Jacob Torrey

The Depressing Effect of Bug Bounties

Why we need to focus on capacity building

Watching the InfoSec industry change over the last few years leaves little doubt in my mind that the majority of players jump onto what is hot, either through a re-branding campaign, acquisition, or legitimate shift. At RSA this spring, the buzzword du jour was threat intelligence; of late however, the hype-machine has been focusing on bug . . .

Read More

November 13, 2015

Blog a Talk: Cluck Cluck

Virtual memory break-out with PCIe

TL;DR After noticing a trend of conference talks with posted slides or videos being overlooked and hard to search through, I've decided to write an overview blog post for most of my conference talks in order to create a searchable and easy-to-skim jumping-off point. I will link to slides, video and paper if there is one at the end of each . . .

Read More

Posted in: blog-a-talkx86

August 12, 2015

Mitigations to the "Memory Sinkhole"

TL;DR Domas' "Memory Sinkhole" is a clever attack, but in today's OS landscape, can be mitigated via a small software update.

Yesterday at Black Hat USA, I watched as Christopher Domas shed some light on a very exciting/terrifying vulnerability. He discovered that SMRAM accesses can be duped to read/write from the . . .

Read More

Posted in: x86

August 07, 2015

Short: Syscan'15 Talk

I recently gave a talk at Syscan on the topic of HARES: Hardened Anti-Reverse Engineering System. The recording of this talk has just been posted to YouTube and is embedded below:

Read More

May 19, 2015

On the Relative Unimportance of InfoSec

Or: Check your ego at the door

While watching Haroon Meer's TROOPERS keynote, I was struck by the major, structural shortcomings in the InfoSec industry; and how little impact it really had on the world. I was left asking myself, even with the sorry state of security, and today's endless parade of bugs and breaches, who is feeling the pain? Haroon highlights that . . .

Read More

April 07, 2015

Short: TROOPERS'15 Talk

I recently gave a talk at TROOPERS on the topic of the implicit trust relationships in an organization's IT infrastructure. The recording of this talk has just been posted to YouTube and is embedded below:

My goal was to explain to the audience how many layers there are in even small networks, and how weaknesses in one . . .

Read More

April 01, 2015

HARES FAQ

Welcome!

Thanks for your interest in HARES; I'm glad you're interested in the fascinating world of x86 and I wanted to answer some questions & address some misunderstandings I've been seeing following the publication of the WIRED article on HARES. As the article was much less technical than my upcoming talks, please . . .

Read More

February 12, 2015

Archive

This update link alerts you to new Silvrback admin blog posts. A green bubble beside the link indicates a new post. Click the link to the admin blog and the bubble disappears.

Got It!