Events Related Course Review: Offensive Security AWE (Advanced Windows Exploitation) – www.ethicalhacker.net In terms of training, Offensive Security is best known for their Pentesting with BackTrack/Kali (PWK) and Cracking the Perimeter (CTP) courses. The course was delivered by its creators, Matteo Memelli and Devon Kearns. Matteo handled all of the speaking responsibilities, and Devon apparently participated [...]
Events Related BruCON 5by5 – WPScan Online Vulnerability Database – ethicalhack3r.co.uk For those of you who have been living under a rock, BruCON is a security conference held every year in Belgium (originally Brussels, now Ghent). Last year was the 5th time the conference had been held and so the year before (2012) they setup what [...]
Resources Why PLCpwn Is Important for ICS Cyber Weapons – www.digitalbond.com The interesting question is what happens when organizations and governments stumble across one of these deployed attack systems and covert channels? S4x14 Video: Stephen Hilt on PLCpwn -digitalbond.com Cheat Sheets – packetlife.net Here are Cheet sheets by packetlife. You can download all from here. OWASP Cheat Sheet [...]
Resources BLE Fun With Ubertooth: Sniffing Bluetooth Smart and Cracking Its Crypto – blog.lacklustre.net Ubertooth is an open source platform for Bluetooth research. It has a powerful ARM microcontroller connected to a reconfigurable radio chip, the TI CC2400. Although it was originally built to monitor classic Basic Rate (BR) Bluetooth, it serves as an excellent platform [...]
Events Related Counter-confab TrustyCon to host speakers boycotting RSA Conference – news.cnet.com A new conference focusing on issues of "trust" at the intersection of privacy and security will take place during RSA's annual show. Resources ShmooCon Firetalks 2014 – www.irongeek.com These are the videos for the ShmooCon Firetalks 2014. Free Tools: The Best Free Tools of 2013? – [...]
Resources Smart LSA Secrets Module – hackwhackandsmack.com Doug decided to take two modules and crash them together to add some automation to some tasks that he seem to pick up often. He took the LSA Secrets module and the Domain Group Enum module and combined them to be one module. Symantec Intelligence Report: December 2013 – symantec.com [...]
Events Related Why we have to boycott RSA – blog.erratasec.com The reason isn't that Robert Graham is upset at RSA, or think that they are evil. He thinks RSA was mostly tricked by the NSA instead of consciously making the choice to backdoor their products. Resources Stupid IDN Tricks: Unicode Combining Characters – blog.dinaburg.org Safari will display [...]
Resources Phishing Frenzy: Installing the Monster – pentestgeek.com If you’re not a rails guru or haven’t ever dabbled with ruby on rails, the installation process might seem overwhelming. Zeknox created this helpful video which follows the newly created wiki on how to get up and running with PF on Kali linux. 30c3: To Protect And Infect, [...]
Resources Adobe CQ Pentesting Guide – Part 1 – resources.infosecinstitute.com This post deals with the step-by-step security testing guidelines for Adobe CQ installation. Adobe CQ is Adobe’s new Web Experience Management software portfolio which provides easy-to-use web apps for creating, managing and delivering online experiences to its users. SkyDogCon 2013 Videos – www.irongeek.com Here are the videos [...]
Events Related CCC, 100-gbps, and your own private Shodan – blog.erratasec.com One of the oldest/biggest "hacker" conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet. Resources Quick Joomla Refresher – blog.spiderlabs.com In this blog post David Kirkpatrick mention some of the tools he used to check the [...]