Events Related Baythreat 4 – thesprawl.org Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day. The AppSec Program Maturity Curve 4 of 4 – veracode.com This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode [...]
Events Related BotConf 2013 Wrap-Up BotConf 2013 Wrap-Up Day #1 –blog.rootshell.be Xavier was in Nantes (France) for two days to attend a new conference: Botconf. As the name says, this event was dedicated to botnets and malwares. BotConf 2013 Wrap-Up Day #2 – blog.rootshell.be Here is the Day 2 wrap up of the conference by Xavier. The [...]
Tools WCE v1.42beta released (32bit) – hexale.blogspot.com WCE v1.42beta released (32bit). This is a minor release. Download it from here. heapLib 2.0 – blog.ioactive.com Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Techniques Unpacking [...]
Resources Introducing Phishing Frenzy – pentestgeek.com A couple weeks ago Zecnox presented at this year's Derbycon on an email phishing platform that he has been working on. Those of you who missed the talk, he went over some of the features of Phishing Frenzy and launched a live phishing simulation. You can see the recording here. [...]
Events Related SANS FOR610: Reverse Engineering Malware – Course Review – blog.c22.cc What follows is a review of the SANS FOR610: reverse engineering malware class taken at the SANS Prague 2013 event. What follows are rough notes, feelings and impressions from the class as it was taking place. Take it as you will, and we hope [...]
Resources Louisville Infosec 2013 Videos – www.irongeek.com Here are the videos from Louisville Infosec 2013 conference. BruCON talks – youtube.com BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Here are the videos from BruCON [...]
Events Related SyScan360 Beijing slides – reverse.put.as Eight days and 10 flights later author Papers back from SyScan360 in Beijing. It was his first visit to China and he had lots of fun observing many things that he only “knew” from reading. His presentation slides are available here. Resources What I Wish I Knew Before [...]
Resources Video Tutorial: Introduction to XML External Entity Injection – community.rapid7.com This video introduces XML injection to achieve XML external entity injection (XXE) and XML based cross site scripting (XSS). Errata Security's blog We scanned the Internet for port 22 – blog.erratasec.com Errata Security scanned the entire Internet for port 22 -- the port reserved for "SSH", [...]
Event Related ToorCon Seattle 2013 - Weaponizing your coffee pot - danielbuentell0.blogspot.com As SoC price continue to drop and their implementation continues to rise, connected “appliances" (Internet of Things) will be become an attractive avenue for cyber criminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard), If one were able to compromise [...]
Event Related Workshop on the Economics of Information Security 2013 - lightbluetouchpaper.org I’m liveblogging WEIS 2013, as I did in 2012, 2011, 2010 and 2009. This is the twelfth workshop on the economics of information security, and the sessions are being held today and tomorrow at Georgetown University. Stupid Little IPv6 Tricks - isc.sans.edu With [...]