Events Related HITB 2017 This year, the conference was based on four(!) tracks: two regular ones, one dedicated to more “practical” presentations (HITBlabs) and the last one dedicated to small talks (30-60 mins). HITB Amsterdam 2017 Day #1 Wrap-Up - blog.rootshell.be HITB Amsterdam 2017 Day #2 Wrap-Up - blog.rootshell.be Resources Over The Air: Exploiting [...]
Resources 33C3: Chris Gerlinsky Cracks Pay TV - hackaday.com People who have incredible competence in a wide range of fields are rare, and it can appear deceptively simple when they present their work. [Chris Gerlinksy]’s talk on breaking the encryption used on satellite and cable pay TV set-top boxes was like that. Tools mitmproxy: release v1.0.0 - [...]
Events Related Charlie Miller Keynote, Automotive Security: A Hacker's Eye View - www.youtube.com The security of today's vehicles involves many moving parts, but while manufactures take a majority of the blame, multiple parties contribute to the security debt in today's vehicle ecosystem. This keynote takes a deep dive into automotive security, current attacks and vulnerabilities, [...]
Tools Umap2 - github.com Umap2 is the second revision of NCC Group's python based USB host security assessment tool. Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! - nmap.org Nmap and Zenmap (the graphical front end) are available in several versions and formats. Recent source releases and binary packages [...]
Events Related BSides Cleveland 2016 Videos - www.irongeek.com These are the videos from the Bsides Cleveland conference. Resources MonitorDarkly - github.com This repo contains the exploit for the Dell 2410U monitor. It contains utilities for communicating with and executing code on the device. 148 Projects - bestpractices.coreinfrastructure.org Tools BadUSB 2.0 USB MITM POC - github.com Other News [...]
Resources Out-of-Box Exploitation: A Security Analysis of OEM Updaters - duo.com Original Equipment Manufacturers (OEM) refer to the first boot of a new PC as the out-of-box experience (OOBE). As you battle your way through modal dialogues for questionable software, and agree to some exciting 30 day antivirus trials, it’s pretty forgivable to want to throw [...]
Resources Phrack - phrack.org Tools Can’t Hack a Hacker: Reverse Engineering a Discovered ATM Skimmer - trustfoundry.net Brian Krebs has produced numerous articles on ATM skimmers. He has essentially become the “go to” journalist on ATM fraud. From reading his stuff, I have learned how the “bad guys” think when it comes to ATM fraud. [...]
Events Related Another year, another RSAC - www.cerias.purdue.edu I have attended 10 of the last 15 RSA conferences. I do this to see what’s new in the market, meet up with friends and colleagues I don’t get to see too often, listen to some technical talks, and enjoy a few interesting restaurants and taverns in SF. [...]
Events Related BSidesCapeTown 2015 - www.youtube.com Resources Ray Sharp CCTV DVR Password Retrieval & Remote Root - community.rapid7.com On January 22, 2013, a researcher going by the name someLuser detailed a number of security flaws in the Ray Sharp DVR platform. These DVRs are often used for closed-circuit TV (CCTV) systems and security cameras. Comodo: Comodo [...]
Events Related BSidesNYC2016 - github.com Resources mediatek mt6261 rom dumping via the vibration motor - www.sodnpoo.com McAfee SiteList.xml password decryption - funoverip.net Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder. Brute-forcing Microsoft Lync via NTLM - www.hackwhackandsmack.com [...]