Resources Running guide for CTF's - gist.github.com Blackhat Hardware Training Roadmap - securinghardware.com This diagram is intended to give an overview of many of the hardware-related trainings available at Black Hat USA 2017. Generally, lower level hardware is at the bottom and more software to the top. Tools Wordpress Exploit Framework - github.com screen2root - [...]
Events Related BSides Columbus 2017 Videos - www.irongeek.com These are the videos from the BSides Columbus Ohio conference. Resources DevOoops: Client Provisioning (Vagrant) - carnal0wnage.attackresearch.com Notes from the 2015 Devoops Talk. Vagrant used to ship with a default keypair and was difficult to rotate. Intel debugger interface open to hacking via USB - blog.ptsecurity.com New Intel processors [...]
Tools Acunetix Free Manual Pen Testing Tools - www.acunetix.com Acunetix Manual Tools allow penetration testers to further automated testing. waveconverter - github.com Factoria Labs 2016 WaveConverter is a Python application, built on GTK+ 3. The GUI has been implemented via Glade. A sqlite database has been implemented via sqlalchemy. Techniques Cracking The 12+ Character Password [...]
Tools Invoke-TheHash - github.com Invoke-TheHash contains PowerShell functions for performing NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side. FiercePhish - github.com FiercePhish is a full-fledged phishing framework to manage all phishing engagements. It allows you to track [...]
Resources 33C3: Chris Gerlinsky Cracks Pay TV - hackaday.com People who have incredible competence in a wide range of fields are rare, and it can appear deceptively simple when they present their work. [Chris Gerlinksy]’s talk on breaking the encryption used on satellite and cable pay TV set-top boxes was like that. Tools mitmproxy: release v1.0.0 - [...]
Events Related PhreakNIC20-2016 - www.youtube.com Tools GRASSMARLIN - github.com GRASSMARLIN provides IP network situational awareness of industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks to support network security. Techniques Secure Rom extraction on iPhone 6s - ramtin-amin.fr Secure ROM, also knows as bootrom, is the very first piece of software that [...]
Events Related BSidesLV - youtube.com Recordings of Security BSides Las Vegas sessions, selected sessions of sister conferences and other Information Security related educational materials. BotConf 2016 This is already the fourth edition of the Botconf security conference, fully dedicated to fighting malware and botnets. Since the first edition, the event location changed every year and it allowed me [...]
Events Related Kiwicon X - www.youtube.com Resources Curl Security Audit - daniel.haxx.se I asked for, and we were granted a security audit of curl from the Mozilla Secure Open Source program a while ago. This was done by Mozilla getting a 3rd party company involved to do the job and footing the bill for it. CVE-2016-7098 - legalhackers.com "GNU [...]
Events Related BSides DC 2016 - Opening - www.youtube.com Alex Norman does what Alex Norman does best. Open the con. Inspirational, motivational and most importantly... short. AppSecUSA 2016 - www.youtube.com Recordings from AppSecUSA 2016 in Washington, DC Highlights from the O'Reilly Security Conference in Amsterdam 2016 - www.oreilly.com Watch highlights covering security, defense, tools, and [...]
Events Related Charlie Miller Keynote, Automotive Security: A Hacker's Eye View - www.youtube.com The security of today's vehicles involves many moving parts, but while manufactures take a majority of the blame, multiple parties contribute to the security debt in today's vehicle ecosystem. This keynote takes a deep dive into automotive security, current attacks and vulnerabilities, [...]