Week 15 In Review – 2017

  Events Related  HITB 2017 This year, the conference was based on four(!) tracks: two regular ones, one dedicated to more “practical” presentations (HITBlabs) and the last one dedicated to small talks (30-60 mins). HITB Amsterdam 2017 Day #1 Wrap-Up - HITB Amsterdam 2017 Day #2 Wrap-Up - Resources  Over The Air: Exploiting [...]

Week 11 In Review – 2017

Events Related BSides Indy 2017 Videos - These are the videos from the BSides Indy conference.  Tools Worried about Strutshock (CVE-2017-5638)? - Quick check to see if your website is vulnerable Techniques PlaidCTF 2012 – Traitor (200 pts) - The challenge is supposed to be very straightforward, because we only have a recorded audio [...]

Week 3 In Review – 2017

Tools Acunetix Free Manual Pen Testing Tools - Acunetix Manual Tools allow penetration testers to further automated testing. waveconverter - Factoria Labs 2016 WaveConverter is a Python application, built on GTK+ 3. The GUI has been implemented via Glade. A sqlite database has been implemented via sqlalchemy. Techniques Cracking The 12+ Character Password [...]

Week 52 In Review – 2016

Resources VMware Security Advisories - vSphere Data Protection (VDP) updates address SSH key-based authentication issue Techniques In Flight Hacking System - What helped a lot to reduce that fear was to understand how things work in planes, and getting used to noises, bumps, and turbulence. This blog post is  about understanding a bit more about how things work aboard an aircraft. More specifically, the In-Flight Entertainment Systems (IFE) developed by Panasonic Avionics.   Other News Learning From A Year of Security Breaches - This year (2016) I accepted as much incident response work as I could. I spent about 300 hours responding to security incidents and data breaches this year as a consultant or volunteer.    

2017-03-12T17:39:09-07:00 December 25th, 2016|Security Vulnerabilities, Site News, Week in Review|0 Comments

Week 46 In Review – 2016

Resources Security Conference - Speaker slides & videos Techniques Nintendo Classic Mini Family Talk of computer contents - As the person who disassembled it released before it was released. Interest in contents has been increased, but in this article I would like to drill down to a bit more detail. When CSI meets [...]

Week 45 In Review – 2016

Resources Ruxcon - Presentation Slides from Ruxcon Australia BlackHat Europe 2016 - Techniques Kerberoasting Without Mimikatz - Thanks to an awesome PowerView pull request by @machosec, Kerberoasting is easier than ever using pure PowerShell. I wanted to briefly cover this technique and its background, how we’ve been using it recently, and a few awesome new developments. [...]

Week 3 In Review – 2014

Resources Smart LSA Secrets Module – Doug decided to take two modules and crash them together to add some automation to some tasks that he seem to pick up often. He took the LSA Secrets module and the Domain Group Enum module and combined them to be one module. Symantec Intelligence Report: December 2013 – [...]

Week 47 In Review – 2013

Resources SIM Card Forensics: An Introduction – A detail discussion by Rohit Shaw about SIM (subscriber identity module), SIM structure and it's file systems, security, tools etc. Vulnerabilities Elevating privileges by exploiting weak folder permissions – This post is about weaknesses in folder permissions leading to elevation of privilege by using DLL hijacking vulnerabilities [...]

2014-04-19T14:47:20-07:00 November 25th, 2013|Security Vulnerabilities, Site News, Week in Review|0 Comments