Here are information security events in North America this month: Digital Bond’s 7th Annual SCADA Security Scientific Symposium (S4) - 2014 : January 15 to 16 in Miami Beach, FL USA ShmooCon 2014 : January 17 to 19 in Washington, DC, USA Suits and Spooks Washington 2014 : January 19 to 21 [...]
Resources Adobe CQ Pentesting Guide – Part 1 – resources.infosecinstitute.com This post deals with the step-by-step security testing guidelines for Adobe CQ installation. Adobe CQ is Adobe’s new Web Experience Management software portfolio which provides easy-to-use web apps for creating, managing and delivering online experiences to its users. SkyDogCon 2013 Videos – www.irongeek.com Here are the videos [...]
Events Related CCC, 100-gbps, and your own private Shodan – blog.erratasec.com One of the oldest/biggest "hacker" conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet. Resources Quick Joomla Refresher – blog.spiderlabs.com In this blog post David Kirkpatrick mention some of the tools he used to check the [...]
Events Related Baythreat 4 – thesprawl.org Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day. The AppSec Program Maturity Curve 4 of 4 – veracode.com This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode [...]
Events Related BotConf 2013 Wrap-Up BotConf 2013 Wrap-Up Day #1 –blog.rootshell.be Xavier was in Nantes (France) for two days to attend a new conference: Botconf. As the name says, this event was dedicated to botnets and malwares. BotConf 2013 Wrap-Up Day #2 – blog.rootshell.be Here is the Day 2 wrap up of the conference by Xavier. The [...]
Events Related Course Review: SANS SEC 760 Advanced Exploit Development for Penetration Testers – ethicalhacker.net SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems. OWASP Benelux Day 2013 Wrap-Up – blog.rootshell.be Xavier just back from Amsterdam where was organized the [...]
Here are information security events in North America this month: Cybersecurity Conference : December 2 to 3 in Washington, D.C USA CISO Executive Summit New Jersey : December 3 in Whippany, New Jersey USA Cloud Security Alliance Congress : December 4 to 5 in Orlando, FL USA CISO Executive Summit [...]
Resources SIM Card Forensics: An Introduction – resources.infosecinstitute.com A detail discussion by Rohit Shaw about SIM (subscriber identity module), SIM structure and it's file systems, security, tools etc. Vulnerabilities Elevating privileges by exploiting weak folder permissions – www.greyhathacker.net This post is about weaknesses in folder permissions leading to elevation of privilege by using DLL hijacking vulnerabilities [...]
Tools WCE v1.42beta released (32bit) – hexale.blogspot.com WCE v1.42beta released (32bit). This is a minor release. Download it from here. heapLib 2.0 – blog.ioactive.com Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Techniques Unpacking [...]
Resources Introducing Phishing Frenzy – pentestgeek.com A couple weeks ago Zecnox presented at this year's Derbycon on an email phishing platform that he has been working on. Those of you who missed the talk, he went over some of the features of Phishing Frenzy and launched a live phishing simulation. You can see the recording here. [...]