Security Tools

/Security Tools

Week 18 In Review – 2016

Events Related

OWASP AppSec California 2016 –


SyScan360 Singapore 2016 slides and exploit code –
The exploit for the bug I presented last March at SyScan360 is today one year old so I decided to release it. I wasn’t sure if I should do it or not since it can be used in the wild but […]

Week 16 In Review – 2016

Events Related

CanSecWest –

BSides Nashville 2016 Videos –

Infiltrate 2016 –


Ransomware: Past, Present, and Future –
The rise of ransomware over the past year is an ever growing problem. Businesses often believe that paying the ransom is the most cost effective way of getting their data back – and this may also be the […]

Week 15 In Review – 2016

Events Related

Tailoring the NIST Cybersecurity Framework for a Precise Fit –
One thing caught my attention right away: there were two digital clocks prominently displayed on either side of the auditorium. Both clocks were synchronized, and according to my phone, they were accurate to the second. It makes sense because NIST is the keeper of […]

Week 13 In Review – 2016


More on Purple Teaming –
Purple Teaming is “conducting focused Red Teams with clear training objectives for the Blue Team.”

SDR Radio Academy: Reverse engineering a wireless car key fob –
The Software Defined Radio Academy has the goals of attract Radio Amateurs to modern radio technology and show paths into SDR.


VolUtility –
Web Interface for Volatility […]

Week 12 In Review – 2016

Events Related

Pwn2Own 2016: Hackers Earn $460,000 for 21 New Flaws –
On the first day, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari and an […]

Week 11 In Review – 2016

Events Related

Another year, another RSAC –
I have attended 10 of the last 15 RSA conferences. I do this to see what’s new in the market, meet up with friends and colleagues I don’t get to see too often, listen to some technical talks, and enjoy a few interesting restaurants and taverns in SF.

Black Hat Europe […]

Week 10 In Review – 2016

Events Related

BSides San Francisco 2016 Videos –
These are the videos from the BSides San Francisco conference.

BSides Indy 2016 Videos –
These are the videos from the BSides Indy conference.


htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls and DOM changes.


Getting Domain Admin with Kerberos […]

Week 9 In Review – 2016


USB HID/Fingerprint Reader that enters password if Fingerprint is correct –

CCDC Quals Notes (metasploit) –
Some quick notes for interesting stuff to keep for CCDC Quals/Notes


EZ-Wave –
Tools for Evaluating and Exploiting Z-Wave Networks using Software-Defined Radios.

firmadyne –
FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded […]

Week 8 In Review – 2016

Events Related

BSidesCapeTown 2015 –


Ray Sharp CCTV DVR Password Retrieval & Remote Root –
On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras.

Comodo: Comodo Internet Security installs and starts […]

Week 7 In Review – 2016

Events Related

BSidesNYC2016 –


mediatek mt6261 rom dumping via the vibration motor –

McAfee SiteList.xml password decryption –
Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder.

Brute-forcing Microsoft Lync via NTLM –
NTLM like many other services is made […]