Home page logo
dailydave logo
Daily Dave Mailing List

This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.

List Archives


Latest Posts

Re: I am the reason we cannot have nice things on the Internet. Andreas Lindh (Oct 22)

I read that piece and thought it was quite well written. I also think that
you¹re wrong on several accounts.

First of all, the US is not the Internet. Saying that it¹s a good thing
that the US has "the most sophisticated cyber arsenal of any other country
on the planet² is just irrelevant in this context. You are addressing the
claim that the US is the biggest threat to the Internet, not to other
countries who happen to have a...

I am the reason we cannot have nice things on the Internet. Dave Aitel (Oct 22)
Article that dropped today. I have learned from the comments that I am
the reason we cannot have nice things:

Prepub Review Document:

Next week I'm going to give a talk here, available for beers/heckling!...

James Mickens and DJB Dave Aitel (Oct 20)
DJB's talk here: http://cr.yp.to/talks/2014.10.18/slides-djb-20141018-a4.pdf
Is like a much longer, more detailed, much less funny version of James
Micken's talk here: http://vimeo.com/95066828

Both of them are important to watch. This is your weekly reminder to
watch James' talk again!


Re: The Blue Pill of Threat Intelligence Curt Wilson (Oct 20)
It seems to me that leveraging internal telemetry for accurate and relevant
threat intelligence should be the first step. Anomalous traffic from a
central management server for PoS infrastructure to unknown FTP servers
should be a big red flag, for example. Implementing the proper
instrumentation and maintaining it adequately I would think should be a

I think back to one of the targeted threats -I believe it may have been
Duqu - that...

Re: The Blue Pill of Threat Intelligence Harry Hoffman (Oct 20)
Most of what I've seen is that the various threat intelligence feeds are
used more in line with how BL filters are used in email systems.

Folks are blocking things out-right based upon a certain confidence
level and then allowing the rest into their networks.

It doesn't mean that the traffic that wasn't on the BL doesn't get
inspected, it simply means there's less traffic to inspect.

Local logs may add to the threat...

Things That Have Already Happened - Cyber Pearl Harbor Dave Aitel (Oct 17)
Huawei is in the news again for trying to hack the NSA. I love this. I
wear my Huawei shirt proudly and often. And fellow DD subscriber Bill
Plummer has this beautiful Zen Koan to say:

“While Huawei <http://www.washingtontimes.com/topics/huawei/> is
challenged to respond to The Washington Times’ vague inquiry, the
suggestion that a globally-proven and trusted $40 billion vender of
commercial telecommunications gear would risk its very...

Re: The Blue Pill of Threat Intelligence Matthew Wollenweber (Oct 17)
Foremost, I love your observation that: "[threat intel products] offers
malware analysis, even though the massively expensive undertaking helps
nobody but the threat intelligence company, as it resells that information
to other customers. I find that who system/approach to be unethical and my
best to keep my employer out of those systems. However, threat intel can be
useful to enterprises in a variety of mechanisms. First, it provides...

Re: The Blue Pill of Threat Intelligence Zack Payton (Oct 17)
Happens all the time, we call it shiny object syndrome.
Some sexy new concept emerges claiming to be a silver bullet and the whole
industry shifts. I hear about people wanting to get access to threat intel
w/o even being able to do basic logging/patching/firewall management. In
reality, the majority of the work is setting up your environments to data
collectors with appropriate sources. Most people go down the road of
trying to shoehorn in...

Re: The Blue Pill of Threat Intelligence al bell (Oct 17)
I wonder how many organizations go down the (expensive and time consuming)
road of consuming external threat feeds before they have fully instrumented
their own internal high fidelity threat feeds.


Re: The Blue Pill of Threat Intelligence Zack (Oct 15)
Let me start with the statement that I have mad love for Dave. While I loved the article Dave and mostly agree with
you, I wanted to note a few things. To be completely fair, your article was written by someone selling something that
competes for budget dollars with av products and this email post is written by someone who consumes consumes data feeds
from an array of 'sensors' whether those sensors are vuln reports written by...

The Blue Pill of Threat Intelligence Dave Aitel (Oct 15)

In this article I go over "Threat Intelligence". And I'm a little hard
on it because I think it has to make a choice, and soon. In one hand, is
a pill that takes it down the road to AV-like financial success, but
strategic failure. And in the other hand, the current models are only
stepping stones towards offerings that provide true strategic

INFILTRATE: Speaker Profit Sharing Dave Aitel (Oct 15)
Every year we innovate the INFILTRATE <http://infiltratecon.org/>
conference itself - from mandatory speaker dry runs, to an OpenCFP that
lets the community decide on the speakers, to a Master Class that is
truly for masters.

This year we have more in store: we are going to give the speakers
13.37% of the profits from the Conference. We know that you as speakers
put in a lot of work to help the offensive information security

Announcing the first selected speaker for SyScan'15 Thomas Lim (Oct 15)
dear readers of DailyDave

I'm very pleased to announce the first selected speaker of SyScan'15.

James Forshaw of Project Zero will be presenting "A Link to the Past:
Abusing Symbolic Links on Windows"

** <https://twitter.com/SyScan>

Re: IMAP C&C channels have some massive advantages for attackers and penetration testers Curt Wilson (Oct 11)
We came across a short-lived SMTP-based C2 and/or exfil point from what
looked like a targeted ransomware campaign not long ago. However in this
case they simply used base64 which of course is the weak link

Re: OT: Scorpion TV show on CBS -- Tonight -- See real hacking tools in Hollywood Erik Pace Birkholz (Oct 11)
InfoSec Family,

Regardless if Hollywood got their BJJ hooks in and choked the hacking out
of the show; IMHO it's still a fun tv show and worth the space on your DVR.

I'd like to give a shout out; expressing my appreciation for the
significant effort Kristian spent trying to advise and educate television
writers/directors on the non-trivial realities of what we as an industry do
for a living.
He put a lot of work into creating...

More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]