Events Related

  • Converge 2017 Videos –
    These are the videos from the Converge Information Security Conference.


  • New Whitepaper: Aligning to the NIST Cybersecurity Framework in the AWS Cloud –
    Today, we released the Aligning to the NIST Cybersecurity Framework in the AWS Cloud whitepaper. Both public and commercial sector organizations can use this whitepaper to assess the AWS environment against the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and improve the security measures they implement and operate (also known as security in the cloud).


  • Reverse Engineering Apple Location Services Protocol –
    While working on Whereami I got interested on how Apple location services actually work. I know it is handled by locationd since Little Snitch keeps blocking it. Usual way of inspecting traffic with proxychains did not work since macOS now has something called System Integrity Protection (SIP).
  • Sending AM-OOK using Metasploit and rftransceiver –
    Towards the end of last year, I found myself playing around with some basic amplitude modulation (AM)/On-off keying (OOK) software defined radio. That resulted in ooktools being built to help with making some of that work easier and to help me learn. A little while ago, the Metasploit project announced new ‘rftransceiver’ capabilities that were added to the framework with a similar goal of making this research easier.


  • AMT status checker for Linux –
    A simple tool that tells you whether AMT is enabled and provisioned on Linux systems. Requires that the mei_me driver (part of the upstream kernel) be loaded. 
  • WiFi-Pumpkin –
    Framework for Rogue Wi-Fi Access Point Attack 

Vendor/Software Patches 

  • Windows Defender vulnerability discovered and fixed –
    The Microsoft Malware Protection Engine is used by various Microsoft products, including Windows Defender and Microsoft Security Essentials on consumer PCs, and products such as Microsoft Endpoint Protection, Microsoft Forefront, Microsoft System Center Endpoint Protection, or Windows Intune Endpoint Protection on the business side. 
  • Microsoft Released Guidance for WannaCrypt –
    Microsoft released information what can be done to protect against WannaCry which includes deploying MS17-010 if not already done (March patch release), update Windows Defender (updated 12 May) and if not using SMBv1 to disable it. 


Other News

  • US District Court Rules GNU GPL is an Enforceable Contract –
    GPL projects are used in many free and commercial applications. The GNU GPL license requires developers that use the GPL-licensed software to adhere to its licensing. A developer modifying GPL-licensed code must release a source if he or she releases a project to the public.