Events Related

Resources

  • PCI versions 3.0, 3.1 and your SecureSphere deployment – blog.imperva.com
    This blog entry will focus solely on new requirements that either affect SecureSphere, or requirements that Secure could affect. PCI 2.0 requirements that can be mitigated using SecureSphere are out of scope of this document.
  • Memex (Domain-Specific Search) – darpa.mil
    The content here has been generated by organizations that are partially funded by DARPA; the views and conclusions contained therein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of DARPA or the U.S. Government.

Tools

  • OWASP ZAP 2.4.0 – owasp.blogspot.co.uk
    ZAP is an OWASP Flagship project, and is currently the most active open source web application security tool.
  • ArkDasm – arkdasm.com
    ArkDasm is a 64-bit interactive disassembler and debugger for Windows. You can download it from here.

Techniques

  • Hard Disk Firmware Hacking (Part 1) – malwaretech.com
    MalwareTech, a 20 year old programmer, is not been doing much in the windows malware world for a while now, because he run out of ideas and bored. Recently he decided to take the jump into electronics / hardware hacking and people have suggested he post some of that here.

  • Hacking the D-Link DIR-890L – devttys0.com
    Craig haven’t been keeping up with D-Link’s latest shenanigans for his busyness. In need of some entertainment, he went to their web page and was greeted by this atrocity.
  • Redirect to SMB – blog.cylance.com
    Redirect to SMB is a way for attackers to steal valuable user credentials by hijacking communications with legitimate web servers via man-in-the-middle attacks, then sending them to malicious SMB (server message block) servers that force them to spit out the victim’s username, domain and hashed password.
  • Finding bugs in SQLite, the easy way – lcamtuf.blogspot.com
    lcamtuf was truly impressed with Richard Hipp fixing each and every of these cases within a couple of hours of sending in a report. The fixes have been incorporated in version 3.8.9 of SQLite and have been public for a while, but there was no upstream advisory.
  • Attacking CANBus – Part 2 – digitalbond.com
    In part 1 we looked at what CAN is and what the difference between CAN and OBDII traffic is on a vehicle network. In this part you are going to look at simple reverse engineering techniques to determine which CAN IDs are of interest to us.
  • Recursive FTP Searching – trustedsec.com
    When searching online for methods to recursive search FTP servers, many forum posts were encountered looking for a solution with many mixed replies. Overall, many solutions were incorrect, impractical, required time and effort for coding, etc. After several solutions being testing, our preferred method was the use of a sophisticated file transfer program called “lftp”.

Vendor/Software patches

  • Hostapd-wpe for OpenWrt Barrier Breaker – acrylicwifi.com
    Hostapd-wpe (Wireless Pwnage Edition) is a patch for hostapd v2.2 created by the OpenSecurity Research group aiming to replace FreeRadius-WPE. This article arises after the need for a portable device for testing wireless infrastructures security (802.11b/g/n and 802.11ac.

Vulnerabilities