4li3n’s after midnight useless news and links – 2011.08.12 (*DC/BH/BSidesLV extra* edition)

********************************************************
* DefCon 19 / Black Hat USA 2011 / BSidesLV 2011 extra *
********************************************************
[SLIDES] Covert Post-Exploitation Forensics With Metasploit (BH) -> http://goo.gl/b6LWo
[SLIDES] Network Nightmare – PXE talk at Defcon (DC) -> http://goo.gl/AtvFf
[VIDEO] Various Interviews form Blackhat USA 2011 (BH) -> http://goo.gl/aL2WU
[SLIDES] iOS 4 Security Evaluation (BH) -> http://goo.gl/M2xmU
[POST] BSIDESLV – DEFCON 2011 Summary (BSidesLV/DC) -> http://goo.gl/2tWsU
[NEWS] 4G and CDMA networks reportedly hacked at DEFCON (DC) -> http://goo.gl/lY97y , http://goo.gl/NE3SG
[POST] BH 2011: Bit-squatting – DNS hijacking without exploitation (BH) -> http://goo.gl/fcwNF
[AUDIO] Black Hat 2011: GrayWolf Attacks .NET Apps (BH) -> http://goo.gl/4FYCm
[POST] A look into Black Hat’s wireless network (BH) -> http://goo.gl/lcw12
[POST] Auto-BAHN: Using Smart phones to create emergency, ad hoc networks (DC) -> http://goo.gl/kehdQ
[VIDEO] Black Hat USA 2011: Interview with Dan Kaminsky (BH) -> http://goo.gl/Zf6GU
[SLIDES] Attacking Client Side JIT Compilers (BH) -> http://goo.gl/SPjDl
[POST] Observations From Black Hat (BH) -> http://goo.gl/QhiB8
[VIDEO] Black Hat 2011 USA: Phillipe Courtot (BH) -> http://goo.gl/hjK6K
[SLIDES] Advanced Data Exfiltration (BSidesLV) -> http://goo.gl/sySyi
[POST] Black Hat 2011: The Rise Of The Machines (BH) -> http://goo.gl/5kn5c
********************************************************
[FUN] How can I open .exe file on Linux? -> http://goo.gl/Y07FJ
[POST] Test Your Security Equipment’s Ability to Block JavaScript Obfuscations -> http://goo.gl/kdKL3
[VULN] Vulnerabilities in DNS Server Could Allow Remote Code Execution -> http://goo.gl/MLt6d , http://goo.gl/RujEV
[INFO] Cheat Sheets and others -> http://goo.gl/rHRbo
[TOOL] Dropbox Reader: command-line tools for parsing dropbox configuration and cache files -> http://goo.gl/facHq
[POST] Windows Hooks of Death: Kernel Attacks through User-Mode Callbacks -> http://goo.gl/l7mWq
[NEWS] Researchers Hack Mobile Data Communications -> http://goo.gl/S4Wjb , http://goo.gl/MEQg9
[POST] Performing DoS Attacks With JavaScript Malware -> http://goo.gl/B6t9t
[HOW-TO] Remove yourself from ALL background check websites -> http://goo.gl/PZ5Qbg
[BLOG] Pop Pop Ret: Windows Kernel Exploitation -> http://goo.gl/cSGmX
[UPDATE] Hashkill 0.2.4 -> http://goo.gl/SJTQC
[SCRIPT] http-waf-detect: WAF/IDS/IPS detection -> http://goo.gl/h6Han
[VIDEO] De-ICE.net v1.2b (1.20b) {Level 1 – Disk 3 – Version B} -> http://goo.gl/FC6Dn
[WIKI] Live streams from CCC -> http://goo.gl/upRx9
[NEWS] More BlackBerry image problems: RIM warns of BES security vulnerabilities -> http://goo.gl/YQ1tt
[POST] You expect me to remember that? (Part 1) -> http://goo.gl/FpXrI
[POST] See strings in Binaries using Notepad++ -> http://goo.gl/bNli8

Advertisements

4li3n’s after midnight useless news and links – 2011.08.09 (*DC/BH/BSidesLV special* edition)

