Events Related Counter-confab TrustyCon to host speakers boycotting RSA Conference – news.cnet.com A new conference focusing on issues of "trust" at the intersection of privacy and security will take place during RSA's annual show. Resources ShmooCon Firetalks 2014 – www.irongeek.com These are the videos for the ShmooCon Firetalks 2014. Free Tools: The Best Free Tools of 2013? – [...]
Events Related Why we have to boycott RSA – blog.erratasec.com The reason isn't that Robert Graham is upset at RSA, or think that they are evil. He thinks RSA was mostly tricked by the NSA instead of consciously making the choice to backdoor their products. Resources Stupid IDN Tricks: Unicode Combining Characters – blog.dinaburg.org Safari will display [...]
Resources Phishing Frenzy: Installing the Monster – pentestgeek.com If you’re not a rails guru or haven’t ever dabbled with ruby on rails, the installation process might seem overwhelming. Zeknox created this helpful video which follows the newly created wiki on how to get up and running with PF on Kali linux. 30c3: To Protect And Infect, [...]
Resources Adobe CQ Pentesting Guide – Part 1 – resources.infosecinstitute.com This post deals with the step-by-step security testing guidelines for Adobe CQ installation. Adobe CQ is Adobe’s new Web Experience Management software portfolio which provides easy-to-use web apps for creating, managing and delivering online experiences to its users. SkyDogCon 2013 Videos – www.irongeek.com Here are the videos [...]
Events Related CCC, 100-gbps, and your own private Shodan – blog.erratasec.com One of the oldest/biggest "hacker" conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet. Resources Quick Joomla Refresher – blog.spiderlabs.com In this blog post David Kirkpatrick mention some of the tools he used to check the [...]
Events Related Baythreat 4 – thesprawl.org Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day. The AppSec Program Maturity Curve 4 of 4 – veracode.com This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode [...]
Events Related BotConf 2013 Wrap-Up BotConf 2013 Wrap-Up Day #1 –blog.rootshell.be Xavier was in Nantes (France) for two days to attend a new conference: Botconf. As the name says, this event was dedicated to botnets and malwares. BotConf 2013 Wrap-Up Day #2 – blog.rootshell.be Here is the Day 2 wrap up of the conference by Xavier. The [...]
Events Related Course Review: SANS SEC 760 Advanced Exploit Development for Penetration Testers – ethicalhacker.net SANS SEC 760 Advanced Exploit Development for Penetration Testers is a six-day course that teaches the advanced techniques that are needed to compromise modern information systems. OWASP Benelux Day 2013 Wrap-Up – blog.rootshell.be Xavier just back from Amsterdam where was organized the [...]
Tools WCE v1.42beta released (32bit) – hexale.blogspot.com WCE v1.42beta released (32bit). This is a minor release. Download it from here. heapLib 2.0 – blog.ioactive.com Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Techniques Unpacking [...]
Resources Introducing Phishing Frenzy – pentestgeek.com A couple weeks ago Zecnox presented at this year's Derbycon on an email phishing platform that he has been working on. Those of you who missed the talk, he went over some of the features of Phishing Frenzy and launched a live phishing simulation. You can see the recording here. [...]