Presentaciones de Black Hat USA 2017

July 28, 2017
tuxotron

BlackHat 2017

*BlackHat 2017*

Ya están disponible las presentaciones de Black Hat USA 2017:

Stepping Up Our Game: Re-focusing the Security Community on Defense and Making Security Work for Everyone
‘Ghost Telephonist’ Link Hijack Exploitations in 4G LTE CS Fallback
- Yuwei-Ghost-Telephonist-Link-Hijack-Exploitations-In-4G-LTE-CS-Fallback.pdf
(in)Security in Building Automation: How to Create Dark Buildings with Light Speed
- Brandstetter-insecurity-In-Building-Automation-How-To-Create-Dark-Buildings-With-Light-Speed.pdf
- Brandstetter-insecurity-In-Building-Automation-How-To-Create-Dark-Buildings-With-Light-Speed-wp.pdf
A New Era of SSRF - Exploiting URL Parser in Trending Programming Languages!
- Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Advanced Pre-Breach Planning: Utilizing a Purple Team to Measure Effectiveness vs. Maturity
Adventures in Attacking Wind Farm Control Networks
- Staggs-Adventures-In-Attacking-Wind-Farm-Control-Networks.pdf
All Your SMS & Contacts Belong to ADUPS & Others
- Johnson-All-Your-SMS-&-Contacts-Belong-To-Adups-&-Others.pdf
- Johnson-All-Your-SMS-&-Contacts-Belong-To-Adups-&-Others-wp.pdf
An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
- Robbins-An-ACE-Up-The-Sleeve-Designing-Active-Directory-DACL-Backdoors.pdf
- Robbins-An-ACE-Up-The-Sleeve-Designing-Active-Directory-DACL-Backdoors-wp.pdf
And Then the Script-Kiddie Said Let There be No Light. Are Cyber-Attacks on the Power Grid Limited to Nation-State Actors?
- Keliris-And-Then-The-Script-Kiddie-Said-Let-There-Be-No-Light-Are-Cyberattacks-On-The-Power-Grid-Limited-To-Nation-State-Actors-wp.pdf
Attacking Encrypted USB Keys the Hard(ware) Way
Automated Detection of Vulnerabilities in Black-Box Routers (and Other Network Devices)
Automated Testing of Crypto Software Using Differential Fuzzing
- Aumasson-Automated-Testing-Of-Crypto-Software-Using-Differential-Fuzzing.pdf
AVPASS: Leaking and Bypassing Antivirus Detection Model Automatically
- Jung-AVPASS-Leaking-And-Bypassing-Anitvirus-Detection-Model-Automatically.pdf
Behind the Plexiglass Curtain: Stats and Stories from the Black Hat NOC
Betraying the BIOS: Where the Guardians of the BIOS are Failing
- Branco-Firmware-Is-The-New-Black-Analyzing-Past-Three-Years-Of-BIOS-UEFI-Security-Vulnerabilities
Big Game Theory Hunting: The Peculiarities of Human Behavior in the InfoSec Game
- Shortridge-Big-Game-Theory-Hunting-The-Peculiarities-Of-Human-Behavior-In-The-Infosec-Game.pdf
Blue Pill for Your Phone
Bochspwn Reloaded: Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking
- Jurczyk-Bochspwn-Reloaded-Detecting-Kernel-Memory-Disclosure-With-X86-Emulation-And-Taint-Tracking.pdf
Bot vs. Bot for Evading Machine Learning Malware Detection
- Anderson-Bot-Vs-Bot-Evading-Machine-Learning-Malware-Detection.pdf
- Anderson-Bot-Vs-Bot-Evading-Machine-Learning-Malware-Detection-wp.pdf
Break
Breakfast (Sponsored by FireEye McAfee Qualys & Tenable Network Security)
Breaking Electronic Door Locks Like You’re on CSI: Cyber
- OFlynn-Breaking-Electronic-Locks.pdf
Breaking the Laws of Robotics: Attacking Industrial Robots
