4li3n’s after midnight useless news and links – 2011.06.27 (*almost-550* edition)

[TOOL] Wi-Fi Network Backup Manager will back up and restores your saved Wi-Fi networks with a few clicks -> http://goo.gl/K3ipL
[NEWS] The End of Lulz? -> http://goo.gl/UQnCW , http://goo.gl/1rx75
[NEWS] LulzSec/gn0sis owned? -> http://goo.gl/xzv5A
[WIKI] Everything about web service attacks -> http://goo.gl/QRvV6
[NEWS] Hackers break into Tony Blair’s webmail server, disclose former PM’s address book -> http://goo.gl/Jsz18
[INFO] JtR GPU patches -> http://goo.gl/lVFo6
[TOOL] Dropbox Reader: Free Dropbox Forensics Tool -> http://goo.gl/PkIky
[UPDATE] Skipfish 2.00b released -> http://goo.gl/b7I48
[TOOL] XSSF Cross-Site Scripting Framework v2.0 released -> http://goo.gl/GgwqB
[POST] Javascript Deobfucation Tools (Parts 1 & 2) -> http://goo.gl/uUYmr , http://goo.gl/sB45d
[POST] Android NFC data forensics – More fun with SQLite -> http://goo.gl/LulVQ
[POST] How precious is your BlackBerry PIN? -> http://goo.gl/D2yPG
[HOW-TO] Nokia N900 Ovi Map enhancement -> http://goo.gl/OwCq8
[TOOL] Cree.py: the Geolocation Information Aggregator -> http://goo.gl/ytdyw
[INFO] Xming: X Server for Windows -> http://goo.gl/krBx2
[ONLINE] Pinczakko’s Guide to Award BIOS Reverse Engineering -> http://goo.gl/uLZMz
[INFO] Long awaited IBM DB2 support now in sqlmap -> http://goo.gl/j48EP
[CON] Media from Notacon 8 (2011) is now online -> http://goo.gl/CPh0o
[POST] Netragard’s Hacker Interface Device (HID) -> http://goo.gl/whj1K
[NEWS] Google is testing self-driving cars! -> http://goo.gl/gKQrD


4li3n’s after midnight useless news and links – 2011.06.14 (*two-in-a-row* edition)

[POST] Harry Potter and the Rogue anti-virus: Part 1 -> http://goo.gl/3Trq3
[POST] Cracking The Credit Card Code -> http://goo.gl/FiPeJ
[UPDATE] Security Onion: The IDS Bootable DVD v20110607 released -> http://goo.gl/0SZAt
[MAG] HITB #6 out now -> http://goo.gl/A4R1E
[POST] Facebook Vulnerability – Session sidejacking -> http://goo.gl/9dcmf
[TOOL] Inguma v.0.3 Released -> http://goo.gl/fb/jdF8I
[NEWS] Turkey police arrests 32 Anonymous hackers for DDoS attack -> http://goo.gl/fb/NE4pz
[PODCAST] SEPodcast #23 -> http://goo.gl/Qv5WP
[INFO] DECT Sniffing with BackTrack 5 (tutorial and video) -> http://goo.gl/c2I5O , http://goo.gl/jO3Es
[EXPLOIT] Microsoft WinXP SP2/SP3 Local System Privilege Escalation (thanx @lefterispan) -> http://goo.gl/iHJGK
[INFO] Black Hat 2011 USA briefings and schedule -> http://goo.gl/HzVjv , http://goo.gl/OZ0hu
[INFO] Microsoft’s 2nd big Patch Tuesday of the year -> http://goo.gl/Ywl2Q
[NEWS] Lulzsec strikes again? senate.gov hacked -> http://goo.gl/4N3zs
[UPDATE] The Sleuth Kit v3.2.3 Released -> http://goo.gl/ZL08c
[POST] Remote rootkit detection (thanx @dinosn) -> http://goo.gl/uTdng
[NEWS] Hack attack: Now Epic Games suffers security breach -> http://goo.gl/PP2do
[POST] Remote DLL Injection with Meterpreter -> http://goo.gl/UQlYU
[POST] How to crash EXPLORER.EXE on all Windows versions -> http://goo.gl/bVD1I
[POST] Why NULL points to 0? -> http://goo.gl/Y7R5o
[POST] Reversing LSASS in-memory hashes -> http://goo.gl/wjhtC

4li3n’s after midnight useless news and links – 2011.06.13 (*june bug* edition)

