Here are information security events in North America this month: Converge Information Security Conference 2016 : July 14 to 16 in Detroit, MI, USA BSides Detroit 2016 : July 16 in Detroit, MI, USA BSides Connecticut 2016 : July 16 in Hamden, CT, USA TakeDownCon Rocketcity 2016 : July 18 to [...]
Events Related BSides Cleveland 2016 Videos - www.irongeek.com These are the videos from the Bsides Cleveland conference. Resources MonitorDarkly - github.com This repo contains the exploit for the Dell 2410U monitor. It contains utilities for communicating with and executing code on the device. 148 Projects - bestpractices.coreinfrastructure.org Tools BadUSB 2.0 USB MITM POC - github.com Other News [...]
Events Related Circle City Con 2016 Videos - www.irongeek.com Area41 - 2016 - confseclive.wordpress.com I had the opportunity this year to attend Area41 conference in Zurich. The conference is organised by the DEFCON Switzerland group and the talks are mainly technical. ShowMeCon 2016 Videos - www.irongeek.com Recordings of talks and speakers at Security Fest 2016 - securityfest.com [...]
Resources Typosquatting programming language package managers - incolumitas.com Typosquatting is the malicious registering of a domain that is lexically similar to another, often highly frequented, website. Typosquatters would for instance register a domain named Gooogle.com instead of the well known Google.com. Then they hope that people mistype the website name in the browser and accidentally arrive on the [...]
Resources Out-of-Box Exploitation: A Security Analysis of OEM Updaters - duo.com Original Equipment Manufacturers (OEM) refer to the first boot of a new PC as the out-of-box experience (OOBE). As you battle your way through modal dialogues for questionable software, and agree to some exciting 30 day antivirus trials, it’s pretty forgivable to want to throw [...]
Here are information security events in North America this month: eCrime 2016 : June 1 to 3 in Toronto, ON, Canada SecureWorld Atlanta 2016 : June 1 to 2 in Atlanta, GA, USA CISO Executive Summit Atlanta : June 1 in Atlanta, GA, USA RVAsec 2016 : June 2 to 3 [...]
Events Related NolaCon 2016 - www.irongeek.com Resources BlueCoat now has a CA signed by Symantec - twitter.com hitbsecconf2016ams - conference.hitb.org Tools Practical Malware Analysis Starter Kit - bluesoul.me This package contains most of the software referenced in Practical Malware Analysis. Some of the links have broken over time, some companies have folded or been bought. 1 [...]
Tools fwexpl - github.com PC firmware exploitation tool and library Techniques The best part about open source software is there's no hidden backdoors - twitter.com Kerberoasting SPNs are used by Kerberos authentication to associate a service instance with a service logon account. Kerberoasting - Part 1 - room362.com Kerberoasting - Part 2 - room362.com Kerberoasting [...]
Events Related Cybersecurity sleuths learn to think like hackers - www.cnet.com About 35 high-school students sit at neatly arranged rows of tables in the university's gym. Another 115 college-level contestants surround the high schoolers. The room is pretty quiet, with only the occasional rattle from the New York subway tunnels below cutting into the hushed [...]
Resources Phrack - phrack.org Tools Can’t Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer - trustfoundry.net Brian Krebs has produced numerous articles on ATM skimmers. He has essentially become the “go to” journalist on ATM fraud. From reading his stuff, I have learned how the “bad guys” think when it comes to ATM fraud. [...]