Resources The $300 'PITA' steals encryption keys with radio waves - engadget.com Your computer is leaking information. It's not from the usual suspects: WiFi, Bluetooth or ethernet, but from radio waves originating from your processor. Researchers at Tel Aviv University and Israel's Technion research institute have built a $300 device that captures those electromagnetic waves [...]
Resources HackerOne Connects Hackers With Companies, and Hopes for a Win-Win – nytimes.com HackerOne is a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers who are looking to solve problems rather than cause them. They hope their outfit can persuade other hackers to responsibly report security flaws, [...]
Events Related BSidesLondon 2015 Wrap-Up – blog.rootshell.be Here is a quick wrap-up of the BSidesLondon 2015 by Xavier. This year, they moved to a new location close to Earls Court where is organized InfoSec Europe at the same time. WAF Bypass at Positive Hack Days V – blog.ptsecurity.com Though the contest WAF configuration allowed bypassing, uncommon solutions [...]
Events Related HITB Amsterdam Wrap-Up Day #1 – blog.rootshell.be The HITB crew is back in the beautiful city of Amsterdam for a new edition of their security conference. Here is Xavier's wrap-up for the first day! HITB Amsterdam Wrap-Up Day #2 -blog.rootshell.be This is Xavier's quick wrap-up for the second day of Hack in the Box! Resources [...]
Resources Inside Yubikey Neo – hexview.com Yubikey Neo is a $50 authentication token (with bells and whistles) from Yubico. Yubico advertizes it as "practically indestructible". The product security section also claims that the device comes in a "tamper-proof casing" that is "practically impossible to tamper". Cipherli.st – cipherli.st Strong Ciphers for Apache, nginx and Lighttpd. These examples [...]
Resources Week of PowerShell Shells - Announcement and Day 1 – labofapenetrationtester.com To generate awareness and spread the goodness of PowerShell in the infosec community, Nikhil is glad to announce a Week of PowerShell shells. On each day of the past week, from 11th May to 15th May 2015, Nikhil published/discussed a blog post on it. [...]
Events Related Test your hacker skills with DEF CON at the 2015 TRIBECA film festival – tribecafilm.com For the first time ever, the world's biggest underground hacking conference will travel from Las Vegas to NYC for this year's TFF. Resources PCI versions 3.0, 3.1 and your SecureSphere deployment – blog.imperva.com This blog entry will focus solely on [...]
Resources SyScan2015 Conference Slides – syscan.org These are the SyScan2015 Conference Slides. SyScan2015 Conference Slides can be download from here. CanSecWest 2015 Files – cansecwest.com The CanSecWest conference was established in 2000. Archives of presented materials in CanSecWest Vancouver 2015 can be found here. RF Testing Methodology – nccgroup.github.io The RFTM is an Open Source, collaborative testing methodology.It [...]
Events Related Black Hat Asia 2015 Recap – blog.fortinet.com For the second year in a row, BlackHat Asia was held in Singapore, at the end of March, in the luxury Marina Bay Sands hotel. As usual, the 2 days briefings were fully loaded of plenty of topics. 3 distinct tracks were offered, plus the business track [...]
Events Related Pwn2Own 2015: Day One results – h30499.www3.hp.com The first day of Pwn2Own 2015 saw successful attempts by four entrants against four products, with payouts of $317,500 to researchers during today’s competition. Pwn2Own 2015: Day Two results – h30499.www3.hp.com The second and final day of Pwn2Own 2015 saw successful exploits by both entrants against four products, [...]