Security Vulnerabilities

/Security Vulnerabilities

Week 47 In Review – 2015


Kaspersky Antivirus Certificate handling path traversal –
When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. I observed that the naming pattern is {CN}.cer.

Breaking into and Reverse Engineering iOS Photo Vaults –
For whatever reason, a lot of people store risqué pictures on their devices. Why they feel the need […]

Week 46 In Review – 2015

Events Related

SecureWV2015 Videos –
These are the videos of the presentations from Secure West Virginia 2015.

HouSecCon v6 2015 Videos –

New 4G LTE Hacks Punch Holes In Privacy –
Black Hat Europe researchers to demonstrate newly found flaws in 4G mobile that expose privacy and disrupt phone service.

Black Hat Europe 2015

Black Hat Europe 2015 Wrap-Up – […]

Week 45 In Review – 2015


SecTor 2015 –
Presentations and videos for SecTor 2015

RuxCon –


NMAP scripts for TN3270 interaction as well as NJE. Most notably TSO User Enumeration and Brute Force. CICS transaction ID enumeration and NJE node name brute forcing.


Hidden In Plain Sight: Brute Forcing Slack Private Files –
When we started using Slack one of our […]

Week 43 In Review – 2015

Events Related

HouSecCon v6 2015 Videos – 2015
Today started the 11th edition of in Luxembourg. Being one of my preferred event, I drove to Luxembourg this morning direction to the Alvisse Parc hotel! 2015 Wrap-Up Day #1 – 2015 Wrap-Up Day #2 – 2015 Wrap-Up Day #3 –

BruCON –
Organized in Belgium, […]

Week 42 In Review – 2015

Events Related

Videos and Slide Decks from the re:Invent 2015 Security and Compliance Track –
Whether you want to review a Security and Compliance track session you attended at re:Invent 2015, or you want to experience a session for the first time, videos and slide decks from the Security and Compliance track are now available.


Calculating the […]

Week 41 In Review – 2015

Events Related Conference
Jumping right in with the keynote of Day 1 by Jon Callas and my favorite quote “Make your devices fixable”. Enough said.

Conference Day 1 –
Conference Day 2 –
Applied Physical Attacks on x86 Systems –

GrrCON 2015 Videos –
Videos of the presentations from GrrCON 2015


Software Defined Radio with HackRF –

Threat Spotlight: Cisco […]

Week 40 In Review – 2015

Events Related

Derbycon 2015 Videos –

Black Hat USA 2015 –

Louisville Infosec 2015 Videos –

Thoughts on my very first DerbyCon (which won’t be my last) –
One you hang around in infosec for a little while, you learn that each of the major cons have their own reputation, their own mini-scene. This one’s got […]

Week 39 In Review – 2015

Events Related

The CIA Campaign to Steal Apple’s Secrets –
The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics.


Reversing Mobile Traffic Lights –
I wanted to have a look at the signal. I once heard […]

Week 38 In Review – 2015

Events Related

Black Hat USA 2015 Course Review – Adaptive Red Team Tactics from Veris Group –
Black Hat has something for everyone (across the defensive and offensive spectrum) and after considerable delibaration I decided to register for Adaptive Red Team Tactics from Veris Group. This is an interesting team in that a lot of the core members […]

Week 37 In Review – 2015

Events Related

44CON –

BSides Augusta 2015 Videos –
Videos from the BSides Augusta conference.


Satellite Turla: APT Command and Control in the Sky –
When you are an APT group, you need to deal with many different problems. One of them, and perhaps the biggest, is the constant seizure and takedown of domains and servers used for command-and-control […]