honeyblog: 2011 Honeynet Project Security Workshop Slides + Videos
The slides and videos from the 2011 Honeynet Project Security Workshop (Paris) are now available! You can get the material from http://www.honeynet.org/SecurityWorkshops/2011_Paris. About the...
View ArticleLost In Security: Españoles por la BlackHat
Siguiendo con la estela del artículo publicado 'Españoles por la Phrack', vuelvo a la carga con un artículo parecido, pero en este caso sobre una de las conferencias de seguridad que más conoce la...
View ArticleClik here to view.
Didier Stevens: Update: xor-kpa.py Version 0.0.4
This new version of xor-kpa adds the option -x to encode/decode, and also prints the hexadecimal value of the found keys.xor-kpa_V0_0_4.zip (https) MD5: FCE75B6125104D8AFC56A67B65FF75C0 SHA256:...
View ArticleClik here to view.
Un informático en el lado del mal: Un Ataque David Hasselhoff a...
En el reporte de agradecimiento de Microsoft, a diferencia del de Apple donde se hace un reconocimiento por cada bug, se aglutinan varios bugs en un agradecimiento genérico al "finder"...
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear blog readers, I would like to let you know, of my latest, publicly released report, on the topic of "Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran", a...
View ArticleSANS Internet Storm Center, InfoCON: green: Scapy vs. CozyDuke, (Sun, Nov 27th)
In continuation of observations from my GIAC Security Expert re-certification process, Ill focus here on a GCIA-centric topic: Scapy. Scapy is essential to the packet analyst skill set on so many...
View ArticleClik here to view.
Un informático en el lado del mal: Cybermonday 2016 en @0xWord
El lunes día 28 de Noviembre, desde las 00:00 hasta las 23:59 durante todo el lunes, estará funcionando el último código descuento que vas a poder utilizar este año 2016 para adquirir material de...
View ArticleClik here to view.
Didier Stevens: Update: pdf-parser Version 0.6.6
This new version of pdf-parser is a bugfix for /FLATEDECODE.pdf-parser_V0_6_6.zip (https) MD5: 47326468E1B5A1AF7BB8AD63688804D9 SHA256: 51C9B25B939B135D9949E51463F58ECEC0BEBEFB9C0EAA0B93326CBFB4D8F061
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Monday,...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Infosec Events: Week 48 In Review – 2016
Events RelatedKiwicon X– www.youtube.comResourcesCurl Security Audit– daniel.haxx.se I asked for, and we were granted a security audit of curl from the Mozilla Secure Open Source program a while ago....
View ArticleClik here to view.
ArsTechnica: Security Content: Ransomware locks up San Francisco public...
Enlarge (credit: YouTube)Black Friday was a dark day for San Francisco's Municipal Transportation Agency, as an apparent crypto-ransomware infection spread across the Muni system's networks, taking...
View ArticleSANS Internet Storm Center, InfoCON: green: Port 7547 SOAP Remote Code...
(this article is work in progress. Please let us know if you have any more details to share)UPDATE (0830 PST/1630 GMT) - RussGerman Telekom is now offering a firmware update for the affected routers....
View ArticleClik here to view.
Darknet - The Darkside: Pulled Pork – Suricata & Snort Rule Management
Pulled Pork is a PERL based tool for Suricata and Snort rule management – it can determine your version of Snort and automatically download the latest rules for you. The name was chosen because simply...
View ArticleClik here to view.
ArsTechnica: Security Content: Newly discovered router flaw being hammered by...
EnlargeOnline criminals—at least some of them wielding the notorious Mirai malware that transforms Internet-of-things devices into powerful denial-of-service cannons—have begun exploiting a critical...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Tuesday,...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear, blog, readers, as, of, today, I'm, making, publicly, available, my, portfolio, of, services, including, active, threat, intelligence, gathering, and, processing, cybercriminals, and, network,...
View ArticleClik here to view.
Un informático en el lado del mal: My SSH in Paranoid Mode: Port-knocking +...
Fortificar un sistema puede ser algo difícil hoy día. Seguir buenas prácticas, cumplir con los requisitos de Mínimo Privilegio Possible, Mínima Superficie de Exposición, y Defensa en Profundidad...
View ArticleLost In Security: El último superviviente (II) - iOS
En el pasado artículo estuvimos revisando los puntos débiles que tiene un malware a la hora de sobrevivir un reinicio del sistema, y nos centramos en OSX. Ahora toca el turno a iOS, que al ser una...
View ArticleClik here to view.
KPNC: vulnerability in… WinCalc (Win7, x64)
I will never go out of business in this country. thanks to Microsoft. who would have thought that wincalcis vulnerable? I have not checked all systems yet, so this is my configuration: Windows 7...
View ArticleClik here to view.
ArsTechnica: Security Content: Muni system hacker hit others by scanning for...
Enlarge (credit: Zboralski)The attacker who infected servers and desktop computers at the San Francisco Metropolitan Transit Agency (SFMTA) with ransomware on November 25 apparently gained access to...
View Article