- Quarta-Breaking-The-Laws-Of-Robotics-Attacking-Industrial-Robots.pdf
- Quarta-Breaking-The-Laws-Of-Robotics-Attacking-Industrial-Robots-wp.pdf
Breaking the x86 Instruction Set
- Domas-Breaking-The-x86-ISA.pdf
- Domas-Breaking-The-x86-Instruction-Set-wp.pdf
Broadpwn: Remotely Compromising Android and iOS via a Bug in Broadcom’s Wi-Fi Chipsets
Bug Collisions Meet Government Vulnerability Disclosure
- Ablon-Bug-Collisions-Meet-Government-Vulnerability-Disclosure-Zero-Days-Thousands-Of-Nights-RAND.pdf
- [Herr-Bug-Collisions-Meet-Government-Vulnerability-Disclosure-Taking Stock - Vulnerability-Rediscovery-HKS.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Herr-Bug-Collisions-Meet-Government-Vulnerability-Disclosure-Taking Stock - Vulnerability-Rediscovery-HKS.pdf)
Business Hall Welcome Reception (Sponsored by Forcepoint McAfee LogRhythm & Tenable Network Security)
Challenges of Cooperation Across Cyberspace
Champagne Toast (Sponsored by ESET North America Fidelis Cybersecurity Fortinet Leidos Palo Alto Networks Raytheon & Symantec)
Cloak & Dagger: From Two Permissions to Complete Control of the UI Feedback Loop
- Fratantonio-Cloak-And-Dagger-From-Two-Permissions-To-Complete-Control-Of-The-UI-Feedback-Loop.pdf
- Fratantonio-Cloak-And-Dagger-From-Two-Permissions-To-Complete-Control-Of-The-UI-Feedback-Loop-wp.pdf
Coffee Service
Cracking the Lens: Targeting HTTP’s Hidden Attack-Surface
- Kettle-Cracking-The-Lens-Exploiting-HTTPs-Hidden-Attack-Surface.pdf
- Kettle-Cracking-The-Lens-Exploiting-HTTPs-Hidden-Attack-Surface-wp.pdf
- Kettle-Cracking-The-Lens-Exploiting-HTTPs-Hidden-Attack-Surface-tool.zip
Cyber Wargaming: Lessons Learned in Influencing Security Stakeholders Inside and Outside Your Organization
- Nichols-Cyber-Wargaming-Lessons-Learned-In-Influencing-Stakeholders-Inside-And-Outside-Your-Organization.pdf
- Nichols-Cyber-Wargaming-Lessons-Learned-In-Influencing-Stakeholders-Inside-And-Outside-Your-Organization-wp.pdf
Datacenter Orchestration Security and Insecurity: Assessing Kubernetes Mesos and Docker at Scale
Defeating Samsung KNOX with Zero Privilege
- Shen-Defeating-Samsung-KNOX-With-Zero-Privilege.pdf
- Shen-Defeating-Samsung-KNOX-With-Zero-Privilege-wp.pdf
Delivering Javascript to World+Dog
- Randolph-Delivering-Javascript-to-World-Plus-Dog.pdf
- Randolph-Delivering-Javascript-to-World-Plus-Dog-wp.pdf
Developing Trust and Gitting Betrayed
Digital Vengeance: Exploiting the Most Notorious C&C Toolkits
- Grange-Digital-Vengeance-Exploiting-The-Most-Notorious-C&C-Toolkits.pdf
- Grange-Digital-Vengeance-Exploiting-The-Most-Notorious-C&C-Toolkits-wp.pdf
Don’t Trust the DOM: Bypassing XSS Mitigations via Script Gadgets
- Lekies-Dont-Trust-The-DOM-Bypassing-XSS-Mitigations-Via-Script-Gadgets.pdf
Electronegativity - A Study of Electron Security
- Carettoni-Electronegativity-A-Study-Of-Electron-Security.pdf
- Carettoni-Electronegativity-A-Study-Of-Electron-Security-wp.pdf
Escalating Insider Threats Using VMware’s API
- Ziv-Escalating-Insider-Threats-Using-Vmware’s-Api.pdf
Evading Microsoft ATA for Active Directory Domination
- Mittal-Evading-MicrosoftATA-for-ActiveDirectory-Domination.pdf
Evil Bubbles or How to Deliver Attack Payload via the Physics of the Process
