<< Previous Next >>
Intrusion detection
incidents and their forensic analysis are not well established. The
quickly rising number of security incidents worldwide makes the
implementation of incident management capabilities essential.
In order to advance the fields of IT Security Incident Management and IT
Forensics the special interest-group "Security Intrusion Detection and
Response" (SIDAR) of the German Informatics Society (GI) organizes an
annual conference, providing a platform for experts from throughout the
world, to discuss the state of the art in the areas of IT Security
Incident Management and IT Forensics (IMF). IMF promotes collaboration
and exchange of ideas between industry, academia, law-enforcement and
* Observations of PST in Practice, Society, Policy and Legislation
* Network and Wireless Security
* Digital Rights Management
* Operating Systems Security
* Identity and Trust management
* Intrusion Detection Technologies
* PST and Cloud Computing
* Secure Software Development and Architecture
* Human Computer Interaction and PST
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
Thierry,
I think inability of antivirus / intrusion detection to catch something
that is not malware/intrusion or malware in the form unused in-the-wild
is not vulnerability. Antivirus (generally) gives no preventive
protection. They can add signatures for your PoCs to their database -
and that's how it works.
--Thursday, July 16, 2009, 12:02:35 AM, you wrote to bugtraq@securityfocus.com:
incidents and their forensic analysis are not well established. The
quickly rising number of security incidents worldwide makes the
implementation of incident management capabilities essential.
In order to advance the fields of IT Security Incident Management and IT
Forensics the special interest-group "Security Intrusion Detection and
Response" (SIDAR) of the German Informatics Society (GI) organizes an
annual conference, providing a platform for experts from throughout the
world, to discuss the state of the art in the areas of IT Security
Incident Management and IT Forensics (IMF). IMF promotes collaboration
and exchange of ideas between industry, academia, law-enforcement and
>> - Database security & attacks
>> - Protocol security & exploitation
>> - Advanced Trojans, worms and backdoor technique
>> - Encryption & decryption technique
>>
>> --- Intrusion detection/forensics analysis
>> - File system analysis & recovery
>> - Real-time data structure recovery
>> - Reverse engineering (malicious code analysis technique,
>> vulnerability research)
>> - Traffic analysis
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique, vulnerability research)
- Intrusion detection and anti-detection technique
- Traffic analysis
* Reverse engineering of software and hardware
* Malware collection and analysis
* Botnet analysis
* Electronic voting
* Security metrics and visualization
* Intrusion detection and prevention
* Cloud computing security
* Cryptography and security protocols
* Biometric system security
* Quantitative and model based IT risk management
- Web application vulnerability research
- Application reverse engineering and related automated tools
- Database security & attacks
- Advanced Trojans, worms and backdoor technique
--- Intrusion detection/forensics analysis
- Traffic analysis
- Real-time data structure recovery
- File system analysis & recovery
- Intrusion detection and anti-detection technique
- Reverse engineering (malicious code analysis technique, vulnerability research)
<++BOF>
-=[ Introduction
Many works have been done regarding evasion techniques against Intrusion Detection System (IDS) and Intrusion Prevention System (IPS), but most of them are related to:
- Packet fragmentation [1]
- Stream segmentation [1]
- Byte and traffic insertion [1]
- Polymorphic shellcode [2]
- Denial-of-Service [1]
- URL obfuscation (+ SSL encryption) [3]
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique, vulnerability research)
- Intrusion detection and anti-detection technique
- Traffic analysis
ICCC is divided into two tracks:
The Concepts, Strategy and Law track addresses the human component of Cyber Forces. This includes talks and discussion on how to best identify, recruit, train and retain the right people, and how to best organize their contribution to national security. The track will address both traditional state-centric concepts, such as specialized units in the active duty military, and more volunteer-based approaches, such as the Estonian Cyber Defence League and cyber security expertise in the reserve forces.
The Technical Challenges & Solutions track includes a significant number of world-renowned experts. Presentations will cover topics ranging from “next-generation” intrusion detection to covert channels, Advanced Persistent Threats, and a tutorial on VoIP exploitation. The cutting-edge nature of these talks will help security professionals to understand not only the current dangers in cyberspace, but also many cyber security challenges of the future.
