This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by ImmunitySec founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.
Dave Aitel (Mar 11)
So the thing about being advanced enough is that you don't really have
to be persistent in any normal sense of the word. Nobody has pointed out
how the first stage of the NSA shellcode (as leaked by "backgrounded by
the Constitution and definitely not at all a narcissist" Snowden) just
avoids executing anything on systems protected by HIPS. Imagine if you
were so good at your job you could ignore targets you already had
NotSoSecure CTF [April 18th to 20th 2014]
Sumit Siddharth (Mar 11)
After the huge success of our first CTF, I am pleased to announce that we
will be hosting the 2nd public CTF in April.
More details and registration page can be found here:
Upcoming NotSoSecure events:
Black Hat 2014, Las Vegas:
Give it a WHRL: Web Hacking Language Review
Alex McGeorge (Mar 06)
Hello again List,
Web application vulnerabilities like padding oracle can be difficult to
get a handle on. This is doubly true if you're struggling with some of
the underlying concepts and languages in use. We've decided to address
this by providing a whole day to review: HTTP Protocol, Linux command
This knowledge directly supports the things you learn in the web...
Linux recvmmsg privilege escalation exploit
Alex McGeorge (Mar 06)
There's been a lot of public work on the Linux recvmmsg local privilege
escalation (CVE-2014-0038) and there are some nice public exploits
available for it. Like any consumer though, I've realized the exploit
game is really a features race. Our exploit for this bug is quick, like
returning shells in under 30 seconds quick. It also doesn't require
symbols which makes it more portable. And we've tested it to work on...
Re: Line Dancing.
Halvar Flake (Mar 06)
while "everything is on the table", the most frightening prospect for the other side may be leaning on
some friendly countries to help lower the oil price to below 70 USD per barrel for a while. And forcing your opponent
to fall back onto pre-80's technology is a less scary threat when the opponent's technology is from the late 70's
Alternatively, it is entirely possible to exhume a few experts that...
dan (Mar 05)
Perhaps of relevance here.
We Are All Intelligence Officers Now
invited address to the RSA Conference, San Francisco, 28 February 2014
Dave Aitel (Mar 05)
One thing I like about Crimea is that if you squint hard enough, you can
see the cyber battle and it's a battle of restraint.
To wit: a while back the Syrian Electronic Army tweeted about messing
with the SCADA systems for a power system. Doing this sort of thing
kills innocent people, and the US has drawn a line there that says "If
you go there, very bad things will happen to you, possibly we will just
let the Isrealis kill you one by...
Thomas J. Quinlan (Mar 05)
One of the trends I looked at when I was giving a talk at Info Crime
in London is that "Big Data" will actually become "Huge Data". Think
of everything that people are monitoring now - and then think about
what they will be monitoring in even just a year's time.
One of the most important things most people are not monitoring is SSL
- with the new SSL visibility initiatives that most companies are
al bell (Mar 03)
The approach taken by many is to focus on quantity (big data) instead
of quality (right data). Knowing where and how to instrument at the
different layers is an art which is not being taught anywhere. DevOps
has improved the effectiveness of software deployments. There is no
reasonably good equivalent, no SecOps built with a similar mindset.
Dan Guido (Mar 03)
I explicitly challenged this notion ("the defender's dilemma") in research
I presented a few years back (http://www.trailofbits.com/research/#eip).
Attackers have limited resources and can't afford to invest equally in
every potential opportunity for exploitation, persistence, C2, etc. You
start to make tradeoffs about which ones work in the most situations or
satisfy other requirements you have. It's as applicable to...
Dominique Brezinski (Mar 03)
SO true Dave. The defender's dilemma is not that they have to protect
everything as you note. The dilemma is choosing the instrumentation that as
syntactically as simple as possible while being semantically rich enough to
indicate (I intentionally do not use the word describe) a majority, if not
all, meaningful attack activity in the environment. An old friend taught me
that, which he learned from his advisor. That is your just enough data...
Re: Drinking the Cool-aid
Andre Gironda (Mar 03)
opinion as to why you say this. I think using authenticated scanners is an
excellent way to identify:
report to the console that a host is patched; however, the scan proved that
a given patch failed to apply.
Hello again, Joe. Good times convo ;>
If the goal is patch management, why not move everything to virtual
infrastructure and utilize a hypervisor or host VM mechanism to verify
patch level and bring up to spec? Same question for...
Dave Aitel (Mar 03)
One rather facetious saying that has annoyed everyone for a while is the
whole "defenders have to protect everything, attackers just have to get
in once" meme. If you talk to defenders who are "leading" with new
technologies and techniques, the difference really does blur quite a
bit. I was happily surprised at the Tenable offsite to hear their big
customers describe their continuous monitoring and SIEM analytics
Re: Drinking the Cool-aid
Eggensperger, Roy E (Mar 03)
Can you expand on this a bit more? I would be interested to hear your opinion as to why you say this. I think using
authenticated scanners is an excellent way to identify:
1. Computers missed by the patch management process.
2. Effectiveness of patch management process. I've seen patch products report to the console that a host is patched;
however, the scan proved that a given patch failed to apply.
3. Client software not managed and...
Peeing in your own pool
Dave Aitel (Mar 03)
One thing people always ask whenever something like Crimea gets invaded
is about the information warfare angle on it. But if I've heard it once,
I've heard it a thousand times: Only terrible hackers hack in response
to current events. If you know anything at all about hacking you know
that if you want any level of success at all you have to hide your
intent and control your timing.
Reacting to current events is thus always, always,...
Dozens of other network security lists are archived at