«
Expand/Collapse
66 items tagged "black"
Related tags:
slides [+],
ice [+],
hat [+],
authors [+],
video [+],
black ice [+],
web [+],
vulnerability [+],
tcp [+],
tags [+],
rey tags [+],
hat europe [+],
europe [+],
daniel mende [+],
audio [+],
Hardware [+],
windows management instrumentation [+],
rodney mcgee [+],
ocx [+],
network [+],
memory leak [+],
instrumentation service [+],
hacks [+],
duty [+],
code execution [+],
cisco event [+],
chaos communication congress [+],
box [+],
attackers [+],
asia [+],
arbitrary files [+],
activex [+],
white hats [+],
vrrp [+],
vegas [+],
tool [+],
security [+],
secret squirrel [+],
penetration [+],
ospf [+],
ops 2005 [+],
news [+],
master keys [+],
market [+],
maltego [+],
magic [+],
loki [+],
hollywood [+],
hat hackers [+],
fundamental defense [+],
exploits [+],
enterprise [+],
endless possibilities [+],
cunning trickery [+],
cisco wireless [+],
black hats [+],
black hat [+],
x event [+],
wrapping [+],
winter [+],
windows security [+],
windows [+],
web event [+],
video hardware [+],
uri use [+],
uri event [+],
unveiling [+],
unmanned aerial vehicles [+],
tulip [+],
tor network [+],
tor event [+],
thermal printing [+],
themed [+],
testing tool [+],
test authors [+],
systemsoftware [+],
stephen janansky [+],
stephen dugan [+],
start ups [+],
stack [+],
snapshot [+],
shawn moyer [+],
security gateway [+],
security authors [+],
securing [+],
secret [+],
scott [+],
scariest [+],
sales pitch [+],
rock city [+],
rob carter tags [+],
rob carter [+],
remote [+],
receipt [+],
ralf spenneberg [+],
printing camera [+],
printed circuit boards [+],
pravir chandra [+],
pololu [+],
penetration tests [+],
patch [+],
operation [+],
open source web [+],
niklas roy [+],
nick harbour [+],
nicholas j. percoco [+],
navigator [+],
nathan mcfeters [+],
mystery [+],
mike perry tags [+],
mike perry [+],
mike kemp [+],
metasploit framework [+],
metasploit [+],
mac os x [+],
mac os [+],
locking [+],
leds [+],
john henry challenge [+],
jay beale [+],
james lee tags [+],
jacob west [+],
iron chef [+],
iron [+],
insignias [+],
insecure method [+],
information computer [+],
ike test [+],
ike event [+],
halloween [+],
hackers [+],
hackaday [+],
gps [+],
frontier [+],
friday [+],
framework [+],
fouad kiamilev [+],
explosives [+],
explorations [+],
existing networks [+],
dugan [+],
dprk [+],
domino event [+],
domino [+],
dns [+],
digital [+],
defcon [+],
cover [+],
contest giveaways [+],
contest [+],
computer security experts [+],
city navigator [+],
cisco security [+],
cisco enterprise [+],
chandra tags [+],
carded [+],
cameras [+],
business impact analysis [+],
burning man [+],
burning desire [+],
brian chess [+],
box web [+],
blackberry [+],
black tulip [+],
black magic [+],
black index [+],
black friday deals [+],
black berry [+],
black art [+],
bit [+],
binary [+],
billy rios [+],
berry [+],
audio hardware [+],
art [+],
applied [+],
analysis [+],
aldora louw [+],
adobe [+],
adam meyers [+],
abuse [+],
Community [+],
Bugs [+],
Ask [+],
black ops [+],
usa [+],
ops [+],
dan kaminsky [+]
-
-
8:01
»
Hack a Day
Winter is coming, and it’s a great time to start accumulating parts and tools to keep you occupied with projects during the dark and cold days ahead. Black Friday We got a tip from Pololu about their planned Black Friday deals, and thought we’d check with some of the other parts suppliers that cater to [...]
-
1:48
»
SecDocs
-
-
23:20
»
SecDocs
-
-
11:39
»
SecDocs
Authors:
Daniel Mende Enno Rey Tags:
network routing exploiting Event:
Black Hat USA 2010 Abstract: I personally remember the release of Yersinia at Black Hat Europe 2005. It was a ground breaking experience: a number of Layer 2 attacks regarded purely theoretical until then, was suddenly available in a mostly automated way. And those guys even showed some forays completely unbeknownst to me at the time. We plan to do the same in Vegas, with a new tool called Loki (after the giant from Norse mythology associated with cunning, trickery and evil). It's a Python based framework implementing many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others. After outlining Loki's inner architecture we'll give insight into several modules and discuss some particularly interesting attacks in the routing protocol space (e.g. cracking OSPF MD5 keys, injection of routes into OSPF and EIGRP environments etc.). Furthermore we'll describe vulnerabilities in lesser known protocols like VRRP. Every attack we mention will be shown in a practical demo and - of course - Loki will be released right after our talk.
