most people think of reverse engineering as a tedious process of reading disassembled CPU instructions and attempting to predict or deduce what the original 'c' code was supposed to look like. This process is difficult, time consuming, and expensive, but it doesn't need to be. Software programs can be made to reverse engineer themselves. Software, …
…
continue reading
1
Dr. Neal Krawetz: A Picture's Worth...
48:37
48:37
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
48:37
Digital cameras and video software have made it easier than ever to create high quality pictures and movies. Services such as MySpace, Google Video, and Flickr make it trivial to distribute pictures, and many are picked up by the mass media. However, there is a problem: how can you tell if a video or picture is showing something real? Is it compute…
…
continue reading
1
Adam Laurie: RFIDIOts!!!- Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)
1:13:07
1:13:07
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:13:07
RFID is being embedded in everything...From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them...De către feedback@blackhat.com (Black Hat RSS Feed)
…
continue reading
1
Dr. Andrew Lindell: Anonymous Authentication-Preserving Your Privacy Online
1:02:26
1:02:26
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:02:26
Our right to privacy is under attack today. Actually, no one denies our right to privacy. However, in reality, this right is being eroded more and more as every minute passes. Some of this has to do with the war on terror, but much of it simply has to do with the fact that our online actions can and are being recorded in minute detail. In this pres…
…
continue reading
1
David Litchfield: Database Forensics
1:03:44
1:03:44
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:03:44
Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow. In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen - the largest known breach so far. In 2006 there were…
…
continue reading
1
John Heasman: Hacking the extensible Firmware Interface
52:09
52:09
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
52:09
Macs use an ultra-modern industry standard technology called EFI to handle booting. Sadly, Windows XP, and even Vista, are stuck in the 1980s with old-fashioned BIOS. But with Boot Camp, the Mac can operate smoothly in both centuries." - Quote taken from http://www.apple.com/macosx/bootcamp/ The Extensible Firmware Interface (EFI) has long been tou…
…
continue reading
1
David Maynor & Robert Graham: Simple Solutions to Complex Problems from the Lazy Hacker?s Handbook: What Your Security Vendor Doesn?t Want You to Know .
50:31
50:31
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
50:31
Security is very hard these days: lots of new attack vectors, lots of new acronyms, compliance issues, and the old problems aren?t fading away like predicted. What?s a security person to do? Take a lesson from your adversary... Hackers are famous for being lazy -- that?s why they?re hackers instead of productive members of society. They want to fin…
…
continue reading
1
Haroon Meer & Marco Slaviero: It's all about the timing
1:13:22
1:13:22
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:13:22
It's all about the timing... Timing attacks have been exploited in the wild for ages, with the famous TENEX memory paging timing attack dating back to January of 1972. In recent times timing attacks have largely been relegated to use only by cryptographers and cryptanalysts. In this presentation SensePost analysts will show that timing attacks are …
…
continue reading
1
Luis Miras: Other Wireless: New ways of being Pwned
1:02:59
1:02:59
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:02:59
There are many other wireless devices besides Wifi and Bluetooth. This talk examines the security of some of these devices, including wireless keyboards, mice, and presenters. Many of these devices are designed to be as cost effective as possible. These cost reductions directly impact their security. Examples of chip level sniffing will be shown as…
…
continue reading
1
Ben Feinstein & Daniel Peck: CaffeineMonkey: Automated Collection, Detection and Analysis of Malicious JavaScript
1:00:18
1:00:18
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:00:18
The web browser is ever increasing in its importance to many organizations. Far from its origin as an application for fetching and rendering HTML, today?s web browser offers an expansive attack surface to exploit. All the major browsers now include full-featured runtime engines for a variety of interpreted scripting languages, including the popular…
…
continue reading
1
Jim Christy: Meet the Feds
1:13:48
1:13:48
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:13:48
Discussion of the power of Digital Forensics today and the real-world challenges. Also discuss the Defense Cyber Crime Center (DC3) and the triad of organizations that comprise DC3; The Defense Computer Forensics Lab, the Defense Cyber Crime Institute, and the Defense Cyber Investigations Training Academy. The evolving discipline of cyber crime inv…
…
continue reading
1
Tony Sager: KEYNOTE: The NSA Information Assurance Directorate and the National Security Community
46:15
46:15
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
46:15
The Information Assurance Directorate (IAD) within the National Security Agency (NSA) is charged in part with providing security guidance to the national security community. Within the IAD, the Vulnerability Analysis and Operations (VAO) Group identifies and analyzes vulnerabilities found in the technology, information, and operations of the Depart…
…
continue reading
1
Bruce Schneier: KEYNOTE: The Psychology of Security
49:21
49:21
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
49:21
Security is both a feeling and a reality. You can feel secure without actually being secure, and you can be secure even though you don't feel secure. In the industry, we tend to discount the feeling in favor of the reality, but the difference between the two is important. It explains why we have so much security theater that doesn't work, and why s…
…
continue reading
1
Pedram Amini & Aaron Portnoy: Fuzzing Sucks! (or Fuzz it Like you Mean it!)
