Events Related Black Hat attendee report highlights the mess we're in - zdnet.com Black Hat has released its first-ever attendee research report, highlighting infosec's ongoing hiring crisis and a sector that feels poorly prepared to face current threats. How We Fared in the Cyber Grand Challenge - blog.trailofbits.com The Cyber Grand Challenge qualifying event was held [...]
Events Related The MiTM Mobile Contest: GSM Network Down at PHDays V - blog.ptsecurity.com The MiTM Mobile contest was held at PHDays for the first time, and it let the participants realize how easily an attacker can conduct the above-mentioned attacks having only a 10$ cell phone with some hacker freeware. SHAKACON SHAKACON was a [...]
Events Related REcon Recap: Here’s What Caught My Eye - researchcenter.paloaltonetworks.com A few weeks ago I was fortunate enough to attend REcon in Montreal, Canada. This conference focuses on reverse engineering and exploitation techniques and has been going on for roughly a decade. PHDays V Highlights: Signs of GSM Interception, High Time to Hack Wi-Fi, Future of [...]
Resources The $300 'PITA' steals encryption keys with radio waves - engadget.com Your computer is leaking information. It's not from the usual suspects: WiFi, Bluetooth or ethernet, but from radio waves originating from your processor. Researchers at Tel Aviv University and Israel's Technion research institute have built a $300 device that captures those electromagnetic waves [...]
Resources Circle City Con 2015 Videos – irongeek.com These are the Circle City Con videos. You can watch and download the videos from here. LastPass Security Notice – blog.lastpass.com LastPass want to assure their users that their cyberattack response worked as designed. They have received many questions so they want to take a moment and provide additional [...]
Resources HackerOne Connects Hackers With Companies, and Hopes for a Win-Win – nytimes.com HackerOne is a San Francisco tech start-up that aims to become a mediator between companies with cybersecurity issues and hackers who are looking to solve problems rather than cause them. They hope their outfit can persuade other hackers to responsibly report security flaws, [...]
Events Related BSidesLondon 2015 Wrap-Up – blog.rootshell.be Here is a quick wrap-up of the BSidesLondon 2015 by Xavier. This year, they moved to a new location close to Earls Court where is organized InfoSec Europe at the same time. WAF Bypass at Positive Hack Days V – blog.ptsecurity.com Though the contest WAF configuration allowed bypassing, uncommon solutions [...]
Events Related HITB Amsterdam Wrap-Up Day #1 – blog.rootshell.be The HITB crew is back in the beautiful city of Amsterdam for a new edition of their security conference. Here is Xavier's wrap-up for the first day! HITB Amsterdam Wrap-Up Day #2 -blog.rootshell.be This is Xavier's quick wrap-up for the second day of Hack in the Box! Resources [...]
Resources Inside Yubikey Neo – hexview.com Yubikey Neo is a $50 authentication token (with bells and whistles) from Yubico. Yubico advertizes it as "practically indestructible". The product security section also claims that the device comes in a "tamper-proof casing" that is "practically impossible to tamper". Cipherli.st – cipherli.st Strong Ciphers for Apache, nginx and Lighttpd. These examples [...]
Resources Week of PowerShell Shells - Announcement and Day 1 – labofapenetrationtester.com To generate awareness and spread the goodness of PowerShell in the infosec community, Nikhil is glad to announce a Week of PowerShell shells. On each day of the past week, from 11th May to 15th May 2015, Nikhil published/discussed a blog post on it. [...]