Clik here to view.
Infosec Events: Week 17 In Review – 2017
Resources Probable-Wordlists– github.com Wordlists sorted by probability originally created for password generation and testingVM escape – QEMU Case Study– www.phrack.org Virtual machines are nowadays...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Monday, May 1st...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Infosec Events: Information Security Events For May
Here are information security events in North America this month: IEEE International Symposium on Hardware Oriented Security and Trust (HOST 2017) : May 1 to 5 in McLean, VA, USA BigSecurity 2017 : May...
View ArticleFortinet FortiGuard Blog: FortiGuard Labs Telemetry – Cloud Application Usage...
Cloud storage has increasingly become mainstream for storing, computing, and sharing data, while also combining accessibility and reliability into the mix. With larger internet bandwidth capacities...
View ArticleClik here to view.
Darknet - The Darkside: Ubertooth – Open Source Bluetooth Sniffer
Ubertooth is an open source Bluetooth sniffer and is essentially a development platform for Bluetooth experimentation. It runs best as a native Linux install and should work fine from within a VM....
View ArticleClik here to view.
ArsTechnica: Security Content: Hacker leaks Orange is the New Black new...
(credit: Lionsgate/Netflix)An individual or group going by the name "thedarkoverlord" has posted much of the upcoming season of Netflix's series Orange is the New Black, apparently as punishment for...
View ArticleClik here to view.
ArsTechnica: Security Content: Meet Greyhound.com, the site that doesn’t...
Enlarge/ This is what Greyhound.com e-mails you when you forget your password. When it comes to websites with bad password policies, there's no shortage of bad actors. Sites—some operated by banks or...
View ArticleSANS Internet Storm Center, InfoCON: green: Effective security governance,...
According to the Carnegie Mellon University (CMU) Software engineering Institute (SEI), there are 11 characteristics for effective security governance:Enterprise-wide issue: Security is managed as an...
View ArticleClik here to view.
Un informático en el lado del mal: Pruebas de selección para becas de...
Fue en Febrero de 2012 cuando comencé mi andadura en Telefónica, en aquel entonces lanzando un programa de búsqueda de jóvenes ingenieros con talento que quisieran crear tecnología tanto en Telefónica...
View ArticleClik here to view.
ArsTechnica: Security Content: Intel patches remote code-execution bug that...
Enlarge (credit: Intel)Remote management features that have shipped with Intel processors for almost a decade contain a critical flaw that gives attackers full control over the computers that run on...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Tuesday, May...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSANS Internet Storm Center, InfoCON: green: Do you have Intel AMT? Then you...
There have been some reports to us about an issue with Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability [1]. It might be a good idea to review...
View ArticleLost In Security: El último superviviente (II) - iOS
En el pasado artículo estuvimos revisando los puntos débiles que tiene un malware a la hora de sobrevivir un reinicio del sistema, y nos centramos en OSX. Ahora toca el turno a iOS, que al ser una...
View ArticleClik here to view.
/dev/random: Who’s Visiting the Phishing Site?
Today, while hunting, I found a malicious HTML page in my spam trap. The page was a fake JP Morgan Chase bank. Nothing fancy. When I found such material, I usually search for “POST” HTTP requests to...
View ArticleFortinet FortiGuard Blog: Bricker Bot – A Silver Lining to Force...
The Bricker bot made the news a couple of weeks ago as being responsible for knocking unsecured IoT devices offline, rather than hijacking them into other botnets and using them for a DDoS attack like...
View ArticleClik here to view.
Un informático en el lado del mal: WhatsApp y la paradoja de la SIM como...
En WhatsApp, no hace demasiado tiempo, se incluyó la posibilidad de configurar Verificación en dos pasos utilizando un PIN. Es decir, al sistema de autenticación basado en mensajes OTP enviados por SMS...
View ArticleClik here to view.
ArsTechnica: Security Content: Behold, the spear phish that just might be...
Enlarge (credit: Unbiassed)To understand why Carbanak is one of the Internet's most skilled and successful criminal groups, consider the recent spear-phishing campaign it used to infect computers in...
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Wednesday, May...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Didier Stevens: Overview of Content Published In April
Here is an overview of content I published in April:Blog posts:Quickpost: Using My Bash Bunny To “Snag Creds From A Locked Machine”Quickpost: Infinite Control For Bash BunnyQuickpost: Bash Bunny &...
View ArticleSANS Internet Storm Center, InfoCON: green: Powershelling with exploits,...
It should be no surprise to our regular readers how powerful PowerShell (pun intended) really is. In last couple of years, it has become the main weapon of not only white hat penetration testing, but...
View Article
