Week 2 In Review – 2015

Resources

  • Win32 Assembly Cheat Sheet – strchr.com
    The idea is to put all reference information about x86 assembly language on the one page. You will find various kinds of moves (MOV, CMOV, XCHG), arithmetical (ADD, SUB, MUL, DIV) and logical (AND, OR, XOR, NOT) instructions here.
  • The International Conference on PASSWORDS 2014. – video.adm.ntnu.no
    The International Conference on PASSWORDS 2014, Trondheim, Norway. This is the 7th event of the series, sponsored by the FRISC research network. You can watch and download all presentation videos from here.
  • Clear Apartment. Clear Inbox. Clear Mind – metrochatter.wordpress.com
    SaneBox has a bunch of cool features, but the favorite is SaneBlackhole: drag an email into it, and never see another email from that sender again. It doesn’t just filter mail on the computer —it filters mail before it gets to the phone and iPad also.

Tools

  • ASUSWRT 3.0.0.4.376_1071 – LAN Backdoor Command Execution – exploit-db.com
    A service called “infosvr” listens on port 9999 on the LAN bridge. Normally this service is used for device discovery using the “ASUS Wireless Router Device Discovery Utility”, but this service contains a feature that allows an unauthenticated user on the LAN to execute commands.
  • tckfc – github.com
    This tool seeks asynchronously TrueCrypt key file using combinations of provided key files with provided password. You can download it from here.
  • NetHunter 1.1 Released – offensive-security.com
    The first open source Android based penetration testing platform for Nexus and OnePlus devices. Wait, OnePlus phones? Yes! Their new NetHunter v1.1 release brings with it some great news.
  • SPARTA 1.0 BETA released – sparta.secforce.com
    SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. You can download the tools from the link below.

  • Princeprocessor – github.com
    The princeprocessor is a password candidate generator and can be thought of as an advanced combinator attack. Downloat it from here.
  • pwntools – CTF toolkit – github.com
    This is the CTF framework used by Gallopsled in every CTF. You can download it from here.

Vulnerabilities

  • Chanitor Downloader actively installing Vawtrak – research.zscaler.com
    ThreatLabZ are keeping an eye on a fairly active downloader called Chanitor. This malware is being delivered via phishing emails purporting to be “important” documents, for example, voicemails, invoices, and faxes; all are actually screensaver executables with the extension ‘.scr’.

One Comment

  1. Week 2 In Review – 2015 | infopunk.org January 12, 2015 at 9:00 am

    […] post Week 2 In Review – 2015 appeared first on Infosec […]

Leave A Comment