Software

Software-as-a-service offers cost savings, scalability and mobile accessibility -- if you correctly manage the resulting SLAs, APIs and data structures.

  • Webcasts // Mar 2015

    Secure and Private Outsourcing to Untrusted Cloud Servers

    Storage and computation outsourcing to cloud servers has become very popular due to the large volume of data that needs to be hosted at cloud servers and the intent to employ servers to perform computational work for clients. However, many clients are still reluctant to do so due to their...

    Provided By SecurityTube.net

  • Webcasts // Mar 2015

    Reverse Engineering with Powershell

    Whether the users are performing incident response, black box code analysis, or analyzing malicious code, PowerShell is a powerful tool to add to the users reverse engineering tool arsenal. In this webcast, the presenter will explain how to use PowerShell to analyze binary file formats and reverse engineer managed and...

    Provided By SecurityTube.net

  • Webcasts // Mar 2015

    Monitoring Using Powershell

    In this webcast, the presenter will give real world examples of how to use PowerShell for monitoring servers, websites, active directory, exchange, DNS, DHCP, anti-virus, WSUS patching, and notification using email and websites.

    Provided By SecurityTube.net

  • Webcasts // Mar 2015

    Advanced Powershell Threat - Lethal Client Side Attacks Using Powershell

    Powershell is an ideal platform for client side attacks as it is available on all the Windows machines. The presenter would see how easy and effective it is to use Powershell for various client side attacks like drive-by-downloads, malicious attachments, Java applets, human interface devices etc.

    Provided By SecurityTube.net

  • Webcasts // Feb 2015

    On the Effectiveness of Full-ASLR on 64-Bit Linux

    The effectiveness of ASLR hinges on the entirety of the address space layout remaining unknown to the attacker. Only executables compiled as Position Independent Executable (PIE) can obtain the maximum protection from the ASLR technique since all the sections are loaded at random locations. The presenter has identified a security...

    Provided By SecurityTube.net

  • Webcasts // Feb 2015

    Ruby Meta-Programming: Here's How to Do It Wrong

    Ruby is a powerful programming language, it includes way to write dynamic code at run time, this is called meta-programming. Meta-programming, everyone's favorite Rubyism to hate. It can lead to less code, more abstraction and tears of pain and sorrow. During the review of lots of rails and ruby applications...

    Provided By SecurityTube.net

  • Webcasts // Jan 2015

    Powershell and You: Using Microsoft's Incident Response Language

    Anyone can write useful security tools in PowerShell. With just a little bit of knowledge the user can automate almost anything. From advanced post-exploitation tasks to incident response tools, they can do it with PowerShell. This webcast will explain why they should learn a new language and cover the basics...

    Provided By SecurityTube.net

  • Webcasts // Jan 2015

    An Open Hardware and Software Platform, Based on the (Nominally) Closed-Source MT6260 SoC

    In this webcast, the presenter will introduce Fernvale, a reverse-engineered, open hardware and software platform based upon Mediatek's MT6260 value phone SoC. The MT6260 is the chip that powers many of the $10 GSM feature phones produced by the Shanzhai. Fernvale is made available as open-licensed schematics, board layouts, and...

    Provided By SecurityTube.net

  • Webcasts // Jan 2015

    Finding the Weak Crypto Needle in a Byte Haystack

    Using the same stream cipher key twice is known to be a very bad idea, but keystream-resuse vulnerabilities are still very much a thing of the present - both in legitimate software and in the malware landscape. In this webcast, the presenter will describe a heuristic algorithm which can detect...

    Provided By SecurityTube.net

  • Webcasts // Jan 2015

    Cyber Necromancy - Reverse Engineering Dead Protocols

    Reverse engineering is not all binaries and byte-code. The black art also extends to networks and unobtainable game servers. In this webcast, the presenters will go into the gruesome details of how they dug through the graveyards of console binaries and mausoleums of forgotten network protocols in order to stitch...

    Provided By SecurityTube.net

  • Webcasts // Jan 2015

    Reproducible Builds - Moving Beyond Single Points of Failure for Software Distribution

    Software build reproducibility is the ability to use independent build machines to compile bit-identical binaries from program source code. In this webcast, the presenters will discuss the motivation for and the technical details behind software build reproducibility. They will describe the technical mechanisms used by the Tor project to produce.

    Provided By SecurityTube.net

  • Webcasts // Dec 2014

    Extreme Privilege Escalation on Windows 8/UEFI Systems

    It has come to light that state actors install implants in the BIOS. Let no one ever again question whether BIOS malware is practical or present in the wild. However, in practice attackers can install such implants without ever having physical access to the box. Exploits against the BIOS can...

    Provided By SecurityTube.net

  • Webcasts // Dec 2014

    Getting Windows to Play with Itself: A Hacker's Guide to Windows API Abuse

    Windows APIs are often a blackbox with poor documentation, taking input and spewing output with little visibility on what actually happens in the background. By analyzing (and abusing) the underlying functionality of these seemingly benign APIs, the presenter can effectively manipulate Windows into performing stealthy custom attacks bypassing the latest...

