February 28, 2013
CanSecWest 2013 and more MS-SQL Shenanigans
Once again I’ll be taking the SQL-show on the road, this time up to Vancouver, BC for CanSecWest 2013. My talk will focus on the methods and mayhem that can be had in a MS-SQL post-exploitation environment: dumping hashes without querying the database, escalating to admin (or worse) from the confines of the service, and [...]
February 23, 2013
DRIVE 2013: Transferring Sensitive Data (Session Notes)
Yesterday I gave a talk at DRIVE 2013 on best practices for securing the exchange of sensitive data entitled, “Data Exchange: Transferring Sensitive Data Between Systems.” [pdf] What follows are my notes and references from the presentation. Anything I’ve missed here will be available in the video, which I’m told will be online via the DRIVE site in [...]
February 21, 2013
Casaba Makes a Cameo at DRIVE 2013
DRIVE is a unique event healed at the University of Washington that brings together the a growing community of non-profit IT professionals seeking to leverage big data in order to maximize the efficiency of their organizations. This two day event encompasses a robust range of data topics: analytics, classification systems, predictive modeling, fundraising, statistics, cloud [...]
December 12, 2012
Casaba on Komo News – [Update] Smartphone scams plentiful during holiday season
In case you missed it, see Casaba demonstrating the risks associated with running untrusted applications on your mobile devices. Jason Glassberg and Walter Pearce “follow” news reporter Connie Thompson around a local mall as she shops, texts, and browses the internet with a smartphone containing a free Christmas song ringtone app… altered to track activity. Read [...]
December 11, 2012
Casaba on Komo News
Jason Glassberg and Walter Pearce will be featured on Komo News (local station 4) in Seattle, today (Tuesday) December 11, 2012 in a segment on mobile phone hacking. Tune in this evening at 4pm and 6pm!
October 30, 2012
The End of Another Toor
Well, another ToorCon has come and gone. As with previous ToorCons, I can’t say enough good things about this conference, so many great people and awesome presentations. I was lucky enough to speak twice this time around, first during my scheduled seminar presentation on Friday, then as a back-fill talk on Saturday due to another [...]
October 16, 2012
Toor’n to San Diego for some MS-SQL post-exploitation
A little over a year ago I presented at SOURCE Seattle about SQL post-exploitation; discussing things that are still possible in the MS-SQL environment, as well as those techniques that people seem to have lost or forgotten over the years. One of the interesting things to come out of post-talk discussions with attendees was their [...]
January 28, 2011
Egyptians Use Low-Tech Gadgets to Get Around Communications Block
Chris Weber discusses how “Egyptians Use Low-Tech Gadgets to Get Around Communications Block” with FoxNews.com
January 27, 2011
Is the Internet Running Out of Room?
Samuel Bucholtz discusses the implications of IPv4 depletion and the IPv6 transition in “Is the Internet Running Out of Room?“
January 25, 2011
What Would You Do If Your Computer Got Hacked?
Chris Weber and Jason Glassberg on Seattle’s Q13 Fox News story “What Would You Do If Your Computer Got Hacked?“
January 18, 2011
Microsoft SDL Release Phase: Security Practices
Jason Glassberg, Co-Founder, Casaba, discusses the three security practices of the Microsoft SDL Release phase. Jason talks about the planning for post-release contingencies by creating a well thought-out incident response plan, then stresses the importance of the application of a Final Security Review, its outcomes and mitigation of any outstanding issues. Finally he discusses the [...]
January 11, 2011
Which E-mail Service is Safest?
Chris Weber’s article on “Which E-mail Service is Safest?” goes online. Explore the key differences between Hotmail, Gmail, Yahoo Mail, and Facebook and some of the alternatives such as Hushmail and Countermail.
January 6, 2011
Grading Steve Ballmer
Jason Glassberg speaks about “Grading Steve Ballmer” on CNBC
December 20, 2010
Amazon.com’s Success in Wikileaks Attack is Proof of Cloud Safety for Businesses
Chris Weber on why Amazon.com’s Success in Wikileaks Attack is Proof of Cloud Safety for Businesses.
December 14, 2010
Microsoft SDL Requirements Phase: Security Practices
Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about the security practices of the “Requirements” phase of the Microsoft SDL. Chris and Robert explain the benefits of following the Microsoft SDL to building more secure, reliable, and standard-compliant software. Whitepaper: The Simplified Implementation of the Microsoft SDL
December 14, 2010
Applying Microsoft SDL Requirements Practices within Windows Azure
Chris Weber, Managing Partner and Robert Mooney, Senior Software Development, Casaba, speak about applying Microsoft SDL Requirements security practices to applications built on top of Windows Azure, focusing on the “Requirements” phase. Chris and Robert stress the similarities of Windows Azure applications to regular web applications, explaining that you won’t be operating in an entirely [...]
