Events Related
- Troopers15 Wrap-Up Day #1 – blog.rootshell.be
This is Xavier’s first Troopers conference. Here is the wrap-up for the first day of Troopers15. Before the review of the talks, a few words about the conference. The venue was really nice as well as the facilities.- Troopers15 Wrap-Up Day #2 – blog.rootshell.be
This is Xavier’s wrap-up for the second day of Troopers15.
- Troopers15 Wrap-Up Day #2 – blog.rootshell.be
Resources
- Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS – isg.rhul.ac.uk
The team behind this research provide new attacks against RC4 in TLS that are focussed on recovering user passwords, still the pre-eminent means of user authentication on the Web today. - Introduction to GSM Security – resources.infosecinstitute.com
GSM is a wireless communication that uses digital technology and is widely deployed across the globe for mobile communications, such as mobile phones. In this article, Tri Sumarno will be discussing the method that could be used to see the traffic on a GSM network and how an attacker could abuse the GSM network. - How Many Million BIOSes Would you Like to Infect? (CSW Slides) – legbacore.com
This is some seriously fantastic work. CSW slides are available here. - How Many Million BIOSes Would you Like to Infect? (CSW Slides) – legbacore.com
This is some seriously fantastic work. CSW slides are available here.
Tools
- CANBus Protector – github.com
CANBus protector is a (very simple) CANBus IPS system built on two separate pieces of hardware that use one-way communication to get information out of the “trusted” vehicle network. - INTERLOCK – github.com
The INTERLOCK application is a file encryption front-end developed, but not limited to, usage with the USB armory. - Windows: Local WebDAV NTLM Reflection Elevation of Privilege – code.google.com
A default installation of Windows 7/8 can be made to perform a NTLM reflection attack through WebDAV which allows a local user to elevate privileges to local system.
Techniques
- Hacking Your Neighbor’s Wi-Fi: Practical Attacks Against Wi-Fi Security – resources.infosecinstitute.com
It no longer takes a skilled attacker to breach Wi-Fi security. Chances are high that one of your tech-savvy neighbors would eventually exploit a poorly configured access point. - Cracking a Wi-Fi WPA2 Password, Thanks to Amazon – resources.infosecinstitute.com
Fabio Natalucci will show you here a different approach to cracking a password. He will focus on how to crack a Wi-Fi WPA2 password.
Vulnerabilities
- HTTPS-crippling FREAK exploit affects thousands of Android and iOS apps – arstechnica.com
Attackers can use FREAK to steal passwords for finance, shopping, or medical apps. Security researchers from FireEye recently examined the most popular apps on Google Play and the Apple App Store and found 1,999 titles that left users wide open to the encryption downgrade attack. - The Palinopsia Bug: Is your VirtualBox reading your E-Mail? Reconstruction of FrameBuffers from VRAM – hsmr.cc
Pastor International journal of PoC k GTFO. it’s a damn cool trick they did with the file format.
[…] post Week 12 In Review – 2015 appeared first on Infosec […]
[…] post Week 12 In Review – 2015 appeared first on Infosec […]