Events Related
- Another year, another RSAC – www.cerias.purdue.edu
I have attended 10 of the last 15 RSA conferences. I do this to see what’s new in the market, meet up with friends and colleagues I don’t get to see too often, listen to some technical talks, and enjoy a few interesting restaurants and taverns in SF.
- Black Hat Europe 2015 – www.youtube.com
- CarolinaCon 12 – www.youtube.com
Resources
- Mobile Top 10 2016-Top 10 – www.owasp.org
The list represents a release candidate of the OWASP Mobile Top Ten 2016. Have a look at the list and please provide feedback. The release candidate will have a 30 day feedback window for everyone to provide feedback before things are finalized.
- Adobe Security Bulletin – helpx.adobe.com
Security updates available for Adobe Flash Player
Tools
- Dependency-Check – github.com
Dependency-Check is a utility that attempts to detect publicly disclosed vulnerabilities contained within project dependencies.
- inspectrum – github.com
Inspectrum is a tool for analysing captured signals, primarily from software-defined radio receivers.
- BinExport – github.com
An IDA Pro plugin for exporting disassemblies into BinNavi databases and to Protocol Buffers
- DCEPT – github.com
A tool for deploying and detecting use of Active Directory honeytokens
- Qubes OS 3.1 has been released! – www.qubes-os.org
The major new architectural feature of this release has been the introduction of the Qubes Management infrastructure, which is based on the popular Salt management software.
Techniques
- How we broke into your house – boredhackerblog.blogspot.com
For my wireless security class (CIT 460) some friends and I did final project on hacking alarm systems. This was in Spring 2014. I did this because I had RTL-SDR dongle and I wanted to do something cool with it.
- Hacker Reveals How to Hack Any Facebook Account – thehackernews.com
A security researcher discovered a ‘simple vulnerability’ in the social network that allowed him to easily hack into any Facebook account, view message conversations, post anything, view payment card details and do whatever the real account holder can.
- Binmap: a system scanner – blog.quarkslab.com
Open sourcing binmap, a tool to scan filesystem and gather intel on which binaries are there, what are their dependencies, which symbols they are using and more. This yields a global view of a system, providing the basic block for building other tools!
- Tutorial #2: DCA against Hack.lu 2009 challenge – github.com
It’s a Windows 32-bit graphical crackme performing an AES128 encryption over the user input. If the output is equal to “hack.lu-2009-ctf”, one gets a success message.
- Got 15 minutes to kill? Why not root your Christmas gift? – blog.ioactive.com
This blog post provides a 101 introduction to embedded hacking and covers how to extract and analyze firmware to look for common low-hanging fruit in security. This post also uses binary diffing to analyze how TP-LINK recently fixed the vulnerability with a patch.
Other News
- How a hacker’s typo helped stop a billion dollar bank heist – uk.reuters.com
A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Federal Reserve, banking officials said.
Leave A Comment