Security Tools

/Security Tools

Week 30 In Review – 2016

Tools

Umap2 – github.com
Umap2 is the second revision of NCC Group’s python based USB host security assessment tool.

Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! – nmap.org
Nmap and Zenmap (the graphical front end) are available in several versions and formats. Recent source releases and binary packages are described […]

July 24th, 2016|Security Tools, Week in Review|0 Comments

Week 29 In Review – 2016

Events Related

Converge 2016 Videos – www.irongeek.com
These are the videos from the Converge Information Security Conference.

BSides Detroit 2016 Videos – www.irongeek.com
These are the videos from the BSides Detroit 2016 Conference.

AppSecEU 16 – Abhay Bhargav – SecDevOps: A View from the Trenches – www.youtube.com

Resources

KeeThief – A Case Study in Attacking KeePass Part 2 – www.harmj0y.net
The […]

Week 28 In Review – 2016

Events Related

USENIX Annual Technical Conference (ATC) 2016: The Best and Brightest Security Talks – duo.com
I recently attended the USENIX Annual Technical Conference (ATC) 2016 in Denver, Colorado. I was invited to give an industry talk, discussing my Bring Your Own Dilemma paper from last March (touching briefly on the Out Of Box Exploitation paper from May). Instead of just flying in […]

Week 27 In Review – 2016

Resources

Exploring and exploiting Lenovo firmware secrets – blog.cr4.sh
Hi, everyone! In this article I will continue to publish my research of Lenovo ThinkPad’s firmware. Previously I shown how to discover and exploit SMM callout vulnerabilities on example of SystemSmmAhciAspiLegacyRt UEFI driver 1day vulnerability. Also, I introduced a small toolkit called fwexpl that provides API for comfortable development of firmware exploits […]

Week 26 In Review – 2016

Events Related

BSides Cleveland 2016 Videos – www.irongeek.com
These are the videos from the Bsides Cleveland conference.

Resources

MonitorDarkly – github.com
This repo contains the exploit for the Dell 2410U monitor. It contains utilities for communicating with and executing code on the device.

148 Projects – bestpractices.coreinfrastructure.org

Tools

BadUSB 2.0 USB MITM POC – github.com

Other News

Judge says the FBI can […]

Week 25 In Review – 2016

Events Related

Circle City Con 2016 Videos – www.irongeek.com

Area41 – 2016 – confseclive.wordpress.com
I had the opportunity this year to attend Area41 conference in Zurich. The conference is organised by the DEFCON Switzerland group and the talks are mainly technical.

ShowMeCon 2016 Videos – www.irongeek.com

Recordings of talks and speakers at Security Fest 2016 – securityfest.com

Resources

ActBlue […]

Week 23 In Review – 2016

Resources

Out-of-Box Exploitation: A Security Analysis of OEM Updaters – duo.com
Original Equipment Manufacturers (OEM) refer to the first boot of a new PC as the out-of-box experience (OOBE). As you battle your way through modal dialogues for questionable software, and agree to some exciting 30 day antivirus trials, it’s pretty forgivable to want to throw your […]

Week 22 In Review – 2016

Events Related

NolaCon 2016 – www.irongeek.com

Resources

BlueCoat now has a CA signed by Symantec – twitter.com

hitbsecconf2016ams – conference.hitb.org

Tools

Practical Malware Analysis Starter Kit – bluesoul.me
This package contains most of the software referenced in Practical Malware Analysis. Some of the links have broken over time, some companies have folded or been bought.

1 alpha 20160525 (oe.eo) […]

Week 21 In Review – 2016

Tools

fwexpl – github.com
PC firmware exploitation tool and library

Techniques

The best part about open source software is there’s no hidden backdoors – twitter.com

Kerberoasting
SPNs are used by Kerberos authentication to associate a service instance with a service logon account.

Kerberoasting – Part 1 – room362.com
Kerberoasting – Part 2 – room362.com
Kerberoasting – Part 3 […]

Week 19 In Review – 2016

Resources

Phrack – phrack.org

Tools

Can’t Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer – trustfoundry.net
Brian Krebs has produced numerous articles on ATM skimmers. He has essentially become the “go to” journalist on ATM fraud. From reading his stuff, I have learned how the “bad guys” think when it comes to ATM fraud.

exploit-poc – […]