Resources Advanced iOS kernel debugging for exploit developers – www.youtube.com Advanced iOS kernel debugging for exploit developers: A presentation by Stefan Esser (@i0n1c) at the Breakpoint security conference in Melbourne, Australia. ekoparty Security Conference 9th Edition(2013) – ekoparty.org The ekoparty 2013 Videos & Papers are available here. Tools The Social-Engineer Toolkit (SET) v5.4 “Walkers” Released – trustedsec.com [...]
Events Related Hack.lu 2013 Wrap-Up Xavier wrapped-up the event of Hack.Lu 2013-Luxembourg 9th edition. As usual, the event started with a bunch of interesting workshops, talks. These talks went really deep and finally, Shift closed the schedule with “Interactive Deobfuscation“; A very very technical session. Hack.lu 2013 Wrap-Up Day #1 – blog.rootshell.be Hack.lu 2013 Wrap-Up Day [...]
Events Related SANS FOR610: Reverse Engineering Malware – Course Review – blog.c22.cc What follows is a review of the SANS FOR610: reverse engineering malware class taken at the SANS Prague 2013 event. What follows are rough notes, feelings and impressions from the class as it was taking place. Take it as you will, and we hope [...]
Events Related SyScan360 Beijing slides – reverse.put.as Eight days and 10 flights later author Papers back from SyScan360 in Beijing. It was his first visit to China and he had lots of fun observing many things that he only “knew” from reading. His presentation slides are available here. Resources What I Wish I Knew Before [...]
Events Related BruCON 0×05 Wrap Up -blog.rootshell.be Here is Xavier's quick wrap-up of BruCON 0×05. Actually it’s not a wrap-up about the talks. He gives some statistics about the visitors. Resources One Weird Trick for Finding More Crashes – www.cert.org CERT Vulnerability Analysis Team announced the release of updates to both of their fuzzing tools, the CERT [...]
Resources Heuristic methods used in sqlmap – unconciousmind.blogspot.com You can find slides for Miroslav Štampar talk "Heuristic methods used in sqlmap" held at FSec 2013 conference (Croatia / Varazdin 19th September 2013) here. Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network – blog.spiderlabs.com It’s always surprising how insecure some internal networks turn out to [...]
Resources Video Tutorial: Introduction to XML External Entity Injection – community.rapid7.com This video introduces XML injection to achieve XML external entity injection (XXE) and XML based cross site scripting (XSS). Errata Security's blog We scanned the Internet for port 22 – blog.erratasec.com Errata Security scanned the entire Internet for port 22 -- the port reserved for "SSH", [...]
Tools SpiderFoot 2.0.4 released, new module, improvements and bug fixes – spiderfoot.net Kautilya 0.4.4 - dump lsa secrets, introduce vulns, improved backdoors and more –labofapenetrationtester.com Here comes Kautilya 0.4.4. This version adds three new payloads and improves couple of others. Owasp Broken Web Applications Project VM v1.1 Released – sourceforge.net Looking for the latest version? Download OWASP_Broken_Web_Apps_VM_1.1.7z. Techniques [...]
Resources Want to break some Android apps? – carnal0wnage.attackresearch.com @jhaddix, the newest blogger shared a bunch of Android apps hacking tools links. Tools Linux Exploit Suggester – penturalabs.wordpress.com This is a Linux Exploit Suggester, with no frills and no fancy features; just a simple script to keep track of vulnerabilities and suggest possible exploits to use to [...]
Event Related Femtocell Presentation Slides, Videos and App - isecpartners.com We're back from Las Vegas, rested, and finally ready to release the slides, videos, and our app from our presentation at Black Hat and Defcon: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell. BlackHat Conference: Z-Wave Security - sensepost.com We are [...]