Technical Track attendees will ideally have a solid computer science or information security background, in order to facilitate both an understanding of the material presented and to take part in subsequent discussion.
ICCC takes place in Tallinn at the same time as the NATO defence ministers’ meeting in Brussels, which will articulate a new NATO cyber defence policy. This policy is likely to be addressed on the last day of the conference.
ICCC 2011 is co-sponsored by IEEE, the world’s largest professional association for advancing technological innovation and excellence. The conference proceedings will be published in hard copy and made available digitally through IEEE Xplore.
Regards,
Thierry
V3D> Thierry,
V3D> I think inability of antivirus / intrusion detection to catch something
V3D> that is not malware/intrusion or malware in the form unused in-the-wild
V3D> is not vulnerability. Antivirus (generally) gives no preventive
V3D> protection. They can add signatures for your PoCs to their database -
V3D> and that's how it works.
``The ZyWALL USG (Unified Security Gateway) Series is the "third
generation" ZyWALL featuring an all-new platform. It provides greater
performance protection, as well as a deep packet inspection security
solution for small businesses to enterprises alike. It embodies a
Stateful Packet Inspection (SPI) firewall, Anti-Virus, Intrusion
Detection and Prevention (IDP), Content Filtering, Anti-Spam, and VPN
(IPSec/SSL/L2TP) in one box. This multilayered security safeguards your
organization's customer and company records, intellectual property, and
critical resources from external and internal threats.''
(From the vendor's homepage)
Security management
LOPD: Data protection legality issues.
New techniques in vulnerability exploitation
Security/Insecurity in WiFi infrastructures
Honey Pots
Intrusion detection
Legislation
Vulnerabilities/Techniches/Exploits:
o Mobile devices
o Windows XP/2003/CE/Vista
o Linux/Other Unix
- Database security & attacks
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique,
vulnerability research)
- Traffic analysis
PostgreSQL 8.1 and probably later and earlier versions, when the
PL/pgSQL (plpgsql) language has been created, grants certain plpgsql
privileges to the PUBLIC domain, which allows remote attackers
to create and execute functions, as demonstrated by functions that
perform local brute-force password guessing attacks, which may evade
intrusion detection. (CVE-2007-3279)
The Database Link library (dblink) in PostgreSQL 8.1 implements
functions via CREATE statements that map to arbitrary libraries based
on the C programming language, which allows remote authenticated
superusers to map and execute a function from any library, as
so we present to you : DC4420 July @ the Glassblower! - Thursday July 10th
Talks
- Shell2VNC <-> VNC2Shell - Rich Smith & Alberto Revelli
- Network Intrusion Detection & Prevention with Snort - Leon
- Bluetooth stuff - Dominic (don't miss this - last chance to see etc)
- 5 minute slot - TBC
Please get in touch if you would like to talk at the late
August/September meeting.
> * Reverse engineering of software and hardware
> * Malware collection and analysis
> * Botnet analysis
> * Electronic voting
> * Security metrics and visualization
> * Intrusion detection and prevention
> * Cloud computing security
> * Cryptography and security protocols
> * Biometric system security
> * Quantitative and model based IT risk management
>
* incident response planning
* information survivability
* insider threat protection
* integrity
* intellectual property rights
* intrusion detection
* mobile and wireless security
* multimedia security
* operating systems security
* peer-to-peer security
* privacy and data protection
* Observations of PST in Practice, Society, Policy and Legislation
* Network and Wireless Security
* Digital Rights Management
* Operating Systems Security
* Identity and Trust management
* Intrusion Detection Technologies
* PST and Cloud Computing
* Secure Software Development and Architecture
* Human Computer Interaction and PST
* PST Challenges in e-Services, e.g. e-Health, e-Government, e-Commerce
* Implications of, and Technologies for, Lawful Surveillance
- Ivan Krstić (http://radian.org/)
- Johnny Long (http://johnny.ihackstuff.com/)
- Gadi Evron (http://gadievron.blogspot.com/)
In addition Matt Jonkman will present a new project about the development of
a next-generation intrusion detection and prevention engine. Feedback of the
community is highly welcome!
