Security Conferences

/Security Conferences

Week 7 In Review – 2017

Events Related

BSides Tampa 2017 Videos – www.irongeek.com
These are the videos from the BSides Tampa conference.

Resources

New hccapx format explained – hashcat.net
A few days ago a user came into the #hashcat IRC channel and reported to have problems cracking one of his WPA handshake captures. No worries, the user knew the password to the WPA handshake so […]

February 12th, 2017|Security Conferences, Week in Review|0 Comments

Week 6 In Review – 2017

Events Related

ShmooCon2017 – archive.org
The videos in this collection are from ShmooCon 2017, which occurred on 13-15 January 2017, at the Washington Hilton Hotel.

Hackfest 2016 – www.youtube.com

Resources

From Mimikatz to Kekeo, Passing by New Microsoft Security Technologies – onedrive.live.com

Techniques

Pen Test Poster: “White Board” – Bash – Useful IPv6 Pivot – pen-testing.sans.org
IPv6 brings a […]

February 5th, 2017|Security Conferences, Site News, Week in Review|0 Comments

Information Security Events For February

Here are information security events in North America this month:
 

BSides Huntsville 2017 : February 4 in Huntsville, AL, USA

 

 

BSides Seattle 2017 : February 4 in Redmond, WA, USA

 

 

BSides Tampa Bay 2017 : February 10 in Tampa, FL, USA

 

 

BSides San Francisco 2017 : February 12 to 13 in San Francisco, CA, USA

 

 

RSA Conference USA 2017 : […]

January 31st, 2017|Security Conferences, Security Training|1 Comment

Week 4 In Review – 2017

Events Related

BSides Columbus 2017 Videos – www.irongeek.com
These are the videos from the BSides Columbus Ohio conference.

Resources

DevOoops: Client Provisioning (Vagrant) – carnal0wnage.attackresearch.com
Notes from the 2015 Devoops Talk. Vagrant used to ship with a default keypair and was difficult to rotate.

Intel debugger interface open to hacking via USB – blog.ptsecurity.com
New Intel processors contain a debugging interface […]

Week 1 In Review – 2017

Resources

33C3: Chris Gerlinsky Cracks Pay TV – hackaday.com
People who have incredible competence in a wide range of fields are rare, and it can appear deceptively simple when they present their work. ’s talk on breaking the encryption used on satellite and cable pay TV set-top boxes was like that.

Tools

mitmproxy: release v1.0.0 – The Christmas […]

Information Security Events For January

Here are information security events in North America this month:
 

FloCon 2017 : January 9 to 12 in San Diego, CA, USA

 

ICS Security Conference (S4x17) 2017 : January 10 to 12 in Miami Beach, FL, USA

 

Suits and Spooks DC 2017 : January 11 to 12 in Arlington, VA, USA

 

BSides San Diego 2017 : January 13 to […]

December 31st, 2016|Security Conferences, Security Training|1 Comment

Week 51 In Review – 2016

Events Related

DefCamp- def.campResources

McAfee Virus Scan for Linux – state.actor
A system running Intel’s McAfee VirusScan Enterprise for Linux can be compromised by remote
attackers due to a number of security vulnerabilities. Some of these vulnerabilities can be chained
together to allow remote code execution as root.

Techniques

Practical Reverse Engineering Part 5 – Digging Through the Firmware – jcjc-dev.com
In part 4 we extracted the entire firmware from the router and decompressed it. As I explained then,
you can often get most of the firmware directly from the manufacturer’s website: Firmware upgrade
binaries often contain partial or entire filesystems, or even entire firmwares.

XNU kernel UaF due to lack of locking in set_dp_control_port – bugs.chromium.org
set_dp_control_port is a MIG method on the host_priv_port so this bug is a root->kernel escalation.

macOS FileVault2 Password Retrieval – blog.frizk.net
macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in
a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the
mac to access everything on it.

Vulnerabilities

Bluetooth-enabled safe lock popped after attackers win PINs – theregister.co.uk
Attackers can locate and pop safes protected with high security commercial locks thanks to poor
Bluetooth implementations, say researchers at Somerset Recon say.

0day drive-by exploit against Fedora
If you run a mainstream distribution of Linux on a desktop computer, there’s a good chance security
researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially
crafted music file. And in the event you’re running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by.

0-days hitting Fedora and Ubuntu open desktops to a world of hurt – arstechnica.com
Redux: compromising Linux using… SNES Ricoh 5A22 processor opcodes?!- scarybeastsecurity.blogspot.com

Other News

 FBI Arrests Customer of Xtreme Stresser DDoS-for-Hire Service – bleepingcomputer.com

The FBI arrested this past week Sean Krishanmakoto Sharma, 26, from La Canada, California, for
launching DDoS attacks against Chatango, an online chat service.

 

Week 50 In Review – 2016

Events Related

PhreakNIC20-2016 – www.youtube.com

Tools

GRASSMARLIN – github.com
GRASSMARLIN provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security.

Techniques

Secure Rom extraction on iPhone 6s – ramtin-amin.fr
Secure ROM, also knows as bootrom, is the very first piece of software that a CPU will run […]

Week 49 In Review – 2016

Events Related

BSidesLV – youtube.com
Recordings of Security BSides Las Vegas sessions, selected sessions of sister conferences and other Information Security related educational materials.

BotConf 2016
This is already the fourth edition of the Botconf security conference, fully dedicated to fighting malware and botnets. Since the first edition, the event location changed every year and it allowed me to visit […]

Information Security Events For December

Here are information security events in North America this month:
 

CISO Executive Summit Montreal : December 1 in Montréal, QC, Canada

 

BSides Philadelphia 2016 : December 2 to 3 in Philadelphia, PA, USA

 

Annual Computer Security Applications Conference (ACSAC 2016) : December 5 to 9 in Los Angeles, CA, USA

 

6th Software Security, Protection, and Reverse Engineering Workshop (SSPPREW) […]

December 1st, 2016|Security Conferences, Security Training|1 Comment