Resources
- SecTor 2015 – sector.ca
Presentations and videos for SecTor 2015
- RuxCon – ruxcon.org.au
Tools
- NMAP – github.com
NMAP scripts for TN3270 interaction as well as NJE. Most notably TSO User Enumeration and Brute Force. CICS transaction ID enumeration and NJE node name brute forcing.
Techniques
- Hidden In Plain Sight: Brute Forcing Slack Private Files – www.ibuildings.nl
When we started using Slack one of our developers was sending a file, had his Developer console open and noticed that even though he’d not chosen to share the file public, the API gave back a public URL anyway.
- vBulletin 5 PreAuth RCE – pastie.org
Other News
- DoD Needs to Improve Cyber Culture, CIO Says – www.defense.gov
The Defense Department needs to change its cyber culture to protect its networks from the relentless threat from hackers, the department’s chief information officer said today.
- CIA Email Hackers Return With Major Law Enforcement Breach – www.wired.com
The CWA hackers said they found a vulnerability that allowed them to gain access to the private portal, which is supposed to be available only to the FBI and other law enforcement agencies around the country. That portal in turn, they say, gave them access to more than a dozen law enforcement tools that are used for information sharing.
Leave A Comment