Week 29 In Review – 2014

Resources

  • BGA talk slides – twitter.com
    Marshall twitted his BGA talk slides on twitter. You can download the pdf from here.
  • Building a Modern Security Engineering Organization – slideshare.net
    Continuous deployment and the DevOps philosophy have forever changed the ways in which businesses operate. This talk with discuss how security adapts effectively to these changes.
  • Car Hacker’s Handbook – opengarages.org
    Here you can download the book in several different formats for free!
  • CONFidence 2014 video from our talk on CTFs – gynvael.coldwind.pl
    The video from j00ru’s and Gynvael’s talk from this year’s CONFidence edition is now online. The talk was called “On the battlefield with the Dragons” and consisted of a selection of interesting CTF task solutions with some useful tips and trick near the end.
  • Slides from my HOPE/X Talk – zdziarski.com
    Enjoy the slides and the paper; it’s solid academic quality research.

Tools

  • Introducing Burpbuddy – blog.liftsecurity.io
    burpbuddy exposes Burp Suites’s extender API over the network through various mediums, with the goal of enabling development in any language without the restrictions of the JVM.

Techniques

  • Real world exploitation of a misconfigured crossdomain.xml – Bing.com – sethsec.blogspot.com
    Seth Art was only able to really exploit the overly permissive crossdomain.xml file and gain access to the sensitive information. If Bing told authenticated users to use ssl.bing.com/profile/history or get lost, he would not have had a very exciting demo.

Vulnerabilities

Other News

Leave A Comment