Events Related

  • BSidesLondon 2015 Wrap-Up – blog.rootshell.be
    Here is a quick wrap-up of the BSidesLondon 2015 by Xavier. This year, they moved to a new location close to Earls Court where is organized InfoSec Europe at the same time.
  • WAF Bypass at Positive Hack Days V – blog.ptsecurity.com
    Though the contest WAF configuration allowed bypassing, uncommon solutions were also presented. This was actually the goal of the contest: participants had the opportunity to try themselves in bypassing protection mechanisms, while Positive Research can improve their product due to the results.

Resources

  • Cobalt Strike Penetration Testing Labs (Download) – blog.cobaltstrike.com
    The Cobalt Strike Pen Testing Lab DVD material is now available for download. This DVD covers the Metasploit Framework‘s capability to target a server. It also covers the client-side attack process in Cobalt Strike.

Tools

  • Version 6 Release of the REMnux Linux Distro for Malware Analysis – zeltser.com
    Here is the announcement of the v6 release of the REMnux distro, which helps analysts examine malware using free utilities in a Linux environment. You can download it from here.
  • Nmap 6.49BETA1 released – seclists.org
    Fyodor has announced the release of Nmap 6.49BETA1. This version will have hundreds of improvement including 25 new NSE scripts (total is now 494).

Techniques

  • OpenSesame – samy.pl
    OpenSesame is a device that can wirelessly open virtually any fixed-code garage door in seconds, exploiting a new attack SamyKamkar has discovered on wireless fixed-pin devices. Using a child’s toy from Mattel. Live demonstration and full details available in the video here.

Vulnerabilities

Other News

  • USA Freedom Act Passes: What We Celebrate, What We Mourn, and Where We Go From Here – eff.org
    The Senate passed the USA Freedom Act by 67-32 on June 2. Technology users everywhere should celebrate, knowing that the NSA will be a little more hampered in its surveillance overreach, and both the NSA and the FISA court will be more transparent and accountable than it was before the USA Freedom Act.

  • Who’s behind mysterious flights over US cities? FBI -csmonitor.com
    FBI spy planes: US law enforcement officials confirmed for the first time the wide-scale use of the aircraft, which the AP traced to at least 13 fake companies. The AP traced at least 50 aircraft back to the FBI, and identified more than 100 flights since late April orbiting both major cities and rural areas.
  • OPM Hack May Have Exposed Security Clearance Data -threatpost.com
    Twenty-four hours after unnamed White House officials said the Office of Personnel Management (OPM) data breach was linked to China, one security company has connected the intrusion to the massive break-ins earlier this year at insurance companies Anthem and Premera Blue Cross.

    • Data hacked from U.S. government dates back to 1985: U.S. official -reuters.com
      Data stolen from U.S. government computers by suspected Chinese hackers included security clearance information and background checks dating back three decades, U.S. officials said on Friday, underlining the scope of one of the largest known cyber attacks on federal networks.