Week 21 In Review – 2017

Events Related NolaCon 2017 - Resources Ransomware using EternalBlue This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability. EternalBlue: Metasploit Module for [...]

Week 20 In Review – 2017

  Events Related Converge 2017 Videos - These are the videos from the Converge Information Security Conference. BSides Detroit 2017 Videos - These are the videos from the BSides Detroit 2017 Conference.  Resources  Intel Active Management Technology On May 1, Intel published a security advisory regarding a firmware vulnerability in certain systems that utilize Intel® Active Management [...]

Week 19 In Review – 2017

Events Related BSidesCharm 2017 Videos - These are the videos BSidesCharm (Baltimore) 2017. Resources Car Hacking - Instead of buying books or paying exorbitant amount of money to learn about car hacking, we (Charlie Miller and Chris Valasek) decided to publish all our tools, data, research notes, and papers to everyone for FREE! Password [...]

Week 44 In Review – 2016

Events Related Charlie Miller Keynote, Automotive Security: A Hacker's Eye View - The security of today's vehicles involves many moving parts, but while manufactures take a majority of the blame, multiple parties contribute to the security debt in today's vehicle ecosystem. This keynote takes a deep dive into automotive security, current attacks and vulnerabilities, [...]

Week 7 In Review – 2016

Events Related BSidesNYC2016 - Resources mediatek mt6261 rom dumping via the vibration motor - McAfee SiteList.xml password decryption - Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder. Brute-forcing Microsoft Lync via NTLM - [...]

Week 4 In Review – 2016

Events Related ShmooCon: LastPass design elements create perfect Phishing opportunity - Cassidy’s presentation at ShmooCon on Saturday morning outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions. BSides Conference BSides Columbus 2016 Videos - BSidesNYC2016 – Tools dnstwist - [...]

Week 40 In Review – 2015

Events Related Derbycon 2015 Videos - Black Hat USA 2015 - Louisville Infosec 2015 Videos - Thoughts on my very first DerbyCon (which won't be my last) - One you hang around in infosec for a little while, you learn that each of the major cons have their own reputation, their [...]

Week 39 In Review – 2015

Events Related The CIA Campaign to Steal Apple’s Secrets - The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. Resources Reversing Mobile Traffic Lights - I wanted to have a look at [...]

Week 34 In Review – 2015

Events Related DEFCON This year marked the 23rd DefCon, the hacker conference that began as an informal gathering for hackers to meet in person and party in the desert. Imploding Barrels and Other Highlights From Hackfest DefCon - I spent the week with over 20,000 hackers in Las Vegas — here's what I saw [...]

Week 30 In Review – 2015

Resources Jailbreak or Root Detection: A False Sense of Security, Part 1 - Mobile management vendors have ingrained in the industry that jailbroken and rooted devices are bad: automatically deny all access. There is a widespread fear in the industry that these “compromised” devices jeopardize enterprise networks and are prone to leaking corporate secrets. [...]