Resources HackerOne Connects Hackers With Companies, and Hopes for a Win-Win – nytimes.com HackerOne is a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers who are looking to solve problems rather than cause them. They hope their outfit can persuade other hackers to responsibly report security flaws, [...]
Events Related HITB Amsterdam Wrap-Up Day #1 – blog.rootshell.be The HITB crew is back in the beautiful city of Amsterdam for a new edition of their security conference. Here is Xavier's wrap-up for the first day! HITB Amsterdam Wrap-Up Day #2 -blog.rootshell.be This is Xavier's quick wrap-up for the second day of Hack in the Box! Resources [...]
Resources Inside Yubikey Neo – hexview.com Yubikey Neo is a $50 authentication token (with bells and whistles) from Yubico. Yubico advertizes it as "practically indestructible". The product security section also claims that the device comes in a "tamper-proof casing" that is "practically impossible to tamper". Cipherli.st – cipherli.st Strong Ciphers for Apache, nginx and Lighttpd. These examples [...]
Resources Week of PowerShell Shells - Announcement and Day 1 – labofapenetrationtester.com To generate awareness and spread the goodness of PowerShell in the infosec community, Nikhil is glad to announce a Week of PowerShell shells. On each day of the past week, from 11th May to 15th May 2015, Nikhil published/discussed a blog post on it. [...]
Events Related Test your hacker skills with DEF CON at the 2015 TRIBECA film festival – tribecafilm.com For the first time ever, the world's biggest underground hacking conference will travel from Las Vegas to NYC for this year's TFF. Resources PCI versions 3.0, 3.1 and your SecureSphere deployment – blog.imperva.com This blog entry will focus solely on [...]
Events Related Pwn2Own 2015: Day One results – h30499.www3.hp.com The first day of Pwn2Own 2015 saw successful attempts by four entrants against four products, with payouts of $317,500 to researchers during today’s competition. Pwn2Own 2015: Day Two results – h30499.www3.hp.com The second and final day of Pwn2Own 2015 saw successful exploits by both entrants against four products, [...]
Events Related Troopers15 Wrap-Up Day #1 – blog.rootshell.be This is Xavier's first Troopers conference. Here is the wrap-up for the first day of Troopers15. Before the review of the talks, a few words about the conference. The venue was really nice as well as the facilities. Troopers15 Wrap-Up Day #2 – blog.rootshell.be This is Xavier's wrap-up for [...]
Resources A Primer on IoT Security Research – community.rapid7.com In this blog post Mstanislav'd like to give a high-level sense of what IoT security research often entails. TThis post is intended for the casual security researcher, or even IoT vendor, who wants to know what this research looks like, and where to get started. ElasticSearch CVE-2015-1427 [...]
Resources Equation Group: The Crown Creator of Cyber-Espionage – kaspersky.com Kaspersky Lab’s experts can confirm they have discovered a threat actor that surpasses anything known in terms of complexity and sophistication of techniques, and that has been active for almost two decades – The Equation Group. Russian researchers expose breakthrough U.S. spying program – reuters.com The U.S. [...]
Resources OWASP Proactive Controls – owasp.org This document was written by developers for developers, to assist those new to secure development. It aims to guide developers and other software development professionals down the path of secure web application software development. Anthem-From the Desk of CEO To Members – anthemfacts.com Anthem was the target of a very sophisticated [...]