Events Related

Resources

Tools

  • cfexplode utility for separating concatenated classifiles as generated by cfcompile – code.google.com
    [It] transforms files containing one or more concatenated classfiles into a series of files with a common prefix. Particularly useful on classes generated by ColdFusion’s compiler.
  • Immunity Debugger v1.82! – debugger.immunityinc.com
    After about 3 months, we have an update for the Immunity Debugger! It was first mentioned in our post here. Now, Immunity Debugger version 1.82 is available!
  • OpenVAS 4 – wald.intevation.org
    It has been almost 8 months since an updated OpenVAS version was released. We spoke about OpenVAS here. We now have OpenVAS 4!

Techniques

  • Meterpreter Resource Files – darkoperator.com
    Tonight while chatting via IRC with Egyp7 he mentioned that Meterpreter should have capability of using Resource files for cleanup in post exploitation…

Vendor/Software Patches

  • Background on APSA11-01 Patch Schedule – blogs.adobe.com
    We just posted Security Advisory APSA11-01 announcing a critical vulnerability (CVE-2011-0609) in Adobe Flash Player, which also impacts the authplay.dll component shipping with Adobe Reader and Acrobat for Windows and Macintosh.

Vulnerabilities

Other News

    • Charlie Miller Reveals His Process for Security Research – resources.infosecinstitute.com
      We got recent Pwn2Own winner Charlie Miller to answer a few questions and pull back the curtain a bit on the methods, tools and motivation for the research he does discovering security exploits.
    • Click-jacking is spreading on Facebook – h-online.com
      If your Facebook friends are recommending strange videos to you, they may have become the victims of a new scam.
    • RIM: Disable Javascript in BlackBerry Browser – zdnet.com
      Research in Motion (RIM) is urging BlackBerry users to disable JavaScript in the smartphone’s browser to block exploits from a security vulnerability showcased at this year’s CanSecWest Pwn2Own contest.
    • PIN skimming possible with chip cards – h-online.com
      At the CanSecWest security conference held in Vancouver last week, four security researchers demonstrated the practicability of chip card skimming attacks.
    • Google closes Flash hole faster than Adobe – h-online.com
      Google has once again reacted faster than Adobe itself, which says it will be releasing its update for Flash Player at the beginning of next week.
    • Microsoft Conducts Massive Botnet Takedown Action – online.wsj.com
      Microsoft Corp. and federal law enforcement agents seized computer equipment from Internet hosting facilities across the U.S. in a sweeping legal attack designed to cripple the leading source of junk email on the Internet.
    • Leader of Hacker Gang Sentenced to 9 years for Hospital Malware – wired.com
      The former leader of an anarchistic hacking group called the Electronik Tribulation Army was sentenced Thursday to 9 years and 2 months in prison for installing malware on computers at a Texas hospital.
    • How Did 50 Female Celebrities Get Hacked? – abcnews.go.com
      FBI agents are reportedly closing in on a ring of hackers thought to be responsible for stealing nude photos and videos from at least 50 female celebrities.