Events Related

  • BSidesLV – youtube.com
    Recordings of Security BSides Las Vegas sessions, selected sessions of sister conferences and other Information Security related educational materials.

Resources

  • Fast comparison of Nessus and OpenVAS knowledge bases – avleonov.com
    In my opinion, quality of knowledge base is the most important characteristic of Vulnerability Management (VM) product. Maybe it’s because I have spent significant amount of time making different security content for vulnerability scanners and this is some form of professional deformation.

Tools

  • CyberChef – github.com
    CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser.

Techniques

  • Spoofing Beacon Frames From The 5000 Most Common SSIDS – jerrygamblin.com
    I have been reading a lot about Beacon Frames on my vacation this week (stop laughing) and I came across a tool in Kali called MDK3 that will allow you to send fake beacon frames.  I couldnt pass up a chance to test this so I pulled out my trusty TL-WN722N and made a list of the 5,0000 most common SSIDS from wiggle.net.

Vulnerabilities

  • You Can Now Rent a Mirai Botnet of 400,000 Bots – www.bleepingcomputer.com
    For our readers unfamiliar with Mirai, this is a malware family that targets embedded systems and Internet of Things (IoT) devices and has been used in the past two months to launch the largest DDoS attacks known to date.
  • It’s not just you, iCloud calendar spam is on the rise – techcrunch.com
    If you’re using iCloud to sync your calendar across your devices, chances are you just received a bunch of spammy invites over the last few days. Many users are reporting fake events about Black Friday “deals” coming from Chinese users.
  • Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1 – arstechnica.com
    Apple’s Activation Lock feature, introduced in iOS 7 in 2013, deters thieves by associating your iPhone and iPad with your Apple ID. Even if a thief steals your device, puts it into Recovery Mode, and completely resets it, the phone or tablet won’t work without the original user’s Apple ID and password.

Other News

  • Senate fails to stop FBI’s expanded hacking authority – www.engadget.com
    Senators Ron Wyden, Chris Coons and Steve Daines have failed to block changes to the US’ criminal procedure rules (specifically, Rule 41) that would let the FBI hack computers in any jurisdiction provided they have a search warrant.