Sophisticated threats and thinking like the attacker
Sophisticated attackers are making us think differently about how we approach security. They are methodical, persistent, creative and often times well funded. Approaching …
Controlling the physical world with BacNET attack framework
The integration of computer technology to monitor the inner works of large office buildings, factories and plants has been evolving for years. These types of systems are often …
The cloud: Storms on the horizon
At its heart, the cloud is really just shorthand for shared resources. The cloud is regularly touted as the answer to all of your IT woes. But, beyond the marketing pitches …
Generalized single packet authorization for cloud computing environments
Cloud computing environments such as those provided by Amazon and Google can be your passport to powerful computing resources without having to worry about typical …
DIY: Using trust to secure embedded projects
This talk from Shmoocon 2013 provides a DIY guide to using Trusted Computing on embedded devices. The authors introduce a low-cost schematic using Atmel’s CryptoModule …
Defending the Internet at scale
A decade ago, engineers tackled the C10K scalability problems that prevented servers from handling more than 10,000 concurrent connections. This problem was solved by fixing …
SCADA security
Amol Sarwate is the Director of Vulnerability Labs at Qualys. In this video, recorded at RSA Conference 2013, Sarwate introduces SCADA security.
OpenStack security brief
This video from Shmoocon 2013 is a break down of security concerns relating to OpenStack cloud software. OpenStack is an open source IaaS solution compatible with Amazon EC2 / …
The Computer Fraud and Abuse Act: Swartz, Auernheimer, and beyond
The Computer Fraud and Abuse Act is controversial for its broad reach and potential for misuse. In this video from Shmoocon 2013, Professor Orin Kerr and Marcia Hofmann from …
Malware analysis: Collaboration, automation and training
Whether you’re a novice or a professional at analyzing malicious code, you’ll have a desire to learn or pass on that skill. Most malicious code analysis is …
Attacking SCADA wireless systems
Leased lines are recurring costs throughout the power grid. The bottom line demands the use of wireless solutions where possible. Dare we? We already do. The video below, …
Strategies of a world-class computer security incident response team
Today’s Computer Security Incident Response Team (CSIRT) should have everything they need to mount a competent defense of the ever-changing IT enterprise: a vast array …