Week 29 In Review – 2016

Events Related

  • Converge 2016 Videos – www.irongeek.com
    These are the videos from the Converge Information Security Conference.

Resources

  • KeeThief – A Case Study in Attacking KeePass Part 2 – www.harmj0y.net
    The other week I published the “A Case Study in Attacking KeePass” post detailing a few notes on how to operationally “attack” KeePass installations. This generated an unexpected amount of responses, most good, but a few negative and dismissive.

Tools

  • Tool To Generate Hashcat Toggle Rules – blog.didierstevens.com
    Hashcat comes with toggle rule files for candidate passwords up to 15 characters long. There’s a rules file that will toggle exactly one letter (toggles1.rule), another rule file for up to two letters (toggles2.rule), three, four, and finally a rule file for up to five letters (toggles5.rule). Hashcat does not provide rules with more than five toggles, as empirical data shows that passwords chosen by users only contain a couple of uppercase letters.

Techniques

Vendor/Software Patches

  • Adobe, Microsoft Patch Critical Security Bugs – krebsonsecurity.com
    Adobe has pushed out a critical update to plug at least 52 security holes in its widely-usedFlash Player browser plugin, and another update to patch holes in Adobe Reader. Separately, Microsoft released 11 security updates to fix vulnerabilities more than 40 flaws inWindows and related software.

Other News

  • Alex Gibney on Stuxnet and why we need to talk about cyberwar – www.engadget.com
    It’s been six years since we discovered Stuxnet, the worm that infected Windows PCs worldwide and was eventually traced to the United States and Israel as a way to attack Iran’s nuclear program. It was the first time a cyberweapon was used to attack a physical location (it disabled uranium enriching centrifuges by causing them to spin out of control), and it sparked the use of cyberattacks from governments all over the world, including Russia, Iran and North Korea.

 

Leave A Comment