Security Vulnerabilities

/Security Vulnerabilities

Week 24 In Review – 2017

Events Related Security Fest - www.youtube.com This summer, Göteborg became the most secure city in Sweden! We had a day filled with great talks by internationally renowned speakers on some of the most cutting edge and interesting topics in IT-Security. ShowMeCon 2017 Videos - www.irongeek.com Resources List of Printers Which Do or Do Not Display [...]

Week 22 In Review – 2017

Events Related AppSec EU 2017 - www.youtube.com Techniques ICS/SCADA Systems for Penetration Testers: A Typical Engagement - blog.gdssecurity.com It’s no secret that the devices that comprise process control systems are generally vulnerable to attack. This point has been made through endless research and has even been the subject of countless talks and trainings. Vulnerabilities Secure [...]

Week 21 In Review – 2017

Events Related NolaCon 2017 - www.irongeek.com Resources Ransomware using EternalBlue This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability. EternalBlue: Metasploit Module for [...]

Week 20 In Review – 2017

  Events Related Converge 2017 Videos - www.irongeek.com These are the videos from the Converge Information Security Conference. BSides Detroit 2017 Videos - www.irongeek.com These are the videos from the BSides Detroit 2017 Conference.  Resources  Intel Active Management Technology On May 1, Intel published a security advisory regarding a firmware vulnerability in certain systems that utilize Intel® Active Management [...]

Week 19 In Review – 2017

Events Related BSidesCharm 2017 Videos - www.irongeek.com These are the videos BSidesCharm (Baltimore) 2017. Resources Car Hacking - illmatics.com Instead of buying books or paying exorbitant amount of money to learn about car hacking, we (Charlie Miller and Chris Valasek) decided to publish all our tools, data, research notes, and papers to everyone for FREE! Password [...]

Week 17 In Review – 2017

Resources  Probable-Wordlists - github.com Wordlists sorted by probability originally created for password generation and testing VM escape - QEMU Case Study - www.phrack.org Virtual machines are nowadays heavily deployed for personal use or within the enterprise segment. Network security vendors use for instance different VMs to analyze malwares in a controlled and confined environment. Vulnerabilities [...]

Week 16 In Review – 2017

Events Related BSides Nashville 2017 Videos - www.irongeek.com Tools CAN-Bus-Arduino-Tool - github.com A tool for performing replay and sniffing CAN bus traffic. OWTF 2.1a "Chicken Korma" released - owtf.github.io Yes folks, it is that time again, a new release of the Offensive Web Testing Framework, OWASP OWTF, one of several OWASP Flagship projects Vulnerabilities InterContinental Hotels [...]

Week 15 In Review – 2017

  Events Related  HITB 2017 This year, the conference was based on four(!) tracks: two regular ones, one dedicated to more “practical” presentations (HITBlabs) and the last one dedicated to small talks (30-60 mins). HITB Amsterdam 2017 Day #1 Wrap-Up - blog.rootshell.be HITB Amsterdam 2017 Day #2 Wrap-Up - blog.rootshell.be Resources  Over The Air: Exploiting [...]

Week 14 In Review – 2017

Events Related Cyphercon 2.0 Videos - www.irongeek.com These are the videos from the Cyphercon 2.0 conference. DakotaCon - www.youtube.com South Dakota’s premier security event. TROOPERScon - www.youtube.com AIDE 2017 - www.irongeek.com Resources BlackHat 2017 - blackhat.com Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) - googleprojectzero.blogspot.com It’s a well understood fact that platform security is an [...]

Week 11 In Review – 2017

Events Related BSides Indy 2017 Videos - www.irongeek.com These are the videos from the BSides Indy conference.  Tools Worried about Strutshock (CVE-2017-5638)? - www.tinfoilsecurity.com Quick check to see if your website is vulnerable Techniques PlaidCTF 2012 – Traitor (200 pts) - int3pids.blogspot.com The challenge is supposed to be very straightforward, because we only have a recorded audio [...]