Events Related

Tools

  • HTCAP – www.htcap.org
    htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes.

Techniques

  • repairing the hackrf – www.t4f.org
    The HackRF One uses two Avago MGA-81563 amplifiers. This chip amplifies the input signal by 14dB. In the HackRF this chip is used as a power amplifier (PA) for transmitting and as a Low Noise Amplifier (LNA) for receiving.

Vulnerabilities

  • Quick Analysis of a Recent MySQL Exploit – isc.sans.edu
    We had a mysql honeypot getting hit hard with this “exploit” recently. I am enclosing the word “exploit” in quotes as the MySQL server was configured to allow logging in without password.
  • OpenSSL Security Advisory – mta.openssl.org
    OpenSSL is disabling the SSLv2 protocol by default, as well as removing SSLv2 EXPORT ciphers.
  • The DROWN Attack – drownattack.com
    DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for Internet security.

Other News

  • S. Announces ‘Hack The Pentagon’ Bug Bounty Program – www.npr.org
    Announcing what it calls “the first cyber bug bounty program in the history of the federal government,” the Department of Defense says it’s inviting hackers to test the security of its Web pages and networks.
  • Why Your Security Tools Are Exposing You to Added Risks – darkreading.com
    Remember that there is no foundation of trust on any piece of software; think of each of them as a potential vector. Plan your incident response around this idea, maximize your advantages as a defender and become a hard target.