Site News

/Site News

Week 47 In Review – 2016

Events Related BSides DC 2016 - Opening - Alex Norman does what Alex Norman does best. Open the con. Inspirational, motivational and most importantly... short. AppSecUSA 2016 - Recordings from AppSecUSA 2016 in Washington, DC Highlights from the O'Reilly Security Conference in Amsterdam 2016 - Watch highlights covering security, defense, tools, and [...]

Week 45 In Review – 2016

Resources Ruxcon - Presentation Slides from Ruxcon Australia BlackHat Europe 2016 - Techniques Kerberoasting Without Mimikatz - Thanks to an awesome PowerView pull request by @machosec, Kerberoasting is easier than ever using pure PowerShell. I wanted to briefly cover this technique and its background, how we’ve been using it recently, and a few awesome new developments. [...]

Week 44 In Review – 2016

Events Related Charlie Miller Keynote, Automotive Security: A Hacker's Eye View - The security of today's vehicles involves many moving parts, but while manufactures take a majority of the blame, multiple parties contribute to the security debt in today's vehicle ecosystem. This keynote takes a deep dive into automotive security, current attacks and vulnerabilities, [...]

Week 43 In Review – 2016

Events Related I’m back to Luxembourg for a new edition of In fact, I arrived yesterday afternoon to attend the MISP summit. It was a good opportunity to meet MISP users and to get fresh news about the project. 2016 Wrap-Up Day #1 - 2016 Wrap-Up Day #2 - 2016 [...]

Week 42 In Review – 2016

Resources Published "SecDevOps Risk Workflow" Book (v0.57) - I just published version v0.57 of the (previously called) Jira Risk Workflow book. Vulnerabilities These 60 dumb passwords can hijack over 500,000 IoT devices into the Mirai botnet - Mirai has become infamous in recent weeks after blasting the website of security blogger Brian Krebs off the [...]

2017-03-12T17:39:11-07:00 October 16th, 2016|Security Vulnerabilities, Site News, Week in Review|1 Comment

Week 41 In Review – 2016

Events Related GrrCON 2016 Videos - These are the videos of the presentations from GrrCON 2016. Videos from the DHS Cyber Security Division (CSD) workshop earlier this year - Here are a couple of links to the Department of Homeland Security (DHS) Cyber Security Division (CSD) showcase earlier this year. They did a great [...]

Week 38 In Review – 2016

Events Related BSides Augusta 2016 Videos - These are the videos from the BSides Augusta conference. Resources Long Secret Stingray Manuals Detail How Police Can Spy On Phones - The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. Techniques Reprogramming the Defcon 24 badge [...]

Week 37 In Review – 2016

Resources House of Keys: 9 Months later... 40% Worse - In our initial study we analyzed SSH host key use as well. Unfortunately there is no recent scan data on SSH host keys available (however there is a ticket over at the awesome ZMap project). Tools FaceWhisperer - FaceWhisperer is a hardware add-on for the ChipWhisperer side-channel [...]

Week 36 In Review – 2016

Tools WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack Python tools for penetration testers - Python tools for penetration testers Nmap 7.25BETA2 Birthday Release - Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and new features. Vulnerabilities Meet USBee, the malware that uses USB drives to covertly jump airgaps - [...]

Week 34 In Review – 2016

Events Related Impressions From DEF CON 24: The Machines Are Rising - DEF CON 24, the world’s largest hacker conference, ended Aug. 7, and I must say I enjoyed every moment of it. There was so much to see in so little time; I definitely regret missing some great stuff that happened. Even so, [...]