Evilsploit – A Universal Hardware Hacking Toolkit
- Chui-Evilsploit-A-Universal-Hardware-Hacking-Toolkit.pdf
- Chui-Evilsploit-A-Universal-Hardware-Hacking-Toolkit-wp.pdf
Evolutionary Kernel Fuzzing
- Johnson-Evolutionary-Kernel-Fuzzing
Exploit Kit Cornucopia
Exploiting Network Printers
- Mueller-Exploiting-Network-Printers.pdf
Fad or Future? Getting Past the Bug Bounty Hype
Fighting Targeted Malware in the Mobile Ecosystem
- Ruthven-Fighting-Targeted-Malware-In-The-Mobile-Ecosystem.pdf
Fighting the Previous War (aka: Attacking and Defending in the Era of the Cloud)
Firmware is the New Black - Analyzing Past Three Years of BIOS/UEFI Security Vulnerabilities
FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches
- Gray-FlowFuzz-A-Framework-For-Fuzzing-OpenFlow-Enabled-Software-And-Hardware-Switches.pdf
Fractured Backbone: Breaking Modern OS Defenses with Firmware Attacks
Free-Fall: Hacking Tesla from Wireless to CAN Bus
- Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus.pdf
- Nie-Free-Fall-Hacking-Tesla-From-Wireless-To-CAN-Bus-wp.pdf
Friday the 13th: JSON Attacks
- Munoz-Friday-The-13th-Json-Attacks.pdf
- Munoz-Friday-The-13th-JSON-Attacks-wp.pdf
Game of Chromes: Owning the Web with Zombie Chrome Extensions
- Cohen-Game-Of-Chromes-Owning-The-Web-With-Zombie-Chrome-Extensions-wp.pdf
- Cohen-Game-Of-Chromes-Owning-The-Web-With-Zombie-Chrome-Extensions-wp.pdf
Garbage In Garbage Out: How Purportedly Great Machine Learning Models can be Screwed Up by Bad Data
- Sanders-Garbage-In-Garbage-Out-How-Purportedly-Great-ML-Models-Can-Be-Screwed-Up-By-Bad-Data.pdf
- Sanders-Garbage-In-Garbage-Out-How-Purportedly-Great-ML-Models-Can-Be-Screwed-Up-By-Bad-Data-wp.pdf
Go Nuclear: Breaking Radiation Monitoring Devices
- [Santamarta-Go-Nuclear-Breaking Radition-Monitoring-Devices.pdf](https://www.blackhat.com/docs/us-17/wednesday/us-17-Santamarta-Go-Nuclear-Breaking Radition-Monitoring-Devices.pdf)
- [Santamarta-Go-Nuclear-Breaking Radition-Monitoring-Devices-wp.pdf](https://www.blackhat.com/docs/us-17/wednesday/us-17-Santamarta-Go-Nuclear-Breaking Radition-Monitoring-Devices-wp.pdf)
Go to Hunt Then Sleep
- Bianco-Go-To-Hunt-Then-Sleep.pdf
Hacking Hardware with a $10 SD Card Reader
- Etemadieh-Hacking-Hardware-With-A-$10-SD-Card-Reader.pdf
- Etemadieh-Hacking-Hardware-With-A-$10-SD-Card-Reader-wp.pdf
Hacking Serverless Runtimes: Profiling AWS Lambda Azure Functions and More
- Krug-Hacking-Severless-Runtimes.pdf
- Krug-Hacking-Severless-Runtimes-wp.pdf
Honey I Shrunk the Attack Surface – Adventures in Android Security Hardening
How We Created the First SHA-1 Collision and What it Means for Hash Security
Hunting GPS Jammers
- Gostomelsky-Hunting-GPS-Jammers.pdf
Ice Cream Social (Sponsored by Code42 Software Core Security Cybereason Darktrace F5 Networks iboss Malwarebytes & Optiv Security)
Ichthyology: Phishing as a Science
- Burnett-Ichthyology-Phishing-As-A-Science.pdf
- Burnett-Ichthyology-Phishing-As-A-Science-wp.pdf
Industroyer/Crashoverride: Zero Things Cool About a Threat Group Targeting the Power Grid
- Lee-Industroyer-Crashoverride-Zero-Things-Cool-About-A-Threat-Group-Targeting-The-Power-Grid.pdf
