Security Posts

Infocon: green

ISC Stormcast For Monday, September 16th 2019 https://isc.sans.edu/podcastdetail.html?id=6666
Categories: Security Posts

How To Reduce Bandwidth Overload At The Edge

BreakingPoint Labs Blog - 26 min 58 sec ago
There is a fundamental shift currently happening in operational technology today—the shift from…
Categories: Security Posts

How to drag and drop industrial automation and control systems (IACS) traffic into your lab network

BreakingPoint Labs Blog - 26 min 58 sec ago
In my last 12 years’ experience of working in the networking industry, I’ve been lucky to work with…
Categories: Security Posts

An Introduction to Internet Encryption

BreakingPoint Labs Blog - 26 min 58 sec ago
Look at your URL bar right now. Do you see “https” in the website address? If it’s there, then be…
Categories: Security Posts

Timestamp formats - The Good, The Bad and the Plain Ugly

BreakingPoint Labs Blog - 26 min 59 sec ago
In many security or network performance applications it is necessary to capture raw packets and…
Categories: Security Posts

How Network Performance Monitoring Is Really Being Used

BreakingPoint Labs Blog - 26 min 59 sec ago
In this blog, we will explore how network performance monitoring (NPM) is really being used by IT…
Categories: Security Posts

Ixia IxFlow App v2.0 for Splunk

BreakingPoint Labs Blog - 26 min 59 sec ago
Before getting into the details, let’s get a little perspective of the challenges of the “need for…
Categories: Security Posts

Keysight World Delivers A Day of Presentations Showcasing Two IT Trends That Will Affect You in 2019

BreakingPoint Labs Blog - 26 min 59 sec ago
During early spring and summer 2019, Keysight (Ixia’s parent company) hosted a serious of technical…
Categories: Security Posts

Supplement traceroute with path discovery for easier troubleshooting

BreakingPoint Labs Blog - 26 min 59 sec ago
The cost of managing complex networks is driven up by the time and effort you must spend to…
Categories: Security Posts

iBypass and Thoughts in a Traffic Jam

BreakingPoint Labs Blog - 26 min 59 sec ago
Each of us has sat in standstill traffic, trying to understand why this major highway we drive all…
Categories: Security Posts

Are you Feeling the Need for Speed?

BreakingPoint Labs Blog - 26 min 59 sec ago
If you haven’t seen the official trailer for Top Gun: Maverick, you need to. And if watching the…
Categories: Security Posts

La felicidad como forma de seguridad siendo una robot rata #IA #robotica #scifi

Cuando lees muchas cosas que tienen que ver con el futuro, la imaginación no deja de explotar en tu cerebro, y eso me ha pasado este verano a mí con la lectura de algunos libros. Y hoy me apetece contaros alguna de ellas. En concreto, lo que tiene que ver con las "Robo Ratas" y los interfaces cerebro-computador que llevan años diseñándose.
Figura 1: La felicidad como forma de seguridad siendo una robot rata
Todavía no se conoce del todo el cerebro humano, ni de ningún animal, completamente. Todavía es difícil de entender bien eso que llamamos consciencia, y leyendo el libro de Homo Deux, el capítulo que habla del fin del humanismo, me dejó bastante pensativo.



View this post on Instagram
Leyendo Homo Deus. El planteamiento de que la humanidad va a ocuparse de aquí al 2.100 a buscar la inmortalidad, la felicidad y la divinidad es curiosa. De momento disfrutándolo igual que disfrute Sapiens (que es mejor haber leído antes). }:)A post shared by Chema Alonso (@chemaalonso) on Aug 22, 2019 at 8:00am PDT
Al final, el libro habla de tres cosas que rompen las bases del humanismo, y que son relevantes. La primera de ellas, pone en duda el famoso "libre albedrío" que hace que todo funcione en el mundo de hoy en día. Este "libre albedrío" supone que los humanos tomamos decisiones porque tenemos capacidad de elección. Y parece que no es tan así.
El segundo de los puntos al que hace referencia es al "individuo". ¿Realmente somos solo una persona o somos más de uno? No, no estoy hablando de los Géminis y el horóscopo. Estamos hablando de que nuestro cerebro es capaz de tener opiniones diferentes al mismo tiempo según qué centro tenga el poder de tomar esa decisión. Podemos pensar algo y hacer lo contrario. Y mucho peor.
El tercer problema es que los humanos pueden pasar a ser "irrelevantes" para el futuro si seguimos definiendo la vida como la hemos definido hasta hoy. Es decir, para producir riqueza, tomar decisiones o pelear guerras. Esto puede dejar de ser importante en el futuro, y puede que tengamos que redefinir muchas cosas en el humanismo.
Ni libre albedrío, ni relevantes, ni únicos y especiales

