Events Related:
- BlackHat / DefCon 18 related posts
- Highlights from Black Hat and Defcon – readwriteweb.com
Here’s our round-up of highlights from the two security events from around the web. - Black Hat & DEFCON Observations – bobbydominguez.com
Both cons have their own distinct culture and participants, but you’ll see Black Hat attendees stay for the Defcon forums. - Corey’s 2010 Las Vegas BlackHat DefCon summary – intrepidusgroup.com
The IG gang spent last week out in Vegas for the annual BlackHat and DefCon trips. While I missed a handful of high profile talks. - higB’s 2010 Las Vegas BlackHat DefCon summary – intrepidusgroup.com
Amanda did a great job making sure we were in the Palace tower (not the stinky Forum tower). - Max’s 2010 Las Vegas BH/DC Summary – intrepidusgroup.com
The WiMAX Hacking (https://groups.google.com/group/wimax-hacking) talk, from Pierce, Goldy, and aSmig feat. sanitybit was great. - Zach’s 2010 BlackHat/DEFCON/B-Sides Las Vegas summary – intrepidusgroup.com
I was aiming not to be the last contributor to this series, given that I’ve already received my proper lashings for slagging on posts as is. - Black Hat 2010 – appsecinc.com
What used to be a couple of booths at the side of the hallway is now a dedicated hall with almost every security vendor showing a presence. - BlackHat 2010 Recap – midnightresearch.com
Overall it was a good conference and similar to last year. - Digital Forensics Case Leads Aug 5, 2010: Defcon 18 and more – sans.org
We have news and coverage from a forensic and incident response viewpoint, including news about the Wikileaks incident you might not have seen elsewhere. - Hacker Wonderland: DefCon 18 in Photos – wired.com
Photostream of badges, underwear, locks and other stuff you only see at Defcon - DefCon Talks: – securepla.net
I complied some of the talks that I found interesting during DefCon this year. - DefCon 18 Day 2 – it.toolbox.com
Lots of angry, sweaty nerds lamenting decisions to attend talks. - The hackers life – my weekend at Defcon – nationalgeographicassignmentblog.com
As we get closer to the hall where Paget is presenting, I can hear someone yelling, “if you have a GSM cell phone, your call may be intercepted.
- Highlights from Black Hat and Defcon – readwriteweb.com
- Korelogic competition, Team hashcat – korelogic.com
When the initial list of hashes was received from KoreLogic it was split into text files which each contained a specific hash type.
Resources:
- Black Hat USA 2010 //Media Archives – blackhat.com
All the materials from BlackHat Las Vegas - Breaking Browsers: Hacking Auto-Complete (All Materials Available) – jeremiahgrossman.blogspot.com
Slides and materials from Grossman’s BH talk. - Oracle Slides
- Oracle Presentations from Blackhat 2010 Las Vegas are online – red-database-security.com
- Hacking Oracle From Web Apps 1 9 – notsosecure.com
Some slides and Youtube demos. - Hacking Oracle over the web and exploiting Database Vault – petefinnigan.com
- This year 2 presentations from Esteban and Sid were dedicated to Oracle.
- Slides and Code from Vegas – happypacket.net
I have gotten some good feedback from folks, and so I’m going to be updating a lot of code in the near future. - SHODAN for Penetration Testers – scribd.com
Slides from the presentation at DefCon - Universal RF Usb Keyboard Emulation Device (URFUKED) Slides – hackerwarrior.com
Slides and code from the talk. - Sans Pentest Summit 2010 – Goal Oriented Pentesting – spl0it.wordpress.com
Slides from a presentation at this recent event - Boston Audit Conference: Class References – sans.org
Here are the references posted on the screen during the class in Boston from August 1 through 7. - Full list of talks – thenexthope.org
Contains summaries and downloadable audio
Tools:
- Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution – darknet.org.uk
WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. - pvefindaddr.py ImmDbg Plugin – corelan.be
You can get the list of functions and parameters by running !pvefindaddr (without arguments) from the input box at the bottom of Immunity Debugger. - Hashcat – hashcat.net
Fastest cpu-based multihash cracker.delay 1 - oclHashcat – hashcat.net
Fastest multihash MD5 cracker on NVidia cards - rebind – code.google.com/p/rebind/
Rebind is a tool that implements the multiple A record DNS rebinding attack. - Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting. – seccubus.com
Seccubus effectively reduces the analysis time for subsequent scans of the same infrastructure by only reporting delta findings. - Fierce v2.0 released at (Security BSides Las Vegas 2010) – spl0it.wordpress.com
Last week at Security BSides in Las Vegas, I gave a talk about the newest version of Fierce. - Mallory: Transparent TCP and UDP Proxy – intrepidusgroup.com
Mallory is a transparent TCP and UDP proxy. It can be used to get at those hard to intercept network streams, assess those tricky mobile web applications, or maybe just pull a prank on your friend. - BlindElephant Web Application Fingerprinter – blindelephant.sourceforge.net/
BlindElephant attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. - Grid Toolkit – Grid Computing Hacker Kit – ipsecs.com
It’s almost two years after we release paper related to grid computing[in]security at 2008.- PDF Dissector 1.5.0 released – zynamics.com
Apart from a few bug fixes, version 1.5.0 of our PDF malware analysis tool PDF Dissector brings two very cool new features.Techniques:
- Internet Evidence Finder Part II: Intro to IEF v3.3 – sans.org
Just a brief recap of what IEF will search for on a mounted drive/folder. - PDF Exploit: Number of pages is the Key – zscaler.com
Interestingly, the attacker had used a key to decode his malicious code. - BlackHat Write-up: go-derper and mining memcaches – sensepost.com
We released go-derper, a tool for playing with memcached instances. It supports three basic modes of operations. - Razorback and IF-MAP? – securitybalance.com
Instead of having several tools waiting to receive data from different places, we need a security metadata bus that can be used by other tools. - Return of the Facebook Snatchers – skullsecurity.org
Way back when I worked at Symantec, my friend Nick wrote a blog that caused a little bit of trouble for us: Attack of the Facebook Snatchers. - Integrate Blacklisting in your Own DNS Server – rootshell.be
First, DNS is a critical service on your network. Can you really trust an external server? - RT @ketralnis: The code I used to crack the #defcon 18 badge’s ninja code, in case anyone’s interested. Simple stuff – @tia_marie
- Quickpost: 2 .LNK Tools – didierstevens.com
I’m releasing two small tools I developed to help me investigate this vulnerability.
