Week 20 In Review – 2017

  Events Related Converge 2017 Videos - These are the videos from the Converge Information Security Conference. BSides Detroit 2017 Videos - These are the videos from the BSides Detroit 2017 Conference.  Resources  Intel Active Management Technology On May 1, Intel published a security advisory regarding a firmware vulnerability in certain systems that utilize Intel® Active Management [...]

Week 45 In Review – 2016

Resources Ruxcon - Presentation Slides from Ruxcon Australia BlackHat Europe 2016 - Techniques Kerberoasting Without Mimikatz - Thanks to an awesome PowerView pull request by @machosec, Kerberoasting is easier than ever using pure PowerShell. I wanted to briefly cover this technique and its background, how we’ve been using it recently, and a few awesome new developments. [...]

Week 38 In Review – 2016

Events Related BSides Augusta 2016 Videos - These are the videos from the BSides Augusta conference. Resources Long Secret Stingray Manuals Detail How Police Can Spy On Phones - The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. Techniques Reprogramming the Defcon 24 badge [...]

Week 37 In Review – 2016

Resources House of Keys: 9 Months later... 40% Worse - In our initial study we analyzed SSH host key use as well. Unfortunately there is no recent scan data on SSH host keys available (however there is a ticket over at the awesome ZMap project). Tools FaceWhisperer - FaceWhisperer is a hardware add-on for the ChipWhisperer side-channel [...]

Week 36 In Review – 2016

Tools WiFi-Pumpkin - Framework for Rogue Wi-Fi Access Point Attack Python tools for penetration testers - Python tools for penetration testers Nmap 7.25BETA2 Birthday Release - Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and new features. Vulnerabilities Meet USBee, the malware that uses USB drives to covertly jump airgaps - [...]

Week 32 In Review – 2016

Events Related DARPA's Cyber Grand Challenge: Early Highlights from the Competition - Early highlights from the world's first all-machine hacking tournament, DARPA's Cyber Grand Challenge (CGC). This computer security competition featured seven High Performance Computers as competitors. CGC took place on Thursday, August 4, 2016. Building the Workforce through Cybersecurity Competitions - The [...]

Week 28 In Review – 2016

Events Related USENIX Annual Technical Conference (ATC) 2016: The Best and Brightest Security Talks - I recently attended the USENIX Annual Technical Conference (ATC) 2016 in Denver, Colorado. I was invited to give an industry talk, discussing my Bring Your Own Dilemma paper from last March (touching briefly on the Out Of Box Exploitation paper from May). Instead of just flying [...]

Week 7 In Review – 2016

Events Related BSidesNYC2016 - Resources mediatek mt6261 rom dumping via the vibration motor - McAfee SiteList.xml password decryption - Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder. Brute-forcing Microsoft Lync via NTLM - [...]

Week 28 In Review – 2015

Events Related The MiTM Mobile Contest: GSM Network Down at PHDays V - The MiTM Mobile contest was held at PHDays for the first time, and it let the participants realize how easily an attacker can conduct the above-mentioned attacks having only a 10$ cell phone with some hacker freeware. SHAKACON SHAKACON was a [...]