No os quiero romper el libro, porque merece la pena que lo leáis y descubráis sobre todo los puntos dos y tres que os he citado. El punto dos porque habla de los experimentos con humanos a los que se ha separado el hemisferio derecho del cerebro del hemisferio izquierdo, con resultados asombrosos de cómo somos más de una persona en el cerebro. Es como si tuviéramos varias CPUs en la cabeza con tomas de decisiones y opiniones totalmente distintas. A mí me dio escalofríos pensar que somos "dividuos" en lugar de "individuos".
El tercer problema, el de que los seres humanos pasemos a ser irrelevantes por tener que delegar las decisiones en sistemas de Inteligencia Artificial más capaces que nosotros por su capacidad de procesar datos y generar conocimiento, además de que junto a la robótica, la importancia de los ser generadores de riqueza nos dejará fuera de muchas competiciones.

Este es un debate interesante, ya que las probabilidades de que muchos trabajos sean sustituidos por robótica e IA en la próxima década es muy alta. Desde Contact-Centers, hasta conductores, pasando por camareros, recepcionistas, peluqueros, jardineros, etc, etc... Un debate que debemos ir teniendo ahora para pensar en cómo queremos que sean nuestras sociedades en el futuro.
Pero quería hablaros de la parte de las Robo-Ratas, que es más que interesante. Es verdad que os he dicho al principio que conocemos poco del cerebro humano, pero no que no conozcamos nada. Al contrario, y cada día conocemos más. Sabemos que hay determinadas sustancias que influyen en nuestra forma de ser y sentir. Por eso a veces recurrimos a la química para controlar nuestros estados de ánimo, las euforias, las depresiones, o los trastornos bipolares. Mantener un cerebro en un estado de felicidad constante y controlado se puede hacer a base de química.

La felicidad como forma de seguridad siendo una robot rata
Esto lo contaba ya el libro de Un Mundo Feliz con su querido Soma. Primero te cuento cuál va a ser tu lugar en la sociedad. Te hago una "narrativa" que haga que tu vida sea plena y tenga sentido - tal y como se explica en Sapiens - en tu rol de alfa, beta o delta. Pero si la narrativa que da sentido a tu vida - para la que te he condicionado desde el principio, falla - no te preocupes, tengo una pastilla que se llama Soma que te va a dejar como nuevo. Hoy en día, tienen otras marcas, pero se usan para cosas similares.
Pero el tema de las Robo Ratas es aún más allá. ¿Qué pasa si puedo incidir en tu toma de decisiones estimulando zonas de tu cerebro? ¿Y si puedo hacer que ir a la izquierda sea o que quieras hacer? ¿Y si puedo hacer que ir a la derecha sea tu decisión personal? Pues en esto consiste. El cerebro toma decisiones en "libre albedrío" porque quiere tomarlas, pero la realidad es que antes de tomarlas hay unos estímulos que hacen que la persona quiera tomar esa decisión. En las ratas sucede lo mismo, y lo que hicieron hace ya mucho tiempo es poner unos cascos con interfaces directos al cerebro para hacer que la rata quiera subir las escaleras, girar a la izquierda, girar a la derecha. El vídeo es antiguo, pero lo explica bien.

Figura 3: Robo Ratas
Por supuesto, se está trabajando también con las personas. En el libro de Homo Deux cuenta casos de cómo se utilizan estos sistemas para conseguir la concentración de franco-tiradores, o controlar la depresión de militares en situaciones de estrés post-traumático. ¿Pero podría llegar a ser obligatorio su uso para controlar la felicidad de todos los humanos?
Hace unos años, en una conferencia en Madrid, la entonces alcaldesa de a ciudad decía que la mejor forma de luchar contra la violencia era la educación de los más jóvenes. Si educamos a los más jóvenes, los estamos "programando" para que cuando tengan que tomar una decisión en el futuro a lo largo de su vida adulta, tomen una decisión no violenta. La educación, como forma de "condicionamiento" consciente que planteaba Aldoux Husley en "Un Mundo Feliz".
¿Qué quieres que te diga que quieres ser?

