Events Related

Resources

  • Ransomware: Past, Present, and Future – blog.talosintel.com
    The rise of ransomware over the past year is an ever growing problem. Businesses often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the reality. The problem we face is that every single business that pays to recover their files, is directly funding the development of the next generation of ransomware.

Tools

  • RDP Replay Code Release – www.contextis.com
    We have made this tool available after being asked by a number of our blog readers. This tool requires the private key for decrypting, which can usually be recovered with cooperation from the client.

Techniques

  • Discover the Unknown: Analyzing an IoT Device – www.insinuator.net
    This blog post will give a brief overview about how a simple IoT device can be assessed. It will show a basic methodology, what tools can be used for different tasks and how to solve problems that may arise during analyses.  It is aimed at readers that are interested in how such a device can be assessed, those with general interest in reverse engineering or the ones who just want to see how to technically approach an unknown device.

Vulnerabilities

  • Microsoft Unleashes 13 Bulletins, Six Critical – threatpost.com
    Microsoft today released a lucky 13 bulletins for April, with six rated critical and the others important. In total, Microsoft patched 29 unique CVEs for this round, with the most anticipated patch tied to Badlock.
  • Badlock Vulnerability Falls Flat Against Its Hype – threatpost.com
    Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message block (SMB) protocol that provides file and print services for Windows clients.

Other News

  • Hyping vulnerabilities is no longer helping application security awareness – techcrunch.com
    It used to be a vulnerability was disclosed, a few people who paid attention to such things blogged about it, patches were made, and we went about our day. During this time, not enough people understood the importance of application security and remediating vulnerabilities. It wasn’t mainstream, and it certainly wasn’t considered major news.
  • The Vigilante Who Hacked Hacking Team Explains How He Did It – motherboard.vice.com
    Back in July of last year, the controversial government spying and hacking tool seller Hacking Team was hacked itself by an outside attacker. The breach made headlines worldwide, but no one knew much about the perpetrator or how he did it.