- BLE Fun With Ubertooth: Sniffing Bluetooth Smart and Cracking Its Crypto – blog.lacklustre.net
Ubertooth is an open source platform for Bluetooth research. It has a powerful ARM microcontroller connected to a reconfigurable radio chip, the TI CC2400. Although it was originally built to monitor classic Basic Rate (BR) Bluetooth, it serves as an excellent platform for building a BLE sniffer.
- Se* and you – labs.portcullis.co.uk
The following is a brief analysis of the threats associated with each Se* privilege. To be clear, the context of this analysis is the case where you land in a service account that has one or more of these privileges.
- Damn Vulnerable IOS Application (DVIA) – damnvulnerableiosapp.com
Damn Vulnerable IOS App (DVIA) is an IOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their IOS penetration testing skills in a legal environment.
- NIST 800-53r4 controls with related documentation, privacy controls, videos, assessment procedures, and SANS 20 Critical Security Controls Version 4.1 – webbrain.com
- iker – labs.portcullis.co.uk
ker is a Python tool to analyse the security of the key exchange phase in IPsec based VPNs. Download link is available here.
- SecUpwN / Android-IMSI-Catcher-Detector – github.com
This is an android-based project to detect and avoid fake base stations (IMSI-Catchers) in GSM/UMTS Networks. Sounds cool and security is important to you?
- wifijammer – github.com
Wifijammer continuously jam all wifi clients and access points within range. The effectiveness of this script is constrained by your wireless card.
- mass-deauth – github.com
This is Mass-Deauth script for 802.11 pwnage. Download this script from here.
- DependencyCheck – github.com
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies. It does this by determining if there is a Common Platform Enumeration (CPE) identifier for a given dependency.
- Reversing the WRT120N’s Firmware Obfuscation – devttys0.com
It was recently brought to Craig’s attention that the firmware updates for the Linksys WRT120N were employing some unknown obfuscation. He thought this sounded interesting and decided to take a look.
- Revisting XXE and abusing protocols – www.corelan.be
The basic premise behind the vulnerability is that when a user authenticates with a site using OpenID, that site does a ‘discovery’ of the user’s identity. To accomplish this the server contacts the identity server specified by the user, downloads information regarding the identity endpoint and proceeds with authentication.
- How I Lost My $50,000 Twitter Username – krebsonsecurity.com
A story of how PayPal and GoDaddy allowed the attack and caused Naoki Hiroshima to lose his $50,000 Twitter username.