Events Related

Resources

  • Ray Sharp CCTV DVR Password Retrieval & Remote Root – community.rapid7.com
    On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras.

Tools

  • CVE-2016-0051 – github.com
    BSoD PoC for CVE-2016-0051 (MS-016)
  • smod – github.com
    MODBUS Penetration Testing Framework

Techniques

  • Pwning CCTV Cameras – www.pentestpartners.com
    CCTV is ubiquitous in the UK. A recent study estimates there are about 1.85m cameras across the UK – most in private premises. Most of those cameras will be connected to some kind of recording device, which these days means a Digital Video Recorder or DVR.
  • SimpliSafe home security system
    Today we’re releasing information on a critical security vulnerability in a wireless home security system from SimpliSafe. This system consists of two core components, a keypad and a base station.

  • nsa-rules – github.com
    Password cracking rules and masks for hashcat that I generated from cracked passwords.
  • GPS hacking (PART 1) – en.wooyun.io
    GPS hacking has alway been a hot topic on security conferences over the past few years. But the contents are over academic and the cost for necessary equipment is too high, which stops many fans from getting started.

Vulnerabilities

  • Arbritrary file Upload on AirMax – hackerone.com
    It’s possible to overwrite any file (and create new ones) on AirMax systems, because the “php2” (maybe because of a patch) don’t verify the “filename” value of a POST request.
  • This is Why People Fear the ‘Internet of Things’ – krebsonsecurity.com
    This is the nightmare “Internet of Things” (IoT) scenario for any system administrator: The IP cameras that you bought to secure your physical space suddenly turn into a vast cloud network designed to share your pictures and videos far and wide.

Other News

  • What It Takes to Master Security (Hint: It’s Not Certs) – blog.opendns.com
    Currently in security jobs are plentiful. LinkedIn connection invites and recruiter calls are as normal as a daily Agile meeting. But those with career foresight know, it’s not enough to be complacent. To become an expert at the top of the field, progression is essential.
  • Hacker Summer Camp Planning Guide – systemoverlord.com
    A couple of coworkers who have never been to DEF CON, BSides Las Vegas or Black Hat (collectively, “Hacker Summer Camp”) asked me about planning their first trips, so I decided to collect my tips here. I’m going to be splitting my advice into two parts: this planning guide for travel/scheduling/registration information, and a Hacker Summer Camp survival guide for advice that’s more relevant while you’re at the conferences.