Resources More on Purple Teaming - carnal0wnage.attackresearch.com Purple Teaming is "conducting focused Red Teams with clear training objectives for the Blue Team." SDR Radio Academy: Reverse engineering a wireless car key fob - phasenoise.livejournal.com The Software Defined Radio Academy has the goals of attract Radio Amateurs to modern radio technology and show paths into SDR. Tools [...]
Events Related Pwn2Own 2016: Hackers Earn $460,000 for 21 New Flaws - securityweek.com On the first day, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari [...]
Events Related BSides San Francisco 2016 Videos - www.irongeek.com These are the videos from the BSides San Francisco conference. BSides Indy 2016 Videos - www.irongeek.com These are the videos from the BSides Indy conference. Tools HTCAP - www.htcap.org htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls [...]
Resources USB HID/Fingerprint Reader that enters password if Fingerprint is correct - www.reddit.com CCDC Quals Notes (metasploit) - carnal0wnage.attackresearch.com Some quick notes for interesting stuff to keep for CCDC Quals/Notes Tools EZ-Wave - github.com Tools for Evaluating and Exploiting Z-Wave Networks using Software-Defined Radios. firmadyne - github.com FIRMADYNE is an automated and scalable system for [...]
Events Related BSidesCapeTown 2015 - www.youtube.com Resources Ray Sharp CCTV DVR Password Retrieval & Remote Root - community.rapid7.com On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras. Comodo: Comodo [...]
Events Related BSidesNYC2016 - github.com Resources mediatek mt6261 rom dumping via the vibration motor - www.sodnpoo.com McAfee SiteList.xml password decryption - funoverip.net Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder. Brute-forcing Microsoft Lync via NTLM - www.hackwhackandsmack.com [...]
Events Related Shmoocon 2016 - archive.org ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. BSides Huntsville 2016 Videos - www.irongeek.com These are the videos from the BSides Huntsville conference. Recon 2015 - [...]
Resources Hot or Not? The Benefits and Risks of IoS Remote Hot Patching - www.fireeye.com In this series of articles, FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem. Moving to a Plugin-Free [...]
Events Related ShmooCon: LastPass design elements create perfect Phishing opportunity - www.csoonline.com Cassidy’s presentation at ShmooCon on Saturday morning outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions. BSides Conference BSides Columbus 2016 Videos - www.irongeek.com BSidesNYC2016 – github.com Tools dnstwist - [...]
Events Related ShmooCon ShmooCon Firetalks 2016 - www.irongeek.com ShmooCon Pres - www.gitbook.com Tools TrendMicro node.js HTTP server listening on localhost can execute commands - www.trendmicro.com Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password. Techniques SSH Backdoor for [...]