Registration is open at: https://deepsec.net/register/
Please make sure to book your tickets in time, we have only a _limited_ number!
Products Confirmed Not Vulnerable
+--------------------------------
The following Cisco products are confirmed not vulnerable:
* Cisco IOS devices running the Intrusion Detection System feature
* Cisco ASA Security Appliances running the Intrusion Detection
System feature
* Cisco PIX 500 Series Security Appliances running the Intrusion
Detection System feature
* Cisco IPS 4200 Sensors
- Protocol security & exploitation
- Advanced Trojans, worms and backdoor technique
- Encryption & decryption technique
- Routing device
--- Intrusion detection/forensics analysis
- File system analysis & recovery
- Real-time data structure recovery
- Reverse engineering (malicious code analysis technique, vulnerability research)
- Intrusion detection and anti-detection technique
- Traffic analysis
# 3G/4G Cellular Networks
# Apple / OS X security vulnerabilities
# SS7/Backbone telephony networks
# VoIP security
# Firewall technologies
# Intrusion detection
# Data Recovery, Forensics and Incident Response
# HSDPA and CDMA Security
# WIMAX Security
# Identification and Entity Authentication
# Network Protocol and Analysis
incidents and their forensic analysis are not well established. The
quickly rising number of security incidents worldwide makes the
implementation of incident management capabilities essential.
In order to advance the fields of IT Security Incident Management and IT
Forensics the special interest-group "Security Intrusion Detection and
Response" (SIDAR) of the German Informatics Society (GI) organizes an
annual conference, providing a platform for experts from throughout the
world, to discuss the state of the art in the areas of IT Security
Incident Management and IT Forensics (IMF). IMF promotes collaboration
and exchange of ideas between industry, academia, law-enforcement and
Security management
LOPD: Data protection legality issues.
New techniques in vulnerability exploitation
Security/Insecurity in WiFi infrastructures
Honey Pots
Intrusion detection
Legislation
Vulnerabilities/Techniches/Exploits:
o Mobile devices
o Windows XP/2003/CE/Vista
o Linux/Other Unix
# SS7/Backbone telephony networks
# Smart Card Security and Biometric Systems
# UMTS, HSDPA, GPRS and CDMA Security
# Security of Wimax, WLAN, Bluetooth, GPS and other wireless technology
# Analysis of network and security vulnerabilities
# Firewall and Intrusion detection technology
# Data Recovery and Incident Response
# Network Protocol and Analysis
# Analysis of malicious code
# Applications of cryptographic techniques
# Analysis of attacks against networks and machines
http://labs.idefense.com/intelligence/vulnerabilities/
May 21, 2008
I. BACKGROUND
Snort is an open source network intrusion detection (IDS) and prevention
system (IPS). In addition to being available as a package for most Unix
operating system distributions, various commercial hardware devices
also use Snort as an IDS/IPS. For more information, see the vendor's
website found at the following URL.
> - Database security & attacks
> - Protocol security & exploitation
> - Advanced Trojans, worms and backdoor technique
> - Encryption & decryption technique
>
> --- Intrusion detection/forensics analysis
> - File system analysis & recovery
> - Real-time data structure recovery
> - Reverse engineering (malicious code analysis technique,
> vulnerability research)
> - Traffic analysis
3. Can you tell how many flies are in your home by the number of dead
ones on your front doorstep? If not then you're using the wrong
metrics. Study from the masters- that's right, this new year more and
more people will learn metrics from anti-malware or intrusion
detection companies. As security metrics steps away from being the
little helper in Risk Management to become a booming industry in
itself it needs to wear its big-boy pants (the ones that can hold the
fat wallet). So its status as a threat to business management,
procurement, security decision-making, and the bottom line has never
be higher. That means they want your money. Badly. That makes them a
<<Previous Next>>
|
