Events Related BSides San Francisco 2016 Videos - www.irongeek.com These are the videos from the BSides San Francisco conference. BSides Indy 2016 Videos - www.irongeek.com These are the videos from the BSides Indy conference. Tools HTCAP - www.htcap.org htcap is a web application scanner able to crawl single page application (SPA) in a recursive manner by intercepting ajax calls [...]
Resources USB HID/Fingerprint Reader that enters password if Fingerprint is correct - www.reddit.com CCDC Quals Notes (metasploit) - carnal0wnage.attackresearch.com Some quick notes for interesting stuff to keep for CCDC Quals/Notes Tools EZ-Wave - github.com Tools for Evaluating and Exploiting Z-Wave Networks using Software-Defined Radios. firmadyne - github.com FIRMADYNE is an automated and scalable system for [...]
Events Related BSidesCapeTown 2015 - www.youtube.com Resources Ray Sharp CCTV DVR Password Retrieval & Remote Root - community.rapid7.com On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras. Comodo: Comodo [...]
Events Related BSidesNYC2016 - github.com Resources mediatek mt6261 rom dumping via the vibration motor - www.sodnpoo.com McAfee SiteList.xml password decryption - funoverip.net Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder. Brute-forcing Microsoft Lync via NTLM - www.hackwhackandsmack.com [...]
Events Related Shmoocon 2016 - archive.org ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. BSides Huntsville 2016 Videos - www.irongeek.com These are the videos from the BSides Huntsville conference. Recon 2015 - [...]
Resources Hot or Not? The Benefits and Risks of IoS Remote Hot Patching - www.fireeye.com In this series of articles, FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem. Moving to a Plugin-Free [...]
Events Related ShmooCon: LastPass design elements create perfect Phishing opportunity - www.csoonline.com Cassidy’s presentation at ShmooCon on Saturday morning outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions. BSides Conference BSides Columbus 2016 Videos - www.irongeek.com BSidesNYC2016 – github.com Tools dnstwist - [...]
Events Related ShmooCon ShmooCon Firetalks 2016 - www.irongeek.com ShmooCon Pres - www.gitbook.com Tools TrendMicro node.js HTTP server listening on localhost can execute commands - www.trendmicro.com Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password. Techniques SSH Backdoor for [...]
Events Related 32C3 Recap – Part1 - www.insinuator.net Every year a group of us are happy to use the holidays to travel to Hamburg to meet other people and learn something new at the 32C3. Tools Kali NetHunter 3.0 Released - www.offensive-security.com NetHunter has been actively developed for over a year now, and has undergone nothing [...]
Events Related ICIT Brief: Who’s Behind the Wheel? Exposing the Vulnerabilities and Risks of High Tech Vehicles - icitech.org The brief provides a detailed breakdown of the July 2015 Jeep Cherokee hacking demonstration and an analysis of how hackers would behave during a ‘real-world’ attack Rapid Radio Reversing, ToorCon 2015 - greatscottgadgets.com In this video [...]