Pero ¿y si vamos más allá? El libro de "¿Sueñan los androides con ovejas electrónicas?" que dio origen a la mítica Blade Runner comienza con una escena maravillosa en la que el protagonista charla con su mujer sobre que código marcar en su "mood organ" o "teclado de estado de ánimo" para ese día. Si marcar el de felicidad, el de tener ganas de ser aventurera, o el de tener un estado de ánimo de "hombre de negocios". Es decir, está configurando la química de su cerebro para tener un estado de ánimo diferente.

View this post on Instagram
Comenzando a leer en inglés el libro de “¿Sueñan los androides con ovejas electrónicas?”, mi cabeza ha mezclado el “mood organ” de este libro con las roboratas de Homo Deux y el Soma de “Un Mundo Feliz” y ha salido un post de locura en el blog. }:0A post shared by Chema Alonso (@chemaalonso) on Sep 16, 2019 at 1:04am PDT
Pero... ¿y si los interfaces humano-computador y el conocimiento del cerebro se desarrolla un poco más? Podría darse el caso de que se condenara a un atracador a llevar un casco que mediante un algoritmo de AI controlase su comportamiento para que fuera "bueno". O a un inmigrante se le podría imponer como forma de entrar en el país a llevar un caso para garantizar y controlar que lo que "le apetezca" sea hacer cosas que la gente de ese país decida. O podría ser que ese casco con control de lo "que te apetece" se aplique por seguridad a la gente que trabaja en una empresa. O a todos los ciudadanos de un país. O a toda la humanidad, y lo controlamos por una IA que nos hace ser buenos y felices a todos, porque todos queremos cosas buenas para todos.
La verdad es que la ciencia-ficción me deja siempre un poco tocado, pero ver a la velocidad a la que se están desarrollando los conocimientos científicos y tecnológicos, hace falta preguntarse muchas cosas. ¿Y si realmente el humanismo está llegando a su fin y tenemos que dejar que la IA nos gobierne?

Ya Neil Stephenson hablaba en su novela "Interface" de controlar a un presidente del gobierno de USA por medio de un sistema que conectaba el cerebro del candidato con un equipo informático que controlaba un grupo de expertos en política. ¿Y si al final, como decía ese capítulo de "Love, Death & Robots" en Netflix, tenemos que dejar que "Un yogurt tome el control de la humanidad" y ser simplemente felices y seguras Robo Ratas? Feliz lunes.
Saludos Malignos!
Sigue Un informático en el lado del mal RSS 0xWord
Categories: Security Posts

ISC Stormcast For Monday, September 16th 2019 https://isc.sans.edu/podcastdetail.html?id=6666, (Mon, Sep 16th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Security Posts

Dancho Danchev's Blog - Open Call for Blog Contributors and Guest Bloggers

UPDATE: Do you know which is one of the World's most popular Security blogs and who's running it? Guess what - you've been reading it all along. Ever since I started this blog in December, 2005 for the purpose of impressing my girlfriend and greatly inspired by a successful venture with Astalavista Security Group circa 2003-2006 I've received over 5M page views courtesy of a loyal base of users
Categories: Security Posts

Update: msoffcrypto-crack.py Version 0.0.4

Didier Stevens - Sat, 2019/09/14 - 02:00
This new version of msoffcrypto-crack.py, a simple tool to crack passwords of MS Office documents, adds rules via option -r. In this release, there is only one rule to modify candidate passwords: case toggle. If you use option -r, all passwords in the provide list will be tested, together with their case toggle variant: Secret -> sECRET. msoffcrypto-crack_V0_0_4.zip (https)
MD5: D3D7A0475FF1C9AAB7BE773514784465
SHA256: 4A27E0FF50863A925FEE55B8F7D16AD29C2DF5E4611F9493DAEEBA89B5F3DBA9
Categories: Security Posts

Defining the “R” in Managed Detection and Response (MDR)

