The Depressing Effect of Bug Bounties
Why we need to focus on capacity building
Watching the InfoSec industry change over the last few years leaves little doubt in my mind that the majority of players jump onto what is hot, either through a re-branding campaign, acquisition, or legitimate shift. At RSA this spring, the buzzword du jour was threat intelligence; of late however, the hype-machine has been focusing on bug . . .
Blog a Talk: Cluck Cluck
Virtual memory break-out with PCIe
TL;DR After noticing a trend of conference talks with posted slides or videos being overlooked and hard to search through, I've decided to write an overview blog post for most of my conference talks in order to create a searchable and easy-to-skim jumping-off point. I will link to slides, video and paper if there is one at the end of each . . .
Posted in: blog-a-talkx86
Mitigations to the "Memory Sinkhole"
TL;DR Domas' "Memory Sinkhole" is a clever attack, but in today's OS landscape, can be mitigated via a small software update.
Yesterday at Black Hat USA, I watched as Christopher Domas shed some light on a very exciting/terrifying vulnerability. He discovered that SMRAM accesses can be duped to read/write from the . . .
Posted in: x86
Short: Syscan'15 Talk
On the Relative Unimportance of InfoSec
Or: Check your ego at the door
While watching Haroon Meer's TROOPERS keynote, I was struck by the major, structural shortcomings in the InfoSec industry; and how little impact it really had on the world. I was left asking myself, even with the sorry state of security, and today's endless parade of bugs and breaches, who is feeling the pain? Haroon highlights that . . .
Short: TROOPERS'15 Talk
I recently gave a talk at TROOPERS on the topic of the implicit trust relationships in an organization's IT infrastructure. The recording of this talk has just been posted to YouTube and is embedded below:
My goal was to explain to the audience how many layers there are in even small networks, and how weaknesses in one . . .
Thanks for your interest in HARES; I'm glad you're interested in the fascinating world of x86 and I wanted to answer some questions & address some misunderstandings I've been seeing following the publication of the WIRED article on HARES. As the article was much less technical than my upcoming talks, please . . .