Events Related

Resources

  • The SHAppening: freestart collisions for SHA-1 – sites.google.com
    This website contains latest news and background information regarding the SHA-1 freestart collision work from Marc Stevens (CWI, the Netherlands), Pierre Karpman (Inria, France and NTU Singapore) and Thomas Peyrin (NTU Singapore).

Tools

  • HoneyPress – github.com
    WordPress honeypot in a docker container running Naxsi WAF in learning mode
  • bettercap – github.com
    A complete, modular, portable and easily extensible MITM framework.
  • New Metasploit Tools
    Patch testing and analysis are important parts in vulnerability research and exploit development. One popular reason is people would try this technique to rediscover patched bugs, or find ways to keep an 0day alive in case the fix in place is inadequate.

Techniques

Vulnerabilities

  • Security advisory: Stored XSS in Jetpack – blog.sucuri.net
    The vulnerability affects users of Jetpack version lower or equal to 3.7 that uses the contact form module present in the plugin (it is activated by default).
  • Critical Netgear Router Exploit allows anyone to Hack You Remotely – thehackernews.com
    Yes, NETGEAR Routers have once again become a victim of DNS Monitoring, potentially affecting 11,000 Devices. This week, we reported about a Vigilante Hacker, who protected users by installing malware on their Wi-Fi routers, forcing them to use a secure password.

Other News

  • DOD now requires contractors to report hacks – thehill.com
    According to a notice published in Friday’s Federal Register, DOD contractors are now mandated to report “cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system.”
  • Infosec is good people – blog.erratasec.com
    For all that we complain about drama in our community, we are actually good people. At a small conference yesterday, I met “Kath”. She just got her degree in advertising, but has become disillusioned.