AlienVault Blogs - Fri, 2019/09/13 - 22:18
This spring, as the product and security operations teams at AT&T Cybersecurity prepared for the launch of our Managed Threat Detection and Response service, it became obvious to us that the market has many different understandings of what “response” could (and should) mean when evaluating an MDR solution. Customers typically want to know: What incident response capabilities does the underlying technology platform enable? How does the provider’s Security Operations Center team (SOC) use these capabilities to perform incident response, and, more importantly, how and when does the SOC team involve the customer's in-house security resources appropriately? Finally, how do these activities affect the return on investment expected from purchasing the service? However, in our review of the marketing literature of other MDR services, we saw a gap. All too often, providers do not provide sufficient detail and depth within their materials to help customers understand and contextualize this crucial component of their offering. Now that we’ve introduced our own MDR solution, we wanted to take a step back and provide our definition of “response” for AT&T Managed Threat Detection and Response. Luckily, Gartner provides an excellent framework to help us organize our walk-through. When evaluating an MDR service, a potential customer should be able to quickly understand how SOC analysts, in well-defined collaboration with a customer’s security teams, will:
  1. Validate potential incidents
  2. Assemble the appropriate context
  3. Investigate as much as is feasible about the scope and severity given the information and tools available
  4. Provide actionable advice and context about the threat
  5. Initiate actions to remotely disrupt and contain threats
*Source: Gartner Market Guide for Managed Detection and Response Services, Gartner. June 2018. Validation, context building, and Investigation (Steps 1-3)  It’s worth noting that “response” starts as soon as an analyst detects a potential threat in a customer’s environment. It stands to reason then that the quality of threat intelligence used by a security team directly impacts the effectiveness of incident response operations. The less time analysts spend  verifying defenses are up to date, chasing false positives, researching a specific threat, looking for additional details within a customer's environment(s), etc., the quicker they can move onto the next stage of the incident response lifecycle. AT&T Managed Threat Detection and Response is fueled with continuously updated threat intelligence from AT&T Alien Labs, the threat intelligence unit of AT&T Cybersecurity. AT&T Alien Labs includes a global team of threat researchers and data scientists who, combined with proprietary technology in analytics and machine learning, analyze one of the largest and most diverse collections of threat data in the world. This team has unrivaled visibility into the AT&T IP backbone, global USM sensor network, Open Threat Exchange (OTX), and other sources, allowing them to have a deep understanding of the latest tactics, techniques and procedures of our adversaries. Every day, they produce timely threat intelligence that is integrated directly into the USM platform in the form of correlation rules and behavioral detections to automate threat detection. These updates enable  our customers’ to detect emergent and evolving threats by raising alarms for analyzed activity within public cloud environments, on-premises networks, and endpoints. Every alarm is automatically mapped to the Cyber Kill Chain taxonomy and MITRE ATT&CK frameworks and enriched with additional insight into the potential Intent of the attacker, the Strategy and the Method of the identified threat, and Recommendations for remediation. This provides analysts immediately available high fidelity analysis to use when reviewing an alarm, saving valuable time in the incident response lifecycle. 24x7x365, the Managed Threat Detection and Response SOC analyst team monitors the USM platform and reviews the details of every single alarm for all of our customers. As our analysts assess alarms, they update them to an “In Review” status. For all alarms deemed benign, mitigated by existing controls, or allowed by policy, an analyst will apply an informative label and set the alarm status to “Closed”. If they feel that an alarm represents a potential threat, a SOC analyst will set the alarm status to “In Review”, and open an Investigation. In the USM platform, Investigations serve as the organization hub for coordinating incident response. Core use cases include allowing analysts to gather and present analysis and evidence, communicate with other analysts and customer contacts, and document remediating actions taken either by the SOC or customer teams. Once an Investigation is open, analysts use their knowledge of the customer’s environment, Alien Labs threat intelligence, and the USM platform’s forensic analysis capabilities to streamline their research and threat hunting activities. These validation and context-building exercises can include any combination of the below:
  • An in-depth examination of the security events associated with the alarm or with assets that might be at risk
  • A review of previous vulnerability assessments or the initiation of an ad hoc Asset Scan (the USM platform supports both authenticated and unauthenticated scanning)
  • Cross-referencing of the threat with identified public cloud configuration issues from the customer’s environment
  • Consultation of our current documentation of the customer’s network topology created during our onboarding exercises and regularly updated during customer check-ins
  • Execution of an endpoint query using the AlienVault Agent
  • Use of the AlienApp for Forensics and Response to collect forensic information from any appropriately configured host currently on the network
