Timeline for security list by kees

Kees Cook

sad: last week with Canonical. excited: next week, Google. http://www.outflux.net/blog/archives/2011/09/12/5-years-with-canonical/

Kees Cook

when using /proc/sys/kernel/modules_disabled it's a good idea to load hid and usbhid ahead of time

Kees Cook

crushing airport wifi with an ISO download

Kees Cook Greg K-H

@gregkh wrong server? you're spewing at identi.ca instead of twitter

Kees Cook

key impressioning: an entire lock-sport genre I had no idea existed. jaw-droppingly awesome. #defcon

Kees Cook

runtime process insemination: also clean and hard to notice. ubuntu still blocks it. #defcon

Kees Cook

linux thread injection: clean and hard to notice. ubuntu blocks it. #defcon

Kees Cook

DJing lesson from mauvehed ftw #defcon

Kees Cook

I think I just gave myself a paper^Wtitanium cut #defcon

Kees Cook

the Rio's retail cash register network just went down... #defcon

Kees Cook

pdf obfuscation: many ways to confuse parsers via filters, loops, options, incomplete syntax. #defcon

Kees Cook

art & science of security research: find intersecting topics you have passion about, don't self-censor #defcon

Kees Cook

let the waiting in lines begin! #defcon

Kees Cook

for added dramatic effect, I have now added the --hollywood mode to my exploit demo #defcon

Kees Cook

d'oh, inhuman badge line closed early. now I have get up at the inhuman time of 8am to get my badge! #defcon

Kees Cook

#blackhat vulnerability extrapolation: find common API patterns, look for bugs "near" known vulns. worked for pwning ffmpeg.

Kees Cook

#blackhat crypto for pentesters: easy to break common misuses of hashes, encryption, etc. "hollywood decryption"

Kees Cook

#blackhat sophos antivirus: XOR for encryption, "malware is a post-compromise concept", needs a lot of improvement