**********************************************************
[+] DefCon 19 / Black Hat USA 2011 / BSidesLV 2011 special
**********************************************************
[CODE] Moshi Moshi: VoIP Bot written in Python (DC/BSides) -> http://goo.gl/wC0yK
[SLIDES] “Sounds like Botnet” talk (DC/BSides) -> http://goo.gl/Pgfkl
[PRESENTATION] Checkmate with Denial of Service (BH) -> http://goo.gl/51b5Y
[NEWS] 10 year old girl hacker CyFi reveal her first zero-day in Game (DC) -> http://goo.gl/4svMd
[NEWS] DefCon Kids (DC) -> http://goo.gl/w9Sla , http://goo.gl/wrTVg
[NEWS] Photos show the cultural difference between Black Hat and Defcon hacker events (BH/DC) (thanx citr0) -> http://goo.gl/GHh7x
[NEWS] Vegas gone wild (BSides/DC) -> http://goo.gl/rCfRL
[PRESENTATION] All DefCon 19 presentations (DC) -> http://goo.gl/EPJoZ
[VIDEO] Kinectasploit!!! (DC) -> http://goo.gl/ZLyvF
[SLIDES] WTF Happened to the Constitution? The Right to Privacy in the Digital Age (DC) -> http://goo.gl/AOGcF
[NEWS] Oracle, other companies “punkd” in hacking contest (DC) -> http://goo.gl/jzjcp
[POST] Post-Exploitation Techniques (BH) -> http://goo.gl/oI8VE
[NEWS] Database Forensics Still In Dark Ages (BH) -> http://goo.gl/N8azr
[NEWS] DEF CON: The event that scares hackers (DC) -> http://goo.gl/Jyv0A
[SLIDES] Cipherspaces/Darknets: An Overview Of Attack Strategies (DC) -> http://goo.gl/jwiXU
[NEWS] Android Network Toolkit for Penetration Testing and Hacking (DC) (thanx to my S.O.) -> http://goo.gl/BKGbS
**********************************************************
[POST] Extracting Non-Standard SquashFS Images -> http://goo.gl/NLtXv
[CODE] PHP stateless cookies (thanx m3g9tr0n) -> http://goo.gl/ZhVzn
[POST] Evocam Remote Buffer Overflow on OSX -> http://goo.gl/m6ZwT
[POST] How to find 0-day in browsers -> http://goo.gl/FRM1g
[EXPLOIT] HP JetDirect PJL Query Execution & Universal Path Traversal -> http://goo.gl/yfPYj , http://goo.gl/Fe7RU
[POST] Controlling a Cisco IOS device from an IRC channel -> http://goo.gl/D4VfE
[INFO] 80 of the Best Linux Security Applications -> http://goo.gl/HIenL
[INFO] INFOSEC Without Borders -> http://goo.gl/X82gP
[CODE] VNC client using HTML5 (Web Sockets, Canvas) with encryption (wss://) support (thanx m3g9tr0n) -> http://goo.gl/3Ee76
[POST] Laundruino Alerts You Over LAN When Your Laundry’s Done! -> http://goo.gl/aQRH0
[ONLINE] PDFXRay: Online suspicious PDF scanner -> http://goo.gl/h9efC
[POST] Security in HTML 5 and HTTP -> http://goo.gl/g3g5h
[INFO] Lion Recovery Disk Assistant -> http://goo.gl/TFOUB
[POST] Four browser nets and one phish -> http://goo.gl/z3kxT
[POST] Using Nessus and Metasploit Together -> http://goo.gl/JkHLK
[POST] Facebook password reset coming to phone near you -> http://goo.gl/DejpP
[POST] John The Ripper Hash Formats -> http://goo.gl/WjURs
[POST] XyliBox: Mass upload on VirusTotal without API -> http://goo.gl/HqwFI
[TOOL] httpry 0.1.6: packet sniffer for displaying and logging HTTP traffic -> http://goo.gl/nCY0G
[INFO] CSS Hacks -> http://goo.gl/nsmek
[NEWS] TeaMp0isoN : NASA forum is Vulnerable SQL injection, Admin Hacked! -> http://goo.gl/4dT4v
[NEWS] BlackBerry blog site hacked by TriCk – TeaMp0isoN against London riots -> http://goo.gl/S7z86

4li3n’s after midnight useless news and links – 2011.08.06 (*Extraterrestrial* edition)

A big thanx to Yiannis Cybertronic for suggesting this edition’s name!

