Event Related ShmooCon Firetalks 2013 - irongeek.com These are the videos I have for the ShmooCon Firetalks 2013. Resources APT 1 APT 1: Exposing One of China's Cyber Espionage Units - intelreport.mandiant.com APT1: Exposing One of China's Cyber Espionage Units Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure: The Nitty Gritty - [...]
Event Related S4x13 Video: Atlas on RF Comms Security and Insecurity - digitalbond.com RF Comms are often ignored in SCADA assessments. Big mistake as atlas 0f d00m shows RF hacking session at S4x13. #Shmoocon Presentation Links - mainframed767.tumblr.com So I talked fast and furious and ran out of time, but 20 minutes is not a [...]
Event Related Index of Congress 29c3 - ftp.ccc.de High quality mp4 of 29c3. The 'Hack Back' Offense - bankinfosecurity.com To repel the onslaught of cyberattacks against organizations, security leaders are debating the merits of the "hack back" defense. THREADS - trailofbits.com THREADS is an annual conference that focuses on pragmatic security research and new discoveries [...]
Resources Efficient Padding Oracle Attacks on Cryptographic Hardware - hal.inria.fr Stealing RSA private keys from hardware using oracle attacks in a few hours. JSLR - thespanner.co.uk Cross-Site Scripting (XSS) has been around for ages – with first incidents being reported in the late nineties. Despite the attack technique not being the most complex of all, [...]
Resources Research for SharePoint (MOSS) - owasp.org This page contains research notes on Microsoft's SharePoint MOSS and WSS MS SQL - Useful Stored Procedures for SQL Injection and Ports Info - pentesticles.com The following post lists and describes various useful stored procedures and port information for MS SQL. Portable Executable 101 - a windows executable [...]
Event Related A cyber weapon - alexmgeorge.wordpress.com At RSA 2012 Dave Aitel made a presentation wherein he defined cyber weapons a bit outside of how people normally think. The tried and true metaphor (which I admit to using) is that exploits or frameworks are like guns, and if they’re like guns then it’s easy to [...]
Tools: Metasploit inside a word file – ithaven.blogspot.com Vulnerabilities: FFSpy – Firefox Malware PoC Debian OpenSSH 4.7 encryption flawed Flaw in encryption armor discovered – cnet.com Chink in encryption armor discovered – zdnet.com ntpd autokey stack buffer overflow – cert.org Other News: Adobe patch Tuesday approach Adobe Adopts Microsoft’s Patch Tuesday Approach – washingtonpost.com Adobe [...]
A critical update to Adobe Reader 8.1.2 and Acrobat 8.1.2 has been released to address a remote exploit vulnerability. Version 9 of these products are not vulnerable. The advisory from Core Security notes that there is a stack buffer overflow when parsing PDF files, and the flaw could be exploited if a user is tricked [...]