Week 45 In Review – 2016

Resources Ruxcon - Presentation Slides from Ruxcon Australia BlackHat Europe 2016 - Techniques Kerberoasting Without Mimikatz - Thanks to an awesome PowerView pull request by @machosec, Kerberoasting is easier than ever using pure PowerShell. I wanted to briefly cover this technique and its background, how we’ve been using it recently, and a few awesome new developments. [...]

Week 45 In Review – 2015

Resources SecTor 2015 - Presentations and videos for SecTor 2015 RuxCon - Tools NMAP - NMAP scripts for TN3270 interaction as well as NJE. Most notably TSO User Enumeration and Brute Force. CICS transaction ID enumeration and NJE node name brute forcing. Techniques Hidden In Plain Sight: Brute Forcing Slack Private Files - [...]

Week 45 In Review – 2013

Resources Introducing Phishing Frenzy – A couple weeks ago Zecnox presented at this year's Derbycon on an email phishing platform that he has been working on. Those of you who missed the talk, he went over some of the features of  Phishing Frenzy and launched a live phishing simulation. You can see the recording here. [...]

Week 39 In Review – 2013

Events Related BruCON 0×05 Wrap Up Here is Xavier's quick wrap-up of  BruCON 0×05. Actually it’s not a wrap-up about the talks. He gives some statistics about the visitors. Resources One Weird Trick for Finding More Crashes – CERT Vulnerability Analysis Team announced the release of updates to both of their fuzzing tools, the CERT [...]

Week 43 in Review – 2012

Event Related ToorCon ToorChat - A Chat Program for use with the ToorCon 2013 badge. ToorCon Presentation - Thanks for attending my Toorcon Presentation. Below are links to my presentation and the references I mentioned in the talk. Please let me know if you have any recommendations on course materials. ToorCon Presentation - [...]

Week 42 in Review – 2012

Event Related Ruxcon Breakpoint Ruxcon Breakpoint kicks off with a bang - The inaugural Ruxcon Breakpoint security conference has kicked off with a bang in Melbourne. Pacemakers, defibrillators open to attack (The Register) - The researcher in question, Barnaby Jack, today told the Ruxcon Breakpoint security conference in Melbourne, Australia that “the most [...]

Week 50 in Review – 2010

Events Related: RSnake, Web Security and a few beers - Reminiscing Black Hat Abu Dhabi. DojoCon Follow-Up - Although there was a formal CFP, everything else followed a traditional unconference format. SANS SEC660: Post Mortem - The class is designed to cover the ground between the SEC560 Network Penetration Testing class and [...]

Week 48 in Review – 2010

Resources: Impersonating The Domain Administrator via SQL Server - A recent presentation I gave for 7Safe. It demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled. RuxCon 2010 Materials - Talk PDFs now posted. Nuff said. New SANS Course - [...]

Information Security Events for November

. Here are the information security events in North America this month: Government Cyber Security Readiness Summit: November 3 to 5 in Arlington HouSecCon 2010: November 4 in Houston Hackfest 2010: November 5 to 6 in Sainte-Foy Security BSides DFW: November 6 in Dallas Security BSides Delaware: November 6 in New Castle AppSec DC: November [...]