Infecting the Enterprise: Abusing Office365+Powershell for Covert C2
- Dods-Infecting-The-Enterprise-Abusing-Office365-Powershell-For-Covert-C2.pdf
Influencing the Market to Improve Security
- Nakibly-Automated-Detection-of-Vulnerabilities-in-Black-Box-Routers.pdf
- Nakibly-Automated-Detection-of-Vulnerabilities-in-Black-Box-Routers-wp.pdf
Intel AMT Stealth Breakthrough
- Evdokimov-Intel-AMT-Stealth-Breakthrough.pdf
- Evdokimov-Intel-AMT-Stealth-Breakthrough-wp.pdf
Intel SGX Remote Attestation is Not Sufficient
- Swami-SGX-Remote-Attestation-Is-Not-Sufficient-wp.pdf
- Swami-SGX-Remote-Attestation-Is-Not-Sufficient-wp.pdf
Intercepting iCloud Keychain
- Radocea-Intercepting-iCloud-Keychain.pdf
IoTCandyJar: Towards an Intelligent-Interaction Honeypot for IoT Devices
- Luo-Iotcandyjar-Towards-An-Intelligent-Interaction-Honeypot-For-IoT-Devices.pdf
- Luo-Iotcandyjar-Towards-An-Intelligent-Interaction-Honeypot-For-IoT-Devices-wp.pdf
kR^X: Comprehensive Kernel Protection Against Just-In-Time Code Reuse
- [Pomonis-KR^X- Comprehensive- Kernel-Protection-Against-Just-In-Time-Code-Reuse.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Pomonis-KR^X- Comprehensive- Kernel-Protection-Against-Just-In-Time-Code-Reuse.pdf)
Lies and Damn Lies: Getting Past the Hype of Endpoint Security Solutions
- Giuliano-Lies-And-Damn-Lies-Getting-Past-The-Hype-Of-Endpoint-Security-Solutions.pdf
Lunch Break (Sponsored by Cisco Forcepoint LogRhythm & RSA)
Many Birds One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software
- Feng-Many-Birds-One-Stone-Exploiting-A-Single-SQLite-Vulnerability-Across-Multiple-Software.pdf
Mimosa Bar (Sponsored by AlienVault Arbor Networks Carbon Black CrowdStrike Cylance DarkMatter Digital Guardian & IBM)
Network Automation is Not Your Safe Haven: Protocol Analysis and Vulnerabilities of Autonomic Network
- Eissa-Network-Automation-Isn’t-Your-Safe-Haven-Protocol-Analysis-And-Vulnerabilities-Of-Autonomic-Network.pdf
New Adventures in Spying 3G and 4G Users: Locate Track & Monitor
- Borgaonkar-New-Adventures-In-Spying-3G-And-4G-Users-Locate-Track-And-Monitor.pdf
Ochko123 - How the Feds Caught Russian Mega-Carder Roman Seleznev
Offensive Malware Analysis: Dissecting OSX/FruitFly via a Custom C&C Server
- Wardle-Offensive-Malware-Analysis-Dissecting-OSXFruitFly-Via-A-Custom-C&C-Server.pdf
OpenCrypto: Unchaining the JavaCard Ecosystem
- Mavroudis-Opencrypto-Unchaining-The-JavaCard-Ecosystem.pdf
Orange is the New Purple - How and Why to Integrate Development Teams with Red/Blue Teams to Build More Secure Software
- Wright-Orange-Is-The-New-Purple.pdf
- Wright-Orange-Is-The-New-Purple-wp.pdf
PEIMA: Harnessing Power Laws to Detect Malicious Activities from Denial of Service to Intrusion Detection Traffic Analysis and Beyond
Practical Tips for Defending Web Applications in the Age of DevOps
- [Lackey-Practical Tips-for-Defending-Web-Applications-in-the-Age-of-DevOps.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Lackey-Practical Tips-for-Defending-Web-Applications-in-the-Age-of-DevOps.pdf)
Protecting Pentests: Recommendations for Performing More Secure Tests
- McGrew-Protecting-Pentests-Recommendations-For-Performing-More-Secure-Tests.pdf
