Events Related

  • Another year, another RSAC – www.cerias.purdue.edu
    I have attended 10 of the last 15 RSA conferences. I do this to see what’s new in the market, meet up with friends and colleagues I don’t get to see too often, listen to some technical talks, and enjoy a few interesting restaurants and taverns in SF.

Resources

  • Mobile Top 10 2016-Top 10 – www.owasp.org
    The list represents a release candidate of the OWASP Mobile Top Ten 2016. Have a look at the list and please provide feedback. The release candidate will have a 30 day feedback window for everyone to provide feedback before things are finalized.

Tools

  • Dependency-Check – github.com
    Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies.
  • inspectrum – github.com
    Inspectrum is a tool for analysing captured signals, primarily from software-defined radio receivers.
  • BinExport – github.com
    An IDA Pro plugin for exporting disassemblies into BinNavi databases and to Protocol Buffers
  • DCEPT – github.com
    A tool for deploying and detecting use of Active Directory honeytokens
  • Qubes OS 3.1 has been released! – www.qubes-os.org
    The major new architectural feature of this release has been the introduction of the Qubes Management infrastructure, which is based on the popular Salt management software.

Techniques

  • How we broke into your house – boredhackerblog.blogspot.com
    For my wireless security class (CIT 460) some friends and I did final project on hacking alarm systems. This was in Spring 2014. I did this because I had RTL-SDR dongle and I wanted to do something cool with it.
  • Hacker Reveals How to Hack Any Facebook Account – thehackernews.com
    A security researcher discovered a ‘simple vulnerability’ in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can.
  • Binmap: a system scanner – blog.quarkslab.com
    Open sourcing binmap, a tool to scan filesystem and gather intel on which binaries are there, what are their dependencies, which symbols they are using and more. This yields a global view of a system, providing the basic block for building other tools!
  • Tutorial #2: DCA against Hack.lu 2009 challenge – github.com
    It’s a Windows 32-bit graphical crackme performing an AES128 encryption over the user input. If the output is equal to “hack.lu-2009-ctf”, one gets a success message.
  • Got 15 minutes to kill? Why not root your Christmas gift? – blog.ioactive.com
    This blog post provides a 101 introduction to embedded hacking and covers how to extract and analyze firmware to look for common low-hanging fruit in security. This post also uses binary diffing to analyze how TP-LINK recently fixed the vulnerability with a patch.

Other News