Events Related

Resources

Tools

Techniques

  • Psychological Warfare With NIRCMD – room362.c0m
    One of the best ways to throw blue teamers off the scent of another host getting owned.
  • Injecting Malicious HTML IFrames – research.zscaler.com
    Injecting malicious HTML IFrames into the legitimate web pages has become a commonplace technique in web based attacks.
  • Volatility – zonbi.org
    If you’re into forensics or the challenges I’ve been talking about lately, you should be familiar with Volatility.

Vendor/Software Patches

  • Wireshark 1.4.4 and 1.2.15 Released – wireshark.org
    Wireshark 1.4.4 and 1.2.15 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.
  • Wireless Host App “Karma” Patch Update – foofus.net
    I’ve posted an updated version of my “Karma” patch for HostAP (hostap_0_7_2-775-g9fc6aa9). This patch adds Karma-style automatic probe response.

Vulnerabilities

  • Android DroidDream Uses Two Vulnerabilities – blog.fortinet.com
    You probably haven’t missed DroidDream which trojaned several applications on the Android Market and several blog posts on the matter.
  • Shmuck of the Month: Sony – dogber1.blogspot.com
    Two types of companies exist: those which are growing and those which are dying. Sony clearly belongs to the latter for over a decade now.
  • ONJECT and EMBED are inherently Unsafe – Icamtuf.blogspot.com
    The specification effectively takes away the ability for any single party to decide how a particular plugin document should be handled by the browser.

Other News