    Provided By SecurityTube.net

  • Webcasts // Dec 2014

    Some Vulnerabilities are Different Than Others Studying Vulnerabilities and Attack Surfaces in the Wild

    The security of deployed and actively used systems is a moving target, influenced by factors not captured in the existing security metrics. For example, the count and severity of vulnerabilities in source code, as well as the corresponding attack surface, are commonly used as measures of a software product's security....

    Provided By SecurityTube.net

  • Webcasts // Dec 2014

    What Happens in Windows 8 Stays in Windows 8

    Systems evolve over time, patches are applied, holes are fixed and new features are added. Windows 10 is the new flagship product of Microsoft, and as prepared as it can be for a world of white-, grey- and black-hat hackers.

    Provided By SecurityTube.net

  • Webcasts // Nov 2014

    Security Model Bedfellows

    The penetration test finds a bug in the code that was coded four months ago and could have been prevented a year ago during requirements gathering. The vendor says they will fix it shortly after the software launches - if a change order is issued and they're paid for their...

    Provided By SecurityTube.net

  • Webcasts // Nov 2014

    Epidemiology of Software Vulnerabilities: A Study of Attack Surface Spread

    Many developers today are turning to well established third-party libraries to speed the development process and realize quality improvements over creating an in-house proprietary font parsing or image rendering library from the ground up. Efficiency comes at a cost though: a single application may have as many as 100 different...

    Provided By SecurityTube.net

  • Webcasts // Nov 2014

    Digging for IE11 Sandbox Escapes Part 1

    Microsoft started the first of their new bug-bounty programs, focusing on finding vulnerabilities in IE11 on the upcoming Windows 8.1 OS. Rather than spending time fuzzing for RCEs, the presenter focused on pure logic bugs and the best place to find them was in the sandbox implementation.

    Provided By SecurityTube.net

  • Webcasts // Nov 2014

    Hacking the Wireless World with Software Defined Radio-2.0

    Wireless systems, and their radio signals, are everywhere: consumer, corporate, government, amateur - widely deployed and often vulnerable. If the users have ever wondered what sort of information is buzzing around them, in this webcast, the presenter will introduce how the user can dominate the RF spectrum by 'Blindly' analyzing...

    Provided By SecurityTube.net

  • Webcasts // Nov 2014

    What Goes Around Comes Back Around - Exploiting Fundamental Weaknesses in Command and Control (C&C) Panels

    Bot herders deploy Command and Control (C&C) panels for commanding and collecting exfiltrated data from the infected hosts on the Internet. To protect C&C panels, bot herders deploy several built-in (software-centric) protection mechanisms to restrict direct access to these C&C panels.

    Provided By SecurityTube.net

  • Webcasts // Oct 2014

    Time Trial - Racing Towards Practical Remote Timing Attacks

    Attacks on software become increasingly sophisticated over time and while the community has a good understanding of many classes of vulnerabilities that are commonly exploited, the practical relevance of side-channel attacks is much less understood. One common side-channel vulnerability that is present in many web applications today are timing side-channels...

    Provided By SecurityTube.net

  • Webcasts // Oct 2014

    Live Webcast: From Silence to Brilliance: How to Kick Off a Compelling Presentation

    Join us for this LIVE event! Tuesday, November, 11 2014 11 AM (PST) / 2 PM (EST) Grab attention from the get-go. Lights! Camera! Crickets? Don't let the deafening silence of a disengaged audience derail your presentation. Join this webinar with Stanford Graduate School of Business educator and coach...

    Provided By Citrix Online

  • Webcasts // Oct 2014

    Memory Forensics with Hyper-V Virtual Machines

    With the increased demand for memory forensics and more people using Windows Hyper-V as a hypervisor it's critical the DFIR community follows the proper triage process. Much like ESXi stores a .vmss file for each virtual machines memory Hyper-V stores them in a .bin and .vsv file, however currently it's...

    Provided By SecurityTube.net

  • Webcasts // Oct 2014

    Abusing Microsoft Kerberos Sorry You Guys Don't Get It

    Microsoft active directory uses Kerberos to handle authentication requests by default. However, if the domain is compromised, how bad can it really be? With the loss of the right hash, Kerberos can be completely compromised for years after the attacker gained access. Yes, it really is that bad.

    Provided By SecurityTube.net

  • Webcasts // Oct 2014

    Understanding TOCTTOU in the Windows Kernel Font Scaler Engine

    The font scaler engine is widely used in Microsoft Windows and Mac OS operating systems for rendering TrueType/OpenType fonts. It was first introduced in 1989. Later, to improve the performance of the Windows NT operating system, Microsoft decided to move the engine from user mode to kernel mode.

    Provided By SecurityTube.net

  • Webcasts // Oct 2014

    Windows Kernel Graphics Driver Attack Surface

    Ever wondered about the attack surface of graphics drivers on Windows? Are they similar to other drivers? Do they expose ioctl's? In this webcast, all those questions will be answered and more. Whether the users are a security researcher, a developer looking for some security guidance when writing these drivers,...