[NEWS] Pwnie Awards 2011 -> http://goo.gl/wEYN5 , http://goo.gl/1APYx
[POST] Integrating Nessus with BackTrack 5’s Tools -> http://goo.gl/7qOv3
[BULLETIN] Infected Cisco Information Packet and Warranty CDs -> http://goo.gl/MRThT
[POST] Zbot illustrated -> http://goo.gl/3rZlP
[POST] Arduino Hacking for the Big Boys (Part 1) -> http://goo.gl/XLs6z
[NEWS] U.S. Federal Agencies Look to Hire Hackers at Defcon -> http://goo.gl/PNAlK
[INFO] Local Session Hijacking (thanx m3g9tr0n #1) -> http://goo.gl/GpdEl
[PAPER] Cross-Site Scripting Papers (kinda old) -> http://goo.gl/BJrYZ
[POST] The Art of ARP Spoofing/Flooding/Poisoning (thanx m3g9tr0n #2) -> http://goo.gl/DYQul
[PAPER] Don’t Drop the SOAP: Real World Web Service Testing (Black Hat USA 2011) -> http://goo.gl/amFmu
[PAPER] Userland Hooking in Windows -> http://goo.gl/skgbu
[PRESENTATION] Kaminsky: Black Ops of TCP/IP (Black Hat USA 2011) -> http://goo.gl/l2KpF
[POST] Web framework HTML escaping to mitigate XSS -> http://goo.gl/yhfPD
[POST] HTTP Pipelining Today (thanx m3g9tr0n #3) -> http://goo.gl/vorch
[HOW-TO] How to Make a Wi-Fi Booster Using Only a Beer Can -> http://goo.gl/BN03s
[POST] Lion DiskMaker Creates Mac OS X Lion Install DVDs and Thumb Drives Automatically -> http://goo.gl/N19Nc
[EXPLOIT] Firefox 3.6.16 OBJECT mChannel Remote Code Execution (DEP bypass) -> http://goo.gl/q323O
[EXPLOIT] CiscoKits 1.0 TFTP Server DoS and Directory Traversal (thanx m3g9tr0n #4) -> http://goo.gl/OHcOM . http://goo.gl/Z5Ojj
[FUN] Don’t miss that! -> http://goo.gl/wjyoJ
[NEWS] Researcher releases tool for replacing certificate authorities (Black Hat USA 2011) -> http://goo.gl/ZUp17

4li3n’s after midnight useless news and links – 2011.08.03 (*choices-4-life* edition)

A big thanx to my S.O. for suggesting this edition’s name!
 
[INFO] Programming Languages Infographic -> http://goo.gl/4CDXV
[POST] Ten SQL Injection Scanners -> http://goo.gl/fQVvc
[POST] Protecting your OSX with IPFW and LittleSnitch -> http://goo.gl/q6lF8
[NEWS] Gawker hacked again -> http://goo.gl/onDLR
[VIDEO] XSS Attack – Busting Browsers to Root! -> http://goo.gl/dmiaa
[TOOL] HexorBase v.1.0 – The Database Hacker Tool -> http://goo.gl/FodvR
[SHELL] Mini PHP Shell 27.9-2 -> http://goo.gl/IuqDm
[SCRIPT] jabberbot: framework to create Jabber/XMPP bots and services -> http://goo.gl/bGBGT
[UPDATE] Watcher v.1.5.3 Released -> http://goo.gl/d0O9O
[METASPLOIT] Metasploit 4.0 is here! Download -> http://goo.gl/4RJI2 and update -> http://goo.gl/WrBqA
[POST] Obtaining Information about the Operating System -> http://goo.gl/N2BMi
[CHEAT SHEET] Informix SQL Injection Cheat Sheet -> http://goo.gl/GhEb4
[HOW-TO] 50 UNIX / Linux Sysadmin Tutorials (thanx m3g9tr0n) -> http://goo.gl/irLSm
[POST] Commercial Web Application Scanner Benchmark -> http://goo.gl/nP1KA
[POST] Zero Day Vulnerability in many WordPress Themes -> http://goo.gl/N90lN
[UPDATE] Google Chrome 13.0.782.107 Released -> http://goo.gl/jbSzf
[EXPLOIT] Red Hat system-config-firewall Local Privilege Escalation Vulnerability -> http://goo.gl/fw2gC
[TOOL] Hexinject: A Hexadecimal Packet Injector/Sniffer -> http://goo.gl/eczac
[SCRIPT] XSSHelper ported in Java -> http://goo.gl/7mVMS
[DISCLOSURE] Useless OpenSSH resources exhausion bug via GSSAPI -> http://goo.gl/5JqVl