  By completing the above, analysts can quickly understand the nature of the threat, what happened and how, the severity of risk, what assets or users were involved, the criticality of those assets or users, and what to do next, without having to track down information from multiple disparate security tools or threat research blogs. This helps to reduce context switching, supporting fast and efficient updates to Investigations. Generating recommendations and initiating actions (Steps 4 and 5) After the analyst team confirms that they have accurately identified and classified the threat, they begin the process of either providing actionable remediation recommendations or initiating containment and disruptive actions. The scope of this activity can vary dramatically, with analysts utilizing the USM platform to:
  • Push configuration changes to third-party technologies using Response Actions available through the USM platform’s AlienApps integration framework
  • Use the AlienApp for Forensics and Response  to execute Enforcement System Functions
  • Initiate coordination across AT&T Cybersecurity Managed Security Services to implement a configuration change in a security control managed by AT&T
  • Recommend an examination of a particular user account, update to security control, or the reset of a machine to a known good state by the customer’s security team, with SOC support provided as needed
The specific details and permissions associated with the above activities are determined during our multi-day onsite onboarding for Managed Threat Detection and Response. While onsite, a customer’s assigned analyst will work with their team(s) to create an Incident Response Plan (IRP). This plan is deeply customizable and dictates SOC operations once an analyst opens an Investigation. Different variables can dictate what actions the SOC should take for a given Investigation, such as Investigation severity, the business criticality of the assets associated with the alarms under review, the environment or control generating the alarm, and much more. It also documents what security orchestration actions the SOC can take with and without approval from customer contacts, including enabling Response Action rules. These rules automate the response-related actions towards a customer’s networks and devices as well as other integrated security controls. The incident response plan is a living document, often updated during weekly tactical check-in calls where we  validate that all Investigations and incident response activities are being managed efficiently. The assigned analyst also hosts a monthly meeting with the customer’s team, where, in addition to IRP updates, they review service metrics related to our SLAs, discuss progress towards security program objectives and any recommendations for improvements, plan for any pending compliance or audit requirements, discuss industry threat trends, and more. Real-world response using the USM platform Below, we’ve outlined some simplified real-world examples of this lifecycle from the Managed Threat Detection and Response SOC. While it’s impossible to cover all potential scenarios, it should provide some context for what all of this looks like in practice. An analyst reviews an alarm indicating a Suspicious Download Event from McAfee ePO that might indicate the use of a Windows hacking tool within an industrial supply company.
  1. The analyst creates an Investigation, adding in-scope alarms and events.
  2. Using agent queries, it’s verified that someone has executed the Mimikatz credential dumping tool on the host
    1. The analyst observes processes that are running on the system that doesn’t have an attached file.
    2. Process hashes are then analyzed using OTX.
    3. The analyst validates the details of recently encoded PowerShell commands ( such as the name of the script that was ran, arguments applied to it, permissions, and payload).
  3. After verifying that the Incident Response Plan allows for proactive action for High and Critical Severity Investigations, the analyst executes the “Disable Networking” action on the host using the AlienApp for Forensic and Response.
  4. The analyst documents this activity on the Investigation and assigns it to the customer contact to take the next step of either performing a more in-depth forensic investigation, or re-imaging the host. Over the next few days, the SOC team works with the customer to investigate whether or not additional containment activities are required.
While monitoring the infrastructure for a healthcare organization that hosts a patient web portal, an analyst reviews an alarm that indicates activity related to a web vulnerability scanner followed by the successful upload of a web shell.
  1. The analyst reviews the most recent authenticated vulnerability scanning results, noting that one of the web servers has not been patched lately and has known vulnerabilities.
  2. The analyst opens an Investigation, escalates the severity, notifies the customer and uses the AlienApp for Forensics and Response to collect data such as suspicious files in Internet-accessible locations, files containing references to suspicious keywords, suspicious shell commands and unexpected process creating network connections. The ultimate recommendation is that the customer immediately patch the targeted server.
  3. The Customer patches the server and updates rules in their Web Application Firewall to block the scanning IP.
  4. Before closing the Investigation, the analyst works with the customer to install the AlienVault Agent on key servers, adding an additional layer of available telemetry for future Investigations.
An analyst observes continuous scanning of a local government agency’s network from an IP associated with OTX IOC’s.