    Provided By SecurityTube.net

  • Webcasts // Oct 2014

    Getting Windows to Play with Itself: A Pen Testers Guide to Windows API Abuse

    Windows APIs are often a blackbox with poor documentation, taking input and spewing output with little visibility on what actually happens in the background. By reverse engineering (and abusing) some of these seemingly benign APIs, the users can effectively manipulate Windows into performing stealthy custom attacks using previously unknown persistent...

    Provided By SecurityTube.net

  • Webcasts // Oct 2014

    Gaining The Upper Hand In Today's Cyber Security Battle

    Threat intelligence uses the symptoms of an attack to foster an understanding of who the attackers are and what their motives and capabilities may be offering the insight necessary to develop a proactive stance and thwart attackers. Read More..

    Provided By IBM

  • Webcasts // Oct 2014

    Mining Data From the Windows Registry

    Since being introduced in Windows 3.1, the Windows registry has continued to add new and interesting information as the operating system progresses. Storing data about executed programs, accessed files, USB devices, Internet browsing history, and even the directory structure of external devices, the registry is a truly a treasure trove...

    Provided By SecurityTube.net

  • Webcasts // Sep 2014

    So You Want to Murder a Software Patent

    Software patents are a huge source of controversy and discussion in the tech world. This semi-hilarious legal story will cover the experience of the case, the details, and how the entire process went down. Hopefully some combination of entertainment, education and insight will ensue.

    Provided By SecurityTube.net

  • Webcasts // Sep 2014

    Android Geolocation Using GSM Network

    In this webcast, the presenter will introduce a new forensic technique that allows collecting users' past locations on most current Android phones, within a few seconds. It becomes possible to tell where the user was at a given time, or where a phone call took place over the last few...

    Provided By SecurityTube.net

  • Webcasts // Sep 2014

    Node.JS as a Networking Tool

    Node.js is a library that provides non-blocking I/O for Google's V8 JavaScript engine. In this webcast, the presenter explores node's suitability for a diverse range of networking applications. Writing network applications with good concurrency and performance has been a very time consuming task in the past.

    Provided By SecurityTube.net

  • Webcasts // Sep 2014

    Desktop on the Linux... (and BSD, of Course)

    In this webcast, the presenter will discuss about the graphics subsystem (X11) is network transparent and provides IPC. So let's build the users own IPC system, that's not network transparent (DBus). The presenter also explains look at some of the pearls of strange API design.

    Provided By SecurityTube.net

  • Webcasts // Sep 2014

    Windows Phone 8 Application Security

    In this webcast, the presenter will focus on Windows Phone 8 and applications security. Microsoft is expanding its presence on Smartphone OS market. Windows Phone 8 is a new mobile platform and there is not so much information about security issues out there.

    Provided By SecurityTube.net

  • Webcasts // Sep 2014

    C+11 Metaprogramming Technics Applied to Software Obduscation

    Obfuscation is the transformation of source or binary code into a form that is difficult to understand, but without affecting the functionality of the code. Goals of obfuscation are multiple: hide a secret or logic, make code harder to reverse engineer, protect intellectual property, prevent tampering, etc.

    Provided By SecurityTube.net

  • Webcasts // Sep 2014

    On-demand Webcast: Mastering the Virtual Sales Pitch

    Making an online presentation has its unique challenges — but there are also countless opportunities for today’s savvy sales professional. Join Tim Wackel as he shares ideas on how to grow your sales (without growing your frequent flyer account). Attend this on-demand webinar to learn how to: Plan and...

    Provided By Citrix Online

  • Webcasts // Aug 2014

    On-demand Webcast: Solve Complex Revenue Management Challenges

    For business professionals today, revenue management is an increasingly complicated proposition. Accountants and administrators are now responsible for managing multiple revenue sources and models, which requires a different level of data and analysis, plus powerful tools to successfully manage the complexities of the market and business operations. So how...

    Provided By Intacct

  • Webcasts // Aug 2014

    Finding and Exploiting Access Control Vulnerabilities in Graphical User Interfaces

    Graphical User Interfaces (GUIs) contain a number of common visual elements or widgets such as labels, text fields, buttons, and lists. GUIs typically provide the ability to set attributes on these widgets to control their visibility, enabled status, and whether they are writable. While these attributes are extremely useful to...

    Provided By SecurityTube.net

  • Webcasts // Jul 2014

    Top 5 Things Every C# Developer Should Know

    C# has become increasingly popular and complex, putting applications and organizations at risk for software failures. Learn how you can gain deeper intelligence into your code to avoid critical crash causing defects. C# has become increasingly popular and complex, putting applications and organizations at risk for software failures. Learn how...

    Provided By Coverity

  • Webcasts // Jun 2014

    Automatic Detection of Inadequate Authorization Checks in Web Applications

    Gaps in the enforcement of access control policy of a software system can lead to privilege escalation, allowing unauthorized access to sensitive resources and operations. The presenter describe a novel technique to automatically detect missing and inconsistent authorization checks in web applications with static analysis and conclude with empirical results...

    Provided By SecurityTube.net