- It’s the 26the Chaos Communication Congress! A roundup of recent related news to this event.
- The CCCs retrospect for 2009 – events.ccc.de
A look back at some of the happenings in this conference
- 26c3 Backstage – events.ccc.de
A few observations on what happens behind the curtain in this congress.
- The Official 26C3 Twitter Feed – twitter.com
- Conference Recordings for 26C3 – events.ccc.de
A list of the released videos for this event plus errata and mirror download sites.
- Dragons Everywhere: The 26th Chaos Communication Congress, Part 1 – avertlabs.com
- Dragons Everywhere: The 26th Chaos Communication Congress, Part 2 – avertlabs.com
A summary of the events of the 26C3 held in Berlin
- The CCCs retrospect for 2009 – events.ccc.de
- NetCat Mind Map – mindcert.com
A mind map of some security tools covered during a pentesting course.
- 8 Basic Rules to Implement Secure File Uploads – blogs.sans.org/appsecstreetfighter
A few simple basics to think about when implementing file uploads in your site.
- Backtrack 4 “Full” Disk Encryption How-to Minor Updates – infosecramblings.com
An update to the post on how to create an encrypted bootable Backtrack thumb drive.
- SQL Injection Resources – owasp.blogspot.com
A few links to sites related to SQL injection.
- The WASC Threat Classification v2.0 – webappsec.org
The threat classification is an effort to classify weaknesses and attacks that can lead to the compromise of a website, its data or its users.
- Penetration Testing Framework v0.57 Released – security-database.com
PTF is updated
- 26C3: Protection against Flash security holes – h-online.com
Blitzableiter is a proactive tool that helps clean Flash code prior to playback.
- Happy Holidays (Project Updates) – metasploit.com
Some quick updates included by the project team during the holiday break.
- Meterpreter pivoting improved – darkoperator.com
Some of the improvements of Meterpreter are displayed in this post.
- Wapiti v2.2.0 (Vulnerability Scanner For Web App) Released – security-database.com
Some new features include modules for searching weak .htaccess files, additional options for scanning, among others.
- DECAF 2 Launched, Takes on More Than Just COFEE – djtechnocrat.blogspot.com
Now back from being recalled, this tool now monitors usage of other forensic software.
- Meterpreter persistence – darkoperator.com
A script that generates and uploads its own payload that provides a backdoor to the system.
- John the Ripper 1.7.4 Released – security-database.com
This fast password cracker gets an update.
- Suricata released! – inliniac.net
This open source, next generation intrusion detection and prevention tool is now in open beta.
- DirChex_v1.2 Released (New Functionality) – cktricky.blogspot.com
New tabs and more in this update.
- New options in msfconsole session command – darkoperator.com
A post about 2 recent additions to Metasploit
- Popup &Focus URL Hijacking – ha.ckers.org
- Exploiting Microsoft IIS with Metasploit – metasploit.com
How to use msfencode to exploit IIS file name parsing
- Generic cross-browser cross-domain theft – scarybeastsecurity.blogspot.com
A simple way to hijack data from a page and how it works.
- MySQL support in Metasploit – bernardodamele.blogspot.com
The integration sqlmap in the tool gives hackers power to exploit databases more easily.
- Metasploit payload format galore – darkoperator.com
Inserting exploit payloads are easy with all the export options in Metasploit.
- Exporting the Registry for Fun and Profit – metasploit.com
Some thoughts on WinScanX and the Remote Registry service
- The Undeletable SafeBoot Key – didierstevens.com
A solution to stopping malware from deleting your SafeBoot Key and preventing you from booting into Safe Mode.
- Meterpreter token manipulation – darkoperator.com
Some new code enables manipulating tokens much easier when running as System.
- Safe, reliable hash dumping – metasploit.com
Meterpreter’s hashdump and its ins and outs.
- GSM code cracked wide open
A speaker at the 26C3 in Germany announced success at breaking the cellular standard
- GSM crypto code cracked, engineer says – cnet.com
- 26C3: GSM hacking made easy – h-online.com
- GSM Decryption Published – slashdot.org
- GSM Encryption Cracked… GSMA’s First Response? That’s Illegal! – techdirt.com
A missive on the wrong focus of the cellular standards authority regarding the recent GSM cracking news.
- 26C3: Network design weaknesses – h-online.com
The vulnerabilities of existing networks was demonstrated at the recent Berlin conference.
- What’s up with port 12174? Possible Symantec server compromise? – isc.sans.org
A LANDesk vuln on older Symantec servers lead to nasty malware dumps.
- Quantum Encryption Implementation Broken – slashdot.org
A theoretically perfect encryption method is broken by exploiting hardware flaws.
- Microsoft IIS Vulnerability Found
Soroush Dalili has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be potentially bypass certain security restrictions.
- New Reports of a Vulnerability in IIS – technet.com
- Microsoft IIS ASP Multiple Extensions Security Bypass – djtechnocrat.blogspot.com
- Results of Investigation into Holiday IIS Claim – technet.com
An official word from Microsoft says the issue isn’t with them, it’s with how the server with IIS is configured.
- PayPal vs Fake PayPal: Can You Tell the Difference?