[Infiltrate2013] – f13-labs.net
Different types of font are available within Windows Operating system, for instance: TrueType font (.ttf), Bitmap font (.fon), OpenType PostScript font (.otf) and etc
At long last – the 2013 DBIR is out! – securityblog.verizonbusiness.com
Perhaps more so than any other year, the large scale and diverse nature of data breaches and other network attacks took center stage.
ioerror/duraconf – github.com
What you find here are recommended configurations, you should seriously consider using these, but you have to make
- Pip3line – the Swiss army knife of byte manipulation – nccgroup.com
What is Pip3line? It’s a raw bytes manipulation utility, able to apply well known and less well known transformations from anywhere to anywhere (almost).
- Basic Packers: Easy As Pie – SpiderLabs Anterior – spiderlabs.com
In essence, packers are tools that are used to compress a PE file. This primarily allows the person running the tool to reduce the size of the file. As an added benefit, since the file is compressed, it will also typically thwart many reverse engineers from analyzing the code statically (without running it).
- Adventures in IOSland Analyzing IOS Apps – securepla.net
So I’ve been spending a lot of time reversing IOS apps and trying to secure them. In my hunt for bugs, I’ve used your standard set of tools and processes on a jail-broken iPhone.
- Implementing PSLoggedOn in Metasploit (+ a bonus history module) – sensepost.com
After some trial and error, we now present enum_domain_user.rb a simple Metasploit post exploit module capable of finding network sessions for a specific user.
- Facebook Privacy: CyberSecurity 101 – veracode.com
While Facebook grants its users lots of control over their privacy settings, keeping up with the latest privacy controls can be difficult.
- Smeege Sec: WSDL Wizard: Burp Suite Plugin for Detecting and Discovering WSDL Files – smeegesec.com
WSDL (Web Service Description Language) files often provide a unique and clear insight into web application functionality.
- SMB Relay Demystified and NTLMv2 Pwnage with Python – pen-testing.sans.org
The SMB Relay attack is one of those awesome tactics that really helps penetration testers demonstrate significant risk in a target organization; it is reliable, effective, and almost always works.
- Abusing Safari’s webarchive file format – community.rapid7.com
Safari’s webarchive format saves all the resources in a web page – images, scripts, stylesheets – into a single file. A flaw exists in the security model behind webarchives that allows us to execute script in the context of any domain (a Universal Cross-site Scripting bug).
- Eavesdropping on a wireless keyboard – windytan.blogspot.fr
Some time ago, I needed to find a new wireless keyboard. With the level of digital paranoia that I have, my main priority was security. But is eavesdropping a justifiable concern? How insecure would it actually be to type your passwords using an older type of wireless keyboard?
- Living Social
- LivingSocial Hacked More Than 50 Million Accounts Compromised – blog.sucuri.net
Just as we were thinking we were going to avoid any major enterprise compromises this week, LivingSocial announces that it has been compromised and some 50 million accounts have been compromised.
- LivingSocial Hacked — More Than 50 Million Customers Impacted – allthingsd.com
LivingSocial, the daily deals site owned in part by Amazon, has suffered a massive cyber attack on its computer systems, which an email from CEO Tim O’Shaughnessy — just sent to employees and obtained by AllThingsD.com — said resulted in “unauthorized access to some customer data from our servers.”
- A look into the LivingSocial Hack – blog.imperva.com
Earlier today, the New York Times has published an article following the recent hack of LivingSocial. the Washington based company had issued a letter to its employees, citing that 50 million customer records were compromised, the information contained personal information such as names, emails, addresses and birthdates as well as encrypted passwords.
- AP Twitter Hack Preceded By A Phishing Attempt, News Org Says – techcrunch.com
The AP Twitter hack which sent the stock market briefly crashing was caused by a phishing attack, according to the AP.