• iCloud keychain and iOS 7 Data Protection –
    If you are concerned about cloud security, read this presentation by Andrey Belenko Sr. Security Engineer @ viaForensics and Alexey Troshichev @hackappcom founder.
  • Leveraging WMI for shells –
    secabstraction always try to think about how he might get something done by leveraging WMI, since it’s usually always on and available. When he read that somebody had beat him to the punch he decided to start writing a powershell implementation.
  • Alberto’s GSoC 2014 Project for ZAP: SOAP Scanner Add-On –
    this summer, Alberto Verza, a 23 year student from Spain have participated in Google Summer of Code 2014. His project was the SOAP Scanner Add-On for ZAP, in which he worked during all the Program. Here is an explanation of the features it includes.
  • What the InfoSec Skills Gap Means for the Future –
    One of the biggest challenges – if not the biggest challenge – facing information security is the lack of skilled talent. Cisco’s 2014 Annual Security Report says, “it’s estimated that by 2014, the
    [IT Security] industry will still be short more than a million security professionals across the globe.”
  • Hackertainment –
    This is a list of puzzles, challenges, games, CTFs, and other entertainment via coding. It can include everything from ACM-style competitions to challenges designed to teach specific languages or programming paradigms.


  • ibrute:AppleID bruteforce p0c –
    Here is appleID password bruteforce pOc. It’s only p0c, so there is no multiThreading feature, Save-State-On-Exception feature. do it yourself. Before you start, make sure it’s not illegal in your country.
  • Lynis v1.6.0 Released –
    Security auditing tool for Linux, Mac and Unix based systems. Scan your systems in a matter of minutes and know what can be improved.
  • Nmap v6.47 Released –
    Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. You can download Nmap v6.47 from here.


Other News

  • Urgent security warning that may affect all internet users –
    Back in August, The Register reported that the largest ever quotient of email addresses, usernames and passwords had been put together by groups of Russian hackers. These hackers collected this data over many months, gaining access to these user credentials through vulnerable/poorly secured databases and backdoors/malware installed on insecure computers around the world.
  • Home Depot, Other Retailers Get Social Engineered –
    Famed annual contest reveals how many retailers lack sufficient defenses against social engineering.
  • Obamacare site hacked but nothing taken, HHS says –
    Hackers silently infected a computer server this summer. But the malware didn’t manage to steal anyone’s data, federal officials say.
  • Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted –
    When Firefox 32 shipped this week, Mozilla also officially ended its support of 1024-bit certificate authority certificates in its trusted store. Still, such a move does involve some cost and angst to websites running older certificates.
  • The FBI Finally Says How It ‘Legally’ Pinpointed Silk Road’s Server –
    As the trial of alleged Silk Road drug market creator Ross Ulbricht approaches, the defense has highlighted the mystery of how law enforcement first located the main Silk Road server in an Icelandic data center, despite the computer being hidden by the formidable anonymity software Tor. he FBI claims to have found the server’s location without the NSA’s help, simply by fiddling with the Silk Road’s login page until it leaked its true location.