Tools WCE v1.42beta released (32bit) – hexale.blogspot.com WCE v1.42beta released (32bit). This is a minor release. Download it from here. heapLib 2.0 – blog.ioactive.com Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Techniques Unpacking [...]
Resources Introducing Phishing Frenzy – pentestgeek.com A couple weeks ago Zecnox presented at this year's Derbycon on an email phishing platform that he has been working on. Those of you who missed the talk, he went over some of the features of Phishing Frenzy and launched a live phishing simulation. You can see the recording here. [...]
Resources Advanced iOS kernel debugging for exploit developers – www.youtube.com Advanced iOS kernel debugging for exploit developers: A presentation by Stefan Esser (@i0n1c) at the Breakpoint security conference in Melbourne, Australia. ekoparty Security Conference 9th Edition(2013) – ekoparty.org The ekoparty 2013 Videos & Papers are available here. Tools The Social-Engineer Toolkit (SET) v5.4 “Walkers” Released – trustedsec.com [...]
Events Related Hack.lu 2013 Wrap-Up Xavier wrapped-up the event of Hack.Lu 2013-Luxembourg 9th edition. As usual, the event started with a bunch of interesting workshops, talks. These talks went really deep and finally, Shift closed the schedule with “Interactive Deobfuscation“; A very very technical session. Hack.lu 2013 Wrap-Up Day #1 – blog.rootshell.be Hack.lu 2013 Wrap-Up Day [...]
Events Related SANS FOR610: Reverse Engineering Malware – Course Review – blog.c22.cc What follows is a review of the SANS FOR610: reverse engineering malware class taken at the SANS Prague 2013 event. What follows are rough notes, feelings and impressions from the class as it was taking place. Take it as you will, and we hope [...]
Resources Louisville Infosec 2013 Videos – www.irongeek.com Here are the videos from Louisville Infosec 2013 conference. BruCON talks – youtube.com BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Here are the videos from BruCON [...]
Events Related SyScan360 Beijing slides – reverse.put.as Eight days and 10 flights later author Papers back from SyScan360 in Beijing. It was his first visit to China and he had lots of fun observing many things that he only “knew” from reading. His presentation slides are available here. Resources What I Wish I Knew Before [...]
Events Related BruCON 0×05 Wrap Up -blog.rootshell.be Here is Xavier's quick wrap-up of BruCON 0×05. Actually it’s not a wrap-up about the talks. He gives some statistics about the visitors. Resources One Weird Trick for Finding More Crashes – www.cert.org CERT Vulnerability Analysis Team announced the release of updates to both of their fuzzing tools, the CERT [...]
Resources Heuristic methods used in sqlmap – unconciousmind.blogspot.com You can find slides for Miroslav Štampar talk "Heuristic methods used in sqlmap" held at FSec 2013 conference (Croatia / Varazdin 19th September 2013) here. Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network – blog.spiderlabs.com It’s always surprising how insecure some internal networks turn out to [...]
Resources Video Tutorial: Introduction to XML External Entity Injection – community.rapid7.com This video introduces XML injection to achieve XML external entity injection (XXE) and XML based cross site scripting (XSS). Errata Security's blog We scanned the Internet for port 22 – blog.erratasec.com Errata Security scanned the entire Internet for port 22 -- the port reserved for "SSH", [...]