Resources

  • BSides Cleveland 2014 Videos – irongeek.com
    These are the videos from the Bsides Cleveland conference. You can watch and download the videos from here.
  • Dispelling Confusion and Myths: iOS Proof-of-Concept – zdziarski.com
    A quick POC demonstrating how File Relay and other services can be abused to dump a significant amount of personal data from an iOS device wirelessly, and bypassing user backup encryption.

    • iOS File Relay POC – youtube.com
      A quick POC demonstrating how File Relay and other services can be abused to dump a significant amount of personal data from an iOS device wirelessly, and bypassing user backup encryption.

Tools

  • New Tool: web2intel – github.com
    web2intel is a script to fetch malicious domain and URL lists from sites that publish RSS feeds or raw HTML pages. download the associated files from here.
  • [joern-users] Version 0.3 released! – listserv.gwdg.de
    Joern-0.3 has just been released! This release fixes bugs and introduces a lot of new code analysis tools in joern-tools. You can download the new version here.

Techniques

  • Proxmark Low Frequency HOWTO – hackerwarehouse.com
    In this post, Hacker warehouse is going to review the update procedure just in case you want a little refresh on this and then They’re going to move into the world of Low Frequency RFID, sniffing, cloning, emulating, EM4X tags, and the fabulous T55x7 card.
  • Upload a web.config File for Fun & Profit – soroush.secproject.com
    The web.config file plays an important role in storing IIS7 (and higher) settings. It is very similar to a .htaccess file in Apache web server. Uploading a .htaccess file to bypass protections around the uploaded files is a known technique.

Vulnerabilities

Other News