Resources

Tools

  • exploit-poc – github.com
    This is a PoC CSRF targeting certain Netgear devices. It forwards TCP port 5000 from the WAN interface to the router’s internal IP address.

Techniques

  • HackRF Replay Attack Jeep – calebmadrigal.com
    One of the most simple (and most interesting attacks) which can be done with SDR is what’s called a Replay Attack. It works by simply recording a signal, and then rebroadcasting it. I was able to use this attack to lock and unlock my Jeep Patriot (2006) with my computer.

Vulnerabilities

  • How the Pwnedlist Got Pwned – krebsonsecurity.com
    Pwnedlist is run by Scottsdale, Ariz. based InfoArmor, and is marketed as a repository of usernames and passwords that have been publicly leaked online for any period of time at Pastebin, online chat channels and other free data dump sites.
  • The DBIR’s ‘Forest’ of Exploit Signatures – blog.trailofbits.com
    If you follow the recommendations in the 2016 Verizon Data Breach Investigations Report (DBIR), you will expose your organization to more risk, not less. The report’s most glaring flaw is the assertion that the TLS FREAK vulnerability is among the ‘Top 10’ most exploited on the Internet. No experienced security practitioner believes that FREAK is widely exploited.
  • WordPress Redirect Hack via Test0.com/Default7.com – blog.sucuri.net
    We’ve been working on a few WordPress sites with the same infection that randomly redirects visitors to malicious sites via the default7 .com / test0 .com / test246 .com domains.

Other News

  • A dubious cyber security conference – lightbluetouchpaper.org
    I’ve written before about dubious “academic” journals… and today I’m going to discuss a dubious “academic” conference (which is associated with some dubious journals, but it’s the conference that’s my focus today).