Para los interesados en las charlas de B-Sides Orlando 2015, ya están disponibles en youtube. Aquí os dejo la lista:

• Closing Keynote - Day 1 - Dr Johannes Ullrich Judgement Day 2015-04-12
• Tim Krabek-Getting Involved to Better the Future
• Michael Brown - The NIST Cybersecurity Framework is coming! Are you ready?
• Jonathan Echavarria-Hiding your attacks with misdirection like REDACTED
• Danny Chrastil - What I know about your Company Hacking LinkedIn
• Vikram Dhillon -Blockchain-as-a-service -BsidesOrlando 2015
• Scott Arciszewski - Application Security Beyond Compliance
• Opening Keynote -Moses Hernandez Yo Dog! I got some Regs for your Regs
• Glen Roberts - Take Charge of Your Infosec Career!
• Closing Keynote - Day 1 - Dr Johannes Ullrich Judgement Day 2015-04-12 -BsidesOrlando 2015
• Chris Martinez Executive Order: Private Sector Cybersecurity Information Sharing
• Anthony Critelli - Implementing Voice Over IP in Security Competitions
• Josh Ruppe - Breaking the Speed Limit
• Scott Sattler - Threat Intellegence
• Tim Medin - Attacking Kerberos: Kicking the Guard Dog of Hades
• Vincent Moscatello - Destover: Inside the Malware at Sony Entertainment
• Jeremy Epstein - The Scope of Cybersecurity: A View Forward
• grecs & pupstrr | Project KidHack – Teaching the Next Next Generation Security through Gaming
• Vincent Moscatello - Destover: Inside the Malware at Sony Entertainment
• Tim Medin - Attacking Kerberos: Kicking the Guard Dog of Hades
• Ryan Buenaventura - Defense in Depth – A Mile Wide, A Mile Deep
• Scott Sattler - Threat Intellegence
• Josh Ruppe - Breaking the Speed Limit
• Ean Meyer - Hiding in Plain Sight: Building a Hidden Remotely Accessible Pentesting Platform
• Anthony Critelli - Implementing Voice Over IP in Security Competitions
• Chris Martinez Executive Order: Private Sector Cybersecurity Information Sharing
• Tim Krabek-Getting Involved to Better the Future
• Michael Brown - The NIST Cybersecurity Framework is coming! Are you ready?
• Jonathan Echavarria-Hiding your attacks with misdirection like REDACTED
• Danny Chrastil - What I know about your Company Hacking LinkedIn
• Vikram Dhillon -Blockchain-as-a-service -BsidesOrlando 2015
• Scott Arciszewski - Application Security Beyond Compliance
• Opening Keynote -Moses Hernandez Yo Dog! I got some Regs for your Regs
• Glen Roberts - Take Charge of Your Infosec Career!

Flappy Bird es un juego que no necesita presentación alguna, pero si te cojo con la guardia bajada, decirte que es un juego para móviles que se lanzó en mayo de 2013. A finales de enero del 2014 se convirtió en el juego más descargado de la iOS App Store. Según su autor el juego llegó a generar 50.000 dólares diarios en publicidad y ventas.

El juego empezó a recibir críticas sobre su dificultad e incluso plagiarismo y su autor de forma sorprendente lo borró tanto de la App Store como de Google play.

Futurecop! Wikipedia

Canción del LP “The Adventures of Starpony”

Todos o la mayoría de vosotros ya conoceréis la aplicación de manipulación gráfica The GIMP. Es quizás la alternativa “free” más cercana a photoshop. El 21 de noviembre de 1995, Peter Mattis anunció dicha aplicación en Usenet.

Aquí tenéis la copia del mensaje:

From: Peter Mattis Subject: ANNOUNCE: The GIMP Date: 1995-11-21 Message-ID: <[email protected]> Newsgroups: comp.os.linux.development.apps,comp.os.linux.misc,comp.windows.x.apps

The GIMP: the General Image Manipulation Program

The GIMP is designed to provide an intuitive graphical interface to a variety of image editing operations. Here is a list of the GIMP’s major features:

 Roman Medina-Heigl Hernandez

1) ¿Quién eres y a qué te dedicas?

