Resources

  • AthCon 2012 Slides & Notes – kingcope.wordpress.com
    Slides & notes for “Uncovering Zero-Days and advanced fuzzing” at AthCon 2012. You can download now from here.
  • BalCCon2k14 – youtube.com
    BalCCon – Balkan Computer Congress 2014 videos are available now. You can watch and download the videos from here.
  • Mass Scanning the Internet – DefCon 2014 (Talk Summary) – manvswebapp.com
    This talk, Mass Scanning the Internet at DefCon 22, piqued M. J. Power’s interest as they at NTO are very fundamentally concerned with gathering massive amounts of security assessment data from a web application. So reading the brief, he thought, wow, these guys are scanning the whole internet!
  • Nickolai Zeldovich Lectures – youtube.com
    Here are the lectures of Nickolai Zaldovich available. You can watch and download the videos from here.

Tools

  • Introducing Snort 3.0 – snort.org
    Snort has not only become the standard in intrusion detection, but the Snort rules language is used by network researchers to communicate with each other to detect bad traffic.
  • BlueMaho Project – Bluetooth Security Testing Suite – darknet.org.uk
    BlueMaho is GUI-shell (interface) for a suite of tools best used for Bluetooth security testing. It is freeware, opensource, written on python, uses wxPython. You can download BlueMaho here.

Techniques

Other News

  • Feds used Adobe Flash to identify Tor users visiting child porn sites – arstechnica.com
    Operation Torpedo relied on long-abandoned Metasploit Decloaking Engine. According to Wired, “Operation Torpedo,” as the FBI sting operation was dubbed, targeted users of three darknet child porn sites.
  • North Korea Behind Sony Hack: U.S. Officials – nbcnews.com
    The officials told NBC News the hacking attack originated outside North Korea, but they believe the individuals behind it were acting on orders from the North Koreans.

    • U.S. Said to Find North Korea Ordered Cyberattack on Sony – nytimes.com
      American officials have concluded that North Korea was “centrally involved” in the hacking of Sony Pictures computers, even as the studio canceled the release of a far-fetched comedy about the assassination of the North’s leader that is believed to have led to the cyberattack.
    • Obama: Sony made a mistake by pulling ‘The Interview’ – cnbc.com
      President Barack Obama said Friday that Sony should not have pulled “The Interview” after a North Korean hacking, and he pledged to answer the attack. “We will respond,” he told reporters.
    • Lessons from the Sony Hack – schneier.com
      The Federal Bureau of Investigation now says it has evidence that North Korea was behind the attack, and Sony Pictures pulled its planned release of “The Interview,” a satire targeting that country’s dictator, after the hackers made some ridiculous threats about terrorist violence.
  • ICANN HACKED: Intruders poke around global DNS innards – theregister.co.uk
    Domain-name overseer ICANN has been hacked and its DNS zone database compromised, the organization has said. The organization notes it was a “spear phishing” attack, suggesting employees clicked on a link in the messages that took them to a bogus login page.
  • 1.16 Million Payment Cards Breached in Staples Hack – gizmodo.com
    In case anybody still believed we were doing ok on cybersecurity, Staples just announced that malware deployed at 115 of its stores nationwide gave hackers access to some 1.16 million customers’ payment cards.