Events Related

  • Our Favorite Presentations from ShmooCon 2015 – researchcenter.paloaltonetworks.com
    Jen and Phil were fortunate to attend this year’s ShmooCon, an annual hacker conference held in Washington, DC. Here are the wrap up of the conference.

Resources

  • BSides Columbus 2015 Videos – irongeek.com
    hese are the videos from the BSides Columbus Ohio conference. You can watch and download the videos from here.
  • Guest Blog: httpscreenshot – A Tool for Both Teams – blog.bugcrowd.com
    The Shmoocon presentations that Kymberlee recommended last week did not disappoint, and She’s excited to have the opportunity to share some of the great research she saw there with Bugcrowd customers and Crowd members. This tool released by Justin Kennedy and Steve Breen can be used by both Red Teams and Blue Teams. Enjoy!
  • Shmoocon Notes: Userland Persistence on Mac OS X – carnal0wnage.attackresearch.com
    Notes from the conference for later by CG. Userland Persistence on Mac OS X. List of links are available here.

Tools

  • CapTipper – github.com
    CapTipper is a python tool to analyze, explore and revive HTTP malicious traffic. You can download the tool from here.
  • RDPY – github.com
    RDPY is a pure Python implementation of the Microsoft RDP (Remote Desktop Protocol) protocol (client and server side). RDPY is built over the event driven network engine Twisted.
  • OpenSSL 1.0.2 Branch Release notes – openssl.org
    The major changes and known issues for the 1.0.2 branch of the OpenSSL toolkit are summarised here. The contents reflect the current state of the NEWS file inside the git repository.

Techniques

  • Weekend Hacking with GNURADIO – beastiebytes.com
    The following describes Sven Tantau’s process towards a gnuradio module to print out the codes of the original remote and then re-using those codes with an USB dongle of a different vendor.

Vendor/Software patches

  • Java Patch Plugs 19 Security Holes – krebsonsecurity.com
    Oracle this week released its quarterly patch update for Java, a widely-installed program that for most casual users has probably introduced more vulnerability than utility.

Vulnerabilities