x33fcon 2017 - CFT

CFT Rules

Each training proposal should be sent to cft (at) x33fcon.com as a text email without any attachments (trainer photo is the exception)
Each training should last 2 or 3 days
CFT submissions must be made by trainer himself/herself. No third parties
should be involved
We will contact potential trainers if any questions arise

Please note that by agreeing to train at x33fcon you are granting x33fcon organizers the rights to advertise your training at x33fcon.com, twitter and all other mediums in paper and electronic form.

OWASP AppSec EU Call for Papers

The owasp appsec conference in Europe is an established and premier venue for web applications leaders, software engineers, researchers and visionaries from all over the world. OWASP AppSec Europe gathers the Application Security community in a 5-days event to share and discuss novel ideas, initiatives and advancements. The 2017 conference will take place in Belfast from May 8th to 12th 2017, with papers/talks presented on 11th and 12th May.


Top 10 reasons to be excited about OWASP AppSec EU Belfast 2017!

I'm absolutely delighted to be chairing the owasp appsec eu conference in Belfast May 2017. It's great to be part of a committee shaping this exploration and celebration of today's software security industry, with over 300 hours of talks and training to choose from. Find out more about the conference at https://2017.appsec.eu/

Google Launches OSS-Fuzz Open Source Fuzzing Service

Just two months after Microsoft announced its Project Springfield code fuzzing service, Google has launched the beta of its own OSS-Fuzz. The purpose in both cases is to help developers locate the bugs that eventually lead to breaches. But the services, like the two organizations, are very different: one is paid for while the other is free; one is proprietary while the other is open source.
read more

Russia Says Foreign Spies Plotted Huge Cyberattack

Russia on Friday said it had uncovered plans by foreign intelligence services to carry out massive cyberattacks this month targeting the country's financial system.
The FSB security service said in a statement that it had received information on "plans by foreign secret services to carry out large-scale cyberattacks from December 5."
read more

Is the 'possibility of hacking' a good reason for recounts?

With suspicions of potential hacking, Jill Stein is asking for a recount of the votes cast in Wisconsin, Pennsylvania and Michigan. This sets a bad precedent for cybersecurity professionals. Here are 10 reasons why.

Jill Stein is raising plenty of money via her website to the pay for the government recount efforts in Wisconsin, Pennsylvania and Michigan and for her legal support team. The recount process, deadlines, rules and process are clearly laid out by laws in each state. The process has formally begun in Wisconsin.

Information Gathering And Scanning in Penetration testing

Information gathering is the first basic step towards penetration testing. This step is carried out to find out as much information about the target machine as possible. The more information we have, the better will be our chances of exploiting the target. During the information gathering phase, our main focus is to collect facts about the target machine, such as the ip address ,available services, open ports. This information plays a vital role in the process of penetration testing. There are basically three types of techniques used in information gathering.

Setting up your penetration testing lab using Metasploit

In this post, we will discuss about building your own pen-testing lab using virtual machines to effectively perform tests in a localized environment. You can always have a Penetration Testing lab set up by using multiple machines and it is considered the ideal setup as well. But what if you have an emergency and you immediately need to set up a testing scenario and you only have a single machine? Well using a virtual machine is the obvious answer. You can work simultaneously on more than one operating system and perform the task of penetration testing.