Clik here to view.
Didier Stevens: Update: sets.py Version 0.0.2
sets.py is a small & simple tool for operations on sets, like the intersection of 2 sets.2 new operations were added to this version: sample and join.sets_V0_0_2.zip (https) MD5:...
View ArticleClik here to view.
Un informático en el lado del mal: Motivación e Inspiración
A veces, cuando voy en un tren, o en un avión en un viaje, me paro a pensar en las cosas que tengo que hacer. Normalmente, las cosas que tengo que hacer son acciones motivadas por las cosas que quiero...
View ArticleClik here to view.
Darknet - The Darkside: RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.How RidRelay SMB Relay Attack WorksRidRelay combines the...
View ArticleClik here to view.
Un informático en el lado del mal: 2 años de "No Hack, No Fun". Aún hack, aún...
Hace dos años, estando un día tranquilo y solitario en mi habitación leyendo las noticias en la web de los principales periódicos con los que me mantengo actualizado al día, me di cuenta de que me...
View ArticleFortinet FortiGuard Blog: Hide ‘N Seek: From Home Routers to Smart Home...
In this report we will take a look at HNS evolution and how it was able to add exploits on a regular basis over the past several months without making headlines.
View ArticleClik here to view.
Cisco Talos: TalosIntelligence.com is rolling out a new dispute system
At Cisco Talos, we need customers to be able to provide feedback at all times, whether it be about false positives, false negatives, or missed categories. Because we deal with an abundance of data...
View ArticleDidier Stevens: Update: base64dump.py Version 0.0.11
This new version of base64dump adds option -I (ignorehex). Like -i, -I can be used to specify characters to be ignore by base64dump. Option -I takes the characters to be ignored as hexadecimal values,...
View ArticleClik here to view.
Un informático en el lado del mal: Exploit para VLC 2.2.8 o inferior con...
A principios del mes de julio se publicó un exploit que afectaba a la versión 2.2.8 de VLC e inferiores. Además, el exploit era funcional en Windows 10, lo cual siempre le da un toque de interés extra....
View ArticleAlienVault Blogs: The Security Compliance Tweet Chat - What We Learned
In our most recent Tweet Chat, we had Ben Rothke join us as our special guest, and the topic for discussion was compliance.If there ever was a topic that gets security professionals riled up, I think...
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear blog readers, I'm currently seeking a investor contact regarding an upcoming security project and wanted to find out whether you might be aware of an investor that would be willing to invest in my...
View ArticleClik here to view.
Didier Stevens: Extracting DotNetToJScript’s PE Files
I added a new option (-I, –ignorehex) to base64dump.py to make the extraction of the PE file inside a JScript script generated with DotNetToJScript a bit easier.DotNetToJScript is James Forshaw‘s “tool...
View ArticleClik here to view.
Un informático en el lado del mal: Mañana acaba el plazo del cupón descuento...
Como sabéis, esta semana en 0xWord se está cerrando el año. Como siempre, antes de cortar en verano para las vacaciones y hacer inventario, se ha habilitado un código descuento de 10% en todo el...
View ArticleClik here to view.
Cisco Talos: Advanced Mobile Malware Campaign in India uses Malicious MDM -...
This blog post is authored byWarren Mercer andPaul Rascagneres andAndrew Williams.SummarySince our initial post on malicious mobile device management (MDM) platforms, we have gathered more information...
View ArticleClik here to view.
AlienVault Blogs: You are Doing Cloud Vendor Assessments Wrong
I’m a firm believer in “trust but verify” and I’m just going to come out and say it, most security professionals are conducting 3rd party assessments wrong. I’m in a unique spot where I’m on both sides...
View ArticleClik here to view.
Zero in a bit: Software Quality Is a Competitive Differentiator
One of the ironies of DevOps is that while the methodology supports faster and more automated software production, it doesn't boost code quality unless quality is a focus for the software team. As more...
View ArticleClik here to view.
Un informático en el lado del mal: La “Spanish Enigma“, su aportación clave...
Si te acercas al Espacio de la Fundación Telefónica y visitas la espectacular exposición permanente de “Historia de las Telecomunicaciones” (como ya nos contó Chema Alonso), entre todas las fantásticas...
View ArticleClik here to view.
/dev/random: Another Cryptominer Delivered Through Altered JQuery.js File
A few days ago, I published a diary on the SANS Internet Storm Center website about a Javascript file that was altered to deliver a cryptominer into the victim’s browser. Since my first finding, I’m...
View ArticleClik here to view.
/dev/random: [SANS ISC] Windows Batch File Deobfuscation
I published the following diary on isc.sans.org: “Windows Batch File Deobfuscation“:Last Thursday, Brad published a diary about a new ongoing campaign delivering the Emotet malware. I found another...
View ArticleClik here to view.
AlienVault Blogs: New! AlienVault USM Anywhere Challenge Coin: What is it and...
AlienVault has minted a challenge coin to acknowledge the commitment and dedication it takes to become an AlienVault® Certified Security Engineer. Becoming certified in any technology is something to...
View ArticleClik here to view.
Cisco Talos: Vulnerability Spotlight: Multiple Vulnerabilities in Samsung...
These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos.Executive SummaryCisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings...
View Article
