Week 25 In Review – 2017

Events Related Circle City Con 2017 Videos - www.irongeek.com ANYCon 2017 Videos - www.irongeek.com Techniques Armory Sandbox – Building a USB analyzer with USB armory - sentinelone.com The USB armory is a small computer on a USB stick, providing an ARM A8 800 MHz CPU and 512MB RAM, and it’s versatile enough to implement all kinds of [...]

Week 36 In Review – 2016

Tools WiFi-Pumpkin - github.com Framework for Rogue Wi-Fi Access Point Attack Python tools for penetration testers - github.com Python tools for penetration testers Nmap 7.25BETA2 Birthday Release - nmap.org Nmap 7.25BETA1 includes dozens of performance improvements, bug fixes, and new features. Vulnerabilities Meet USBee, the malware that uses USB drives to covertly jump airgaps - [...]

Week 30 In Review – 2016

Tools Umap2 - github.com Umap2 is the second revision of NCC Group's python based USB host security assessment tool. Nmap 7.25BETA1 Released with our new Npcap driver, 6 new NSE scripts, and more! - nmap.org Nmap and Zenmap (the graphical front end) are available in several versions and formats. Recent source releases and binary packages [...]

2017-03-12T17:39:12-07:00 July 24th, 2016|Security Tools, Week in Review|0 Comments

Week 12 In Review – 2016

Events Related Pwn2Own 2016: Hackers Earn $460,000 for 21 New Flaws - securityweek.com On the first day, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari [...]

Week 45 In Review – 2015

Resources SecTor 2015 - sector.ca Presentations and videos for SecTor 2015 RuxCon - ruxcon.org.au Tools NMAP - github.com NMAP scripts for TN3270 interaction as well as NJE. Most notably TSO User Enumeration and Brute Force. CICS transaction ID enumeration and NJE node name brute forcing. Techniques Hidden In Plain Sight: Brute Forcing Slack Private Files - [...]

Week 39 In Review – 2015

Events Related The CIA Campaign to Steal Apple’s Secrets - theintercept.com The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. Resources Reversing Mobile Traffic Lights - www.bastibl.net I wanted to have a look at [...]

Week 23 In Review – 2015

Events Related BSidesLondon 2015 Wrap-Up – blog.rootshell.be Here is a quick wrap-up of the BSidesLondon 2015 by Xavier. This year, they moved to a new location close to Earls Court where is organized InfoSec Europe at the same time. WAF Bypass at Positive Hack Days V – blog.ptsecurity.com Though the contest WAF configuration allowed bypassing, uncommon solutions [...]

Week 50 In Review – 2013

Events Related Baythreat 4 – thesprawl.org Baythreat Day Two. Here are the writeups of another series of excellent presentations from the breaker track for the remainder of the day. The AppSec Program Maturity Curve 4 of 4 – veracode.com This is the final post in a series on the Application Program Maturity Curve. In this series, Veracode [...]

Week 2 in Review – 2013

Event Related Index of Congress 29c3 - ftp.ccc.de High quality mp4 of 29c3. The 'Hack Back' Offense - bankinfosecurity.com To repel the onslaught of cyberattacks against organizations, security leaders are debating the merits of the "hack back" defense. THREADS - trailofbits.com THREADS is an annual conference that focuses on pragmatic security research and new discoveries [...]