Week 27 In Review – 2016

Resources Exploring and exploiting Lenovo firmware secrets - Hi, everyone! In this article I will continue to publish my research of Lenovo ThinkPad’s firmware. Previously I shown how to discover and exploit SMM callout vulnerabilities on example of SystemSmmAhciAspiLegacyRt UEFI driver 1day vulnerability. Also, I introduced a small toolkit called fwexpl that provides API for comfortable development of firmware [...]

Week 24 In Review – 2016

Resources Typosquatting programming language package managers - Typosquatting is the malicious registering of a domain that is lexically similar to another, often highly frequented, website. Typosquatters would for instance register a domain named instead of the well known Then they hope that people mistype the website name in the browser and accidentally arrive on the [...]

Week 43 In Review – 2015

Events Related HouSecCon v6 2015 Videos - 2015 Today started the 11th edition of in Luxembourg. Being one of my preferred event, I drove to Luxembourg this morning direction to the Alvisse Parc hotel! 2015 Wrap-Up Day #1 - 2015 Wrap-Up Day #2 - 2015 Wrap-Up Day #3 [...]

Week 38 In Review – 2015

Events Related Black Hat USA 2015 Course Review - Adaptive Red Team Tactics from Veris Group - Black Hat has something for everyone (across the defensive and offensive spectrum) and after considerable delibaration I decided to register for Adaptive Red Team Tactics from Veris Group. This is an interesting team in that a lot of the [...]

Week 51 In Review – 2013

Events Related CCC, 100-gbps, and your own private Shodan – One of the oldest/biggest "hacker" conventions is the CCC congress every December in Germany. This year, they are promising 100-gbps connectivity to the Internet. Resources Quick Joomla Refresher – In this blog post David Kirkpatrick mention some of the tools he used to check the [...]

Week 24 in Review – 2013

Event Related Workshop on the Economics of Information Security 2013 - I’m liveblogging WEIS 2013, as I did in 2012, 2011, 2010 and 2009. This is the twelfth workshop on the economics of information security, and the sessions are being held today and tomorrow at Georgetown University. Stupid Little IPv6 Tricks - With [...]

Week 7 in Review – 2013

Event Related S4x13 Video: Atlas on RF Comms Security and Insecurity - RF Comms are often ignored in SCADA assessments. Big mistake as atlas 0f d00m shows RF hacking session at S4x13. #Shmoocon Presentation Links - So I talked fast and furious and ran out of time, but 20 minutes is not a [...]

Week 4 in Review – 2012

Event Related Shmoocon 2012 ShmooCon 2012: Raising The White Flag - Whitelisting is often touted as a replacement for AV. Despite the fact that something better than AV is needed, application whitelisting isn’t the solution. Their purpose seems good, for the execution is lacking. Things are headed in the right direction, but using simple [...]