B-Sides came and went. It was an awesome experience, to say the least. I know I'm getting around to writing about it pretty late in the month, but things happen.
Right away it I had a good feeling about the talks, and I wasn't even in the door yet. I decided to show up early for this one so that I could attend some interesting talks. Arriving early also meant that I could pick up all the neat swag for registering.
Network Tap Badge
After collecting the loot I checked the awesome map they had in their pamphlet to figure out where to go next. Unfortunately I wasn't able to clone myself to be able to attend…
CVE-2018-4407 is a kernel RCE caused by a heap buffer overflow affecting multiple apple devices. A patch has been released by Apple, so be sure to update before it is too late. This exploit could potentially allow attackers to run arbitraty code in the kernel. As a proof of concept, Kevin Backhouse, who initially found the vulnerability, has written up a proof-of-concept to show how you can reboot Apple devices without any user interaction. Here is the video:
Link: Bugbounty Cheatsheet
Bugbounty Cheatsheep repository is a collection of resources for new or current bug bounty hunters. Resources are seperated in to two categories; References and Vulnerabilities.
In the references column, you will find resources such as books, tools, platforms, and tips.
In the vulnerabilities column, you will see various code snippets for common vulnerabilities along with their respective applications that are affected by said vulnerabilities. You might also get some external links to blogs, write-ups, or proof of concenpts to better understand the vulnerability and how it can be implemented.
Anyone looking to get a foot in the door for bug bounty hunting, but even seasoned vets might find this repository useful. Sometimes…
Link: Awesome Infosec
In this repository you will find links to various websites and resources for learning about information/cyber security. Some of the resources you will have to pay for, others are free.
This repo is for anyone who is getting into penetration testing, but might also prove useful to those who either need a refresher, or would like to expand their knowledge regarding the subject. These resources might also be useful to web application developers to get an idea of how they can code with security in mind.
Most of these resources would probably not be used by veterans in the industry, unless they are being used to teach…
Link: Red Teaming Toolkit
This repo is a collection of tools for Red Team/Penetration testers. The repo provides tool recommendations for Reconnaissance (for probing targets and intelligence gathering), Privilege Escalation, Data Exfiltration, et cetera.
This repo is for anyone who is into penetration testing and would like to have a ready list of tools for getting the job done. Even if you are a beginner and don't know much about penetration testing, learning how each tool operates and what it can be used for is invaluable information.
Considering the repo includes some of the most common tools used for pen testing, I would imagine even hardened veterans might get some…
Showing 1 - 5 of 14 articles.