- McGrew-Protecting-Pentests-Recommendations-For-Performing-More-Secure-Tests-wp.pdf
Protecting Visual Assets: Digital Image Counter-Forensics
- Mazurov-Brown-Protecting-Visual-Assets-Digital-Image-Counter-Forensics.pdf
Pwnie Awards
Quantifying Risk in Consumer Software at Scale - Consumer Reports’ Digital Standard
RBN Reloaded - Amplifying Signals from the Underground
Real Humans Simulated Attacks: Usability Testing with Attack Scenarios
- Cranor-Real-Users-Simulated-Attacks.pdf
Redesigning PKI to Solve Revocation Expiration and Rotation Problems
- Knopf-Redesigning-PKI-To-Solve-Revocation-Expiration-And-Rotation-Problems.pdf
- Knopf-Redesigning-PKI-To-Solve-Revocation-Expiration-And-Rotation-Problems-wp.pdf
Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
- [Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And Evasion-Using-Science.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And Evasion-Using-Science.pdf)
- [Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And Evasion-Using-Science-wp.pdf](https://www.blackhat.com/docs/us-17/thursday/us-17-Bohannon-Revoke-Obfuscation-PowerShell-Obfuscation-Detection-And Evasion-Using-Science-wp.pdf)
rVMI: A New Paradigm for Full System Analysis
- Pfoh-rVMI-A-New-Paradigm-For-Full-System-Analysis.pdf
ShieldFS: The Last Word in Ransomware Resilient File Systems
- Continella-ShieldFS-The-Last-Word-In-Ransomware-Resilient-Filesystems.pdf
- Continella-ShieldFS-The-Last-Word-In-Ransomware-Resilient-Filesystems-wp.pdf
Skype & Type: Keystroke Leakage over VoIP
- Lain-Skype-&-Type-Keystroke-Leakage-Over-VoIP.pdf
Smoothie Social (Sponsored by Bromium Proofpoint Inc. Rapid7 SentinelOne Trend Micro Webroot StackPath & Tanium)
So You Want to Market Your Security Product…
- Alva-So-You-Want-To-Market-Your-Security-Product.pdf
Sonic Gun to Smart Devices: Your Devices Lose Control Under Ultrasound/Sound
- Wang-Sonic-Gun-To-Smart-Devices-Your-Devices-Lose-Control-Under-Ultrasound-Or-Sound.pdf
Splunking Dark Tools - A Pentesters Guide to Pwnage Visualization
- Bates-Splunking-Dark-Tools-A-Pentesters-Guide-To-Pwnage-Visualization.pdf
SS7 Attacker Heaven Turns into Riot: How to Make Nation-State and Intelligence Attackers’ Lives Much Harder on Mobile Networks
- Kacer-SS7-Attacker-Heaven-Turns-Into-Riot-How-To-Make-Nation-State-And-Intelligence-Attackers-Lives-Much-Harder-On-Mobile-Networks.pdf
- Kacer-SS7-Attacker-Heaven-Turns-Into-Riot-How-To-Make-Nation-State-And-Intelligence-Attackers-Lives-Much-Harder-On-Mobile-Networks-wp.pdf
Taking DMA Attacks to the Next Level: How to do Arbitrary Memory Reads/Writes in a Live and Unmodified System Using a Rogue Memory Controller
Taking Over the World Through MQTT - Aftermath
- Lundgren-Taking-Over-The-World-Through-Mqtt-Aftermath.pdf
Taking Windows 10 Kernel Exploitation to the Next Level – Leveraging Write-What-Where Vulnerabilities in Creators Update
- Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level–Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update.pdf
- Schenk-Taking-Windows-10-Kernel-Exploitation-To-The-Next-Level–Leveraging-Write-What-Where-Vulnerabilities-In-Creators-Update-wp.pdf
