- Defcon 18 CTF News
- CTF Defcon 18 PreQuals: writeups (Solutions) – pentester.es
- DEFCON 18 Quals: writeups collection – vnsecurity.net
- Defcon CTF Qualifiers – redspin.com
- Defcon 18 CTF quals writeup: Pursuit Trivial 200 – bernardodamele.blogspot.com
- Defcon 18 CTF quals writeup: Packet Madness 200 – bernardodamele.blogspot.com
- Defcon 18 CTF quals writeup: Pwtent Pwnables 200 – bernardodamele.blogspot.com
- Defcon 18 CTF Writeup – Binary L33tness 500 – lollersk8ers.fatihkilic.de
- Not Too Late To Learn From Defcon CTF Qualifiers – darkreading.com
- W2SP 2010: Web 2.0 Security and Privacy 2010 – w2spconf.com
The goal of this one day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and establishing new collaborations in these areas.
- Tips On Choosing Which Vulnerabilities to Test – icsalabs.com
Based on our experience, below are five of the most important tips when it comes to choosing vulnerabilities.
- Wiping & Protecting Data from SSD/Flash Drives – rootshell.be
As you probably already know, deleting a file using the standard system call is not enough from a security point of view.
- Smart Application Security Score Card – coffeeandsecurity.com
There are several instances where application stakeholders struggle hard to identify necessary security SDLC activities for their applications and products.
- Browser Vulnerability Timeline – browserstats.appspot.com
The timeline shows the percentage of users who have at least one unpatched critical-severity vulnerability (or at least one unpatched high-severity vulnerability) on an average day.
- Browserscope – browserscope.org
The goals are to foster innovation by tracking browser functionality and to be a resource for web developers.
- Karma – digininja.org
Karma is a set of patches to access point software to get it to respond to probe requests not just for itself but for any ESSID requested.
- Ragweed – github.com/tduehr/ragweed
Ragweed is a set of scriptable debugging tools written mostly in native ruby.
- CERT Basic Fuzzing Framework – cert.org
Today we are releasing a simplified version of automated dumb fuzzing, called the Basic Fuzzing Framework (BFF).
- Fuzzing with Peach – The Peach Pit – nullthreat.net
The peach pit is an XML files that lays out the protocol we are going to fuzz.
- Analysis on the carders.cc hacking
Some wily hackers are gleaning more info on the notorious illiegal card swapping forum break in
- Carders.cc Hacked – Initial Analysis of IP addresses – reusablesec.blogspot.com
- Carders.cc – Analysis of Password Cracking Techniques – Part 2– reusablesec.blogspot.com
- Fraudsters e-mail addresses : carders.cc case – bl0g.cedricpernet.net
- Revisiting the Eleonore Exploit Kit – krebsonsecurity.com
Like most exploit kits, Eleonore is designed to invisibly probe the visitor’s browser for known security vulnerabilities, and then use the first one found as a vehicle to silently install malicious software.
- Invasion of Privacy. The Sequel. – attackvector.org
I’m using this post as a way to open peoples eyes about the seriousness of overlooking little things that could, in the right hands and a twisted mind, be used in deviant ways.
- Ruby For Pentesters – The Dark Side I: Ragweed – matasano.com
And yes, Ragweed is now available as a gem through github.
- Download ARTeam Tutorials! – accessroot.com
This a tutorial which explains how to reverse Android OS applications.
- Stealing A Photo From A Remote Webcam – nullpointer.dk
This is another demonstration of the use of Metasploit like I did in my previous article Exploiting SMB on Windows.
- Corporate Information Discovery [Part 2] – attackvector.org
I’ll be using console tools, but there are many websites that will provide this information as well.
- Auditing Proprietary Protocols in Control Systems – digitalbond.com
Generally, these protocols aren’t on the “front lines”, they’re going to be behind at least a couple of firewalls, probably a DMZ.
- JNLP/JAR Hacking – infointox.net
Now since we can decompile Java this leaves room for attacks similar to the old fashion flash game cheating.
- OpenBTS on Droid – tombom.co.uk
The quick version: I can provide voice and SMS connectivity to local GSM handsets using nothing but a Droid and a USRP.
- Enumerating email addresses using search engines (the return!) – attackvector.org
About a month ago I wrote a post going over some code that I wrote that basically went out and grabbed email addresses after doing search queries.
- State of the art in CRiMEPACK Exploit Pack – ef.kaffenews.com
CRiMEPACK exploit pack is a widespread and accepted in the crime scene in this area came under the slogan “Highest Lowest rates for the price“.
- Capturing SMB Files with Wireshark – taddong.com
While the authentication can be performed in a secure way, the information flow between the server and consumer is usually not encrypted, as it happens with the default SMB configuration.
- Injecting A Vnc Server Into A Remote Computer – nullpointer.dk
We will deploy a VNC server on the remote machine and establish a reverse tcp tunnel back to our machine.
- First cyber warfare general appointed
The US military has appointed its first senior general to direct cyber warfare – despite fears that the move marks another stage in the militarisation of cyberspace.
- All about Tabjacking
As Mozilla Firefox creative lead Aza Raskin describes it, the attack is as elegant as it is simple.
- A reminder that CSRF affects more than websites – cgisecurity.com
The interesting thing here is that since CSRF tokens are not available in FTP, the developers were forced to remove functionality in order to mitigate this.
- AMEX breaks PCI control: Encrypt transmission of cardholder data across open, public networks – securityexe.com
AMEX is one of the five companies that founded the PCI organization and is asking all merchants accepting AMEX to follow these guidelines.
- Anti-Clickjacking Defenses ‘Busted’ In Top Websites – darkreading.com
New research easily bypasses popular frame-busting technique.
- iPhone data access pwned by Linux
Even with a PIN on a locked iPhone, connecting it to an Ubuntu gives easy read access to the phone’s data. Uh oh.
- How Fraudsters Make Fake Credit Cards – consumerist.com
Detective Bob Watts of Newport Beach Police Department shows how crooks take your credit card numbers they steal off the internet and turn blank plastic into a faux credit card.
- Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone – wired.com
Defense Deputy Secretary William Lynn III said we need to think imaginatively about how to use the National Security Agency’s Einstein monitoring systems on critical private-sector networks.