Soy un apasionado de la informática desde muy pequeñín y una mente inquieta. Siempre me ha gustado saber cómo funcionan las cosas "por dentro", y desde 1993 (es decir, "ayer") me interesé por la seguridad informática (y en particular, por el hacking) así que llevo desde entonces aprendiendo y ampliando mis conocimientos en este vasto campo. Me considero un eterno aprendiz y mientras dure la pasión (espero que siempre) seguiré y seguiré y seguiré... absorbiendo toda la información que pueda y en la medida de lo posible tratando de generar y devolver a su vez conocimiento para que otros puedan nutrirse de él (considero que es importante y justo crear y compartir, no solo "consumir").

Ya se encuentran disponibles los vídeos de la conferencia sobre programación LLVM Developers’ Meeting 2015. Es una conferencia que se celebra tradicionalmente dos veces al año, una vez en EEUU y otra en Europa y está enfocada alrededor de la infraestructura de LLVM.

• Jf Bastien & Dan Gohman "WebAssembly: Here Be Dragons"
• Quentin Colombet "A Proposal for Global Instruction Selection"
• Johannes Doerfert "€œInput Space Splitting for OpenCL"
• K. Serebryany & P. Collingbourne "Beyond Sanitizers..."
• Ivan Baev "Profile-based Indirect Call Promotion"
• Kristof Beyls "œAutomated performance-tracking of LLVM-generated code"
• Christos Margiolas "A Heterogeneous Execution Engine for LLVM"
• S. Guelton & A. Guinet "...Simple out-of-tree LLVM Pass"
• Pierre-Andre Saulais "Creating an SPMD Vectorizer..."
• T. Grosser & J. Doerfert "€œOptimistic Loop Nest Optimizations..."
• P. Robinson & M. Edwards "Living Downstream Without Drowning"
• Joseph Groff & Chris Lattner "Swift's High-Level IR: A Case Study..."
• David Blaikie "Opaque Pointer Types"
• Gerolf Hoflehner "€œLLVM Performance Improvements & Headroom"
• R. Kleckner & D. Majnemer "Exception handling in LLVM..."
• Jingyue Wu "Optimizing LLVM for GPGPU"
• D. Jasper & M. Klimek "€œAn update on Clang-based C++ Tooling"
• M. Wong & A. Bataev "OpenMP GPU/Accelerator support..."
• S. Das & P. Reames "LLVM for a managed language..."
• Vasileios Porpodas "Throttling Automatic Vectorization..."
• B. Simmers & M. Panchenko "LLVM back end for HHVM/PHP"
• Ashutosh Nema "LoopVersioning LICM"
• H. Wennborg & N. Weber "Compiling large, real-world codebases..."
• A. Prantl & D. Exon Smith "Debug Info: From Metadata to Modules"
• David Blaikie "Debug Info on a Diet"€
• Hans Wennborg "The recent switch lowering improvements"
• Stephane Sezer "ds2, a tiny debug server used with lldb"
• Dale Martin "Accelerating Stateflow with LLVM"
• Evgenii Stepanov "€œLarge scale libc++ deployment"
• Serge Guelton "To LLVM Bytecode Obfuscation and Beyond"
• B. Cahoon "Implementation of Swing Modulo Scheduling..."
• S. Rogers "€œInteger Vector Optimizations..."
• A. Nemet & M. Zolotukhin "Advances in Loop Analysis Frameworks..."

Microsoft ha creado un juego basado en Minecraft para enseñar a programar a niños. El juego está disponible en code.org y pertenece al apartado de The Hour of Code. Básicamente el juego tendría una duración de una hora.

Como éste es para enseñar a programar a niños, la forma de interactuar con el mismo es escribiendo código, o más bien arrastrando bloques con las acciones que quieres que tu personaje lleve a cabo, algo como el famoso lenguaje de programación Scratch.

En esta entrada no vamos a hablar de los retos de matasano, aunque lo acabo de hacer :), sino de otra web: id0-rsa.pub.

Ésta, está en la misma onda que matasano, alberga una serie de retos orientados a la criptografía que tenemos que resolver con programación. Son retos enfocados al aprendizaje de la criptografía aplicada, por lo que no se necesitan conocimientos previos sobre dicho tema, pero sí se necesitan conocimientos de programación.

Ya podemos acceder al material de la edición de este año de Black Hat celebrada en Amsterdam.

