Resources

  • Introducing Phishing Frenzy – pentestgeek.com
    A couple weeks ago Zecnox presented at this year’s Derbycon on an email phishing platform that he has been working on. Those of you who missed the talk, he went over some of the features of  Phishing Frenzy and launched a live phishing simulation. You can see the recording here.
  • Ruxcon 2013 Slides – ruxcon.org.au
    Here are the presentation slides of Ruxcon 2013.
  • BSides Delaware 2013 Videos – irongeek.com
    These are the videos from the BSides Delaware conference 2013.

Tools

  • Leroy Jenkins – captainhooligan.wordpress.com
    Jenkins is an award-winning application that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Among those things, current Jenkins focuses on the two jobs.
  • HashTag: Password Hash Identification – smeegesec.com
    Interested in password cracking or cryptography? Check this out. Hashtag. py is a tool written in python which parses and identifies various password hashes based on their type.

Techniques

  • Web Services Penetration Testing, Part 2: An Automated Approach With SoapUI Pro – resources.infosecinstitute.com
    In this article infosec institute focused on automated tools available for web service penetration testing. SoapUI is the only popular tool available to test for soap vulnerabilities. But to automate the test, you need to use SoapUI Pro.
  • Attacking the Spanning-Tree Protocol – tomicki.net
    The purpose of this paper is to briefly describe the STP and it’s function in redundant network topologies. Lukasz Tomicki describe the attack vector that can be used to disrupt the stability of the STP’s operations, and provide a working implementation as proof of concept.

Vulnerabilities

  • Researcher skepticism grows over badBIOS malware claims – arstechnica.com
    Five days after Ars chronicled a security researcher’s three-year odyssey investigating a mysterious piece of malware he dubbed badBIOS, some of his peers say they are still unable to reproduce his findings. Since the article was published, researchers have attempted to reproduce the behavior Ruiu described.
  • Adobe Breach Impacted At Least 38 Million Users – krebsonsecurity.com
    The recent data breach at Adobe that exposed user account information and prompted a flurry of password reset emails impacted at least 38 million users, the company now says. It also appears that the already massive source code leak at Adobe is broadening to include the company’s Photoshop family of graphical design products.

  • Supermicro IPMI Firmware Vulnerabilities – community.rapid7.com
    This post summarizes the results of a limited security analysis of the Supermicro IPMI firmware. This firmware is used in the baseboard management controller (BMC) of many Supermicro motherboards.

Other News

  • Hackers Take Limo Service Firm for a Ride – krebsonsecurity.com
    A hacker break in at a U.S. company that brokers reservations for limousine and Town Car services nationwide has exposed the personal and financial information on more than 850,000 well-heeled customers, including Fortune 500 CEOs, lawmakers, and A-list celebrities. This database would be a gold mine of information for would-be corporate spies or for those engaged in other types of espionage.