Ten years of innovation in reverse engineering
By Sebastian Porst

On our way back home from Black Hat Europe in Barcelona, Thomas and I were brainstorming about the most important changes to the field of binary code reverse engineering in the last 10 years. What has changed since then? What made the biggest impact? Remember: Back in the dark days of 2000, W32Dasm and Turbo Debugger were considered good reverse engineering tools. If you had a self-written tracer that logged the execution of conditional jumps you were basically a king.

Anyway, we came up with several trends and technologies we believe have changed the job of reverse engineers tremendously since 2000. Here they are:

Ten years of innovation in reverse engineering � blog.zynamics.com

Latvia's 'Robin Hood' hacker unmasked as AI researcher

Nabbed after baring fat-cat salaries

By Dan Goodin in San Francisco • Get more from this author

Posted in Crime, 14th May 2010 00:16 GMT

Latvia's 'Robin Hood' hacker unmasked as AI researcher • The Register

Wednesday, May 12, 2010
You may not need an SDL
Posted by Robert Graham at 2:43 PM
This post at Securosis describes why Microsoft's SDL only works for Microsoft. Microsoft agrees in their own post. Both Securosis and Microsoft make fundamental errors about secure development.

Errata Security: You may not need an SDL

Wednesday, May 12, 2010
More "the air is full of packets"
Posted by Robert Graham at 5:50 PM

Errata Security: More "the air is full of packets"

Uncovering How Workspaces Work in WinDbg

Author - Jason Epperly

Workspaces have always been a little confusing to me. I knew how to bend them to do what I needed to get the job done, however they still remained a bit mysterious. Recently I decided to sort this out, just so I knew how they worked under the hood. But before I show you my investigation let's discuss the different types of workspaces. Windbg uses several built-in types including Base, User, Kernel, Remote, Processor Architecture, Per Dump, and Per Executable. It also uses named workspaces (or user defined workspaces). When you perform a particular type of debugging (e.g. live user-mode, post-mortem dump analysis etc.) these workspaces are combined into the final environment. Here's a diagram to illustrate the possible combination of workspaces.

Ntdebugging Blog : Uncovering How Workspaces Work in WinDbg

hi all

this is v0.1 of this post and in this post i’m going to have a review and brief history on exploitation with focus on windows .

this post will be done III part :

* part I : brief history of buffer overflow
* part II : history of windows exploitation from windows 2000 to windows 7
* part III : feature of exploitation

Past, Present, Future of Windows Exploitation | Abysssec Security Researches

This person will be speaking at SummerCon (www.summercon.org) this year!

OWASP_NYNJMetro_Pentesting_Flex.pdf (application/pdf Object)

Immunity Debugger PeDetect and the art of signature generation

Immunity Debugger PeDetect and the art of signature generation | Abysssec Security Researches

There's a party at Ring-0!

to-jt-party-at-ring0.pdf (application/pdf Object)

Using SecAnnotate to Analyze Your Assemblies for Transparency Violations – An Example

SecAnnotate (available in the final .NET 4 SDK, and in beta form here) can be used to analyze your assemblies, especially APTCA assemblies in order to find transparency violations without needing code coverage from a test case. Instead, the static analysis provided by SecAnnotate is valuable in ensuring that your assembly is fully correct from a transparency perspective. Let’s take a look at how it might be used for a simple APTCA library.

.NET Security Blog : Using SecAnnotate to Analyze Your Assemblies for Transparency Violations – An Example