• Defeating UEFI's SecureBoot

    The Unified Extensible Firmware Interface (UEFI) is ment to replace the Basic Input/Output System (BIOS) firmware interface found on all IBM PC-compatible personal computers. But is it secure enough? Or, at least, more resilient than BIOS?

    Corey Kallenberg, Security Researcher for the MITRE Corporation, and his colleagues Sam Cornwell, Xeno Kovah and John Butterworth have been testing ways to bypass UEFI's SecureBoot - a new feature that enforces a signature check on the boot loader before the firmware transfers control to it.

  • Improving training programs in cyber security

    In this podcast, recorded at Hack In The Box Amsterdam 2014, Lisha Sterling, Developer Coordinator at Geeks Without Bounds, talks about the problems in cybersecurity education.

  • Online gaming threats and protection tips

    In this podcast, recorded at Infosecurity Europe 2014, Christopher Boyd, Malware Intelligence Analyst at Malwarebytes, talks about online scams and phishing attacks, specifically those related to protected Steam accounts. He also offers tips that can enable gamers to make their accounts more secure.

  • Stop all browser-borne malware from entering your network

    In this podcast, recorded at Infosecurity Europe 2014, Branden Spikes, CEO, CTO & Founder of Spikes Security, talks about how malware has already done its job by the time traditional malware detection security systems have a chance to start their work.

    The new truth is that the web browser is, increasingly, the primary threat vector for cyber attacks on the enterprise. Confidential research available to Gartner members confirm this, as well as a 2013 review by Palo Alto Networks which found that over 90 percent of undetected malware comes through the browser. Traditional detection-based security technologies are reactive and ineffective in stopping the ever growing number of complex zero-day attacks, APTs, and polymorphic threats delivered through the browser.

  • Essential steps for implementing Data Loss Prevention

    In this podcast, recorded at Infosecurity Europe 2014, Raul Condea from CoSoSys, talks about essential steps to take when implementing Data Loss Prevention (DLP).

    When looking at DLP, always consider operating systems, computers, mobile devices, user experience and last but not least, deployment. Robustness and ease of use should describe any DLP, Mobile Device Management or encryption solution.


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st