I would like to try and iron out a lot of misconceptions about the PWK course. There seems to be an inherent fear in early travellers of pen testing that OSCP is miles away from where they are. The truth is that, it's closer than you think.
Each training proposal should be sent to cft (at) x33fcon.com as a text email without any attachments (trainer photo is the exception)
Each training should last 2 or 3 days
CFT submissions must be made by trainer himself/herself. No third parties
should be involved
We will contact potential trainers if any questions arise
Please note that by agreeing to train at x33fcon you are granting x33fcon organizers the rights to advertise your training at x33fcon.com, twitter and all other mediums in paper and electronic form.
The owasp appsec conference in Europe is an established and premier venue for web applications leaders, software engineers, researchers and visionaries from all over the world. OWASP AppSec Europe gathers the Application Security community in a 5-days event to share and discuss novel ideas, initiatives and advancements. The 2017 conference will take place in Belfast from May 8th to 12th 2017, with papers/talks presented on 11th and 12th May.
I'm absolutely delighted to be chairing the owasp appsec eu conference in Belfast May 2017. It's great to be part of a committee shaping this exploration and celebration of today's software security industry, with over 300 hours of talks and training to choose from. Find out more about the conference at https://2017.appsec.eu/
OWASP is soliciting training providers for the AppSecEU conference which will be held in Belfast 8th - 12th May 2017. https://2017.appsec.eu
We are interested in all topics related to Web Application Security and OWASP, in particular, but not limited to (these are just examples):
Neural networks may be the hot topic these days, but they're far from infallible.
Security researchers have discovered a total of eight vulnerabilities in NPort serial device servers produced by Taiwan-based industrial automation solutions provider Moxa, ICS-CERT reported on Thursday.
Just two months after Microsoft announced its Project Springfield code fuzzing service, Google has launched the beta of its own OSS-Fuzz. The purpose in both cases is to help developers locate the bugs that eventually lead to breaches. But the services, like the two organizations, are very different: one is paid for while the other is free; one is proprietary while the other is open source.
Chrome 55.0.2883.75 for Windows, Mac, and Linux was released Thursday and patched 36 vulnerabilities, including 12 high-severity flaws eligible for bounties.
A team of researchers has proposed two software-based methods that could be used to mitigate Rowhammer, a type of attack that exploits weaknesses in the design of dynamic random-access memory (DRAM).
Russia on Friday said it had uncovered plans by foreign intelligence services to carry out massive cyberattacks this month targeting the country's financial system.
The FSB security service said in a statement that it had received information on "plans by foreign secret services to carry out large-scale cyberattacks from December 5."
Aaron James Glende, a 35-year-old from Winona, Minnesota, was sentenced this week by an Atlanta court to four years and two months in prison for selling stolen information on a dark web marketplace called AlphaBay.
A concerted effort between law enforcement and cybersecurity firms has resulted in the destruction of a major botnet platform.
With suspicions of potential hacking, Jill Stein is asking for a recount of the votes cast in Wisconsin, Pennsylvania and Michigan. This sets a bad precedent for cybersecurity professionals. Here are 10 reasons why.
Jill Stein is raising plenty of money via her website to the pay for the government recount efforts in Wisconsin, Pennsylvania and Michigan and for her legal support team. The recount process, deadlines, rules and process are clearly laid out by laws in each state. The process has formally begun in Wisconsin.
Recently a colleague and I were discussing broad issues regarding cyber security and threat modeling and several interesting points were brought up to which we had no easy answers. I am bringing up the salient points to the Peerlyst community in the hopes that you will chime in....
Information gathering is the first basic step towards penetration testing. This step is carried out to find out as much information about the target machine as possible. The more information we have, the better will be our chances of exploiting the target. During the information gathering phase, our main focus is to collect facts about the target machine, such as the ip address ,available services, open ports. This information plays a vital role in the process of penetration testing. There are basically three types of techniques used in information gathering.
In this post, we will discuss about building your own pen-testing lab using virtual machines to effectively perform tests in a localized environment. You can always have a Penetration Testing lab set up by using multiple machines and it is considered the ideal setup as well. But what if you have an emergency and you immediately need to set up a testing scenario and you only have a single machine? Well using a virtual machine is the obvious answer. You can work simultaneously on more than one operating system and perform the task of penetration testing.
It is almost as if the greater the number of cybersecurity products that flood onto the market, the more intense the increase in cybercrime and cyberattacks become. There are quantifiably more breaches and incidents of compromised information assets today than there were a year ago. A lot more.