Security Vulnerabilities

/Security Vulnerabilities

Week 15 In Review – 2017

  Events Related  HITB 2017 This year, the conference was based on four(!) tracks: two regular ones, one dedicated to more “practical” presentations (HITBlabs) and the last one dedicated to small talks (30-60 mins). HITB Amsterdam 2017 Day #1 Wrap-Up - HITB Amsterdam 2017 Day #2 Wrap-Up - Resources  Over The Air: Exploiting [...]

Week 14 In Review – 2017

Events Related Cyphercon 2.0 Videos - These are the videos from the Cyphercon 2.0 conference. DakotaCon - South Dakota’s premier security event. TROOPERScon - AIDE 2017 - Resources BlackHat 2017 - Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) - It’s a well understood fact that platform security is an [...]

Week 11 In Review – 2017

Events Related BSides Indy 2017 Videos - These are the videos from the BSides Indy conference.  Tools Worried about Strutshock (CVE-2017-5638)? - Quick check to see if your website is vulnerable Techniques PlaidCTF 2012 – Traitor (200 pts) - The challenge is supposed to be very straightforward, because we only have a recorded audio [...]

Week 10 In Review – 2017

Techniques Hacking Unicorns with Web Bluetooth - Researchers discovered an unsecured MongoDB server that exposed sensitive CloudPets customer data. My research focused on the toy itself, in particular some issues we found with its Bluetooth LE connectivity and features. Still Passing the Hash 15 Years Later - So I first thought about it [...]

Week 9 In Review – 2017

Events Related RSAC 2017 - RSA Conference is helping drive the information security agenda worldwide with annual industry events in the U.S., Europe and Asia. - Welcome to, Adrian Crenshaw's Information Security site (along with a bit about weightlifting and other things that strike my fancy).  As I write articles and [...]

Week 8 In Review – 2017

Tools  Universal Radio Hacker - The Universal Radio Hacker is a software for investigating unknown wireless protocols. HackRF - Techniques How to build a 8 GPU password cracker - This build doesn't require any "black magic" or hours of frustration like desktop components do. If you follow this blog and its parts [...]

February 19th, 2017|Security Tools, Security Vulnerabilities, Week in Review|1 Comment

Week 5 In Review – 2017

Resources Running guide for CTF's - Blackhat Hardware Training Roadmap - This diagram is intended to give an overview of many of the hardware-related trainings available at Black Hat USA 2017. Generally, lower level hardware is at the bottom and more software to the top. Tools Wordpress Exploit Framework - screen2root - [...]

Week 4 In Review – 2017

Events Related BSides Columbus 2017 Videos - These are the videos from the BSides Columbus Ohio conference. Resources DevOoops: Client Provisioning (Vagrant) - Notes from the 2015 Devoops Talk. Vagrant used to ship with a default keypair and was difficult to rotate. Intel debugger interface open to hacking via USB - New Intel processors [...]

Week 3 In Review – 2017

Tools Acunetix Free Manual Pen Testing Tools - Acunetix Manual Tools allow penetration testers to further automated testing. waveconverter - Factoria Labs 2016 WaveConverter is a Python application, built on GTK+ 3. The GUI has been implemented via Glade. A sqlite database has been implemented via sqlalchemy. Techniques Cracking The 12+ Character Password [...]

Week 1 In Review – 2017

Resources 33C3: Chris Gerlinsky Cracks Pay TV - People who have incredible competence in a wide range of fields are rare, and it can appear deceptively simple when they present their work. [Chris Gerlinksy]’s talk on breaking the encryption used on satellite and cable pay TV set-top boxes was like that. Tools mitmproxy: release v1.0.0 - [...]