Subscribe to Infosec Events
Infosec Events Feed Stay up to date with all of the latest security news by subscribing to our RSS Feed. Alternatively, you can have updates sent directly to your email address.

Week 51 In Review – 2013

Published: December 23rd, 2013 | Category: Security Tools, Security Training, Security Vulnerabilities, Vendor News | (0) Comments

Events Related

  • CCC, 100-gbps, and your own private Shodan – blog.erratasec.com
    One of the oldest/biggest “hacker” conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet.

Resources

  • Quick Joomla Refresher – blog.spiderlabs.com
    In this blog post David Kirkpatrick mention some of the tools he used to check the security of a particular Joomla installation and comment upon their effectiveness.
  • The DNS Census 2013 – dnscensus2013.neocities.org
    The DNS Census 2013 is an attempt to provide a public dataset of registered domains and DNS records. The dataset contains about 2.5 billion DNS records gathered in the years 2012-2013.
  • Symantec Intelligence Report: November 2013 – www.symantec.com
    Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. You can download your copy here.

Tools

  • evasi0n7 – iOS 7.x Jailbreak – evasi0n.com
    evasi0n7 is a production of evad3rs. Compatible with all iPhone, iPod touch, iPad and iPad mini models running iOS 7.0 through 7.0.4.
  • WinAppDbg 1.5 is out! – breakingcode.wordpress.com
    The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. Download links are available here.
  • Crash – labs.portcullis.co.uk
    The crash tool is a similar tool than the crash.exe tool from FileFuzz but for OS X. The purpose of this tool is to catch crashes from OS X applications and print debugging information such as registers, disassembled code and a memory dump of the stack.
  • Capstone – capstone-engine.org
    Capstone is a lightweight multi-platform, multi-architecture disassembly framework.

    • Capstone – github.com
      Capstone is a disassembly framework with the target of becoming the ultimate disasm engine for binary analysis and reversing in the security community.

Techniques

  • FLYING PIG: GCHQ’s TLS/SSL knowledge base – koen.io
    Documents from the ICTR-NE organization at the GCHQ show that it operates a program under the name FLYING PIG that provides analysts with information about secure communications over TLS/SSL. In this article, Koen Rouwhorst described the program on the basis of some actual screen captures of its interface.
  • OpenIOC Series: Investigating with Indicators of
    Compromise (IOCs) – Part I
     – mandiant.com
    The Back to Basics: OpenIOC blog series previously discussed how Indicators of Compromise (IOCs) can be used to codify information about malware or utilities and describe an attacker’s methodology. This blog post will focus on writing IOCs by providing a common investigation scenario, following along with an incident response team as they investigate a compromise and assemble IOCs.

Vendor/Software patches

Vulnerabilities

  • New attack steals e-mail decryption keys by capturing computer sounds – arstechnica.com
    Computer scientists have devised an attack that reliably extracts secret cryptographic keys by capturing the high-pitched sounds coming from a computer while it displays an encrypted message. Scientists use smartphone to extract secret key of nearby PC running PGP app.
  • Severe Office 365 Token Disclosure Vulnerability – Research and Analysis – adallom.com
    The vulnerability that Adallom labs researched here and the security incident that used it is a bona fide Perfect Crime; a crime where the victim doesn’t know that he’s been hit; a crime where there’s no proof of any foul play anywhere; a crime where protecting yourself against it without being familiar with its modus operandi is next to impossible.