[ONLINE] AthCon 2011 photos -> http://goo.gl/d1DYy
[GAME] Hackxor: Very Realistic Hacking Online Game -> http://goo.gl/dOVqJ
[UPDATE] PenTBox 1.5 released -> http://goo.gl/9RvuK
[UPDATE] The Samurai Web Testing Framework v0.9.7 released -> http://goo.gl/6Q3PL
[NEWS] Hackers hit IMF with ‘sophisticated cyberattack’ -> http://goo.gl/DTUo8
[POST] Absolute Sownage: A concise history of recent Sony hacks -> http://goo.gl/RHHII
[TOOL] Weevely: A Stealth Tiny PHP Backdoor -> http://goo.gl/F509Y
[INFO] pron[dot]com email and password list dropped by lulzsec -> http://goo.gl/rEub0 , http://goo.gl/dYcb0
[POST] What WhatsApp doesn’t tell you… -> http://goo.gl/pVQGD
[SHEET] Metasploit Unleashed – June 2011 (PDF on mediafire, use at your own risk!) -> http://goo.gl/nl0ph
[MAG] (IN)SECURE magazine #30 (June 2011) -> http://goo.gl/CW4G5
[MAG] ClubHACK Magazine #17 (June 2011) (PDF) -> http://goo.gl/etRNG
[POST] Volume Shadow Copies and LogParser (awesome!) -> http://goo.gl/xvbFg
[HOW-TO] Extend LVM Logical Volume on Linux (by @xorlgr) -> http://goo.gl/SGaOK
[UPDATE] WireShark v1.6.0 released -> http://goo.gl/E4XoJ
[SHEET] Meterpreter cheat sheet -> http://goo.gl/SYlHl
[WEB] projectShellcode: knowledge base for all shellcode related resources -> http://goo.gl/v8UPz
[TOOL] AFICK (Another File Integrity Checker) v2.17 released -> http://goo.gl/4QbKt
[TOOL] ArpON (ARP handler inspection) v2.6 released -> http://goo.gl/hksZl
[UPDATE] The Social-Engineer Toolkit (SET) v.1.4.2 released -> http://goo.gl/mWDAW

AthCon 2011: A not-of-this-earth look!

I just came back from my first AthCon! Last year due to personal reasons I didn’t make it, so this year I was determined to participate. It was two days of pure fun and great presentations! I met great people, gearheads from the online communities plus interesting “geeks” and “freaks”! The whole vibe was cool and friendly despite the tiredness from the long travel and the not-so-easy accessibility of the venue. I’ll try to break the AthCon 2011 experience down for the people that couldn’t make it.

The conference organization
Kyprianos and Christian along with the whole AthCon team did a great job keeping the event on schedule, avoiding any kind of nagging. Nice venue, minimum to none technical problems, great food, smiling faces and friendliness made the admission worthwhile. Neat, simple details and minimum sponsor interference were the key points. On the downside the venue was not easily accessible with public transportation and rather far, but a great place nevertheless!

The presentations
Great talks from infosec professionals and people that seemed to know what they are talking about. I really enjoyed the presentations of Rodrigo Marcos about the potentials of Metasploit, Thanasis Diogos’ presentation about bots and botnets, the anti-reversing exploitation presentation by Kyriakos Economou, the Ncrack development talk by Fotis Hantzis and Mike Kemp’s presentation about cyberterrorism. My favorite ones were Ian Iftach Amit’s presentation on “Pushing in, dropping a load and pulling out quietly”, Dimitris Vassilopoulos talk about using already existing weapons in network security and last but not least the Peter Van Eeckhoutte’s presentation where he announced the “death” of pvefindaddr and the “birth” of mona.py! On another downside moment I would like to pinpoint that not all presentation were of equal value not for the subject itself but mostly for the ability of the presenters plus the cancellation of the Stuxnet presentation due to some visa clearance problems of the presenter Amr Thabet.

The highlight of the event was the exclusive presentation of the much anticipated black01white, a documentary about Greek hackers, their abilities and the fine line between non-legit and legit actions, hence black-white! My honest opinion? Impressive on first look but not the right audience to present it. It was mostly directed to document the Greek scene but to the eyes of unrelated people, which at least was stated before the presentation. Great effort, nice production, but I’m sure the AthCon audience was expecting something more.

Capture the flag
This year’s CTF challenge took place both days. Many people teamed up, creating groups, trying to win the trophy, a brand new iPad 2! The challenge proved to be more than expected with teams really fighting their way to the flag! Flying fingers on keyboards, eyes watching closely laptop screens, whispers between the groups, anything for the win! Finally the trophy went to Rodrigo Marcos’ team (sorry guys, I didn’t keep the other team member names) which came closer to the the solution. Kudos!

The future?
Seeing the satisfaction in the eyes of the people behind this conference, despite their much understandable fatigue, I can only have the best of hopes for AthCon 2012. From what I heard the 2011 admissions were double than 2010 and I can’t see why not to be even more in 2012. In fact, if I may suggest, an easier reachable venue and maybe a different event date, so that young people can attend without worrying about their exams, would make it an even bigger success!


Thanx again! See you all in AthCon 2012!

P.S.: The event photos is a contribution of my friend Nikolaos Sifakis! Thanx mate! Also a huge thanx to my friend Fr33 F1ght3r for his hospitality and his overall support!