Security Vulnerabilities

/Security Vulnerabilities

Week 34 In Review – 2016

Events Related

Impressions From DEF CON 24: The Machines Are Rising – securityintelligence.com
DEF CON 24, the world’s largest hacker conference, ended Aug. 7, and I must say I enjoyed every moment of it. There was so much to see in so little time; I definitely regret missing some great stuff that happened. Even so, I […]

Week 33 In Review – 2016

Events Related

DefCon Event
Council of 9 ventured forth to DEFCON 24 to compete in this year’s badge challenge, brought to us each year by 1o57. There was determination among the team to win at DC24 to ensure that last year’s win was not a fluke. After many sleepless nights in Vegas, we emerged victorious for a […]

Week 32 In Review – 2016

Events Related

DARPA’s Cyber Grand Challenge: Early Highlights from the Competition – www.youtube.com
Early highlights from the world’s first all-machine hacking tournament, DARPA’s Cyber Grand Challenge (CGC). This computer security competition featured seven High Performance Computers as competitors. CGC took place on Thursday, August 4, 2016.

Building the Workforce through Cybersecurity Competitions – www.whitehouse.gov
The National Science […]

Week 31 In Review – 2016

Events Related

The Security Summer Camp Talks I Want To See… – jerrygamblin.com
I took some time tonight and read through the Security Summer Camp (BSidesLV, Blackhat and Defcon) schedules and picked the talks from this year that I think will be the best and that I do not want to miss.

BlackHat/Def Con/BSides Talk Picks for 2016 – […]

Week 28 In Review – 2016

Events Related

USENIX Annual Technical Conference (ATC) 2016: The Best and Brightest Security Talks – duo.com
I recently attended the USENIX Annual Technical Conference (ATC) 2016 in Denver, Colorado. I was invited to give an industry talk, discussing my Bring Your Own Dilemma paper from last March (touching briefly on the Out Of Box Exploitation paper from May). Instead of just flying in […]

Week 27 In Review – 2016

Resources

Exploring and exploiting Lenovo firmware secrets – blog.cr4.sh
Hi, everyone! In this article I will continue to publish my research of Lenovo ThinkPad’s firmware. Previously I shown how to discover and exploit SMM callout vulnerabilities on example of SystemSmmAhciAspiLegacyRt UEFI driver 1day vulnerability. Also, I introduced a small toolkit called fwexpl that provides API for comfortable development of firmware exploits […]

Week 25 In Review – 2016

Events Related

Circle City Con 2016 Videos – www.irongeek.com

Area41 – 2016 – confseclive.wordpress.com
I had the opportunity this year to attend Area41 conference in Zurich. The conference is organised by the DEFCON Switzerland group and the talks are mainly technical.

ShowMeCon 2016 Videos – www.irongeek.com

Recordings of talks and speakers at Security Fest 2016 – securityfest.com

Resources

ActBlue […]

Week 24 In Review – 2016

Resources

Typosquatting programming language package managers – incolumitas.com
Typosquatting is the malicious registering of a domain that is lexically similar to another, often highly frequented, website. Typosquatters would for instance register a domain named Gooogle.com instead of the well known Google.com. Then they hope that people mistype the website name in the browser and accidentally arrive on the wrong […]

Week 23 In Review – 2016

Resources

Out-of-Box Exploitation: A Security Analysis of OEM Updaters – duo.com
Original Equipment Manufacturers (OEM) refer to the first boot of a new PC as the out-of-box experience (OOBE). As you battle your way through modal dialogues for questionable software, and agree to some exciting 30 day antivirus trials, it’s pretty forgivable to want to throw your […]

Week 22 In Review – 2016

Events Related

NolaCon 2016 – www.irongeek.com

Resources

BlueCoat now has a CA signed by Symantec – twitter.com

hitbsecconf2016ams – conference.hitb.org

Tools

Practical Malware Analysis Starter Kit – bluesoul.me
This package contains most of the software referenced in Practical Malware Analysis. Some of the links have broken over time, some companies have folded or been bought.

1 alpha 20160525 (oe.eo) […]