Resources Circle City Con 2014 Videos – www.irongeek.com These are the Circle City Con 2014 videos. You can watch and download all of the recordings from here. OWASP Security Shepherd – owasp.org Security Shepherd has been implemented with the aim of fostering and improving security awareness among a varied skill-set demographic. This project enables users to learn [...]
Resources CRITs-Collaborative Research Into Threats – crits.github.io Upload threat data and uncover critical information to keep your organization safe. Develop additional capabilities using the Services Framework to combine CRITs with third-party and home-grown intelligence systems. Heartbleed, Cupid and Wireless – sysvalue.com Since Luis Grangeia presentation on cupid had gotten quite a bit of attention, he felt it’s [...]
Events Related Enter to win an INFILTRATE security conference ticket worth $2,2000 from Hacker Warehouse – hackerwarehouse.com INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Groundbreaking researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere. Conference is being held on May 15 and 16 in [...]
Resources BLE Fun With Ubertooth: Sniffing Bluetooth Smart and Cracking Its Crypto – blog.lacklustre.net Ubertooth is an open source platform for Bluetooth research. It has a powerful ARM microcontroller connected to a reconfigurable radio chip, the TI CC2400. Although it was originally built to monitor classic Basic Rate (BR) Bluetooth, it serves as an excellent platform [...]
Events Related Baythreat 4 – thesprawl.org Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day. The AppSec Program Maturity Curve 4 of 4 – veracode.com This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode [...]
Tools WCE v1.42beta released (32bit) – hexale.blogspot.com WCE v1.42beta released (32bit). This is a minor release. Download it from here. heapLib 2.0 – blog.ioactive.com Chris Valasek released the code for heapLib2. For those of you not familiar, he introduced methods to perform predictable and controllable allocations/deallocations of strings in IE9-IE11 using JavaScript and the DOM. Techniques Unpacking [...]
Resources Want to break some Android apps? – carnal0wnage.attackresearch.com @jhaddix, the newest blogger shared a bunch of Android apps hacking tools links. Tools Linux Exploit Suggester – penturalabs.wordpress.com This is a Linux Exploit Suggester, with no frills and no fancy features; just a simple script to keep track of vulnerabilities and suggest possible exploits to use to [...]
Event Related ToorCon Seattle 2013 - Weaponizing your coffee pot - danielbuentell0.blogspot.com As SoC price continue to drop and their implementation continues to rise, connected “appliances" (Internet of Things) will be become an attractive avenue for cyber criminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard), If one were able to compromise [...]
Event Related Hack in Paris 2013 edition Video and Slides available now on each talk briefing! BYOD - The Privacy and Compliance Risks from Bringing Your Own Mobile Device to Work - hackinparis.com Remoting Android Applications for Fun and Profit - hackinparis.com The Control of Technology by Nation State : Past, Present and Future - The Case of Cryptology and [...]
Event Related Workshop on the Economics of Information Security 2013 - lightbluetouchpaper.org I’m liveblogging WEIS 2013, as I did in 2012, 2011, 2010 and 2009. This is the twelfth workshop on the economics of information security, and the sessions are being held today and tomorrow at Georgetown University. Stupid Little IPv6 Tricks - isc.sans.edu With [...]