Resources
- SyScan2015 Conference Slides – syscan.org
These are the SyScan2015 Conference Slides. SyScan2015 Conference Slides can be download from here. - CanSecWest 2015 Files – cansecwest.com
The CanSecWest conference was established in 2000. Archives of presented materials in CanSecWest Vancouver 2015 can be found here. - RF Testing Methodology – nccgroup.github.io
The RFTM is an Open Source, collaborative testing methodology.It is focussed on providing the information that security researchers and consultants need to know in order to effectively test systems that employ RF technologies. - BSides Nashville 2015 Videos – irongeek.com
These are the videos from BSides Nashville 2015. You can watch and download the videos from here.
Tools
- SamuraiWTF 3.x And Onwards – Web Testing Framework Linux LiveCD – darknet.org.uk
The Samurai Web Testing Framework (AKA SamuraiWTF) is a live linux environment that has been pre-configured to function as a web pen-testing environment. You can download SamuraiWTF 3.1 here. - IPv6 Toolkit v2.0 (Guille) Released – si6networks.com
The SI6 Networks IPv6 toolkit is a set of IPv6 security assessment and trouble-shooting tools. The SI6 Networks’ IPv6 toolkit v2.0 is available now. - SPARTA v1.0.2 BETA – sparta.secforce.com
SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. - The Social-Engineer Toolkit (SET) v6.3 “#HugLife” Released – trustedsec.com
TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v6.3 codename “#HugLife”. This version adds a number of new enhancements and features for the Java Applet, number of bug fixes, and additional changes.
Techniques
- It Takes a Village – Collaborative Steps to Breaking Botnets: How Level 3 and Cisco Worked Together to Improve the Internet’s Security and Stop SSHPsychos – blog.level3.com
Too often problem identification is confused with problem removal, leaving attackers observed, yet still able to pursue their goals. This is why Level 3’s Threat Research Labs and Cisco’s Talos Group worked together to investigate and mitigate the risk posed by an attacker’s Internet-wide scanning and DDoS botnet, SSHPsychos. - Attacking CANBus – Part 1 – digitalbond.com
Corey Thuen going to skip all the electrical fun parts, the packet formats, and the theory and move right into using some tools to look at CAN traffic. His language is simplified for example purposes. For this exercise he is going to be analyzing traffic from his 2013 Toyota Tundra.
Vulnerabilities
- Hidden backdoor API to root privileges in Apple OS X – truesecdev.wordpress.com
The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), Emil Kvarnhammar found it in October 2014 and it can be exploited to escalate privileges to root from any user account in the system.
Other News
- High-tech TV: How realistic is the hacking in prime-time shows? – engadget.com
“Hacking” is the deus ex machina in plenty of scenarios on Pretty Little Liars and other mainstream programs, allowing people to easily track, harass, defend and stalk each other 30 to 60 minutes at a time. But how real is it? - Why CSI: Cyber Matters – cyberdefensereview.org
This article examined how we could use the current focus of a television show like CSI: Cyber and the momentum behind it to help people care about information security, consider pursuing a career in security, and work towards a more secure Internet. - How the U.S. thinks Russians hacked the White House – edition.cnn.com
Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
[…] post Week 15 In Review – 2015 appeared first on Infosec […]
[…] post Week 15 In Review – 2015 appeared first on Infosec […]