Resources

  • iCloud keychain and iOS 7 Data Protection – slideshare.net
    If you are concerned about cloud security, read this presentation by Andrey Belenko Sr. Security Engineer @ viaForensics and Alexey Troshichev @hackappcom founder.
  • Leveraging WMI for shells – secabstraction.com
    secabstraction always try to think about how he might get something done by leveraging WMI, since it’s usually always on and available. When he read that somebody had beat him to the punch he decided to start writing a powershell implementation.
  • Alberto’s GSoC 2014 Project for ZAP: SOAP Scanner Add-On – zaproxy.blogspot.com
    this summer, Alberto Verza, a 23 year student from Spain have participated in Google Summer of Code 2014. His project was the SOAP Scanner Add-On for ZAP, in which he worked during all the Program. Here is an explanation of the features it includes.
  • What the InfoSec Skills Gap Means for the Future – blog.whitehatsec.com
    One of the biggest challenges – if not the biggest challenge – facing information security is the lack of skilled talent. Cisco’s 2014 Annual Security Report says, “it’s estimated that by 2014, the
    [IT Security] industry will still be short more than a million security professionals across the globe.”
  • Hackertainment – hackertainment.net
    This is a list of puzzles, challenges, games, CTFs, and other entertainment via coding. It can include everything from ACM-style competitions to challenges designed to teach specific languages or programming paradigms.

Tools

  • ibrute:AppleID bruteforce p0c – github.com
    Here is appleID password bruteforce pOc. It’s only p0c, so there is no multiThreading feature, Save-State-On-Exception feature. do it yourself. Before you start, make sure it’s not illegal in your country.
  • Lynis v1.6.0 Released – cisofy.com
    Security auditing tool for Linux, Mac and Unix based systems. Scan your systems in a matter of minutes and know what can be improved.
  • Nmap v6.47 Released – nmap.org
    Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. You can download Nmap v6.47 from here.

Vulnerabilities

Other News

  • Urgent security warning that may affect all internet users – community.namecheap.com
    Back in August, The Register reported that the largest ever quotient of email addresses, usernames and passwords had been put together by groups of Russian hackers. These hackers collected this data over many months, gaining access to these user credentials through vulnerable/poorly secured databases and backdoors/malware installed on insecure computers around the world.
  • Home Depot, Other Retailers Get Social Engineered – darkreading.com
    Famed annual contest reveals how many retailers lack sufficient defenses against social engineering.
  • Obamacare site hacked but nothing taken, HHS says – money.cnn.com
    Hackers silently infected a Healthcare.gov computer server this summer. But the malware didn’t manage to steal anyone’s data, federal officials say.
  • Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted – threatpost.com
    When Firefox 32 shipped this week, Mozilla also officially ended its support of 1024-bit certificate authority certificates in its trusted store. Still, such a move does involve some cost and angst to websites running older certificates.
  • The FBI Finally Says How It ‘Legally’ Pinpointed Silk Road’s Server – wired.com
    As the trial of alleged Silk Road drug market creator Ross Ulbricht approaches, the defense has highlighted the mystery of how law enforcement first located the main Silk Road server in an Icelandic data center, despite the computer being hidden by the formidable anonymity software Tor. he FBI claims to have found the server’s location without the NSA’s help, simply by fiddling with the Silk Road’s login page until it leaked its true location.