Resources RECON 2016 Recon Recordings - recon.cx Recon Slides - recon.cx Derbycon 2016 Videos - www.irongeek.com These are the videos of the presentations from Derbycon 2016. Louisville Infosec 2016 Videos - www.irongeek.com Videos from the Louisville Infosec 2016 conference. R00tz 2016 - r00tz.org Tools PowerShell-Suite - github.com Bypass-UAC is self-contained and does not have any dependencies, bar a [...]
Resources House of Keys: 9 Months later... 40% Worse - blog.sec-consult.com In our initial study we analyzed SSH host key use as well. Unfortunately there is no recent scan data on SSH host keys available (however there is a ticket over at the awesome ZMap project). Tools FaceWhisperer - github.com FaceWhisperer is a hardware add-on for the ChipWhisperer side-channel [...]
Events Related Impressions From DEF CON 24: The Machines Are Rising - securityintelligence.com DEF CON 24, the world’s largest hacker conference, ended Aug. 7, and I must say I enjoyed every moment of it. There was so much to see in so little time; I definitely regret missing some great stuff that happened. Even so, [...]
Events Related DefCon Event Council of 9 ventured forth to DEFCON 24 to compete in this year’s badge challenge, brought to us each year by 1o57. There was determination among the team to win at DC24 to ensure that last year’s win was not a fluke. After many sleepless nights in Vegas, we emerged victorious for [...]
Events Related DARPA's Cyber Grand Challenge: Early Highlights from the Competition - www.youtube.com Early highlights from the world's first all-machine hacking tournament, DARPA's Cyber Grand Challenge (CGC). This computer security competition featured seven High Performance Computers as competitors. CGC took place on Thursday, August 4, 2016. Building the Workforce through Cybersecurity Competitions - www.whitehouse.gov The [...]
Events Related OWASP AppSec California 2016 - www.youtube.com Resources SyScan360 Singapore 2016 slides and exploit code - reverse.put.as The exploit for the bug I presented last March at SyScan360 is today one year old so I decided to release it. I wasn’t sure if I should do it or not since it can be used [...]
Resources Understanding and Hardening Linux Containers - www.nccgroup.trust In general, this operating system virtualization via Linux Containers is an attractive feature for efficiency, speed and modern application deployment, however many would-be adopters continue to question the security of these technologies or platforms. Techniques How I Hacked Facebook, and Found Someone's Backdoor Script - devco.re With [...]
Events Related CanSecWest - www.slideshare.net BSides Nashville 2016 Videos - www.irongeek.com Infiltrate 2016 - infiltratecon.com Resources Ransomware: Past, Present, and Future - blog.talosintel.com The rise of ransomware over the past year is an ever growing problem. Businesses often believe that paying the ransom is the most cost effective way of getting their data back - [...]
Events Related ShmooCon ShmooCon Firetalks 2016 - www.irongeek.com ShmooCon Pres - www.gitbook.com Tools TrendMicro node.js HTTP server listening on localhost can execute commands - www.trendmicro.com Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password. Techniques SSH Backdoor for [...]
Resources Unofficial Guide to Mimikatz & Command Reference - adsecurity.org This page details as best as possible what each command is, how it works, the rights required to run it, the parameters (required & optional), as well as screenshots and additional context (where possible). Index of /docs/Slides/2015 - deepsec.net CVE-2015-8446 (Flash up to 19.0.0.245) And [...]