December 3, 2010
‘Hacktivist’ Jester Claims Responsibility for WikiLeaks Attack
Jason Glassberg interviewed by FOX News on “‘Hacktivist’ Jester Claims Responsibility for WikiLeaks Attack“
December 1, 2010
Why Microsoft has been a leader in responding to cyberattacks
Chris Weber’s guest blog post on The Last Watchdog concerning Microsoft’s leadership in responding to threats and vulnerabilities in “Why Microsoft has been a leader in responding to cyberattacks.”
July 21, 2010
Hacking IRL: Crafting for the Modern Geek at OSCON
Casaba Security joins the Open Source Convention (OSCON) lineup as Mary Kelly presents Hacking IRL: Crafting for the Modern Geek. What do you get when you mix fractals, 3D printers, robotics, open source, high-powered lasers, and non-orientable surfaces with wood, plastic, textiles, steel, cloth… and lots of coffee? A completely new range of geek fabricated [...]
February 1, 2010
Casaba a Consulting Member of Microsoft SDL Pro Network
Casaba is now a member of Microsoft’s SDL Pro Network. This relationship with Microsoft’s SDL Pro Network will foster Casaba’s commitment to providing top-quality SDL services to our clients.
November 13, 2009
Security Tesing with Watcher at AppSecDC
Chris Weber speaks on “Security Tesing with Watcher” at OWASP’s AppSecDC on Unicode security testing and Web-app security testing with the Watcher tool.
October 23, 2009
Character Transformations: Finding Hidden Vulnerabilities at BlueHat
Chris Weber speaks on “Character Transformations: Finding Hidden Vulnerabilities” at Microsoft’s BlueHat on Unicode and Globalization security testing.
October 16, 2009
Unicode Transformations and Security Vulnerabilities at UIC33
Chris Weber speaks on “Unicode Transformations and Security Vulnerabilities” the Internationalization and Unicode Conference 33.
July 30, 2009
Unraveling Unicode: A Bag of Tricks for Bug Hunting at Black Hat USA
Chris Weber speaks on “Unraveling Unicode: A Bag of Tricks for Bug Hunting” at Black Hat USA Paper: Unraveling Unicode (PDF) Slides: Unraveling Unicode Slides (PDF)
May 12, 2009
Watcher adds support for OWASP Application Security Verification Standard
The Watcher web-app security tool, open source at CodePlex, now includes support for OWASP’s new Application Security Verification Standard.
March 28, 2009
Casaba helps red team operations at the 2nd Collegiate Cyber Defense Competition
At the 2nd Collegiate Cyber Defense Competition student teams are presented with a pre-configured systems of a fictitious company that they are tasked to operate. The evil red team with the help of Casaba will attempt to vandalize and break into this network. The student teams need to defend against the attacks of this red [...]
March 19, 2009
Exploiting Unicode-enabled Software at CanSecWest
Chris Weber speaks on “Exploiting Unicode-enabled Software” at CanSecWest. Slides: Exploiting Unicode-enabled Software at CanSecWest (PDF)
March 17, 2009
Watcher: Web security testing tool and passive vulnerability scanner
Casaba releases Watcher for web-application security testing and compliance auditing. Watcher is open source on CodePlex.
March 11, 2009
Exploiting Unicode-enabled Software at SOURCE Boston
Chris Weber speaks on “Exploiting Unicode-enabled Software” at SOURCE Boston Conference.
September 10, 2008
Exploiting Unicode-enabled Software at UIC32
Chris Weber speaks on “Exploiting Unicode-enabled Software” at the 32nd Internationalization & Unicode Conference.
December 1, 2007
Analysis of the Storm and Nugache Trojans: P2P Is Here
John Hernandez and other member’s work on the Nugache botnet “Analysis of the Storm and Nugache Trojans: P2P Is Here” in ;login: The USENIX Magazine December 2007, Volume 32, Number 6 Paper: Analysis of the Storm and Nugache Trojans: P2P Is Here (PDF)
June 9, 2006
Hunting Security Bugs
Chris Weber is technical editor of “Hunting Security Bugs” authored by the Microsoft Office Security Test Team.
June 5, 2006
Hacking Exposed Web Applications
Samuel Bucholtz is contributing author of “Hacking Exposed Web Applications, Second Edition“