Slides & Career Exploit Kit from AppSecDC Presentation

April 5, 2012
By
Slides & Career Exploit Kit from AppSecDC Presentation

Yesterday I had the opportunity to give another one of my infosec career talks … this time AppSecDC. In an effort to better link the general strategic advice we all usually get with more actionable tactical steps, I narrowed the talk to only focus on web application security. This seemed to work well. Anyway,...
Read more »

AppSecDC Recap: SharePoint Security 101

April 5, 2012
By
AppSecDC Recap: SharePoint Security 101

I’ve written about SharePoint security before and my opinion was that it’s getting much better however they have a lot of insecure stigma to shake off. Additionally, securing it can be done however it may become very cumbersome to manage in large environments. Rob Rachwald’s talk pretty much confirmed my thoughts but also led me...
Read more »

AppSecDC Recap: Old Webshells, New Tricks

April 4, 2012
By
AppSecDC Recap: Old Webshells, New Tricks

Back in the day web shells were all the rage so I was curious what “new” was happening in this area. Ryan Kazanciyan started off with a summary of some of the more poplar web shells he’s seen in the past several years. Two examples included ASPXSpy and China Chopper. He discussed how each...
Read more »

AppSecDC Recap: Python Basics for Web App Pentesters

April 4, 2012
By
AppSecDC Recap: Python Basics for Web App Pentesters

I had the opportunity to attend the “Python Basics for Web App Pentesters – Part 2″ by Justin Searle. Being someone that hasn’t program for a good number of years, this Python talk really appealed to me. I’ve been wanting to relearn to code again to simplify or automate some of my day-to-day security-related...
Read more »

Where’s Grecs? At AppSecDC Of Course.

April 3, 2012
By
Where’s Grecs? At AppSecDC Of Course.

As we announced last month AppSecDC is upon us and I’m excited to be heading down into the city soon! For those interested I’m honored to be presenting twice at this event … one on Wednesday at 2:30 and another on Thursday at 4:30. I’ve included the title and abstracts below. I always enjoy...
Read more »

Where You Want to Be This Week for 2012-04-02

April 3, 2012
By
Where You Want to Be This Week for 2012-04-02

Where do you want to be this week? Now you’ll always know with our “Where You Want to Be This Week” feature, which will tell you about infosec meetups happening in your local area as of Sunday night. If you would like your event listed in our Calendar and in this post, let us...
Read more »

Poll: Could Selling Zero-Days Be Treason?

April 2, 2012
By
Poll: Could Selling Zero-Days Be Treason?

Last week in our Weekly Rewind post we covered the story “Shopping For Zero-Days” from Forbes. via Forbes.com A clever hacker today has to make tough choices. Find a previously unknown method for dismantling the defenses of a device like an iPhone or iPad, for instance, and you can report it to Apple and...
Read more »


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.