Vendor News

Week 20 In Review – 2014

Resources

Infiltrate 2014 – shadow-file.blogspot.com
Here are some additional resources of Zach Cutlip that may have mentioned in his Infiltrate 2014 presentation.
BlueHat Security Briefings: Fall 2013 Sessions – channel9.msdn.com
The 2013 BlueHat Security Briefings took place on the Microsoft campus in December 2013. Here are the list of talks and discussions.

Tools

mimikatz 2.0 alpha 20140519 – github.com
You can download this new […]

Week 18 In Review – 2014

Resources

BSides Chicago 2014 Videos – www.irongeek.com
These are the videos from the BSides Chicago conference. You can watch and download all the videos from here.
Q1 2014 Mobile Threat Report – www.f-secure.com
f-secure’s Mobile Threat Report for Q1 2014 is out! Here’s a couple of the things they cover in it.

Techniques

Egress Testing using PowerShell – labofapenetrationtester.com
Imagine that you pwned a […]

Week 17 In Review – 2014

Resources

Verizon Data Breach Investigations Report – verizonenterprise.com
The 2014 Data Breach Investigations Report (DBIR) casts new light on threats — taking 10 years of forensic data and finding that 92% of these can be categorized into nine basic attack patterns. This approach also helps identify primary threats to your industry, which you can analyze to reinforce […]

Week 11 In Review – 2014

Events Related

Pwn2Own 2014: A recap – hp.com
Two record-setting days of payouts for zero-day vulnerabilities brought the 2014 Pwn2Own contest tantalizingly close to the first million-dollar competition, with $850,000 paid to eight entrants. $385,000 of potential prize money remained unclaimed.

Researchers pocket record $400K at Pwn2Own hacking contest’s first day – computerworld.com
Researchers on Wednesday cracked Microsoft’s Internet Explorer […]

Week 10 In Review – 2014

Resources

Forgot your Windows admin password? – ogostick.net
This is a utility to reset the password of any user that has a valid local account on your Windows system. Finally! A very major release!
TrustyCon Videos Available – makehacklearn.org
You can find the playlist of all of the videos in Al Jigong Billings YouTube channel but He also […]

Week 8 In Review – 2014

Events Related

Course Review: Offensive Security AWE (Advanced Windows Exploitation) – www.ethicalhacker.net
In terms of training, Offensive Security is best known for their Pentesting with BackTrack/Kali (PWK) and Cracking the Perimeter (CTP) courses. The course was delivered by its creators, Matteo Memelli and Devon Kearns. Matteo handled all of the speaking responsibilities, and Devon apparently participated solely […]

Week 6 In Review – 2014

Resources

Why PLCpwn Is Important for ICS Cyber Weapons – www.digitalbond.com
The interesting question is what happens when organizations and governments stumble across one of these deployed attack systems and covert channels?

S4x14 Video: Stephen Hilt on PLCpwn -digitalbond.com

Cheat Sheets – packetlife.net
Here are Cheet sheets by packetlife. You can download all from here.
OWASP Cheat Sheet Series – owasp.org
The OWASP Cheat Sheet […]

Week 2 In Review – 2014

Events Related

Why we have to boycott RSA – blog.erratasec.com
The reason isn’t that Robert Graham is upset at RSA, or think that they are evil. He thinks RSA was mostly tricked by the NSA instead of consciously making the choice to backdoor their products.

Resources

Stupid IDN Tricks: Unicode Combining Characters – blog.dinaburg.org
Safari will display Unicode combining diacritical marks […]

Week 51 In Review – 2013

Events Related

CCC, 100-gbps, and your own private Shodan – blog.erratasec.com
One of the oldest/biggest “hacker” conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet.

Resources

Quick Joomla Refresher – blog.spiderlabs.com
In this blog post David Kirkpatrick mention some of the tools he used to check the security of a particular […]

Week 50 In Review – 2013

Events Related

Baythreat 4 – thesprawl.org
Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day.
The AppSec Program Maturity Curve 4 of 4 – veracode.com
This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode have advocated that […]