Events Related NolaCon 2017 - www.irongeek.com Resources Ransomware using EternalBlue This week's release of Metasploit includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits. Included among them, EternalBlue, exploits MS17-010, a Windows SMB vulnerability. EternalBlue: Metasploit Module for [...]
Events Related Converge 2017 Videos - www.irongeek.com These are the videos from the Converge Information Security Conference. BSides Detroit 2017 Videos - www.irongeek.com These are the videos from the BSides Detroit 2017 Conference. Resources Intel Active Management Technology On May 1, Intel published a security advisory regarding a firmware vulnerability in certain systems that utilize Intel® Active Management [...]
Events Related BSidesCharm 2017 Videos - www.irongeek.com These are the videos BSidesCharm (Baltimore) 2017. Resources Car Hacking - illmatics.com Instead of buying books or paying exorbitant amount of money to learn about car hacking, we (Charlie Miller and Chris Valasek) decided to publish all our tools, data, research notes, and papers to everyone for FREE! Password [...]
Events Related Charlie Miller Keynote, Automotive Security: A Hacker's Eye View - www.youtube.com The security of today's vehicles involves many moving parts, but while manufactures take a majority of the blame, multiple parties contribute to the security debt in today's vehicle ecosystem. This keynote takes a deep dive into automotive security, current attacks and vulnerabilities, [...]
Events Related BSidesNYC2016 - github.com Resources mediatek mt6261 rom dumping via the vibration motor - www.sodnpoo.com McAfee SiteList.xml password decryption - funoverip.net Recently, a very good friend of mine pointed me out the story of a pentester who recovered the encrypted passwords from a McAfee SiteList.xml file, using Responder. Brute-forcing Microsoft Lync via NTLM - www.hackwhackandsmack.com [...]
Events Related ShmooCon: LastPass design elements create perfect Phishing opportunity - www.csoonline.com Cassidy’s presentation at ShmooCon on Saturday morning outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions. BSides Conference BSides Columbus 2016 Videos - www.irongeek.com BSidesNYC2016 – github.com Tools dnstwist - [...]
Events Related Derbycon 2015 Videos - www.irongeek.com Black Hat USA 2015 - www.youtube.com Louisville Infosec 2015 Videos - www.irongeek.com Thoughts on my very first DerbyCon (which won't be my last) - community.rapid7.com One you hang around in infosec for a little while, you learn that each of the major cons have their own reputation, their [...]
Events Related The CIA Campaign to Steal Apple’s Secrets - theintercept.com The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. Resources Reversing Mobile Traffic Lights - www.bastibl.net I wanted to have a look at [...]
Events Related DEFCON This year marked the 23rd DefCon, the hacker conference that began as an informal gathering for hackers to meet in person and party in the desert. Imploding Barrels and Other Highlights From Hackfest DefCon - www.wired.com I spent the week with over 20,000 hackers in Las Vegas — here's what I saw [...]
Resources Jailbreak or Root Detection: A False Sense of Security, Part 1 - bluebox.com Mobile management vendors have ingrained in the industry that jailbroken and rooted devices are bad: automatically deny all access. There is a widespread fear in the industry that these “compromised” devices jeopardize enterprise networks and are prone to leaking corporate secrets. [...]