Blog

/Blog/

Week 17 In Review – 2017

Resources  Probable-Wordlists - github.com Wordlists sorted by probability originally created for password generation and testing VM escape - QEMU Case Study - www.phrack.org Virtual machines are nowadays heavily deployed for personal use or within the enterprise segment. Network security vendors use for instance different VMs to analyze malwares in a controlled and confined environment. Vulnerabilities [...]

April 30th, 2017|Security Vulnerabilities, Site News, Week in Review|0 Comments

Week 16 In Review – 2017

Events Related BSides Nashville 2017 Videos - www.irongeek.com Tools CAN-Bus-Arduino-Tool - github.com A tool for performing replay and sniffing CAN bus traffic. OWTF 2.1a "Chicken Korma" released - owtf.github.io Yes folks, it is that time again, a new release of the Offensive Web Testing Framework, OWASP OWTF, one of several OWASP Flagship projects Vulnerabilities InterContinental Hotels [...]

Week 15 In Review – 2017

  Events Related  HITB 2017 This year, the conference was based on four(!) tracks: two regular ones, one dedicated to more “practical” presentations (HITBlabs) and the last one dedicated to small talks (30-60 mins). HITB Amsterdam 2017 Day #1 Wrap-Up - blog.rootshell.be HITB Amsterdam 2017 Day #2 Wrap-Up - blog.rootshell.be Resources  Over The Air: Exploiting [...]

Week 14 In Review – 2017

Events Related Cyphercon 2.0 Videos - www.irongeek.com These are the videos from the Cyphercon 2.0 conference. DakotaCon - www.youtube.com South Dakota’s premier security event. TROOPERScon - www.youtube.com AIDE 2017 - www.irongeek.com Resources BlackHat 2017 - blackhat.com Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) - googleprojectzero.blogspot.com It’s a well understood fact that platform security is an [...]

Week 13 In Review – 2017

Events Related TROOPERS Conference I’m in Heidelberg (Germany) for the 10th edition of the TROOPERS conference. The regular talks are scheduled on Wednesday and Thursday. The two first days are reserved for some trainings and a pre-conference event called “NGI” for “Next Generation Internet” focusing on two hot topics: IPv6 and IoT. TROOPERS 2017 Day #1 Wrap-Up - [...]

Week 12 In Review – 2017

Events Related BSidesSF 2017 - www.youtube.com Security BSides San Francisco is a two-day information security conference. It is a conference by the community for the community. Hackers Earns big at Pwn2Own Hackers managed to take down Microsoft Edge and escape a virtual machine to boot on the third day of Pwn2Own early Friday. Members from Qihoo’s [...]

Week 11 In Review – 2017

Events Related BSides Indy 2017 Videos - www.irongeek.com These are the videos from the BSides Indy conference.  Tools Worried about Strutshock (CVE-2017-5638)? - www.tinfoilsecurity.com Quick check to see if your website is vulnerable Techniques PlaidCTF 2012 – Traitor (200 pts) - int3pids.blogspot.com The challenge is supposed to be very straightforward, because we only have a recorded audio [...]

Week 10 In Review – 2017

Techniques Hacking Unicorns with Web Bluetooth - www.contextis.com Researchers discovered an unsecured MongoDB server that exposed sensitive CloudPets customer data. My research focused on the toy itself, in particular some issues we found with its Bluetooth LE connectivity and features. Still Passing the Hash 15 Years Later - passing-the-hash.blogspot.com So I first thought about it [...]