Security Conferences

/Security Conferences

Week 11 In Review – 2017

Events Related BSides Indy 2017 Videos - www.irongeek.com These are the videos from the BSides Indy conference.  Tools Worried about Strutshock (CVE-2017-5638)? - www.tinfoilsecurity.com Quick check to see if your website is vulnerable Techniques PlaidCTF 2012 – Traitor (200 pts) - int3pids.blogspot.com The challenge is supposed to be very straightforward, because we only have a recorded audio [...]

Week 9 In Review – 2017

Events Related RSAC 2017 - www.youtube.com RSA Conference is helping drive the information security agenda worldwide with annual industry events in the U.S., Europe and Asia. Irongeek.com - www.irongeek.com Welcome to Irongeek.com, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and [...]

Week 7 In Review – 2017

Events Related BSides Tampa 2017 Videos - www.irongeek.com These are the videos from the BSides Tampa conference. Resources New hccapx format explained - hashcat.net A few days ago a user came into the #hashcat IRC channel and reported to have problems cracking one of his WPA handshake captures. No worries, the user knew the password to the [...]

February 12th, 2017|Security Conferences, Week in Review|0 Comments

Week 6 In Review – 2017

Events Related ShmooCon2017 - archive.org The videos in this collection are from ShmooCon 2017, which occurred on 13-15 January 2017, at the Washington Hilton Hotel. Hackfest 2016 - www.youtube.com Resources From Mimikatz to Kekeo, Passing by New Microsoft Security Technologies - onedrive.live.com Techniques Pen Test Poster: "White Board" - Bash - Useful IPv6 Pivot - [...]

February 5th, 2017|Security Conferences, Site News, Week in Review|0 Comments

Week 4 In Review – 2017

Events Related BSides Columbus 2017 Videos - www.irongeek.com These are the videos from the BSides Columbus Ohio conference. Resources DevOoops: Client Provisioning (Vagrant) - carnal0wnage.attackresearch.com Notes from the 2015 Devoops Talk. Vagrant used to ship with a default keypair and was difficult to rotate. Intel debugger interface open to hacking via USB - blog.ptsecurity.com New Intel processors [...]

Week 1 In Review – 2017

Resources 33C3: Chris Gerlinsky Cracks Pay TV - hackaday.com People who have incredible competence in a wide range of fields are rare, and it can appear deceptively simple when they present their work. [Chris Gerlinksy]’s talk on breaking the encryption used on satellite and cable pay TV set-top boxes was like that. Tools mitmproxy: release v1.0.0 - [...]

Week 51 In Review – 2016

Events Related DefCamp- def.campResources McAfee Virus Scan for Linux - state.actor A system running Intel's McAfee VirusScan Enterprise for Linux can be compromised by remote attackers due to a number of security vulnerabilities. Some of these vulnerabilities can be chained together to allow remote code execution as root. Techniques Practical Reverse Engineering Part 5 - Digging Through the Firmware - jcjc-dev.com In part 4 we extracted the entire firmware from the router and decompressed it. As I explained then, you can often get most of the firmware directly from the manufacturer’s website: Firmware upgrade binaries often contain partial or entire filesystems, or even entire firmwares. XNU kernel UaF due to lack of locking in set_dp_control_port - bugs.chromium.org set_dp_control_port is a MIG method on the host_priv_port so this bug is a root->kernel escalation. macOS FileVault2 Password Retrieval - blog.frizk.net macOS FileVault2 let attackers with physical access retrieve the password in clear text by plugging in a $300 Thunderbolt device into a locked or sleeping mac. The password may be used to unlock the mac to access everything on it. Vulnerabilities Bluetooth-enabled safe lock popped after attackers win PINs - theregister.co.uk Attackers can locate and pop safes protected with high security commercial locks thanks to poor Bluetooth implementations, say researchers at Somerset Recon say. 0day drive-by exploit against Fedora If you run a mainstream distribution of Linux on a desktop computer, there's a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you're running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by. 0-days hitting Fedora and Ubuntu open desktops to a world of hurt - arstechnica.com Redux: compromising Linux using... SNES Ricoh 5A22 processor opcodes?!- scarybeastsecurity.blogspot.com Other News  FBI Arrests Customer of Xtreme Stresser DDoS-for-Hire Service - bleepingcomputer.com The FBI arrested this past week Sean Krishanmakoto Sharma, 26, from La Canada, California, for launching DDoS attacks against Chatango, an online chat service.