Events Related

  • USENIX Annual Technical Conference (ATC) 2016: The Best and Brightest Security Talks – duo.com
    I recently attended the USENIX Annual Technical Conference (ATC) 2016 in Denver, Colorado. I was invited to give an industry talk, discussing my Bring Your Own Dilemma paper from last March (touching briefly on the Out Of Box Exploitation paper from May). Instead of just flying in for my talk and flying out, I wanted to hang out for the entire conference and hear some of the other talks.
  • OISF 2016 Videos – www.irongeek.com
    These are the videos from the OISF Anniversary Event

Resources

Tools

  • mimikittenz – github.com
    A post-exploitation powershell tool for extracting juicy info from memory.
  • Posh-SSH – github.com
    PowerShell Module for automating tasks on remote systems using SSH

Techniques

  • SSD Advisory – Wget Arbitrary Commands Execution – blogs.securiteam.com
    A vulnerability in the way wget handles redirects allows attackers that are able to hijack a connection initiated by wget or compromise a server from which wget is downloading files from, would allow them to cause the user running wget to execute arbitrary commands.

Vulnerabilities

Other News