Other News

  • Exclusive: Secret contract tied NSA and security industry pioneer – www.reuters.com
    As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

Week 50 In Review – 2013

Published: December 16th, 2013 | Category: Security Conferences, Security Tools, Security Training, Security Vulnerabilities, Vendor News | (0) Comments

Events Related Baythreat 4 – thesprawl.org Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day. The AppSec Program Maturity Curve 4 of 4 – veracode.com This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode […]

Week 49 In Review – 2013

Published: December 9th, 2013 | Category: Security Conferences, Security Tools, Security Vulnerabilities, Vendor News | (0) Comments

Events Related BotConf 2013 Wrap-Up BotConf 2013 Wrap-Up Day #1 –blog.rootshell.be Xavier was in Nantes (France) for two days to attend a new conference: Botconf. As the name says, this event was dedicated to botnets and malwares. BotConf 2013 Wrap-Up Day #2 – blog.rootshell.be Here is the Day 2 wrap up of the conference by Xavier. The […]

Week 48 In Review – 2013

Published: December 2nd, 2013 | Category: Security Conferences, Security Tools, Security Training, Security Vulnerabilities | (0) Comments

Events Related Course Review: SANS SEC 760 Advanced Exploit Development for Penetration Testers – ethicalhacker.net SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems. OWASP Benelux Day 2013 Wrap-Up – blog.rootshell.be Xavier just back from Amsterdam where was organized the […]

Information Security Events For December

Published: November 29th, 2013 | Category: Security Conferences, Security Training | (0) Comments

Here are information security events in North America this month:     Cybersecurity Conference : December 2 to 3 in Washington, D.C USA   CISO Executive Summit New Jersey : December 3 in Whippany, New Jersey USA   Cloud Security Alliance Congress : December 4 to 5 in Orlando, FL USA   CISO Executive Summit […]

Week 47 In Review – 2013

Published: November 25th, 2013 | Category: Security Vulnerabilities, Site News | (0) Comments

Resources SIM Card Forensics: An Introduction – resources.infosecinstitute.com A detail discussion by Rohit Shaw about SIM (subscriber identity module), SIM structure and it’s file systems, security, tools etc. Vulnerabilities Elevating privileges by exploiting weak folder permissions – www.greyhathacker.net This post is about weaknesses in folder permissions leading to elevation of privilege by using DLL hijacking vulnerabilities […]

Week 46 In Review – 2013

Published: November 18th, 2013 | Category: Security Tools, Security Training, Security Vulnerabilities | (0) Comments

Tools WCE v1.42beta released (32bit) – hexale.blogspot.com WCE v1.42beta released (32bit). This is a minor release. Download it from here. heapLib 2.0 – blog.ioactive.com Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Techniques Unpacking […]

Week 45 In Review – 2013

Published: November 11th, 2013 | Category: Security Tools, Security Training, Security Vulnerabilities | (0) Comments

Resources Introducing Phishing Frenzy – pentestgeek.com A couple weeks ago Zecnox presented at this year’s Derbycon on an email phishing platform that he has been working on. Those of you who missed the talk, he went over some of the features of  Phishing Frenzy and launched a live phishing simulation. You can see the recording here. […]

Week 44 In Review – 2013

Published: November 4th, 2013 | Category: Security Tools, Security Training, Security Vulnerabilities, Site News | (0) Comments

Resources Advanced iOS kernel debugging for exploit developers – www.youtube.com Advanced iOS kernel debugging for exploit developers: A presentation by Stefan Esser (@i0n1c) at the Breakpoint security conference in Melbourne, Australia. ekoparty Security Conference 9th Edition(2013) – ekoparty.org The ekoparty 2013 Videos & Papers are available here. Tools The Social-Engineer Toolkit (SET) v5.4 “Walkers” Released – trustedsec.com […]

Information Security Events For November

Published: November 1st, 2013 | Category: Security Conferences, Security Training | (0) Comments

Here are information security events in North America this month:   BSides Charleston : November 2 in Charleston, SC USA   BSides DFW : November 2 in Richardson, TX USA   CISO Executive Summit Pittsburgh : November 5 in Pittsburgh, PA USA   COUNTERMEASURE 2013: November 7 to 8 in Ottawa, Canada   CISO Executive […]

PREVIOUS
NEXT
© Godai Group 2014
Home - Calendar - Communities - Training - Archives - Contact