Week 22 In Review – 2016

Events Related

Resources

Tools

  • Practical Malware Analysis Starter Kit – bluesoul.me
    This package contains most of the software referenced in Practical Malware Analysis. Some of the links have broken over time, some companies have folded or been bought.

Techniques

  • Practical Reverse Engineering Part 3 – Following the Data – jcjc-dev.com
    The best thing about hardware hacking is having full access to very bare metal, and all the electrical signals that make the system work. With ingenuity and access to the right equipment we should be able to obtain any data we want.
  • Pastejacking – github.com
    A demo of overriding what’s in a person’s clipboard

Vulnerabilities

  • Observations and thoughts on the LinkedIn data breach – www.troyhunt.com
    The LinkedIn hack of 2012 which wethought had “only” exposed 6.5M password hashes (not even the associated email addresses so in practice, useless data), was now being sold on the dark web. It was allegedly 167 million accounts and for a mere 5 bitcoins (about US$2.2k) you could jump over to the Tor-based trading site, pay your Bitcoins and retrieve what is one of the largest data breaches ever to hit the airwaves.

Other News

  • Life is Better without Username Reuse (email aliases FTW!) – blog.jeremiahgrossman.com
    Facebook, LinkedIn, Amazon, PayPal, Yahoo, Google. We keep accounts with many of these websites. They and many others use email addresses as the first half of the classic username and password combo. They do this because email addresses are unique and double as a reasonably secure communication channel with the user.

 

Leave A Comment