Security Tools

/Security Tools

Week 6 In Review – 2016

Events Related

Shmoocon 2016 – archive.org
ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.

BSides Huntsville 2016 Videos – www.irongeek.com
These are the videos from the BSides Huntsville conference.

Recon 2015 – recon.cx

Tools

Routerhunter-2.0 – github.com
Testing vulnerabilities in […]

Week 5 In Review – 2016

Resources

Hot or Not? The Benefits and Risks of IoS Remote Hot Patching – www.fireeye.com
In this series of articles, FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem.

Moving to a Plugin-Free Web – blogs.oracle.com
By […]

Week 3 In Review – 2016

Events Related

ShmooCon

ShmooCon Firetalks 2016 – www.irongeek.com
ShmooCon Pres – www.gitbook.com

Tools

TrendMicro node.js HTTP server listening on localhost can execute commands – www.trendmicro.com
Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password.

Techniques

SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 – […]

Week 2 In Review – 2016

Events Related

32C3 Recap – Part1 – www.insinuator.net
Every year a group of us are happy to use the holidays to travel to Hamburg to meet other people and learn something new at the 32C3.

Tools

Kali NetHunter 3.0 Released – www.offensive-security.com
NetHunter has been actively developed for over a year now, and  has undergone nothing short of a complete transformation since […]

Week 52 In Review – 2015

Resources

pentestpackage – github.com
A package of Pentest scripts

Tools

JexBoss – Jboss Verify And Exploitation Tool – github.com
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.

DVNA – github.com
Damn Vulnerable Node Application (DVNA) is a Node.js web application that is damn vulnerable. Its intended purpose is to teach secure coding concepts to web developers who […]

Week 51 In Review – 2015

Resources

Unofficial Guide to Mimikatz & Command Reference – adsecurity.org
This page details as best as possible what each command is, how it works, the rights required to run it, the parameters (required & optional), as well as screenshots and additional context (where possible).

Index of /docs/Slides/2015 – deepsec.net

CVE-2015-8446 (Flash up to 19.0.0.245) And Exploit Kits – malware.dontneedcoffee.com

juniper-cve-2015-7755 […]

Week 50 In Review – 2015

Events Related

DEFCONConference – www.youtube.com

DefCamp 2015 – def.camp

Resources

Zero Nights – 2015.zeronights.org

CheatSheets – github.com
Cheat sheets for various projects I contribute to (PowerView, PowerUp, and Empire).

Techniques

Introduction to Modbus TCP traffic – www.vanimpe.eu
Modbus is a serial communication protocol. It is the most widespread used protocol within ICS. It works in a Master / Slave mode. This means the Master has the pull […]

Week 49 In Review – 2015

Events Related

2015 – Talks – bsidesvienna.at

Botconf 2015
The first keynote slot was assigned to Margarita Louca from Europol: “Successful botnets takedowns: The good-cooperation part”. More precisely, it’s the EC3 (“European Cyber Crime Center“). This talk was flagged as “restricted” and not all information will be reported here.

Botconf 2015 Wrap-Up Day #1 – blog.rootshell.be
Botconf 2015 Wrap-Up Day #2 – […]

Week 48 In Review – 2015

Events Related

My SecTor Story: Root Shell on the Belkin WeMo Switch – www.tripwire.com
Researchers from Tripwire were on hand to help attendees explore the world of IoT hacking. They brought with them a table full of devices ranging from routers to smart televisions. They also had a video demonstration of the exploitation of vulnerabilities in a home […]

Week 47 In Review – 2015

Techniques

Kaspersky Antivirus Certificate handling path traversal – code.google.com
When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. I observed that the naming pattern is {CN}.cer.

Breaking into and Reverse Engineering iOS Photo Vaults – blog.ioactive.com
For whatever reason, a lot of people store risqué pictures on their devices. Why they feel the need […]