Events Related SyScan360 Beijing slides – reverse.put.as Eight days and 10 flights later author Papers back from SyScan360 in Beijing. It was his first visit to China and he had lots of fun observing many things that he only “knew” from reading. His presentation slides are available here. Resources What I Wish I Knew Before [...]
Events Related BruCON 0×05 Wrap Up -blog.rootshell.be Here is Xavier's quick wrap-up of BruCON 0×05. Actually it’s not a wrap-up about the talks. He gives some statistics about the visitors. Resources One Weird Trick for Finding More Crashes – www.cert.org CERT Vulnerability Analysis Team announced the release of updates to both of their fuzzing tools, the CERT [...]
Resources Heuristic methods used in sqlmap – unconciousmind.blogspot.com You can find slides for Miroslav Štampar talk "Heuristic methods used in sqlmap" held at FSec 2013 conference (Croatia / Varazdin 19th September 2013) here. Top Five Ways SpiderLabs Got Domain Admin on Your Internal Network – blog.spiderlabs.com It’s always surprising how insecure some internal networks turn out to [...]
Resources Video Tutorial: Introduction to XML External Entity Injection – community.rapid7.com This video introduces XML injection to achieve XML external entity injection (XXE) and XML based cross site scripting (XSS). Errata Security's blog We scanned the Internet for port 22 – blog.erratasec.com Errata Security scanned the entire Internet for port 22 -- the port reserved for "SSH", [...]
Tools SpiderFoot 2.0.4 released, new module, improvements and bug fixes – spiderfoot.net Kautilya 0.4.4 - dump lsa secrets, introduce vulns, improved backdoors and more –labofapenetrationtester.com Here comes Kautilya 0.4.4. This version adds three new payloads and improves couple of others. Owasp Broken Web Applications Project VM v1.1 Released – sourceforge.net Looking for the latest version? Download OWASP_Broken_Web_Apps_VM_1.1.7z. Techniques [...]
Resources Want to break some Android apps? – carnal0wnage.attackresearch.com @jhaddix, the newest blogger shared a bunch of Android apps hacking tools links. Tools Linux Exploit Suggester – penturalabs.wordpress.com This is a Linux Exploit Suggester, with no frills and no fancy features; just a simple script to keep track of vulnerabilities and suggest possible exploits to use to [...]
Event Related Femtocell Presentation Slides, Videos and App - isecpartners.com We're back from Las Vegas, rested, and finally ready to release the slides, videos, and our app from our presentation at Black Hat and Defcon: Traffic Interception and Remote Mobile Phone Cloning with a Compromised CDMA Femtocell. BlackHat Conference: Z-Wave Security - sensepost.com We are [...]
Event Related Black Hat USA 2013 Black Hat USA 2013, Bochspwn, slides and pointers - j00ru.vexillium.org Two weeks ago (we’re running late, sorry!) Gynvael and I had the pleasure to attend one of the largest, most technical and renowned conferences in existence – Black Hat 2013 in Las Vegas, USA. Black Hat Presentation on Android [...]
Event Related DefCon #DEFCON Defense by numbers: Making Problems for Script Kiddies and Scanner Monkeys - blog.c22.cc Despite my fears of freezing on stage and beginning to drool like a moron, I think the presentation went well. Excluding of course the point where Powerpoint decided it would die in a fire rather than show my [...]
Event Related Course Review: SANS SEC573 Python for Penetration Testers - ethicalhacker.net “SANS SEC573 Python for Penetration Testers” is a five-day class that teaches the basics of the Python language then builds on that knowledge to show how to utilize its specialized libraries to perform network capture and analysis, SQL injection, Metasploit integration, password guessing [...]