Events Related

  • Thoughts on my very first DerbyCon (which won’t be my last) –
    One you hang around in infosec for a little while, you learn that each of the major cons have their own reputation, their own mini-scene. This one’s got the great parties, that one has the best speakers, that other one is where the fresh research is presented, et cetera.


  • Weekly Metasploit Wrapup: So Many Repos! –
    If you’ve been following along with Metasploit Framework development, you may have noticed that we have more than a couple repositories for committing code.
  • Advanced Threat Tactics – Course and Notes –
    The release of Cobalt Strike 3.0 also saw the release of Advanced Threat Tactics, a nine-part course on red team operations and adversary simulations. This course is nearly six hours of material with an emphasis on process, concepts, and tradecraft.


  • Miasm –
    Reverse engineering framework in Python
  • ShinySDR –
    Software-defined radio receiver application built on GNU Radio with a web-based UI and plugins.
  • HookME – API Based TCP Proxy Including SSL –
    HookME is a an API based TCP Proxy software designed for intercepting communications by hooking the desired process and hooking the API calls for sending and receiving network data (even SSL clear data).
  • Qubes 3.0 –
    Qubes is now based on what we call Hypervisor Abstraction Layer (HAL), which decouples Qubes logic from the underlying hypervisor.


  • Bypassing UAC with PowerShell –
    As I always try to keep the post-exploitation phase within PowerShell, I tested UACME and implemented some of the methods using PowerShell .
  • Flipping bits in the Windows Kernel –
    Recently, the MS15-061 bulletin has received some attention. This security bulletin includes patches for several Windows Kernel vulnerabilities, mainly related to win32k.sys. Details of one of them, discovered by Udi Yavo, have been very well covered.


  • Apple OS X 10.10 Security Disclosure –
    Gotham Digital Science has discovered a vulnerability affecting the phone dialing and SMS integration of the Continuity feature set introduced in OS X 10.10 and iOS 8.
  • Stagefright 2.0 Vuln Affects Nearly All Android Devices –
    Once again, Android has been found slashed wide open to a critical vulnerability in its multimedia engine that is easy to exploit, enables remote privileged code execution, requires no user interaction, and affects nearly every Android device.

Other News

  • T-Mobile confirms data breach, Social Security numbers stolen –
    Bad news T-Mobile customers (and would-be customers): one of the Un-Carrier’s vendors, Experian, has announced a major data breach, with upwards of 15 million addresses, phone numbers and even SSN stolen in the attack.
2017-03-12T17:39:20-07:00 October 5th, 2015|Security Conferences, Security Tools, Security Vulnerabilities, Security Workshops, Site News, Week in Review|0 Comments

Share This Story, Choose Your Platform!

Leave A Comment