Events Related

  • BSides DC 2016 – Opening – www.youtube.com
    Alex Norman does what Alex Norman does best. Open the con. Inspirational, motivational and most importantly… short.
  • AppSecUSA 2016 – www.youtube.com
    Recordings from AppSecUSA 2016 in Washington, DC

Resources

  • PoisonTap – samy.pl
    PoisonTap  siphons cookies, exposes internal router & installs web backdoor on locked computers
  • POC2016 – www.powerofcommunity.net
    Archives of POC2016

Tools

  • jSQL Injection – github.com
    jSQL Injection is a lightweight application used to find database information from a distant server.

Techniques

  • JTAGing Mobile Phones – sysforensics.org
    Joint Test Action Group (JTAG) is the group of companies that came together in 1985 to define a standard for boundary-scan testing of integrated circuits.
  • Video PoC Exploit for Nginx packaging on Debian-based distros – legalhackers.com
    The video demonstrates how an attacker using the CVE-2016-1247 vulnerability in Nginx packaging on Debian-based systems (such as Debian, Ubuntu etc.), could escalate their privileges to root user upon gaining access to the system as www-data user.

Vulnerabilities

  • CVE-2016-4484: Cryptsetup Initrd root Shell – hmarco.org
    A vulnerability in Cryptsetup, concretely in the scripts that unlock the system partition when the partition is ciphered using LUKS (Linux Unified Key Setup). The disclosure of this vulnerability was presented as part of our talk “Abusing LUKS to Hack the System” in the DeepSec 2016 security conference, Vienna.

Other News

  • New NIST Guidance Takes Engineering Approach to InfoSec – www.bankinfosecurity.com
    NIST Special Publication 800-160, “Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems,” emphasizes a methodical engineering approach to information security as IT grows more complex, dynamic and interconnected, such as through the growth of the internet of things.