Resources

  • Circle City Con 2014 Videos – www.irongeek.com
    These are the Circle City Con 2014 videos. You can watch and download all of the recordings from here.
  • OWASP Security Shepherd – owasp.org
    Security Shepherd has been implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn or to improve upon existing manual penetration testing skills.
  • Guide to building the Tastic RFID Thief – shubh.am
    This guide assumes that you are doing constant testing of the circuit along the way. Whilst this guide itself isn’t so detailed and bullet proof, it definitely will act as a great reference and tutorial towards building the Tastic.

Tools

  • Discover – github.com
    Formally BackTrack scripts. For use with Kali Linux. Custom bash scripts used to automate various pentesting tasks.
  • easy-creds – code.google.com
    The easy-creds script is a bash script that leverages ettercap and other tools to obtain credentials during penetration testing. You can dowload it from here.

Techniques

  • USB Fuzzing Basics: From fuzzing to bug reporting – blog.quarkslab.com
    This article first presents quarklabs team’s fuzzing approach followed by a practical example of a bug in Windows 8.1 x64 full-updated. The goal of this article is not to redefine state-of-the-art USB fuzzing, nor to give a full description of their fuzzing architecture, but rather to narrate a scenario which starts from fuzzing and ends up with a bug report.
  • Breaking Into iCloud: No Password Required – blog.crackpassword.com
    This feature is mostly intended for law enforcement and forensic customers, as using a password-free entry into iCloud requires a binary authentication token that must be extracted from the suspect’s computer.
  • Xfinity Pineapple – blog.logrhythm.com
    This post is simply a proof-of-concept to explore the risks of open wireless access points.

Vulnerabilities