4li3n’s after midnight useless news and links – 2011.07.31 (*Se>x<curity* edition)

A big thanx to Ariskos Kosm for suggesting this edition’s name!

[INFO] Session Management Cheat Sheet (by OWASP) -> http://goo.gl/HlyZ5
[NEWS] Rapid7 announces Metasploit Pro 4.0 -> http://goo.gl/kXHfQ
[POST] ModSecurity SQL Injection Challenge: Lessons Learned -> http://goo.gl/E1jYL
[POST] Password Cracking in Metasploit with John the Ripper -> http://goo.gl/5ddik
[NEWS] Lulzec’s Topiary arrested -> http://goo.gl/2lx4c , http://goo.gl/YmRPb
[NEWS] … or not! -> http://goo.gl/tPTjK , http://goo.gl/NM9NQ
[PRESENTATION] Hacking IPv6 Networks (from HiP2011 con) -> http://goo.gl/Ggaoq
[SCRIPT] Apache Log Extractor: export URL information from Apache access logs -> http://goo.gl/o7lDA
[TOOL] Xdebug: debug your PHP scripts -> http://goo.gl/iDBAs
[UPDATE] Netsparker 2.0 has arrived! -> http://goo.gl/2OMEI
[NEWS] Stolen USB stick contained police investigation details -> http://goo.gl/BhakB
[TOOL] Online Local File Inclusion Scanner -> http://goo.gl/W735y
[POST] “Activate Skype”. Or not… -> http://goo.gl/r2A1R
[NEWS] Flying Drone Can Crack Wi-Fi Networks, Snoop On Cell Phones -> http://goo.gl/j9jd9
[POST] Infographic: A Deeper Look at Malware Networks -> http://goo.gl/HDhX1
[POST] IR communications tutorial -> http://goo.gl/lhKRx
[GADGET] Throwing Star LAN Tap -> http://goo.gl/f2XXN
[NEWS] Anonymous steals 390MB from U.S. cybersecurity contractor ManTech -> http://goo.gl/hKHRt
[POST] Sophisticated injection abuses the Twitter trend service -> http://goo.gl/jGAfs
[TOOL] Revolutionary: tool to S-Off and NAND unlock most modern HTC devices -> http://goo.gl/A6UEz
[POST] Drag and Drop Vulnerability in MS11-050 -> http://goo.gl/qVUYz

4li3n’s after midnight useless news and links – 2011.07.14 (*nevermind* edition)

