Week 8 in Review – 2013

Published: February 25th, 2013 | Category: Security Conferences, Security Tools, Security Vulnerabilities | (0) Comments

Event Related ShmooCon Firetalks 2013 – irongeek.com These are the videos I have for the ShmooCon Firetalks 2013. Resources APT 1 APT 1: Exposing One of China’s Cyber Espionage Units – intelreport.mandiant.com APT1: Exposing One of China’s Cyber Espionage Units Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure: The Nitty Gritty – [...]

Week 7 in Review – 2013

Published: February 18th, 2013 | Category: Security Conferences, Security Tools, Security Vulnerabilities | (0) Comments

Event Related S4x13 Video: Atlas on RF Comms Security and Insecurity – digitalbond.com RF Comms are often ignored in SCADA assessments. Big mistake as atlas 0f d00m shows RF hacking session at S4x13. #Shmoocon Presentation Links – mainframed767.tumblr.com So I talked fast and furious and ran out of time, but 20 minutes is not a [...]

Week 2 in Review – 2013

Published: January 14th, 2013 | Category: Security Conferences, Security Tools, Security Vulnerabilities | (0) Comments

Event Related Index of Congress 29c3 – ftp.ccc.de High quality mp4 of 29c3. The ‘Hack Back’ Offense – bankinfosecurity.com To repel the onslaught of cyberattacks against organizations, security leaders are debating the merits of the “hack back” defense. THREADS – trailofbits.com THREADS is an annual conference that focuses on pragmatic security research and new discoveries [...]

Week 23 in Review – 2012

Published: June 10th, 2012 | Category: Security Tools, Security Vulnerabilities | (0) Comments

Resources Efficient Padding Oracle Attacks on Cryptographic Hardware – hal.inria.fr Stealing RSA private keys from hardware using oracle attacks in a few hours. JSLR – thespanner.co.uk Cross-Site Scripting (XSS) has been around for ages – with first incidents being reported in the late nineties. Despite the attack technique not being the most complex of all, [...]

Week 19 in Review – 2012

Published: May 14th, 2012 | Category: Security Conferences, Security Tools, Security Training, Security Vulnerabilities, Security Workshops, Uncategorized | (0) Comments

Resources Research for SharePoint (MOSS) – owasp.org This page contains research notes on Microsoft’s SharePoint MOSS and WSS MS SQL – Useful Stored Procedures for SQL Injection and Ports Info – pentesticles.com The following post lists and describes various useful stored procedures and port information for MS SQL. Portable Executable 101 – a windows executable [...]

Week 15 in Review – 2012

Published: April 16th, 2012 | Category: Security Conferences, Security Tools, Security Vulnerabilities | (1) Comment

Event Related A cyber weapon – alexmgeorge.wordpress.com At RSA 2012 Dave Aitel made a presentation wherein he defined cyber weapons a bit outside of how people normally think. The tried and true metaphor (which I admit to using) is that exploits or frameworks are like guns, and if they’re like guns then it’s easy to [...]

Week 21 in Review – 2009

Published: May 25th, 2009 | Category: Security Tools, Security Vulnerabilities, Vendor News | (0) Comments

Tools: Metasploit inside a word file – ithaven.blogspot.com Vulnerabilities: FFSpy – Firefox Malware PoC Debian OpenSSH 4.7 encryption flawed Flaw in encryption armor discovered – cnet.com Chink in encryption armor discovered – zdnet.com ntpd autokey stack buffer overflow – cert.org Other News: Adobe patch Tuesday approach Adobe Adopts Microsoft’s Patch Tuesday Approach – washingtonpost.com Adobe [...]

Adobe Reader 8 and Acrobat 8 Updates

Published: November 5th, 2008 | Category: Security Vulnerabilities | (0) Comments

A critical update to Adobe Reader 8.1.2 and Acrobat 8.1.2 has been released to address a remote exploit vulnerability. Version 9 of these products are not vulnerable. The advisory from Core Security notes that there is a stack buffer overflow when parsing PDF files, and the flaw could be exploited if a user is tricked [...]