The Active Directory Botnet
- Miller-The-Active-Directory-Botnet
The Adventures of AV and the Leaky Sandbox
- Kotler-The-Adventures-Of-Av-And-The-Leaky-Sandbox.pdf
- Kotler-The-Adventures-Of-Av-And-The-Leaky-Sandbox-wp.pdf
The Art of Securing 100 Products
- Valtman-The-Art-Of-Securing-100-Products.pdf
The Avalanche Takedown: Landslide for Law Enforcement
The Epocholypse 2038: What’s in Store for the Next 20 Years
- Hypponen-The-Epocholypse-2038-Whats-In-Store-For-The-Next-20-Years.pdf
The Future of ApplePwn - How to Save Your Money
- Yunusov-The-Future-Of-Applepwn-How-To-Save-Your-Money.pdf
The Industrial Revolution of Lateral Movement
- Beery-The-Industrial-Revolution-Of-Lateral-Movement.pdf
The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines
- Silvanovich-The-Origin-Of-Array-Symbol-Species.pdf
The Shadow Brokers – Cyber Fear Game-Changers
They’re Coming for Your Tools: Exploiting Design Flaws for Active Intrusion Prevention
Tracking Ransomware End to End
- Invernizzi-Tracking-Ransomware-End-To-End.pdf
Web Cache Deception Attack
- Gil-Web-Cache-Deception-Attack.pdf
- Gil-Web-Cache-Deception-Attack-wp.pdf
Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers
- Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence.pdf
- Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same-Origin-Bypass-And-Persistence_wp.pdf
What They’re Teaching Kids These Days: Comparing Security Curricula and Accreditations to Industry Needs
- Sanders-What-They’re-Teaching-Kids-These-Days-Comparing-Security-Curricula-And-Accreditations-To-Industry-Needs.pdf
What’s on the Wireless? Automating RF Signal Identification
- Ossmann-Whats-On-The-Wireless-Automating-RF-Signal-Identification.pdf
- Ossmann-Whats-On-The-Wireless-Automating-RF-Signal-Identification-wp.pdf
When IoT Attacks: Understanding the Safety Risks Associated with Connected Devices
- Rios-When-IoT-Attacks-Understanding-The-Safety-Risks-Associated-With-Connected-Devices.pdf
- Rios-When-IoT-Attacks-Understanding-The-Safety-Risks-Associated-With-Connected-Devices-wp.pdf
White Hat Privilege: The Legal Landscape for a Cybersecurity Professional Seeking to Safeguard Sensitive Client Data
- Osborn-White-Hat-Privilege-The-Legal-Landscape-For-A-Cybersecurity-Professional-Seeking-To-Safeguard-Sensitive-Client-Data.pdf
Why Most Cyber Security Training Fails and What We Can Do About it
WiFuzz: Detecting and Exploiting Logical Flaws in the Wi-Fi Cryptographic Handshake
- Ventura-Theyre-Coming-For-Your-Tools-Exploiting-Design-Flaws-For-Active-Intrusion-Prevention.pdf
- Ventura-Theyre-Coming-For-Your-Tools-Exploiting-Design-Flaws-For-Active-Intrusion-Prevention-wp.pdf
- Vanhoef-WiFuzz-Detecting-And-Exploiting-Logical-Flaws-In-The-Wi-Fi-Cryptographic-Handshake-tools.zip
Wire Me Through Machine Learning
- Singh-Wire-Me-Through-Machine-Learning.pdf
WSUSpendu: How to Hang WSUS Clients
- Coltel-WSUSpendu-Use-WSUS-To-Hang-Its-Clients.pdf
- Coltel-WSUSpendu-Use-WSUS-To-Hang-Its-Clients-wp.pdf
Zero Days Thousands of Nights: The Life and Times of Zero-Day Vulnerabilities and Their Exploits
- Ablon-Zero-Days-Thousands-Of-Nights-The-Life-And-Times-Of-Zero-Day-Vulnerabilities-And-Their-Exploits.pdf

