Tools SpiderFoot 2.0.4 released, new module, improvements and bug fixes – spiderfoot.net Kautilya 0.4.4 - dump lsa secrets, introduce vulns, improved backdoors and more –labofapenetrationtester.com Here comes Kautilya 0.4.4. This version adds three new payloads and improves couple of others. Owasp Broken Web Applications Project VM v1.1 Released – sourceforge.net Looking for the latest version? Download OWASP_Broken_Web_Apps_VM_1.1.7z. Techniques [...]
Event Related Workshop on the Economics of Information Security 2013 - lightbluetouchpaper.org I’m liveblogging WEIS 2013, as I did in 2012, 2011, 2010 and 2009. This is the twelfth workshop on the economics of information security, and the sessions are being held today and tomorrow at Georgetown University. Stupid Little IPv6 Tricks - isc.sans.edu With [...]
Event Related SOURCE Dublin SOURCE Dublin Wrap-Up Day #1 - blog.rootshell.be I flew on Wednesday evening to Dublin, Ireland to attend the SOURCE conference (previously, it was organised in Barcelona). The conference was held in the Trinity College, in the centre of the city. SOURCE Dublin Wrap-Up Day #2 - blog.rootshell.be This second day started [...]
Event Related SyScan 2013 SyScan13: Revisiting Mac OS X Rootkits presentation - reverse.put.as SyScan 2013, 10th anniversary edition is over! It is a great conference and I hope it does not end here. I had lots of fun and met new interesting people. Thomas is an awesome host! It helps that I really like Singapore [...]
Event Related Syscan 2013 SyScan 2013, Bochspwn paper and slides - gynvael.coldwind.pl In our SyScan presentation, we explained the concept of kernel race conditions in interacting with user-mode memory, gave a brief rundown on how they can be identified by using CPU-level instrumentation of an operating system session, and later focused on how they can [...]
Event Related OWASP OWASP AppSec 2012 Presentation: SQL Server Exploitation, Escalation, and Pilfering - netspi.com During this presentation attendees will be introduced to lesser known, yet significant vulnerabilities in SQL Server implementations related to common trust relationships, misconfigurations, and weak default settings. XSS & CSRF with HTML5 - Attack, Exploit and Defense - shreeraj.blogspot.com HTML5 [...]
Event Related Columbus OWASP Meeting Presentation - stateofsecurity.com Last week, I presented at the Columbus OWASP meeting on defensive fuzzing, tampering with production web applications as a defensive tactic and some of the other odd stuff we have done in that arena. Charlie Miller & Dino Dai Zovi at CodenomiCON 2012: iOS Hacker's Update - [...]
Event Related Man on the SecurityStreet Man on the SecurityStreet - Day 2 Continued. - community.rapid7.com Dave Kennedy, the founder of TrustedSec, gave an entertaining presentation called Going on the Offensive - Proactive Measures in Security your Company. Just like HD's earlier presentation, we had our staff artist plot out the entire speech, which you [...]
Resources Elderwood Project 'Elderwood' Crew, Tied to Google Aurora Attack, Targeting Defense, Energy, Finance Companies - threatpost.com The same team that attacked Google in the Aurora campaign in 2009 is still active and has been conducting a long-term campaign targeting defense contractors, financial services companies, energy companies, human rights organizations and government agencies using a [...]
Event Related OWASP DC’s Videos - vimeo.com Here are all of the videos that OWASP DC has uploaded to Vimeo. Appearances are videos that OWASP DC has been credited in by others. Stripe CTF 2 – Web Challenges - abiusx.com I participated in the Stripe CTF Web Attacks and thus far it was the most [...]