Event Related Legal Merits of 'Hack Back' Strategy - bankinfosecurity.com From point-of-sale hacks to malware and DDoS attacks, the top cyberthreats of 2012 have been aggressive and strong. Is it time for organizations to adopt a "hack back" strategy against perceived attackers? Resources Mitigating Targeted Attacks on Your Organization - blogs.technet.com The Trustworthy Computing blog [...]
Event Related SANS SANS SEC642: Advanced Web App Penetration Testing and Ethical Hacking (review) - blog.c22.cc After taking a year off from SANS London (a trip to Colombia was too much to resist last year), I flew back over to sunny London (ha) to attend the new SEC642: Advanced Web App Penetration Testing class with [...]
Event Related Hacker Internship - nds.ruhr-uni-bochum.de Web applications are in the age of Web 2.0 increasingly become the target of attackers. Thus no problem SQL injection foreign databases are compromised, stolen by XSS vulnerability browser sessions and via cross-site request forgery you get from one day to the countless new friends in a social network. [...]
Here are information security events in North America this month: Conference on Fraud and Forensics : December 5 to 6 in Florida USA Bay Threat : December 7 to 8 in California, USA Microsoft BlueHat : December 13 to 14 in Washington, USA Bsides Seattle: December 15 in Seattle, [...]
Event Related DOAG 2012: Best of Oracle Security 2012 - blog.red-database-security.com Yesterday I gave a presentation ”Best of Oracle Security 2012” at the DOAG 2012 conference in Nürnberg. Resources cfbackdoor - gironsec.com This is a text file. Tools Util Util - Windows Handles Viewer (Simple GUI with REPL) v1.0.exe - diniscruz.blogspot.com Based on the Util [...]
Resources VulnVoIP (Vulnerable VoIP) - The Fundamentals of VoIP Hacking - rebootuser.com VulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail. Owning Computers Without Shell Access - accuvant.com What’s This All [...]
Event Related OWASP OWASP AppSec 2012 Presentation: SQL Server Exploitation, Escalation, and Pilfering - netspi.com During this presentation attendees will be introduced to lesser known, yet significant vulnerabilities in SQL Server implementations related to common trust relationships, misconfigurations, and weak default settings. XSS & CSRF with HTML5 - Attack, Exploit and Defense - shreeraj.blogspot.com HTML5 [...]
Event Related Hashdays Hashdays Wrap-up Day #1 - blog.rootshell.be I’m in Luzern for a few days but the Hashdays security conference started today! w00t! This is the first edition for me. A very nice opening session performed by the defcon-switzerland group which organises this event. Hashdays Wrap-Up Day #2 - blog.rootshell.be Yesterday evening, I went [...]
Here are information security events in North America this month: Hackfest: November 2 to 3 in Quebec, Canada BSides DFW : November 3 in Dallas, Texas USA Cloud Security Alliance Congress : November 7 and 8 in Florida, USA PhreakNIC : November 9 to 11 in Tennessee, USA Bsides [...]
Event Related ToorCon ToorChat - github.com A Chat Program for use with the ToorCon 2013 badge. ToorCon Presentation - brightmoonsecurity.com Thanks for attending my Toorcon Presentation. Below are links to my presentation and the references I mentioned in the talk. Please let me know if you have any recommendations on course materials. ToorCon Presentation - [...]