Distribución de seguridad basada en Windows

July 27, 2017
tuxotron

FLARE VM

*FLARE VM*

Inspirada en la archi conocida distribución Kali Linux, FLARE VM es una distribución basada en Windows para el análisis de malware, respuesta de incidentes y auditorías de seguridad.

Esta distribución se instala sobre Windows 7 o posterior. Todo lo que tienes que hacer es acceder a través de Internet Explorer (otro navegador no sirve) a:

http://boxstarter.org/package/url?[FLAREVM_SCRIPT]

Donde FLAREVM_SCRIPT es el fichero que quieres instalar. Por ejemplo para instalar la edición de análisis de malware (única disponible hasta el momento):

http://boxstarter.org/package/url?https://raw.githubusercontent.com/fireeye/flare-vm/master/flarevm_malware.ps1

Las herramientas que componen está distribución son:

Debuggers
- OllyDbg + OllyDump + OllyDumpEx
- OllyDbg2 + OllyDumpEx
- x64dbg
- WinDbg
Disassemblers
- IDA Free
- Binary Ninja Demo
Java
- JD-GUI
Visual Basic
- VBDecompiler
Flash
- FFDec
.NET
- ILSpy
- DNSpy
- DotPeek
- De4dot
Office
- Offvis
Hex Editors
- FileInsight
- HxD
- 010 Editor
PE
- PEiD
- ExplorerSuite (CFF Explorer)
- PEview
- DIE
Text Editors
- SublimeText3
- Notepad++
- Vim
Utilities
- MD5
- 7zip
- Putty
- Wireshark
- RawCap
- Wget
- UPX
- Sysinternals Suite
- API Monitor
- SpyStudio
- Checksum
- Unxutils
Python, Modules, Tools
- Python 2.7
- Hexdump
- PEFile
- Winappdbg
- FakeNet-NG
- Vivisect
- FLOSS
- FLARE_QDB
- PyCrypto
- Cryptography
Other
- VC Redistributable Modules (2008, 2010, 2012, 2013)

Para más información puedes visitar el blog de FireEye, creador del proyecto.

Kali Linux Revealed, curso gratuito

July 25, 2017
tuxotron

Kali Linux Revealed

*Kali Linux Revealed*

Creo que a estas alturas, Kali Linux no necesita presentación alguna, pero si hay algún despistado por la sala, Kali Linux es la distribución que cualquier profesional que se dedique a la seguridad de alguna forma u otra, debe tener en su arsenal.

Offensive Security, organización que mantiene dicha distribución, ha puesto a disposición del público y sin coste alguno, un curso online que te prepeara para la certificación Kali Linux Certified Professional (KLCP). Ésta, sí cuesta dinero, pero el curso, al que además acompaña un libro (PDF), son gratuitos. Si prefieres el libro impreso, lo puedes comprar en Amazon.

El curso cubre los siguientes apartados: