One of the most successful drive-by attack toolkits available to cyber criminals, Black Hole is dominating the criminal marketplace. In this talk, we will explore how the exploit kit is sold, kit features, how attackers are using it to ensnare victims and the speed with which new vulnerabilities are being exploited. Techniques for defending against […]
Read moreOver the past year, Trustwave’s SpiderLabs malware team has been continually reminded why we love our jobs – we get to play with malware. But not just any malware, no, we get to reverse engineer and analyze malware from targeted incident response cases. This opportunity allows us to see what criminals are doing at a […]
Read moreMany security professionals think of locks as curiosities or puzzles, and are well acquainted with the idea that “locks keep honest people honest.” However, physical security has a rich history and our modern relationship to locks is very different than it was even a hundred years ago. In this talk we’ll put modern physical security […]
Read moreHave you ever wondered what SQL injection was, and how it worked? Couldn’t figure out how someone could take over your web browsing and redirect you to another site entirely, or intercept and replace legitimate web traffic with some nasty malware? Dave Millier and Assef G. Levy will give you an overview of web application […]
Read moreDNSSEC was designed to protect the Domain Name System from an ever increasing stream of DNS spoofing attacks and (non-)malicious DNS rewriting schemes. But from the start, many intended to use this new distributed and digitally signed database for other purposes as well. DNSSEC can already be used to secure large scale TLS, SSH and […]
Read moreYou want it all. But you’re scared. You don’t want to put on a suit and watch your soul shrivel. There is another way. In this session, you will learn: – why you want to do this to yourself – how to get the first job (which will suck) – how to turn the first […]
Read moreMost computer forensic examinations focus on system forensics – live system and memory data, and the data remaining on storage devices. These investigations neglect the significant amount of network data (moving packets, event logs, and specialized tools such as honeypots). During this session, you will learn proactive and post-response techniques for collecting and analyzing network […]
Read more