Resources

  • SecTor 2015 – sector.ca
    Presentations and videos for SecTor 2015

Tools

  • NMAP – github.com
    NMAP scripts for TN3270 interaction as well as NJE. Most notably TSO User Enumeration and Brute Force. CICS transaction ID enumeration and NJE node name brute forcing.

Techniques

  • Hidden In Plain Sight: Brute Forcing Slack Private Files – www.ibuildings.nl
    When we started using Slack one of our developers was sending a file, had his Developer console open and noticed that even though he’d not chosen to share the file public, the API gave back a public URL anyway.

Other News

  • DoD Needs to Improve Cyber Culture, CIO Says – www.defense.gov
    The Defense Department needs to change its cyber culture to protect its networks from the relentless threat from hackers, the department’s chief information officer said today.
  • CIA Email Hackers Return With Major Law Enforcement Breach – www.wired.com
    The CWA hackers said they found a vulnerability that allowed them to gain access to the private portal, which is supposed to be available only to the FBI and other law enforcement agencies around the country. That portal in turn, they say, gave them access to more than a dozen law enforcement tools that are used for information sharing.