Tools

  • WCE v1.42beta released (32bit) – hexale.blogspot.com
    WCE v1.42beta released (32bit). This is a minor release. Download it from here.
  • heapLib 2.0 – blog.ioactive.com
    Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM.

Techniques

  • Unpacking Firmware Images from Cable Modems – w00tsec.blogspot.com
    Hacking Cable modems used to be very popular during the early 2000’s. You can dump your own firmware image using JTAG or sniffing the connection during upgrades. Here is Bernardo Rodrigues’s research on this.
  • Reverse Engineering with Reflector: Part 1 – resources.infosecinstitute.com
    This paper intended to teach sophisticated reverse engineering tactics, mainly by using Red Gate Reflector. This article demystifies dissembling and cracking of .NET binaries, step by step, in order to reveal protected targets with confidential information.
  • Evernote, and privacy preserving applications – ritter.vg
    Tom Ritter would like to take a moment to talk about privacy preserving by default. He doesn’t intend for this to be a rant about current commercial decisions – instead he’d like it to be praise of what he think (and hope) is great design, and use it to try and set an example that other people can follow.
  • Exploiting the Supermicro Onboard IPMI Controller – community.rapid7.com
    In this blog Juan Vazquez would like to share a couple of funny tricks they used to end the real live exploit. Hope you enjoy!

Vulnerabilities

  • Vulnerability Discovery, Mitigation and Exploitation: QNX – blog.cmpxchg8b.com
    Tavis Ormandy was being blown away by the QNX 1.44M demo as a teenager, it had a really big impact on him. At one time, he had even configured fvwm to look like QNX Photon. Curious about what RIM had been doing with QNX since the acquisition, he bought a BlackBerry Q10.
  • Adobe credentials and the serious insecurity of password hints – troyhunt.com
    Adobe had a little issue the other day with the small matter of 150 million accounts being breached and released to the public. Naked Security did a very good write up on Adobe’s giant-sized cryptographic blunder in terms of what they got wrong with their password storage. Troyhunt won’t try to replicate that, rather he’d like to take a look at the password hints.
  • Pwn2Own crackers leave iOS and Samsung mobe security IN RUINS – www.theregister.co.uk
    Researchers attending the PacSec 2013 security conference in Japan have won nearly $70,000 after demonstrating how to compromise iPhones and a Samsung Galaxy S4 running Android in a mobile version of the legendary Pwn2Own hacking contest.