-
11:39
»
SecDocs
Authors:
Daniel Mende Enno Rey Tags:
network routing exploiting Event:
Black Hat USA 2010 Abstract: I personally remember the release of Yersinia at Black Hat Europe 2005. It was a ground breaking experience: a number of Layer 2 attacks regarded purely theoretical until then, was suddenly available in a mostly automated way. And those guys even showed some forays completely unbeknownst to me at the time. We plan to do the same in Vegas, with a new tool called Loki (after the giant from Norse mythology associated with cunning, trickery and evil). It's a Python based framework implementing many packet generation and attack modules for Layer 3 protocols, including BGP, LDP, OSPF, VRRP and quite a few others. After outlining Loki's inner architecture we'll give insight into several modules and discuss some particularly interesting attacks in the routing protocol space (e.g. cracking OSPF MD5 keys, injection of routes into OSPF and EIGRP environments etc.). Furthermore we'll describe vulnerabilities in lesser known protocols like VRRP. Every attack we mention will be shown in a practical demo and - of course - Loki will be released right after our talk.
-
-
3:37
»
SecDocs
Authors:
Nick Harbour Tags:
Windows exploiting Event:
Black Hat USA 2010 Abstract: This presentation will unveil a new tool for hijacking executables and discuss the underlying techniques it uses. Binject is a tool that can be used by pen-testers to establish a persistent foothold on a compromised host through trojanizing a system binary, or anyone with a burning desire to add functionality to a compiled program. Original techniques for process injection developed for this tool will be discussed in detail.
-
-
8:04
»
Hack a Day
Although [HAD] is generally all about legal hacking, this list of demonstrated hacks could be used for the dark side as well. Hopefully by demonstrating hacks like this, most people can be more aware of how they use their information. Computer security experts also have a chance to hone their skills and see where potential [...]
-
-
9:01
»
Hack a Day
What could be better than a low-res black and white photograph printed instantly on paper that will yellow and crumple over time? Wow, we really need to work on our sales pitch. But all kidding aside, we love the idea that [Niklas Roy] came up with in order to build this thermal printing camera. His [...]
-
-
12:25
»
Packet Storm Security Exploits
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.
-
12:25
»
Packet Storm Security Recent Files
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.
-
12:25
»
Packet Storm Security Misc. Files
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0). Code execution can be achieved by first uploading the payload to the remote machine, and then upload another mof file, which enables Windows Management Instrumentation service to execute the binary. Please note that this module currently only works for Windows before Vista. Also, a similar issue is reported in BIDIB.ocx (10.9.3.0) within the Barcode SDK.
-
1:30
»
Packet Storm Security Exploits
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
-
1:30
»
Packet Storm Security Recent Files
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
-
1:30
»
Packet Storm Security Misc. Files
This Metasploit module allows remote attackers to place arbitrary files on a users file system by abusing the "DownloadImageFileURL" method in the Black Ice BIImgFrm.ocx ActiveX Control (BIImgFrm.ocx 12.0.0.0).
-
-
6:06
»
Hack a Day
Only a little bit out of season but better late than never! [Scott] brings us his Black Rock City Navigator. This unique bike mounted GPS device made for Burning Man 2010 features a servo driven array of LEDs. Two LED strips are used to cover the full 240 degrees of the C shaped city without [...]
-
-
1:54
»
SecDocs
-
1:54
»
SecDocs
-
-
21:03
»
SecDocs
Authors:
Roelof Temmingh Tags:
intelligence social Event:
Black Hat EU 2010 Abstract: For a year the Paterva team has been quietly working on Maltego 3 with no new releases since March 2009. For the first time since Black Hat 2009 Paterva will be showing you what they have been up to - revealing an all new Maltego version - built from the ground up. Expect Hollywood quality graphing and animation, endless possibilities of extensions, new analytic views that will make you weep, and brand new transforms to will blow your mind.
-
21:03
»
SecDocs
Authors:
Roelof Temmingh Tags:
intelligence social Event:
Black Hat EU 2010 Abstract: For a year the Paterva team has been quietly working on Maltego 3 with no new releases since March 2009. For the first time since Black Hat 2009 Paterva will be showing you what they have been up to - revealing an all new Maltego version - built from the ground up. Expect Hollywood quality graphing and animation, endless possibilities of extensions, new analytic views that will make you weep, and brand new transforms to will blow your mind.
