Events Related:

Resources:

  • The History of Hacking – onlinemba.com
    Hacking has been around as long as computers as a way to reconfigure or reprogram a system to give access to someone who otherwise shouldn’t have access. 

Tools:

Techniques:

  • Infected Javascript file – zscaler.com
    We recently found the following malicious code appended to a static Javascript file on an Indian Telecom website.
  • web application firewall bypass with a XSS attack – acunetix.com
    In the following demo video, Sandro Gauci of EnableSecurity shows how an attacker can switch off dotDefender in order to bypass any “protection” offered by the WAF.  
  • WMIC for incident response – sans.org
     I mentioned at the end of that post that I’ve been using WMIC in place of psexec and that I’d have more on that later.
  • Top 10 Things you may not know about tcpdump – sans.edu
    What are the things you may not know about tcpdump? Here are some of the favorite items I ran into and please fill free to submit more.
  • AV Bypass Made Stupid – room362.com
    I started with fgdump, a well known hashdumping/pwdump tool. It’s detected by 80% of all AVs and by all the top 10.
  • pigtoddler.py – Culling Files By Riding Spiders – l1pht.com
    I wanted a troubled little script that didn’t require much care and had a little more “dice roll” type attitude. 
  • pro tip: get lucky by scanning for 192.168.20.1 – clearnetsec.com
    ut as I just witnessed at a client, none of their historical vulnerability scan results discovered the cards because this client doesn’t use that IP block, yet several Dell servers had default DRAC cards waiting for some love. 
     

Vulnerabilities:

Vendor/Software Patches:

Other News: