Resources

  • SyScan2015 Conference Slides – syscan.org
    These are the SyScan2015 Conference Slides. SyScan2015 Conference Slides can be download from here.
  • CanSecWest 2015 Files – cansecwest.com
    The CanSecWest conference was established in 2000. Archives of presented materials in CanSecWest Vancouver 2015 can be found here.
  • RF Testing Methodology – nccgroup.github.io
    The RFTM is an Open Source, collaborative testing methodology.It is focussed on providing the information that security researchers and consultants need to know in order to effectively test systems that employ RF technologies.
  • BSides Nashville 2015 Videos – irongeek.com
    These are the videos from BSides Nashville 2015. You can watch and download the videos from here.

Tools

  • SamuraiWTF 3.x And Onwards – Web Testing Framework Linux LiveCD – darknet.org.uk
    The Samurai Web Testing Framework (AKA SamuraiWTF) is a live linux environment that has been pre-configured to function as a web pen-testing environment. You can download SamuraiWTF 3.1 here.
  • IPv6 Toolkit v2.0 (Guille) Released – si6networks.com
    The SI6 Networks IPv6 toolkit is a set of IPv6 security assessment and trouble-shooting tools. The SI6 Networks’ IPv6 toolkit v2.0 is available now.
  • SPARTA v1.0.2 BETA – sparta.secforce.com
    SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase.
  • The Social-Engineer Toolkit (SET) v6.3 “#HugLife” Released – trustedsec.com
    TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v6.3 codename “#HugLife”. This version adds a number of new enhancements and features for the Java Applet, number of bug fixes, and additional changes.

Techniques

Vulnerabilities

  • Hidden backdoor API to root privileges in Apple OS X – truesecdev.wordpress.com
    The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), Emil Kvarnhammar found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system.

Other News

  • High-tech TV: How realistic is the hacking in prime-time shows? – engadget.com
    “Hacking” is the deus ex machina in plenty of scenarios on Pretty Little Liars and other mainstream programs, allowing people to easily track, harass, defend and stalk each other 30 to 60 minutes at a time. But how real is it?
  • Why CSI: Cyber Matters – cyberdefensereview.org
    This article examined how we could use the current focus of a television show like CSI: Cyber and the momentum behind it to help people care about information security, consider pursuing a career in security, and work towards a more secure Internet.
  • How the U.S. thinks Russians hacked the White House – edition.cnn.com
    Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.