Resources
- Week of PowerShell Shells – Announcement and Day 1 – labofapenetrationtester.com
To generate awareness and spread the goodness of PowerShell in the infosec community, Nikhil is glad to announce a Week of PowerShell shells. On each day of the past week, from 11th May to 15th May 2015, Nikhil published/discussed a blog post on it.- Week of PowerShell Shells – Day 2 – UDP Shells -labofapenetrationtester.com
On the day 2 of Week of PowerShell Shells, you will see how UDP could be used for interactive PowerShell shells. - Week of PowerShell shells – Day 3 – HTTPS Shells -labofapenetrationtester.com
On the day 3 of week of PowerShell shells Nikhil focused on HTTP/HTTPS on that day. - Week of PowerShell Shells – Day 4 – WMI Shell -labofapenetrationtester.com
Welcome to the Day 4 of Week of PowerShell Shells. The Shell which is going to discuss today by Nikhil is much different from the ones have discussed previously.
- Week of PowerShell Shells – Day 2 – UDP Shells -labofapenetrationtester.com
- Latest Microsoft Security Intelligence Report Now Available -blogs.microsoft.com
Volume 18 of the Microsoft Security Intelligence Report (SIR) is now available. This volume of the SIR focuses on the second half of 2014 and contains longer term trend data as well.
Tools
- New Tool: The PenTesters Framework (PTF) Released – trustedsec.com
TrustedSec is proud to announce the release of the PenTesters Framework (PTF). PTF is a Python script designed for Debian/Ubuntu (plans on expanding to more) based distributions to create a similar and familiar distribution for Penetration Testing.
Vendor/Software patches
- Adobe, Microsoft Push Critical Security Fixes – krebsonsecurity.com
Microsoft issued 13 patch bundles to fix roughly four dozen security vulnerabilities in Windows and associated software. Separately, Adobe pushed updates to fix a slew of critical flaws in its Flash Player and Adobe Air software, as well as patches to fix holes in Adobe Reader and Acrobat.
Vulnerabilities
- CVE-2015-1701 – github.com
Win32k LPE vulnerability used in APT attack. FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows. - VENOM, CVE-2015-3456 – venom.crowdstrike.com
VENOM, CVE-2015-3456, is a security vulnerability in the virtual floppy drive code used by many computer virtualization platforms. This vulnerability may allow an attacker to escape from the confines of an affected virtual machine (VM) guest and potentially obtain code-execution access to the host.
Other News
- FBI Hacker Hunt Goes ‘Wild West’ – bankinfosecurity.com
How much money would it take for you to rat out a member of a Russian organized crime gang? The U.S. government is currently offering “a reward of up to $3 million for information leading to the arrest and/or conviction of Evgeniy Mikhailovich Bogachev.
Leave A Comment