Events Related Security Fest - www.youtube.com This summer, Göteborg became the most secure city in Sweden! We had a day filled with great talks by internationally renowned speakers on some of the most cutting edge and interesting topics in IT-Security. ShowMeCon 2017 Videos - www.irongeek.com Resources List of Printers Which Do or Do Not Display [...]
Events Related CarolinaCon 13 - www.youtube.com Techniques impacket - github.com This script will exploit CVE-2017-7494, uploading and executing the shared library specified by the user through the –so parameter. Automating the Empire with the Death Star: getting Domain Admin with a push of a button - byt3bl33d3r.github.io Originally, I wanted something that could just take BloodHounds output, [...]
Events Related AppSec EU 2017 - www.youtube.com Techniques ICS/SCADA Systems for Penetration Testers: A Typical Engagement - blog.gdssecurity.com It’s no secret that the devices that comprise process control systems are generally vulnerable to attack. This point has been made through endless research and has even been the subject of countless talks and trainings. Vulnerabilities Secure [...]
Events Related NolaCon 2017 - www.irongeek.com Resources Ransomware using EternalBlue This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability. EternalBlue: Metasploit Module for [...]
Events Related ShmooCon2017 - archive.org The videos in this collection are from ShmooCon 2017, which occurred on 13-15 January 2017, at the Washington Hilton Hotel. Hackfest 2016 - www.youtube.com Resources From Mimikatz to Kekeo, Passing by New Microsoft Security Technologies - onedrive.live.com Techniques Pen Test Poster: "White Board" - Bash - Useful IPv6 Pivot - [...]
Tools Acunetix Free Manual Pen Testing Tools - www.acunetix.com Acunetix Manual Tools allow penetration testers to further automated testing. waveconverter - github.com Factoria Labs 2016 WaveConverter is a Python application, built on GTK+ 3. The GUI has been implemented via Glade. A sqlite database has been implemented via sqlalchemy. Techniques Cracking The 12+ Character Password [...]
Resources More on Purple Teaming - carnal0wnage.attackresearch.com Purple Teaming is "conducting focused Red Teams with clear training objectives for the Blue Team." SDR Radio Academy: Reverse engineering a wireless car key fob - phasenoise.livejournal.com The Software Defined Radio Academy has the goals of attract Radio Amateurs to modern radio technology and show paths into SDR. Tools [...]
Events Related ShmooCon ShmooCon Firetalks 2016 - www.irongeek.com ShmooCon Pres - www.gitbook.com Tools TrendMicro node.js HTTP server listening on localhost can execute commands - www.trendmicro.com Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password. Techniques SSH Backdoor for [...]
Events Related My SecTor Story: Root Shell on the Belkin WeMo Switch - www.tripwire.com Researchers from Tripwire were on hand to help attendees explore the world of IoT hacking. They brought with them a table full of devices ranging from routers to smart televisions. They also had a video demonstration of the exploitation of vulnerabilities in [...]
Events Related REcon Recap: Here’s What Caught My Eye - researchcenter.paloaltonetworks.com A few weeks ago I was fortunate enough to attend REcon in Montreal, Canada. This conference focuses on reverse engineering and exploitation techniques and has been going on for roughly a decade. PHDays V Highlights: Signs of GSM Interception, High Time to Hack Wi-Fi, Future of [...]