Event Related

• SyScan 2013
  • SyScan13: Revisiting Mac OS X Rootkits presentation – reverse.put.as
    SyScan 2013, 10th anniversary edition is over! It is a great conference and I hope it does not end here. I had lots of fun and met new interesting people. Thomas is an awesome host! It helps that I really like Singapore and Asia in general.
  • SyScan :: Download Section – syscan.org
    SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
• Introducing Daisho – ossmann.blogspot.com
  At TROOPERS13, Dominic Spill and I presented Introducing Daisho, Monitoring Multiple Technologies at the Physical Layer (video, slides).
• Tektip ep24 -Moloch – tekdefense.com
  In this episode of Tektip, we take a closer look at one of the most exciting projects showed at Shmoocon 2013, Moloch.

Resources

• OWASP Top Ten for 2013 – bankinfosecurity.com
  The OWASP Top Ten list of application security risks was created more than a decade ago to be the start of an industry standard that could bootstrap the legal system into encouraging more secure software. Here are the 2013 updates.
• IOS Application security Part 2 Getting class information of IOS apps – resources.infosecinstitute.com
  In this article, we will look at how we can analyze any preinstalled app on your device or any other app downloaded from App store and discover things about the source code of the app like the classes that it uses, the names of the view controllers it uses, the internal libraries, and even intricate details like the variables and methods names used in any particular class or view controller.

Tools

• SpiderFoot – The Open Source Footprinting tool – spiderfoot.net
  Spiderfoot 2.0 – the open source footprinting tool.
• AV0id – Anti-Virus Bypass Metasploit Payload Generator Script – commonexploits.com
  Introducing a simple script I have created to bypass most Anti-Virus products. This script is based on scripts I used whilst attempted to avoid A.V, credit to all authors of the mentioned scripts below for their research and work. This was just a very quick script I put together to make life a bit easier.
• Netcat without -e? No Problem! – pen-testing.sans.org
  Netcat is fantastic little tool included on most Linuxes and available for Windows as well. You can use Netcat (or its cousin, Ncat from the Nmap project) to create a reverse shell as follows.

Techniques

• Quickly Determine Allowed Outbound Ports – securitypadawan.blogspot.com
  This is nothing new, I just simply wanted to share a couple quick ways to find open outbound ports using native command shells and letmeoutofyour.net.

Vendor/Software Patches

• Department of Labor IE 0-day Exploit (CVE-2013-1347) Now Available at Metasploit – community.rapid7.com
  First off, according to Microsoft’s advisory, only Internet Explorer 8 is vulnerable to this exploit, and we verified that with a fully patched Windows 7 with IE8. If you are looking for an excuse to upgrade to something more recent, the following image demonstrates IE8′s weakness.

Event Related Syscan 2013 SyScan 2013, Bochspwn paper and slides – gynvael.coldwind.pl In our SyScan presentation, we explained the concept of kernel race conditions in interacting with user-mode memory, gave a brief rundown on how they can be identified by using CPU-level instrumentation of an operating system session, and later focused on how they can [...]

Here are information security events in North America this month:     Bsides San Antonio : May 4 in San Antonio, TX USA     Secure360 : May 13 to 15 in Minnesota USA     GovSec : May 13 to 15 in Washington DC USA     HackMiami 2013 : May 17 to 19 [...]

Event Related Notacon 10 (2013) Videos – irongeek.com These are the videos from the 10th Notacon conference held April 18th-21st, 2013. Not all of them are security related, but I hope my viewers will enjoy them anyway. Thanks to Froggy and Tyger for having me up, and to the video team: SatNights, Widget, Securi-D, Purge, [...]

Event Related Great Scott Gadgets Infiltrate 2013 – greatscottgadgets.com Michael Ossmann and Kyle Osborn presented Two-Timing Data Connectors at Infiltrate 2013. Resources Nessus Using Posh-SecMod PowerShell Module to Automate Nessus(Part1) – darkoperator.com One showed me some of the scripts they use and then it came to me why not automate Nessus from with in PowerShell. [...]

Event Related HITB Amsterdam 2013 HITB Amsterdam 2013 Day #1 Wrap-Up – blog.rootshell.be I back in Amsterdam for the third time this month. Today, it is to participate to the Hack In The Box conference. This is already the 4th one, time flies! Like the previous editions, the event is organised at the Okura hotel, [...]

Event Related CCDC WRCCDC – A Red Team Members Perspective – blog.strategiccyber.com Western Regional CCDC was pretty epic. Given the level of interest in red activity, I’d like to share what I can. So much happened, I couldn’t keep up with all of it. Web Application Defender’s Cookbook: CCDC Blue Team Cheatsheet – blog.spiderlabs.com Trustwave [...]

Event Related Blackhat Europe 2013 Arsenal Tools Event Wrap-up – toolswatch.org I finally found time to write a wrap-up about the activities of the Arsenal Tools Event during the last session of Blackhat Amsterdam Europe 2013. IPv6 Focus Month: IPv6 over IPv4 Preference – isc.sans.edu Initially, most IPv6 deployments will be “Dual Stack”. In this [...]

Here are information security events in North America this month:   BSides Iowa : April 6 to 7 in Iowa, USA   BSides Rochester : April 6 in New York, USA   GRC Summit :April 9 to 11 in Boston MA, USA   Bsides Orlando : April 13 to 14 in Orlando Florida USA   [...]

Event Related IPv6 Focus Month IPv6 Focus Month: What is changing with DHCP – isc.sans.edu Among the different methods to configure IPv6 addresses, most managed networks will likely stick with DHCP. DHCPv6 however is a bit different then DHCPv4. We will summarize here some of the basic differences between DHCPv4 and DHCPv6. IPv6 Focus Month: [...]