• What Got Us Here Wont Get Us There eu-15-Meer-What-Got-Us-Here-Wont-Get-Us-There.pdf
• (In-)Security of Backend-As-A-Service eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service.pdf eu-15-Rasthofer-In-Security-Of-Backend-As-A-Service-wp.pdf
• A Peek Under the Blue Coat eu-15-Rigo-A-Peek-Under-The-Blue-Coat.pdf
• All Your Root Checks Belong to Us: The Sad State of Root Detection
• AndroBugs Framework: An Android Application Security Vulnerability Scanner eu-15-Lin-Androbugs-Framework-An-Android-Application-Security-Vulnerability-Scanner.pdf
• Attacking the XNU Kernel in El Capitain eu-15-Todesco-Attacking-The-XNU-Kernal-In-El-Capitain.pdf
• Authenticator Leakage through Backup Channels on Android eu-15-Bai-Authenticator-Leakage-Through-Backup-Channels-On-Android.pdf
• Automating Linux Malware Analysis Using Limon Sandbox eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox.pdf eu-15-KA-Automating-Linux-Malware-Analysis-Using-Limon-Sandbox-wp.pdf
• Breaking Access Controls with BLEKey
• Bypassing Local Windows Authentication to Defeat Full Disk Encryption eu-15-Haken-Bypassing-Local-Windows-Authentication-To-Defeat-Full-Disk-Encryption.pdf eu-15-Haken-Bypassing-Local-Windows-Authentication-To-Defeat-Full-Disk-Encryption-wp.pdf
• Bypassing Self-Encrypting Drives (SED) in Enterprise Environments eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments.pdf eu-15-Boteanu-Bypassing-Self-Encrypting-Drives-SED-In-Enterprise-Environments-wp.pdf
• Commix: Detecting and Exploiting Command Injection Flaws eu-15-Stasinopoulos-Commix-Detecting-And-Exploiting-Command-Injection-Flaws.pdf eu-15-Stasinopoulos-Commix-Detecting-And-Exploiting-Command-Injection-Flaws-wp.pdf
• Continuous Intrusion: Why CI tools are an Attackers Best Friends eu-15-Mittal-Continuous-Intrusion-Why-CI-Tools-Are-An-Attackers-Best-Friend.pdf
• Cybercrime in the Deep Web eu-15-Balduzzi-Cybercrmine-In-The-Deep-Web.pdf eu-15-Balduzzi-Cybercrmine-In-The-Deep-Web-wp.pdf
• Cybersecurity for Oil and Gas Industries: How Hackers Can Manipulate Oil Stocks eu-15-Polyakov-Cybersecurity-For-Oil-And-Gas-Industries-How-Hackers-Can-Manipulate-Oil-Stocks.pdf eu-15-Polyakov-Cybersecurity-For-Oil-And-Gas-Industries-How-Hackers-Can-Manipulate-Oil-Stocks-wp.pdf
• Defending Against Malicious Application Compatibility Shims eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims.pdf eu-15-Pierce-Defending-Against-Malicious-Application-Compatibility-Shims-wp.pdf
• Even the LastPass Will be Stolen Deal with It! eu-15-Vigo-Even-The-Lastpass-Will-Be-Stolen-deal-with-it.pdf
• Exploiting Adobe Flash Player in the Era of Control Flow Guard eu-15-Falcon-Exploiting-Adobe-Flash-Player-In-The-Era-Of-Control-Flow-Guard.pdf
• Faux Disk Encryption: Realities of Secure Storage on Mobile Devices eu-15-Mayer-Faux-Disk-Encryption-Realities-Of-Secure-Storage-On-Mobile-Devices.pdf eu-15-Mayer-Faux-Disk-Encryption-Realities-Of-Secure-Storage-On-Mobile-Devices-wp.pdf
• Fuzzing Android: A Recipe for Uncovering Vulnerabilities Inside System Components in Android eu-15-Blanda-Fuzzing-Android-A-Recipe-For-Uncovering-Vulnerabilities-Inside-System-Components-In-Android.pdf eu-15-Blanda-Fuzzing-Android-A-Recipe-For-Uncovering-Vulnerabilities-Inside-System-Components-In-Android-wp.pdf
• Going AUTH the Rails on a Crazy Train eu-15-Jarmoc-Going-AUTH-The-Rails-On-A-Crazy-Train.pdf eu-15-Jarmoc-Going-AUTH-The-Rails-On-A-Crazy-Train-wp.pdf
• Hey Man Have You Forgotten to Initialize Your Memory? eu-15-Chen-Hey-Man-Have-You-Forgotten-To-Initialize-Your-Memory.pdf eu-15-Chen-Hey-Man-Have-You-Forgotten-To-Initialize-Your-Memory-wp.pdf
