Events Related

  • Black Hat Asia 2015 Recap – blog.fortinet.com
    For the second year in a row, BlackHat Asia was held in Singapore, at the end of March, in the luxury Marina Bay Sands hotel. As usual, the 2 days briefings were fully loaded of plenty of topics. 3 distinct tracks were offered, plus the business track and of course the technical Arsenal rooms.

    • My experience at Black Hat Asia 2015 -secpod.org
      With all the frightening stories of hackers at Black Hat, Preeti Subramanian stepped into not-just-yet-another-conference in Singapore. Situated at the plush location of the island country, Marina Bay Sands catered to one of the best security conference of this calibre.

Resources

  • Hacking With Pictures SyScan 2015 – slideshare.net
    Presentation of Saumil Shah at SyScan 2015 – Exploits delivered via Steganography and other image based tricks.
  • Welcome to the Open Crypto Audit Project – opencryptoaudit.org
    The Open Crypto Audit Project (OCAP) is a community-driven global initiative which grew out of the first comprehensive public audit and cryptanalysis of the widely used encryption software TrueCrypt®.

Tools

  • Chipsec – github.com
    CHIPSEC is a framework for analyzing security of PC platforms including hardware, system firmware including BIOS/UEFI and the configuration of platform components.

Vulnerabilities

  • WebLogic SSRF And XSS (CVE-2014-4241, CVE-2014-4210, CVE-2014-4242) – blog.gdssecurity.com
    Universal Description Discovery and Integration (UDDI) functionality often lurks unlinked but externally accessible on WebLogic servers. It’s trivially discoverable using fuzz lists such as Weblogic.fuzz.txt and was, until recently, vulnerable to Cross Site Scripting (XSS) and Server Side Request Forgery (SSRF).
  • Sign Up at irs.gov Before Crooks Do It For You – krebsonsecurity.com
    If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process.
  • Remote Code Execution Possible Via Dell System Detect – f-secure.com
    The focus of Forbes’ research was Dell’s “System Detect” utility and a flaw that allows for remote code execution. Forbes reported his findings last November and Dell mitigated the issue in January (and also again last week).