Site News

/Site News

Week 15 In Review – 2017

  Events Related  HITB 2017 This year, the conference was based on four(!) tracks: two regular ones, one dedicated to more “practical” presentations (HITBlabs) and the last one dedicated to small talks (30-60 mins). HITB Amsterdam 2017 Day #1 Wrap-Up - blog.rootshell.be HITB Amsterdam 2017 Day #2 Wrap-Up - blog.rootshell.be Resources  Over The Air: Exploiting [...]

Week 14 In Review – 2017

Events Related Cyphercon 2.0 Videos - www.irongeek.com These are the videos from the Cyphercon 2.0 conference. DakotaCon - www.youtube.com South Dakota’s premier security event. TROOPERScon - www.youtube.com AIDE 2017 - www.irongeek.com Resources BlackHat 2017 - blackhat.com Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) - googleprojectzero.blogspot.com It’s a well understood fact that platform security is an [...]

Week 13 In Review – 2017

Events Related TROOPERS Conference I’m in Heidelberg (Germany) for the 10th edition of the TROOPERS conference. The regular talks are scheduled on Wednesday and Thursday. The two first days are reserved for some trainings and a pre-conference event called “NGI” for “Next Generation Internet” focusing on two hot topics: IPv6 and IoT. TROOPERS 2017 Day #1 Wrap-Up - [...]

Week 11 In Review – 2017

Events Related BSides Indy 2017 Videos - www.irongeek.com These are the videos from the BSides Indy conference.  Tools Worried about Strutshock (CVE-2017-5638)? - www.tinfoilsecurity.com Quick check to see if your website is vulnerable Techniques PlaidCTF 2012 – Traitor (200 pts) - int3pids.blogspot.com The challenge is supposed to be very straightforward, because we only have a recorded audio [...]

Week 10 In Review – 2017

Techniques Hacking Unicorns with Web Bluetooth - www.contextis.com Researchers discovered an unsecured MongoDB server that exposed sensitive CloudPets customer data. My research focused on the toy itself, in particular some issues we found with its Bluetooth LE connectivity and features. Still Passing the Hash 15 Years Later - passing-the-hash.blogspot.com So I first thought about it [...]

Week 6 In Review – 2017

Events Related ShmooCon2017 - archive.org The videos in this collection are from ShmooCon 2017, which occurred on 13-15 January 2017, at the Washington Hilton Hotel. Hackfest 2016 - www.youtube.com Resources From Mimikatz to Kekeo, Passing by New Microsoft Security Technologies - onedrive.live.com Techniques Pen Test Poster: "White Board" - Bash - Useful IPv6 Pivot - [...]

February 5th, 2017|Security Conferences, Site News, Week in Review|0 Comments

Week 5 In Review – 2017

Resources Running guide for CTF's - gist.github.com Blackhat Hardware Training Roadmap - securinghardware.com This diagram is intended to give an overview of many of the hardware-related trainings available at Black Hat USA 2017. Generally, lower level hardware is at the bottom and more software to the top. Tools Wordpress Exploit Framework - github.com screen2root - [...]

Week 4 In Review – 2017

Events Related BSides Columbus 2017 Videos - www.irongeek.com These are the videos from the BSides Columbus Ohio conference. Resources DevOoops: Client Provisioning (Vagrant) - carnal0wnage.attackresearch.com Notes from the 2015 Devoops Talk. Vagrant used to ship with a default keypair and was difficult to rotate. Intel debugger interface open to hacking via USB - blog.ptsecurity.com New Intel processors [...]

Week 3 In Review – 2017

Tools Acunetix Free Manual Pen Testing Tools - www.acunetix.com Acunetix Manual Tools allow penetration testers to further automated testing. waveconverter - github.com Factoria Labs 2016 WaveConverter is a Python application, built on GTK+ 3. The GUI has been implemented via Glade. A sqlite database has been implemented via sqlalchemy. Techniques Cracking The 12+ Character Password [...]

Week 2 In Review – 2017

Tools Invoke-TheHash - github.com Invoke-TheHash contains PowerShell functions for performing NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side. FiercePhish - github.com FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track [...]

January 8th, 2017|Security Tools, Site News, Week in Review|0 Comments