Resources Forgot your Windows admin password? – ogostick.net This is a utility to reset the password of any user that has a valid local account on your Windows system. Finally! A very major release! TrustyCon Videos Available – makehacklearn.org You can find the playlist of all of the videos in Al Jigong Billings YouTube channel [...]
Events Related Course Review: Offensive Security AWE (Advanced Windows Exploitation) – www.ethicalhacker.net In terms of training, Offensive Security is best known for their Pentesting with BackTrack/Kali (PWK) and Cracking the Perimeter (CTP) courses. The course was delivered by its creators, Matteo Memelli and Devon Kearns. Matteo handled all of the speaking responsibilities, and Devon apparently participated [...]
Resources Why PLCpwn Is Important for ICS Cyber Weapons – www.digitalbond.com The interesting question is what happens when organizations and governments stumble across one of these deployed attack systems and covert channels? S4x14 Video: Stephen Hilt on PLCpwn -digitalbond.com Cheat Sheets – packetlife.net Here are Cheet sheets by packetlife. You can download all from here. OWASP Cheat Sheet [...]
Events Related Why we have to boycott RSA – blog.erratasec.com The reason isn't that Robert Graham is upset at RSA, or think that they are evil. He thinks RSA was mostly tricked by the NSA instead of consciously making the choice to backdoor their products. Resources Stupid IDN Tricks: Unicode Combining Characters – blog.dinaburg.org Safari will display [...]
Events Related CCC, 100-gbps, and your own private Shodan – blog.erratasec.com One of the oldest/biggest "hacker" conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet. Resources Quick Joomla Refresher – blog.spiderlabs.com In this blog post David Kirkpatrick mention some of the tools he used to check the [...]
Events Related Baythreat 4 – thesprawl.org Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day. The AppSec Program Maturity Curve 4 of 4 – veracode.com This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode [...]
Events Related BotConf 2013 Wrap-Up BotConf 2013 Wrap-Up Day #1 –blog.rootshell.be Xavier was in Nantes (France) for two days to attend a new conference: Botconf. As the name says, this event was dedicated to botnets and malwares. BotConf 2013 Wrap-Up Day #2 – blog.rootshell.be Here is the Day 2 wrap up of the conference by Xavier. The [...]
Resources Louisville Infosec 2013 Videos – www.irongeek.com Here are the videos from Louisville Infosec 2013 conference. BruCON talks – youtube.com BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Here are the videos from BruCON [...]
Resources Heuristic methods used in sqlmap – unconciousmind.blogspot.com You can find slides for Miroslav Štampar talk "Heuristic methods used in sqlmap" held at FSec 2013 conference (Croatia / Varazdin 19th September 2013) here. Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network – blog.spiderlabs.com It’s always surprising how insecure some internal networks turn out to [...]
Resources Video Tutorial: Introduction to XML External Entity Injection – community.rapid7.com This video introduces XML injection to achieve XML external entity injection (XXE) and XML based cross site scripting (XSS). Errata Security's blog We scanned the Internet for port 22 – blog.erratasec.com Errata Security scanned the entire Internet for port 22 -- the port reserved for "SSH", [...]