[POST] Cross domain content extraction with fake captcha -> http://goo.gl/uNHwZ
[POST] Making NMap Results Useful and Manageable! -> http://goo.gl/4hcu1
[POST] phpMyAdmin 3.x Multiple Remote Code Executions -> http://goo.gl/iNJrm
[BULLETIN] Guidelines for protecting Basic Input/Output System (BIOS) firmware (NIST – PDF) -> http://goo.gl/0vyDu
[POST] XSSF: Expanding the Attack Surface of XSS -> http://goo.gl/ZfC1s
[ARTICLE] Windows x64 Shellcode -> http://goo.gl/e8nG8
[INFO] Botan C++ Crypto Algorithms Library 1.10.1 -> http://goo.gl/p3PP1
[INFO] Anonymity with Backtrack 5 -> http://goo.gl/X3F8s
[POST] Digital Evidence Discrepancies – Casey Anthony Trial -> http://goo.gl/nOEd4
[POST] CVE-2011-1281: A story of a Windows CSRSS Privilege Escalation vulnerability -> http://goo.gl/qgLVG
[NEWS] Military Meltdown Monday: 90K Military Usernames, Hashes Released -> http://goo.gl/SLtZN
[UPDATE] Razorback 0.2RC available -> http://goo.gl/RUum3
[VULN] Microsoft Windows Kernel ‘Win32k.sys’ (CVE-2011-1885) Local Privilege Escalation -> http://goo.gl/pjcB9
[VULN] Microsoft Windows CSRSS ‘SrvWriteConsoleOutput()’ Local Privilege Escalation -> http://goo.gl/D9mwq
[VULN] Microsoft Windows Bluetooth Stack ‘bthport.sys’ Driver Remote Code Execution -> http://goo.gl/fJIx2
[POST] Cracking Mac OS X Passwords -> http://goo.gl/nCypo
[HOW-TO] A Guide to Building a Socket 1155 z68x Hackintosh Running Apple’s Next Gen OS – Lion -> http://goo.gl/Hs9ce
[POST] Wiretapping and Cryptography Today -> http://goo.gl/K47fD
[UPDATE] PuTTY 0.61 is released -> http://goo.gl/M3I0F
[POST] Decrypting Carberp C&C communication -> http://goo.gl/mwUNg
[NEWS] Vodafone Hacked – Root Password published -> http://goo.gl/6GFVI
[POST] Mitigating Slow HTTP DoS Attacks -> http://goo.gl/XfnxA

4li3n’s after midnight useless news and links – 2011.07.12 (*unique editions* edition)

[SCRIPT] TLSSLed v1.1: Script to assess the security of a target SSL/TLS implementation from a HTTPS web server -> http://goo.gl/UMXPp
[DISTRO] Live CD for RFID hacking on the go (thanx mr.pr0n) -> http://goo.gl/qlRW3
[INFO] InnoDB subsystems in color -> http://goo.gl/E9IUx
[POST] Chrome Extensions for Security Professionals -> http://goo.gl/UER9N
[POST] Reverse Engineering VxWorks Firmware (WRT54Gv8) -> http://goo.gl/uzvel
[HOW-TO] Set Up A Web-Based Enterprise Password Manager Protected By Two-Factor Authentication -> http://goo.gl/lbu30
[METASPLOIT] Rev. 13135: built in John the Ripper support -> http://goo.gl/oyzn3
[POST] Facts and myths about antivirus evasion with Metasploit -> http://goo.gl/NM8kP
[EXPLOIT] phpMyAdmin 3.x Swekey Remote Code Injection Exploit -> http://goo.gl/N6Aof
[POST] Binary Planting Goes “Any File Type” -> http://goo.gl/fS3fI
[POST] Reversing Jailbreakme.com 4.3.3 -> http://goo.gl/x5ckq
[NEWS] David Beckham official website hacked -> http://goo.gl/v7CiQ , http://goo.gl/OqwXj
[NEWS] Microsoft: No botnet is indestructible -> http://goo.gl/dtwT6
[POST] Metasploit 3.4 and SET 0.6.1 on iPhone 4 -> http://goo.gl/5shrc
[SCRIPT] Update Script for Backtrack 5 -> http://goo.gl/7p4tX
[UPDATE] Python 3.2.1 is released -> http://goo.gl/OxPkh
[NEWS] WashingtonPost jobs site attacked -> http://goo.gl/B6ecx
[SHEET] Netcat cheat sheet -> http://goo.gl/aaPaJ
[BOOK] Metasploit: The Penetration Tester’s Guide -> http://goo.gl/KkQYx
[POST] Backdooring Win7 and LotusNotes 8.5.x using Uniscribe dll path spoofing -> http://goo.gl/M5Zxy
[POST] Abusing Password Resets -> http://goo.gl/paS55
[POST] HTML 5 – XSSQL attack -> http://goo.gl/7okn8
[POST] New SMS Trojan Targeting Android Users -> http://goo.gl/r8cu0