1:13:03
1:13:03
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:13:03
Face it, fuzzing sucks. Even the most expensive commercial fuzzing suites leave much to be desired by way of automation. Perhaps the reason for this is that even the most rudimentary fuzzers are surprisingly effective. None the less, if you are serious about fuzz testing in as much a scientific process as possible than you have no doubt been disapp…
…
continue reading
1
Brandon Baker: Kick Ass Hypervisoring: Windows Server Virtualization
59:03
59:03
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
59:03
Virtualization is changing how operating systems function and how enterprises manage data centers. Windows Server Virtualization, a component of Windows Server 2008, will introduce new virtualization capabilities to the Windows operating system. This talk will focus on security model of the system, with emphasis on design choices and deployment con…
…
continue reading
1
Rohyt Belani & Keith Jones: Smoke 'em Out!
1:20:42
1:20:42
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:20:42
Tracing a malicious insider is hard; proving their guilt even harder. In this talk, we will discuss the challenges faced by digital investigators in solving electronic crime committed by knowledgeable insiders. These challenges will be presented in light of three real world investigations conducted by the presenters. The focus of this talk will on …
…
continue reading
1
Yoriy Bolygin: Remote and Local Exploitation of Network Drivers
1:14:40
1:14:40
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:14:40
During 2006 vulnerabilities in wireless LAN drivers gained an increasing attention in security community. One can explain this by the fact that any hacker can take control over every vulnerable laptop of entire enterprise without any "visible" connection with those laptops and execute a malicious code in kernel. This work describes the process behi…
…
continue reading
1
Jamie Butler & Kris Kendall: Blackout: What Really Happened...
1:10:25
1:10:25
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:10:25
Malicious software authors use code injection techniques to avoid detection, bypass host-level security controls, thwart the efforts of human analysts, and make traditional memory forensics ineffective. Often a forensic examiner or incident response analyst may not know the weaknesses of the tools they are using or the advantage the attacker has ov…
…
continue reading
1
David Byrne: Intranet Invasion With Anti-DNS Pinning
53:54
53:54
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
53:54
Cross Site Scripting has received much attention over the last several years, although some of its more ominous implications have not received much attention. Anti-DNS pinning is a relatively new threat that, while not well understood by most security professionals, is far from theoretical. This presentation will focus on a live demonstration of an…
…
continue reading
1
Stephan Chenette & Moti Joseph: Defeating Web Browser Heap Spray Attacks
35:27
35:27
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
35:27
In 2007 black hat Europe a talk was given titled: "Heap Feng Shui in JavaScript" That presentation introduced a new technique for precise manipulation of the browser heap layout using specific sequences of JavaScript allocations. This allowed an attacker to set up the heap in any desired state and exploit difficult heap corruption vulnerabilities w…
…
continue reading
1
Brian Chess, Jacob West, Sean Fay & Toshinari Kureha: Iron Chef Blackhat
57:41
57:41
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
57:41
Get ready for the code to fly as two masters compete to discover as many security vulnerabilities in a single application as possible. In the spirit of the Food Network?s cult favorite show, Iron Chef, our Chairman will reveal the surprise ingredient (the code), and then let the challenger and the ?Iron Hacker? face off in a frenetic security battl…
…
continue reading
1
Jennifer Granick: Disclosure and Intellectual Property Law: Case Studies
1:13:44
1:13:44
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:13:44
The simple decision by a researcher to tell what he or she has discovered about a software product or website can be very complicated both legally and ethically. The applicable legal rules are complicated, there isn?t necessarily any precedent, and what rules there are may be in flux. In this presentation, I will use Cisco and ISS's lawsuit against…