• Hiding in Plain Sight - Advances in Malware Covert Communication Channels eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels.pdf eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels-wp.pdf
• How to Break XML Encryption - Automatically eu-15-Somorovsky-How-To-Break-XML-Encryption-Automatically-wp.pdf
• Implementing Practical Electrical Glitching Attacks
• Is Your TimeSpace Safe? - Time and Position Spoofing Opensourcely eu-15-Kang-Is-Your-Timespace-Safe-Time-And-Position-Spoofing-Opensourcely.pdf eu-15-Kang-Is-Your-Timespace-Safe-Time-And-Position-Spoofing-Opensourcely-wp.pdf
• Lessons from Defending the Indefensible eu-15-Majkowski-Lessons-From-Defending-The-Indefensible.pdf
• Locknote: Conclusions and Key Takeaways from Black Hat Europe 2015
• LTE & IMSI Catcher Myths eu-15-Borgaonkar-LTE-And-IMSI-Catcher-Myths.pdf eu-15-Borgaonkar-LTE-And-IMSI-Catcher-Myths-wp.pdf
• New (and Newly-Changed) Fully Qualified Domain Names: A View of Worldwide Changes to the Internets DNS eu-15-Vixie-New-And-Newly-Changed-Fully-Qualified-Domain-Names-A-View-Of-Worldwide-Changes-To-The-Internets-DNS.pdf
• New Tool for Discovering Flash Player 0-day Attacks in the Wild from Various Channels eu-15-Pi-New-Tool-For-Discovering-Flash-Player-0-day-Attacks-In-The-Wild-From-Various-Channels.pdf eu-15-Pi-New-Tool-For-Discovering-Flash-Player-0-day-Attacks-In-The-Wild-From-Various-Channels-wp.pdf
• Panel: What You Need to Know About the Changing Regulatory Landscape in Information Security
• Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers eu-15-Petit-Self-Driving-And-Connected-Cars-Fooling-Sensors-And-Tracking-Drivers.pdf eu-15-Petit-Self-Driving-And-Connected-Cars-Fooling-Sensors-And-Tracking-Drivers-wp1.pdf eu-15-Petit-Self-Driving-And-Connected-Cars-Fooling-Sensors-And-Tracking-Drivers-wp2.pdf
• Silently Breaking ASLR in the Cloud eu-15-Barresi-Silently-Breaking-ASLR-In-The-Cloud.pdf eu-15-Barresi-Silently-Breaking-ASLR-In-The-Cloud-wp.pdf
• Stegosploit - Exploit Delivery with Steganography and Polyglots eu-15-Shah-Stegosploit-Exploit-Delivery-With-Steganography-And-Polyglots.pdf
• Triaging Crashes with Backward Taint Analysis for ARM Architecture eu-15-Kim-Triaging-Crashes-With-Backward-Taint-Analysis-For-ARM-Architecture.pdf
• Unboxing the White-Box: Practical Attacks Against Obfuscated Ciphers eu-15-Sanfelix-Unboxing-The-White-Box-Practical-Attacks-Against-Obfuscated-Ciphers.pdf eu-15-Sanfelix-Unboxing-The-White-Box-Practical-Attacks-Against-Obfuscated-Ciphers-wp.pdf
• VoIP Wars: Destroying Jar Jar Lync eu-15-Ozavci-VoIP-Wars-Destroying-Jar-Jar-Lync.pdf
• Vulnerability Exploitation in Docker Container Environments eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments.pdf eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments-wp.pdf
• Watching the Watchdog: Protecting Kerberos Authentication with Network Monitoring eu-15-Beery-Watching-The-Watchdog-Protecting-Kerberos-Authentication-With-Network-Monitoring.pdf eu-15-Beery-Watching-The-Watchdog-Protecting-Kerberos-Authentication-With-Network-Monitoring-wp.pdf
• Your Scripts in My Page - What Could Possibly Go Wrong?

Dennis Yurichev, autor del libro Ingeniería inversa para principiantes ha ido creando una serie retos y ejercicios sobre dicho tema que iba publicando en su blog (algunos también están en el libro) y para poner un poco de orden ha creado un sitio web nuevo llamado challenges.re, dónde ha reagrupado y organizado dichos retos.

Aunque en su blog actual ha ido publicando las soluciones a los retos que creaba, en este nuevo sitio no las va a publicar y por consiguiente, tampoco publicará las soluciones de futuros retos ni en dicha web ni en el blog. Además pide que no se publiquen las soluciones en sitios públicos: blogs, foros, etc.