Events Related BSidesNYC2016 - github.com Resources mediatek mt6261 rom dumping via the vibration motor - www.sodnpoo.com McAfee SiteList.xml password decryption - funoverip.net Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder. Brute-forcing Microsoft Lync via NTLM - www.hackwhackandsmack.com [...]
Events Related Shmoocon 2016 - archive.org ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues. BSides Huntsville 2016 Videos - www.irongeek.com These are the videos from the BSides Huntsville conference. Recon 2015 - [...]
Resources Hot or Not? The Benefits and Risks of IoS Remote Hot Patching - www.fireeye.com In this series of articles, FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem. Moving to a Plugin-Free [...]
Events Related ShmooCon: LastPass design elements create perfect Phishing opportunity - www.csoonline.com Cassidy’s presentation at ShmooCon on Saturday morning outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions. BSides Conference BSides Columbus 2016 Videos - www.irongeek.com BSidesNYC2016 – github.com Tools dnstwist - [...]
Events Related ShmooCon ShmooCon Firetalks 2016 - www.irongeek.com ShmooCon Pres - www.gitbook.com Tools TrendMicro node.js HTTP server listening on localhost can execute commands - www.trendmicro.com Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password. Techniques SSH Backdoor for [...]
Events Related 32C3 Recap – Part1 - www.insinuator.net Every year a group of us are happy to use the holidays to travel to Hamburg to meet other people and learn something new at the 32C3. Tools Kali NetHunter 3.0 Released - www.offensive-security.com NetHunter has been actively developed for over a year now, and has undergone nothing [...]
Events Related ICIT Brief: Who’s Behind the Wheel? Exposing the Vulnerabilities and Risks of High Tech Vehicles - icitech.org The brief provides a detailed breakdown of the July 2015 Jeep Cherokee hacking demonstration and an analysis of how hackers would behave during a ‘real-world’ attack Rapid Radio Reversing, ToorCon 2015 - greatscottgadgets.com In this video [...]
Resources pentestpackage - github.com A package of Pentest scripts Tools JexBoss - Jboss Verify And Exploitation Tool - github.com JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server. DVNA - github.com Damn Vulnerable Node Application (DVNA) is a Node.js web application that is damn vulnerable. Its intended purpose is to teach [...]
Resources Unofficial Guide to Mimikatz & Command Reference - adsecurity.org This page details as best as possible what each command is, how it works, the rights required to run it, the parameters (required & optional), as well as screenshots and additional context (where possible). Index of /docs/Slides/2015 - deepsec.net CVE-2015-8446 (Flash up to 19.0.0.245) And [...]
Events Related DEFCONConference - www.youtube.com DefCamp 2015 - def.camp Resources Zero Nights - 2015.zeronights.org CheatSheets - github.com Cheat sheets for various projects I contribute to (PowerView, PowerUp, and Empire). Techniques Introduction to Modbus TCP traffic - www.vanimpe.eu Modbus is a serial communication protocol. It is the most widespread used protocol within ICS. It works in a [...]