Event Related

  • CONFidence 2013 and the x86 quirks – gynvael.coldwind.pl
    Another week, another conference. Just a few days ago, Gynvael and I had the pleasure to attend and present at the CONFidence 2013 infosec conference traditionally held in Cracow, Poland.
  • [Announcement] Blackhat Arsenal USA 2013 Selected Tools – toolswatch.org
    I’m pleased to announce the selected tools for the next coming session of Arsenal that will take place in Las Vegas Nevada in July 31-August 1, 2013 | 10:00-18:00

Resources

Tools

Techniques

Vendor/Software Patches

  • Security and Networking – Blog – DNSRecon 0.8.6 isOut! – darkoperator.com
    Just updated DNSRecon to check if it can pull the Bind Version by doing a query for the TXT Record version.bind and it will now check if the RA Flag is set in responses from each of the NS servers it detects. If the server has recursion enabled it could be used for DDoS attacks and for performing Cache Snooping.

Vulnerabilities

  • Under The Hood: Linksys Remote Command Injection Vulnerabilities – SpiderLabs Anterior – blog.spiderlabs.com
    Several models in the Linksys E-Series WiFi routers running their respective current firmwares are prone to remote OS command injection vulnerabilities. In this article, we’ll take a look at two of these vulnerabilities that exist due to improper validation of system command parameters passed via the stock Linksys web administration interface.

Other News