TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... Frost and Sullivan announced in their Feb. 2007 report, "Analysis of Vulnerability Discovery and Disclosure", that TippingPoint was the fastest growing discoverer of new vulnerabilities and the leader in the discovery of both high-severity and Microsoft vulnerabilities.

SANS Top 20 Internet Security Risks of 2007

The SANS Institute just released its Top 20 Internet Security Risks of 2007 Annual update. TippingPoint's own Rohit Dhamankar was the Project Director for this effort another year running. Quoting Rohit in their official press release:"Although half the total vulnerabilities reported in 2007 are in Web applications ...


MSRPC NDR Types Technical Overview

Aaron Portnoy and I have finished a presentation at the first annual DeepSec security conference. Our talk titled "RPC Auditing Tools and Techniques" focused on some new tools and existing methodologies for auditing RPC interfaces.The main focus of this research was to provide the tools and techniques we use so that others may also be able to audit RPC services. The three components we mentioned were pulling all binaries that include RPC interfaces, dumping their IDL information, and com ...


First Annual DeepSec Security Conference

The first annual DeepSec Security Conference kicked off this Thanksgiving weekend in Vienna, Austria. This blog entry serves as a quick overview for how it all went down.


New Leopard Security Features - Part II: Code Signing

Last week we talked about Address Space Layout Randomization, one of the new security features in Leopard. This week, we’re going to talk about code signing.Once again, I’m going to attempt to differentiate this blog posting from every other blog posting about the security features of Leopard by actually going into the history of code signing and the science behind it.So, without further ado, I hereby give you: Mac OS X 10.5 “Leopard” New Security Features - ...


New Leopard Security Features - Part I: ASLR

For me, Chrismakkuh came early this year. Saturday afternoon, my girlfriend and I went to the Apple Store and I picked up a copy of Mac OS X 10.5 “Leopard”.(Yes, I have a girlfriend. I realize that the fact that I’m posting a blog entry about an operating system means that she probably lives in Canada and none of my friends have ever actually seen her, but, dude, she totally exists. We met at Niagara Falls last year. Really.)Leopard includes a lot of new security features, ...