-
-
17:12
»
SecDocs
Authors:
Daniel Mende Enno Rey Tags:
network Cisco Event:
Black Hat EU 2010 Abstract: The world of "Enterprise WLAN solutions" is full of obscure and "non-standard" elements and technologies. Cisco's solutions, from the early Structured Wireless-Aware Network (SWAN) to the current Cisco Wireless Unified Networking (CUWN) architectures, only partly differ here. In this talk we describe the inner workings of these solutions, dissect the vulnerable parts and discuss theoretical and practical attacks, with some nice demos. A new tool automating a number of attacks (incl. taking over the WDS master role, extracting WPA pairwise master keys from intra-AP communication etc) will be released at Black Hat Europe.
-
17:12
»
SecDocs
Authors:
Daniel Mende Enno Rey Tags:
network Cisco Event:
Black Hat EU 2010 Abstract: The world of "Enterprise WLAN solutions" is full of obscure and "non-standard" elements and technologies. Cisco's solutions, from the early Structured Wireless-Aware Network (SWAN) to the current Cisco Wireless Unified Networking (CUWN) architectures, only partly differ here. In this talk we describe the inner workings of these solutions, dissect the vulnerable parts and discuss theoretical and practical attacks, with some nice demos. A new tool automating a number of attacks (incl. taking over the WDS master role, extracting WPA pairwise master keys from intra-AP communication etc) will be released at Black Hat Europe.
-
-
7:04
»
SecDocs
Authors:
Valsmith Tags:
exploiting Event:
Black Hat DC 2010 Abstract: From the origins of hacking and black hat hackers a new industry called penetration testing has evolved. Penetration testing is intended to emulate a real attacker in order to uncover what vulnerabilities an organization may have that could put them at risk so they can be fixed. This has led to the term "White Hat Hacker" being used to describe those who perform these tests. However the goals of a White Hat differ greatly from the goals of a Black Hat, as do the mindsets. This presentation will describe these differences as well as some of the things black hats have to consider that white hats may not even be aware of. This paper will explain why black hats have the advantage over white hats and why the penetration industry has to change. The take away from this presentation is that current common penetration methodologies are ineffective in demonstrating the actual risk and threats that exist and hopefully provide some insight into how real attacks actually work from the point of view of a black hat.
-
7:04
»
SecDocs
Authors:
Valsmith Tags:
exploiting Event:
Black Hat DC 2010 Abstract: From the origins of hacking and black hat hackers a new industry called penetration testing has evolved. Penetration testing is intended to emulate a real attacker in order to uncover what vulnerabilities an organization may have that could put them at risk so they can be fixed. This has led to the term "White Hat Hacker" being used to describe those who perform these tests. However the goals of a White Hat differ greatly from the goals of a Black Hat, as do the mindsets. This presentation will describe these differences as well as some of the things black hats have to consider that white hats may not even be aware of. This paper will explain why black hats have the advantage over white hats and why the penetration industry has to change. The take away from this presentation is that current common penetration methodologies are ineffective in demonstrating the actual risk and threats that exist and hopefully provide some insight into how real attacks actually work from the point of view of a black hat.
-
-
3:30
»
SecDocs
Authors:
Nicholas J. Percoco Tags:
security cybercrime Event:
Black Hat DC 2010 Abstract: From January 1, 2009 to December 31, 2009, we performed approximately 2000* penetration tests (network, application, wireless, and physical) for organizations ranging from the largest companies on the planet to nimble start-ups. In addition, we also performed around 200* security incident and compromise investigations for organizations located in nearly 20 different countries around the world. The data we have gathered from these engagements is substantial and comprehensive. This presentation will be the first viewing of the results of the analysis of the data gathered during 2009. The results will be presented both technical and business impact analysis with an emphasis on technical for the Black Hat audience. This presentation will coincide with the release of the paper with the same title. The paper will be released after the conclusion of the talk.
-
-
15:00
»
Hack a Day
One of the members of the SomethingAwful forum recently found a black project box on the street (as seen above), with no idea what the thing did. After (hopefully) making sure there were no explosives, [noapparentfunction] posted a picture online to see if someone could figure it out. According to them, this is what the [...]
-
-
21:04
»
SecDocs
Authors:
James Lee Tags:
Metasploit Event:
Black Hat DC 2010 Abstract: Sometimes you need to choose your exploits precisely and be careful about the packets you write to the wire. Sometimes you just want to type a command, go get some coffee, and come back to a pile of shells. This talk will cover the means that the Metasploit Framework provides for accomplishing both of these goals, including many advancements from my talk at Black Hat USA in the realm of client-side exploitation.
-
-
21:02
»
SecDocs
-
-
21:02
»
SecDocs
-
21:02
»
SecDocs
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution