Week 27 In Review – 2015

Events Related

  • REcon Recap: Here’s What Caught My Eye – researchcenter.paloaltonetworks.com
    A few weeks ago I was fortunate enough to attend REcon in Montreal, Canada. This conference focuses on reverse engineering and exploitation techniques and has been going on for roughly a decade.

 Resources

  • Course Review: eLearnSecurity WAPTX (WebApp PenTesting Extreme) – ethicalhacker.net
    The past few years were a sort of lull for me. While I’ve continued to read and review books, watch and listen to webcasts and podcasts and do my best to stay ‘fresh’ on the pentesting front, I’ve not had a good opportunity to squeeze in any more ‘structured’ training courses.

Tools

  • CMSmap – The ultimate CMS Scanner to Hack 75% of Websites – terminatio.org
    CMSmap is a simple Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool.

Techniques

  • Windows kerberos ticket theft and exploitation on other platforms – mikkolehtisalo.wordpress.com
    In the past there has been a lot of talk about pass the hash, but surprisingly little about different methods for exploiting kerberos tickets. Besides the discussion focused on golden tickets the Kerberos has not really ever been a major target for abuse.

 Vulnerabilities

  • Hacking Wireless Ghosts Vulnerable For Years – blog.ioactive.com
    Is the risk associated to a Remote Code Execution vulnerability in an industrial plant the same when it affects the human life? When calculating risk, certain variables and metrics are combined into equations that are rendered as static numbers, so that risk remediation efforts can be prioritized.

 Other News

  • The 414s: The Original Teenage Hackers – edition.cnn.com
    CNN Films presents “The 414s: The Original Teenage Hackers,” a look at an unexpected group of hackers who forever changed the idea of cybersecurity. In the early 1980s, this group of Milwaukee teenagers broke into dozens of prominent computer systems, including the Los Alamos National Laboratory and the Sloan-Kettering Cancer Center, sparking landmark legislation that impacts how we use technology today.
  • Team GhostShell: Back with a bang and after your data – zdnet.com
    Team GhostShell, well-known for a string of high-profile hacks in the past, has taken itself off hiatus and returned with hacks and database pillaging. The hacking group claims to have hacked a long list of websites in the past 24 hours.

Leave A Comment