Vulnerabilities:
- ReCAPTCHA.net Now Vulnerable to Algorithmic Attack – slashdot.org
The algorithms were disclosed at DEFCON 18 over the weekend and have since been made available online.
Other News:
- Sophos Security Threat Report: Mid-year 2010 – sophos.com
One of the greatest achievements of the last 6 months has been an active engagement from average computer users in securing their computers. - How I Met Your Girlfriend
Samy Kamkar demonstrated a creepy hack that uses Google Street View data for stalking victims.- Hacker Uses XSS and Google Street View Data to Determine Physical Location – securityweek.com
- Hack pinpoints where you live: How I met your girlfriend – computerworld.com
- Live demos show how the Nintendo DS and the Wii can be hacked to spread malware (videos) – venturebeat.com
Ki-Chan Ahn and Dong-Joo Ha showed off a number of demos of how they could crack the Nintendo DS and Nintendo Wii and use them to upload malware. - Researcher Reads RFID Tag From Hundreds Of Feet Away – darkreading.com
Demonstration raises privacy and security concerns with RFID EPC Class 1 Generation 2 used in some passport cards, inventory tags, and driver’s licenses. - Researcher Intercepts GSM Cell Phones During Defcon Demo – darkreading.com
In the wake of pressure from the FCC, security expert demonstrates major GSM hack. - Most SSL Sites Poorly Configured – darkreading.com
Half of all SSL servers run older, insecure version of SSL; attacks against HTTPS browser sessions detailed at Black Hat. - Malware Authors Leave Their Fingerprints On Their Work, Black Hat Researcher Says – darkreading.com
Careful study of malware can help experts recognize its source and protect against it. - Verizon Changing Users Router Passwords – slashdot.org
I believe this to be in response to the Black Hat presentation about the hackability of home routers. - Bringing the Hammer Down on BlackBerry Services in Arab Countries
First UAE and now India wants telcos to shut down these messaging services- BlackBerry Services Will Be Halted in U.A.E. as Traffic Can’t Be Monitored – bloomberg.com
- BlackBerry server in China? India wants a monitoring unit too – indiatimes.com
- Another big, ol’ privacy breach: Facebook details now in torrent form
The 2.8GB torrent was compiled by hacker Ron Bowes of Skull Security, who created a web crawler program that harvested data on users contained in Facebook’s open access directory. - Defcon contest rattles nerves at FBI, security groups – infoworld.com
A Defcon contest that invites contestants to trick employees at U.S. corporations into revealing not-so-sensitive data has rattled some nerves. - Taking Back the DNS – circleid.com
Most new domain names are malicious. - Updated: Android wallpaper app that takes your data was downloaded by millions – venturebeat.com
A questionable Android mobile wallpaper app that collects your personal data and sends it to a mysterious site in China. - For Kevin Mitnick, staying legal is job No. 1 – cnet.com
“When my lawyer says I might be committing wire fraud I get worried,” Mitnick told CNET in the corridors of Defcon on Saturday. - Seven dangerous new computer hacks (and one silly one) that will change the future – io9.com
Without further ado, here are seven hacks (and one goof) announced at Black Hat and Defcon that you should know about. - New Certifications Will Set High Bar for IT Security Pros – threatpost.com
The group will be designing certification exams to test the knowledge, practical skill and professionalism of IT security practitioners. - Lookout’s App Genome Project warns about sketchy apps you may have already downloaded – engadget.com
You should, with Lookout running a sort of survey across 300,000 apps on those two platforms, finding that many access personal information even though they seemingly don’t need to. - The $200 Biometric Lock Versus a Paperclip – gizmodo.com
The problem, as you can readily see, is that while the biometrics all seem to be in order, the manufacturer decided to pair it with a two-bit override lock. - The DefCon Ninja Party Badge Will Let You Battle Strangers – gizmodo.com
In years past, a Ninja would give a party attendee a sticker or a paper invite that would get them in to the party.
- PDF Dissector 1.5.0 released – zynamics.com
Leave A Comment