tssci security

Archive for Conferences

Blackhat USA 2009 / Defcon 17

It's that time of year again, where we all come out of hiding and meet in Sin City to cause nothing but trouble. The brave venture out into the scorching hot sun during the day and some even dare tempt the waters at Rehab. The rest of us wait until dark, [...]

Looking forward to OWASP EU Summit Portugal

In only a couple weeks, many of the greatest minds in web application security will come together again for OWASP EU Summit in Algarve, Portugal. The Summit is a gathering whose main goal is, besides promoting the exchange of ideas on web application [...]

OWASP AppSec NYC 2008 -- Will you be there?

The OWASP AppSec NYC 2008 conference is only a couple days away, with training starting at 9AM on Monday. I will be attending the "Advanced Web Application Testing" training course with Eric Sheridan of Aspect Security. I'm really looking forward to this [...]

Happy Two-Year Anniversary

Yesterday we celebrated tssci-security.com's two-year anniversary. I started this site on August 23rd, 2006 during my first internship, and oh my, how the time flew by. A lot of good things have come my way -- most as a direct result of this blog. The [...]

Who's at HOPE?

Anyone here want to meet up? Message me.

Accountability through connected frameworks

Apparently Laura Chappell and Mark Curphey were presenting at the Microsoft TecEd 2008 Security Track last week. I haven't heard too much about what happened as a result, and I really wish I was there to see them speak about their respective topics. For [...]

Resident scripts and global cross-domain

In October of 2006, a vulnerability in IE7 known as the "mhtml:" Redirection Information Disclosure was discovered. RSnake wrote up a post about how nasty it was. The basics: it took over the entire browser experience. Fortunately, the bug was patched [...]

How to pwn PWN2OWN

Day one of PWN2OWN was unsuccessful, which is no big surprise. But today, I am really hoping for something -- otherwise we'll have to wait until tomorrow for the third-party clieint-side exploits. Here's a little summary I wrote a bit back on how to [...]

OWASP Hartford tomorrow

Tomorrow, February 28th, is the first ever meeting for the brand new Hartford Owasp chapter. James McGovern, the chapter lead has been putting some effort into starting it off with a bang, so I hope everyone in the NY/CT/Mass area can make it. Agenda for [...]

ShmooCon 2008 -- Path X: Explosive Security Testing Tools with XPath

On Sunday, we had some technical difficulties getting my laptop to work with the projector. In a scramble to get things up and running, I forgot to send the backup screenshots I had taken just in case. Ughh.. first conference talk I give, and everything [...]

Back from D.C. -- ShmooCon 2008 recap

We're back from a great weekend in Washington, D.C. at ShmooCon 08'. Dre and I arrived Thursday night just in time for the bar to close and with having no hotel room reserved, we were in for a long night. Interestingly enough though, at around 5am, we [...]

Path X -- Explosive Security Testing

We have received details from ShmooCon with the scheduled day and time of our talk. We have been scheduled for the last talk on Sunday at 12pm noon (before the room split) on the "Build It" track. I'm not sure whether that's a good thing or bad thing, [...]

Blog Announcements

I have one ShmooCon ticket available for $300. Contact me if you are interested. Why do I have one ShmooCon ticket for sale? I bought it in case we didn't get accepted to ShmooCon, but we did! Dre, Tom Stracener of Cenzic (and formerly nCircle), and I [...]

SunSec Trip Report

Last night Rich Mogull of Securosis, and co-host of Network Security Podcast, hosted SunSec (which was on hiatus for far too long) at the Furio in Scottsdale. It was a great turnout last night -- about twenty people had shown up and talked up all kinds [...]

OWASP Hartford

Now that I'm back in the Connecticut area, the best thing happened! James McGovern has started the Hartford OWASP chapter. First meeting is set for Thursday, February 28th with opening remarks beginning at 5:30pm. The agenda for the night is as follows: [...]

ToorCon 9 - Day 2

This is the second blog post covering Sunday's talks at ToorCon 9. You can read the first installment here. After a hard night of partying, I didn't want to get out of bed early in the morning. Gotta give props to Hikari for foreseeing this and not [...]

ToorCon 9 - Day 0 and 1

This weekend I was in San Diego, California for ToorCon 9 and had an absolute blast. On Friday, I had checked out the USS Midway Aircraft Carrier Museum and enjoyed listening to veterans recount fascinating experiences on the ship during the war. I took [...]

ToorCon 9: San Diego -- Eats, Treats, Tricks and Drinks

Several of us are going to ToorCon 9 this weekend in San Diego, California. I'm flying out tomorrow (Friday) morning and I plan on visiting some sites around town, such as The Aircraft Carrier/USS Midway Museum and then head up to Little Italy in the [...]

More on Google Analytics: Now with Stolen Search Queries!

In my earlier article on Using Google Analytics to Subvert Privacy, I demonstrated how dangerous free tools could be to match privacy information to web clicks. But now that Google has updated their Analytics service to support internal search queries, [...]

Desert Code Camp

For those living in Phoenix, Desert Code Camp is upon us. All morning and afternoon on Saturday, September 15 will be full of sessions that are all about code. My friend Adam Muntner (founder of QuietMove and contributor to Security Catalyst) will be [...]

DefCon 15 wrap-up, shoutouts, plugs, etc.

Sorry for being late to the game on this one, you've probably already read several personal accounts and all the stories and headlines that originated from Las Vegas last weekend. For those interested, below is my experience at my first DefCon ever, and [...]


DEFCON15 is this Friday and I'll be in Vegas Thursday night. I'll be without Internet access this weekend, but I'll try and post something up for Sunday. If anybody wants to meet up, send me an email. Gonna be a good weekend. Some of the talks I'm [...]
blog comments powered by Disqus