Now that would be fantastic. I'm so sick of hearing people talk about that paper (who haven't read it of course)!
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jack Daniel Sent: Wednesday, April 21, 2010 8:58 AM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Topics For Discussion - Episode 200 Since it keeps coming up on the show (although one step removed), how about trying to get Cormac Herley on to talk about his "Rational rejection of security advice" paper? (That was behind an RSnake post and the Globe passwords article). Jack On 4/21/10, Bugbear <[email protected]> wrote: > python fu +1 > > Malware analysis is near and dear to my heart and Lenny always does a great > job > > On Wed, Apr 21, 2010 at 7:45 AM, Sherwyn <[email protected]> wrote: >> I would be interested in hearing Lenny Zeltser among others talk about >> building a low cost malware analysis lab, and the value this can add to an >> origination by having such a resource. >> >> I work for a University and too many times key machines are infected and >> the protocol is to either clean the infection or reimage the machine >> without really understanding the infection. >> Infolookup >> http://infolookup.securegossip.com >> www.twitter.com/infolookup >> >> >> -----Original Message----- >> From: Paul Asadoorian <[email protected]> >> Date: Tue, 20 Apr 2010 17:11:38 >> To: PaulDotCom Security Weekly Mailing >> List<[email protected]> >> Subject: Re: [Pauldotcom] Topics For Discussion - Episode 200 >> >> Thanks all, great suggestions so far. Lots of Metasploit stuff right off >> the bat, so I will look to include something special on Metasploit (no >> promises until I talk to the team, especially Carlos :) >> >> Keep em' comin'! >> >> Cheers, >> Paul >> >> On 4/20/10 3:55 PM, Craig Freyman wrote: >>> My vote is privilege escalation. There is obviously getsystem in >>> Metasploit, but what other techniques are used? Most of what I have >>> found is on the "at" command which requires admin rights to run. Just >>> wondering what other things a skilled attacker would do outside of >>> Metasploit. >>> >>> On Tue, Apr 20, 2010 at 12:45 PM, Butturini, Russell >>> <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> I would like to hear a round table discussion of where Metasploit >>> can fit in an enterprise environment. I know what my organization >>> does with it, but would love to hear some more ideas. >>> >>> -----Original Message----- >>> From: [email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected] >>> <mailto:[email protected]>] On Behalf Of Paul >>> Asadoorian >>> Sent: Tuesday, April 20, 2010 1:41 PM >>> To: PaulDotCom Security Weekly Mailing List >>> Subject: [Pauldotcom] Topics For Discussion - Episode 200 >>> >>> Hi All: >>> >>> I wanted to solicit the members of this list to get some topics for >>> episode 200. We are planning on podcasting all day (June 4, 2010 >>> 9am-5pm) so I would like suggestions for: >>> >>> - Debates >>> - Discussions >>> - "Round Tables" or panel discussion >>> - Technical topics >>> - Computer equipment you would like to see destroyed (not my iPad!) >>> >>> Please also include any guests you'd like us to try and get to >>> discuss >>> stuff too. These can be non-technical topics (like "passwords") or >>> more >>> technical things (like "post-exploitation"). >>> >>> Thank you in advance for your feedback and keep up the great >>> discussion >>> on this list! >>> >>> Cheers, >>> Paul >>> >>> PS. I would also be interesting in hearing suggestions for Beer or >>> cigars and promise to include a full review on the show! :) >>> >>> -- >>> Paul Asadoorian >>> PaulDotCom Enterprises >>> Web: http://pauldotcom.com >>> Phone: 401.829.9552 >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> <mailto:[email protected]> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >>> >>> >>> ****************************************************************************** >>> This email contains confidential and proprietary information and is >>> not to be used or disclosed to anyone other than the named recipient >>> of this email, >>> and is to be used only for the intended purpose of this >>> communication. >>> >>> ****************************************************************************** >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> <mailto:[email protected]> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >>> >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> -- >> Paul Asadoorian >> PaulDotCom Enterprises >> Web: http://pauldotcom.com >> Phone: 401.829.9552 >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Sent from my mobile device ______________________________________ Jack Daniel, Reluctant CISSP http://twitter.com/jack_daniel http://www.linkedin.com/in/jackadaniel http://blog.uncommonsensesecurity.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