  1. Consulting the customer’s IRP, the analyst notes that the customer is also an AT&T Managed Security Services Network Based Firewall customer. Per the IRP, the analyst team has permission to execute MACD’s (firewall change requests) on the customer’s behalf for Medium - Critical severity Investigations. 
  2. The analyst blocks the scanning IP by executing a MACD, documents the change in the Investigation, and closes it.
  3. Over the next few days, the analyst continues to monitor for additional scanning to verify that no additional changes are needed.
While monitoring the infrastructure for a manufacturing company, a SOC analyst observes a “Credential Abuse” alarm from Box, indicating the user is logged in from two countries simultaneously.
  1. The analyst consults the IRP (noting that the customer has requested to be contacted about any credential abuse alarms), opens an Investigation, and assigns it to the customer.
  2. Customer confirms with the user that they are at their home office.
  3. The analyst disables the Box user using the AlienApp for Box and keeps the Investigation open, supporting the customer in their efforts to remediate and understand if credentials have been compromised.
While performing routine Threat Hunting Activities within an education services company’s environment, an analyst identifies anomalous behavior from a single user.
  1. An analyst identifies a user running suspicious commands typically used in probing Service Principal Names (SPN). This could be indicative of “Kerberoasting”, which, if successful, could expose credentials via a Brute Force attack.
  2. With this preliminary observation, an Investigation is created for this activity.
  3. The analyst now uses the Investigation to add additional suspicious events populated from the identified user (including mixed Kerberos encryption types, erroneous failure codes, and atypical Service Name requests).
  4. After referring to the customer IRP for permission to take action on users demonstrating suspicious behavior, the “Disable AD User” action is invoked on the suspicious user using the AlienApp for Forensics and Response.
  5. The analyst will work with the customer to continue to observe and identify any potentially compromised accounts due to the actions of the now disabled user.
  6. When containment and eradication procedures are concluded, the SOC team works with the customer to implement future detection for the observed actions by creating new Alarm Rules.
An analyst observes an alarm from a  financial institution that has installed the AlienVault Agent on key servers.
  1. An analyst creates an Investigation, adding the in-scope alarm and events.
  2. It is determined that the alarm was generated by one of the Agent’s scheduled queries. This particular query that detects any processes running from the “/tmp” directory and is attempting communication with a known site used for data exfiltration or command and control.
  3. Using the AlienApp for Forensics and Response, the analyst executes the “Block Remote Address Outbound” action on the host in order to keep the host running its other services (as it is a critical high availability system).
  4. The Agent also performs regularly scheduled detection on Root command history as well as file modifications. These are added to the open Investigation as well.
  5. The SOC team works with the customer to confirm that long term contamination and eradication efforts are completed.
A gaming company that has recently migrated their virtual machine infrastructure to Azure generates a “Multiple Accounts Locked Out” alarm.
  1. An analyst reviews the alarms in order to identify the user account. It appears as though all of the accounts are random and do not conform to the standard account naming convention of the environment.
  2. The analyst now reviews the most recent Authenticated Scan for the host and identifies that port 3389 is open on the host.
  3. An Investigation is created that includes the findings and a request for information on the legitimacy and requirement for 3389 to be open on the host and to check that the Network Security Groups (NSG) are properly configured, as this is a recent cloud migration.
  4. Per the IRP, the analyst then executes the “Block Remote Address Inbound” action of the AlienApp for Forensics and Response on the source hosts initiating the failure attempts.
So, there you have it. It’s hard to succinctly summarize security operations, but hopefully, we’ve been able to shed some light on what it’s like to work with the AT&T Managed Threat Detection and Response SOC team. If you’d like to learn more, please visit our product page here! Mark Gray co-authored this blog. You can find his profile on LinkedIn.
Categories: Security Posts

IDA 7.4: IDAPython and Python 3

Hex blog - Thu, 2019/08/01 - 09:34
IDA 7.4 will still ship with IDAPython for Python 2.7 by default, but users will now have the opportunity to pick IDAPython for Python 3.x at installation-time!
Categories: Security Posts

IDA 7.4: Turning off IDA 6.x compatibility in IDAPython by default

Hex blog - Thu, 2019/08/01 - 09:32
IDA 7.4 will ship with the IDAPython “IDA 6.x” compatibility layer off by default. Please see this article for more information!
Categories: Security Posts

Pattern Welding Explained as Wearable Art

Niels Provos - Tue, 2018/08/28 - 06:37

Pattern-Welding was used throughout the Viking-age to imbue swords with intricate patterns that were associated with mystical qualities. This visualization shows the pattern progression in a twisted road with increasing removal of material. It took me two years of intermittent work to get to this image. I liked this image so much that I ordered it for myself as a t-shirt and am looking forward for people asking me what the image is all about. If you want to get a t-shirt yourself, you can order this design via RedBubble. If you end up ordering a t-shirt, let me know if it ends up getting you into any interesting conversations!

Categories: Security Posts

Thu, 1970/01/01 - 02:00
Syndicate content