- ShmooCon Firetalks 2013 – irongeek.com
These are the videos I have for the ShmooCon Firetalks 2013.
- APT 1
- APT 1: Exposing One of China’s Cyber Espionage Units – intelreport.mandiant.com
APT1: Exposing One of China’s Cyber Espionage Units
- Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure: The Nitty Gritty – mandiant.com
As we noted yesterday, Brandon Dixon’s 9B+ blog and Symantec reported the discovery of two malicious versions of our APT1 report. We wanted to provide follow-on details based on our analysis of these samples.
- Application Security Testing of Thick Client Applications – resources.infosecinstitute.com
In this article, we will learn about thick client applications, their vulnerabilities and ways to carry out security assessment of these applications.
- Real Life Vulnerabilities Statistics: an overview – blog.mindedsecurity.com
For this reason, we collected all our reports from 2010 until 2012 and performed a statistical analysis that, in conjunction with other contributors’ results, will help the new OWASP Top Ten to better fit these times and to keep track of differences from previous versions.
- DEPS Precise Heap Spray on Firefox and IE10 – corelan.be
Last week, while doing my bi-weekly courseware review and update, I discovered that my heap spray script for Firefox 9 no longer works on recent versions.
- Easy DOM-based XSS detection via Regexes – blog.spiderlabs.com
If you are interested in finding DOM-based XSS, you must have knowledge of http://code.google.com/p/domxsswiki/wiki/Introduction already. This is the best online resource about DOM-based XSS maintained by my friends Stefano di Paola and Mario Heiderich.
- CMD.EXE LOOPS PART III – resources.infosecinstitute.com
CMD.exe provides FOR loops that work in a rather awkward manner but they are quite powerful indeed. In this section, let us see how can we understand the for loop switches and their purposes, using a problem description and solution approach.
- IDA Program Patching – resources.infosecinstitute.com
Ida’s primary purpose is not binary patching, because when you first load the binary, it takes a snapshot of the binary and builds an internal representation, which is saved in the .idb database.
- Digging Into the Sandbox-Escape Technique of the Recent PDF Exploit – mcafee.com
As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader “sandbox-escape” plan. In order to help readers understand what’s going on there, we first need to provide some background.
- Infosec and Higher Education Part 2 – ptcoresec.eu
So when this week I received an email from a Student asking me for some help ( students from his university had been complaining about the degree and lecturers asked them to go and re-write the degree as they saw fit and that they would consider doing it), I felt like I should do this blogpost which I had prepared for a while.
- ThreatModeler 3.0 – myappsecurity.com
MyAppSecurity is proud to release ThreatModeler 3.0. Packed with several in-demand features to easily manage threats and measure the state of security at an organization, this new release comes updated with features to.
- Update XORSearch V1.8.0: Shifting – blog.didierstevens.com
This new version of XORSearch comes with a new operation: shifting left.
- Introducing the WAF Testing Framework – blog.imperva.com
Last week I attended an OWASP conference in Israel and participated in a panel about WAFEC.
- SSHD Rootkit
- SSHD rootkit in the wild – isc.sans.edu
There are a lot of discussions at the moment about a SSHD rootkit hitting mainly RPM based Linux distributions. Thanks to our reader unSpawn, we received a bunch of samples of the rootkit.
- Linux Based SSHD Rootkit Floating The Interwebs – blog.sucuri.net
For the past couple of days we have been a lot of discussion on a number of forums about a potential kernel rootkit making it’s rounds on the net. Interesting enough when we wrote about the case it wasn’t being picked up by anyone, today however it’s being picked up my an number of AV’s .
- Hacking Facebook OAuth
- Egor Homakov: How we hacked Facebook with OAuth2 and Chrome bugs – homakov.blogspot.com
We (me and @isciurus) chained several different bugs in Facebook, OAuth2 and Google Chrome to craft an interesting exploit. MalloryPage can obtain your signed_request, code and access token for any client_id you previously authorized on Facebook. The flow is quite complicated so let me explain the bugs we used.
- How I Hacked Facebook OAuth To Get Full Permission On Any Facebook Account – nirgoldshlager.com
I decided to share one of my favorite flaws i discovered in facebook.com. This flaw allowed me to take a full control over any Facebook account,
- De-duping multiple interface nessus results with sed. – pentesticles.com
Lets assume that you have your Nessus output and have it it some useful parse-able format. (xmlstarlet anyone?)
- Finding and Reverse Engineering Deleted SMS Messages – az4n6.blogspot.com.br
Recovering deleted SMS messages from Android phones is a frequent request I get. Luckily, there are several places and ways to recover these on an Android phone. After working a case that involved manually carving hundreds of juicy, case making messages, I collaborated with cheeky4n6monkey on a way to automate the process.
- Forwarding SMS to Email on