Blog - Page 5 of 76 - Infosec Events

Week 51 In Review – 2016

Events Related DefCamp- def.campResources McAfee Virus Scan for Linux - state.actor A system running Intel's McAfee VirusScan Enterprise for Linux can be compromised by remote attackers due to a number of security vulnerabilities. Some of these vulnerabilities can be chained together to allow remote code execution as root. Techniques Practical Reverse Engineering Part 5 - Digging Through the Firmware - jcjc-dev.com In part 4 we extracted the entire firmware from the router and decompressed it. As I explained then, you can often get most of the firmware directly from the manufacturer’s website: Firmware upgrade binaries often contain partial or entire filesystems, or even entire firmwares. XNU kernel UaF due to lack of locking in set_dp_control_port - bugs.chromium.org set_dp_control_port is a MIG method on the host_priv_port so this bug is a root->kernel escalation. macOS FileVault2 Password Retrieval - blog.frizk.net macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. Vulnerabilities Bluetooth-enabled safe lock popped after attackers win PINs - theregister.co.uk Attackers can locate and pop safes protected with high security commercial locks thanks to poor Bluetooth implementations, say researchers at Somerset Recon say. 0day drive-by exploit against Fedora If you run a mainstream distribution of Linux on a desktop computer, there's a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you're running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by. 0-days hitting Fedora and Ubuntu open desktops to a world of hurt - arstechnica.com Redux: compromising Linux using... SNES Ricoh 5A22 processor opcodes?!- scarybeastsecurity.blogspot.com Other News FBI Arrests Customer of Xtreme Stresser DDoS-for-Hire Service - bleepingcomputer.com The FBI arrested this past week Sean Krishanmakoto Sharma, 26, from La Canada, California, for launching DDoS attacks against Chatango, an online chat service.

christine 2017-03-12T17:39:09-07:00 December 18th, 2016|Security Conferences, Security Vulnerabilities, Site News, Week in Review|0 Comments

Week 50 In Review – 2016

Events Related PhreakNIC20-2016 - www.youtube.com Tools GRASSMARLIN - github.com GRASSMARLIN provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security. Techniques Secure Rom extraction on iPhone 6s - ramtin-amin.fr Secure ROM, also knows as bootrom, is the very first piece of software that [...]

christine 2017-03-12T17:39:09-07:00 December 12th, 2016|Security Conferences, Security Tools, Security Vulnerabilities, Week in Review|0 Comments

Week 49 In Review – 2016

Events Related BSidesLV - youtube.com Recordings of Security BSides Las Vegas sessions, selected sessions of sister conferences and other Information Security related educational materials. BotConf 2016 This is already the fourth edition of the Botconf security conference, fully dedicated to fighting malware and botnets. Since the first edition, the event location changed every year and it allowed me [...]

christine 2017-03-12T17:39:09-07:00 December 5th, 2016|Security Conferences, Security Tools, Security Vulnerabilities, Site News, Week in Review|0 Comments

Information Security Events For December

Here are information security events in North America this month: CISO Executive Summit Montreal : December 1 in Montréal, QC, Canada BSides Philadelphia 2016 : December 2 to 3 in Philadelphia, PA, USA Annual Computer Security Applications Conference (ACSAC 2016) : December 5 to 9 in Los Angeles, CA, USA 6th [...]

sheila 2017-03-12T17:39:10-07:00 December 1st, 2016|Security Conferences, Security Training|1 Comment

Week 48 In Review – 2016

Events Related Kiwicon X - www.youtube.com Resources Curl Security Audit - daniel.haxx.se I asked for, and we were granted a security audit of curl from the Mozilla Secure Open Source program a while ago. This was done by Mozilla getting a 3rd party company involved to do the job and footing the bill for it. CVE-2016-7098 - legalhackers.com "GNU [...]

christine 2017-03-12T17:39:10-07:00 November 28th, 2016|Hacking Contests, Security Conferences, Security Tools, Security Training, Security Vulnerabilities, Site News, Week in Review|1 Comment

Week 47 In Review – 2016

Events Related BSides DC 2016 - Opening - www.youtube.com Alex Norman does what Alex Norman does best. Open the con. Inspirational, motivational and most importantly... short. AppSecUSA 2016 - www.youtube.com Recordings from AppSecUSA 2016 in Washington, DC Highlights from the O'Reilly Security Conference in Amsterdam 2016 - www.oreilly.com Watch highlights covering security, defense, tools, and [...]

christine 2017-03-12T17:39:10-07:00 November 21st, 2016|Security Conferences, Security Tools, Security Vulnerabilities, Site News, Week in Review|0 Comments

Week 46 In Review – 2016

Resources Security Conference - conferences.oreilly.com Speaker slides & videos Techniques Nintendo Classic Mini Family Talk of computer contents - translate.google.com As the person who disassembled it released before it was released. Interest in contents has been increased, but in this article I would like to drill down to a bit more detail. When CSI meets [...]

christine 2017-03-12T17:39:10-07:00 November 14th, 2016|Security Conferences, Security Training, Security Vulnerabilities, Week in Review|1 Comment

Week 45 In Review – 2016

Resources Ruxcon - ruxcon.org.au Presentation Slides from Ruxcon Australia BlackHat Europe 2016 - www.blackhat.com Techniques Kerberoasting Without Mimikatz - www.harmj0y.net Thanks to an awesome PowerView pull request by @machosec, Kerberoasting is easier than ever using pure PowerShell. I wanted to briefly cover this technique and its background, how we’ve been using it recently, and a few awesome new developments. [...]

christine 2017-03-12T17:39:10-07:00 November 6th, 2016|Security Conferences, Security Vulnerabilities, Site News, Week in Review|0 Comments

Information Security Events For November

Here are information security events in North America this month: NIST 2016 : November 1 to 2 in Kansas City, MO, USA Root66 Information Security Conference 2016 : November 1 in Oklahoma City, OK, USA SANS Pen Test Hackfest Summit : November 2 to 3 in Arlington, VA, USA [...]

sheila 2017-03-12T17:39:10-07:00 November 2nd, 2016|Security Conferences, Security Training|0 Comments

Week 44 In Review – 2016

Events Related Charlie Miller Keynote, Automotive Security: A Hacker's Eye View - www.youtube.com The security of today's vehicles involves many moving parts, but while manufactures take a majority of the blame, multiple parties contribute to the security debt in today's vehicle ecosystem. This keynote takes a deep dive into automotive security, current attacks and vulnerabilities, [...]

christine 2017-03-12T17:39:10-07:00 October 30th, 2016|Security Conferences, Security Tools, Security Vulnerabilities, Site News, Vendor News, Week in Review|1 Comment