…
continue reading
1
David Coffey & John Viega: Building an Effective Application Security Practice on a Shoestring Budget
1:07:57
1:07:57
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:07:57
Software companies inevitably produce insecure code. In 2006 alone, CERT has recognized over 8,000 published vulnerabilities in applications. Attackers were previously occupied by the weaker operating systems and have moved on to easier targets: applications. What makes this situation worse, is the weaponization of these exploits and the business d…
…
continue reading
1
Job De Haas: Side Channel Attacks (DPA) and Countermeasures for Embedded Systems
1:19:23
1:19:23
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:19:23
For 10 years Side Channel Analysis and its related attacks have been the primary focus in the field of smart cards. These cryptographic devices are built with the primary objective to resist tampering and guard secrets. Embedded systems in general have a much lower security profile. This talk explores the use and impact of Side Channel Analysis on …
…
continue reading
1
Jared DeMott, Dr. Richard Enbody & Dr. Bill Punch: Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing
40:05
40:05
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
40:05
Runtime code coverage analysis is feasible and useful when application source code is not available. An evolutionary test tool receiving such statistics can use that information as fitness for pools of sessions to actively learn the interface protocol. We call this activity grey-box fuzzing. We intend to show that, when applicable, grey-box fuzzing…
…
continue reading
1
Barrie Dempster: VOIP Security
44:32
44:32
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
44:32
As VoIP products and services increase in popularity and as the "convergence" buzzword is used as the major selling point, it's time that the impact of such convergence and other VoIP security issues underwent a thorough security review. This presentation will discuss the current issues in VoIP security, explain why the current focus is slightly wr…
…
continue reading
Tor project, an anonymous communication system for the Internet that has been funded by both the US Navy and the Electronic Frontier Foundation.De către feedback@blackhat.com (Black Hat RSS Feed)
…
continue reading
1
Mark Dowd, John Mcdonald & Neel Mehta: Breaking C++ Applications
1:15:15
1:15:15
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:15:15
This presentation addresses the stated problem by focusing specifically on C++-based security, and outlines types of vulnerabilities that can exist in C++ applications. It will examine not only the base language, but also covers APIs and auxillary functionality provided by common platforms, primarily the contemporary Windows OSs. The topics that wi…
…
continue reading
1
Joel Eriksson & Panel: Kernel Wars
1:13:34
1:13:34
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:13:34
Kernel vulnerabilities are often deemed unexploitable or at least unlikely to be exploited reliably. Although it's true that kernel-mode exploitation often presents some new challenges for exploit developers, it still all boils down to ""creative debugging"" and knowledge about the target in question. This talk intends to demystify kernel-mode expl…
…
continue reading
1
Justin N. Ferguson: Understanding the Heap by Breaking It: A Case Study of the Heap as a Persistent Data Structure Through Non-traditional Exploitation Techniques
47:13
47:13
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
47:13
Traditional exploitation techniques of overwriting heap metadata has been discussed ad-nauseum, however due to this common perspective the flexibility in abuse of the heap is commonly overlooked. This presentation examines a flaw that was found in several popular open-source applications including mod_auth_kerb (Apache Kerberos Authentication), Sam…
…
continue reading
1
Kevvie Fowler: SQL Server Database Forensics
1:04:22
1:04:22
Redă mai târziu
Redă mai târziu
Liste
Like
Plăcut
1:04:22
Databases are the single most valuable asset a business owns. Databases store and process critical healthcare, financial and corporate data, yet businesses place very little focus on securing and logging the underlying database transactions. As well, in an effort to trim costs, many organizations are consolidating several databases on to single mis…
…
continue reading