Para cualquier profesional en el campo de la seguridad informática, el verano no es precisamente la temporada para desconectar, si no todo lo contrario, es la época del año en la que te tienes que poner las botas y absorber toda la información que puedas, sobre todo de las grandes conferencias sobre seguridad que acontecen alrededor del mundo.

En este caso hablamos de Chaos Communication Camp, una conferencia veraniega organizada por miembros del CCC (Chaos Communication Club), que cómo sabemos, éste se celebra una de las mejores conferencias del mundo a finales de diciembre.

La organización sobre computación avanzada USENIX, celebra su 24 simposio sobre seguridad. Dicho evento termina hoy, pero el contenido de las charlas ya se encuentran disponibles:

• Post-Mortem of a Zombie: Conficker Cleanup After Six Years - Paper
• Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World - Paper
• Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem - Paper
• Under-Constrained Symbolic Execution: Correctness Checking for Real Code - Paper
• TaintPipe: Pipelined Symbolic Taint Analysis - Paper
• Type Casting Verification: Stopping an Emerging Attack Vector - Paper
• All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS - Paper
• Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS - Paper
• Eclipse Attacks on Bitcoin’s Peer-to-Peer Network - Paper
• Compiler-instrumented, Dynamic Secret-Redaction of Legacy Processes for Attacker Deception - Paper
• Control-Flow Bending: On the Effectiveness of Control-Flow Integrity - Paper
• Automatic Generation of Data-Oriented Exploits - Paper
• Protocol State Fuzzing of TLS Implementations - Paper
• Verified Correctness and Security of OpenSSL HMAC - Paper
• Not-Quite-So-Broken TLS: Lessons in Re-Engineering a Security Protocol Specification and Implementation - Paper
• To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections - Paper
• De-anonymizing Programmers via Code Stylometry - Paper
• RAPTOR: Routing Attacks on Privacy in Tor - Paper
• Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services - Paper
• SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization - Paper
• Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer - Paper
• Trustworthy Whole-System Provenance for the Linux Kernel - Paper
• Securing Self-Virtualizing Ethernet Devices - Paper
• EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning - Paper
• Marionette: A Programmable Network Traffic Obfuscation System - Paper
• CONIKS: Bringing Key Transparency to End Users - Paper
• Investigating the Computer Security Practices and Needs of Journalists - Paper
• Constants Count: Practical Improvements to Oblivious RAM - Paper
• Raccoon: Closing Digital Side-Channels through Obfuscated Execution - Paper
• M2R: Enabling Stronger Privacy in MapReduce Computation - Paper
• Measuring Real-World Accuracies and Biases in Modeling Password Guessability - Paper
• Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound - Paper
• Android Permissions Remystified: A Field Study on Contextual Integrity - Paper
• Phasing: Private Set Intersection Using Permutation-based Hashing - Paper
• Faster Secure Computation through Automatic Parallelization - Paper
• The Pythia PRF Service - Paper
• EVILCOHORT: Detecting Communities of Malicious Accounts on Online Services - Paper
• Trends and Lessons from Three Years Fighting Malicious Extensions - Paper
• Meerkat: Detecting Website Defacements through Image-based Object Recognition - Paper
• Recognizing Functions in Binaries with Neural Networks - Paper
• Reassembleable Disassembling - Paper
• How the ELF Ruined Christmas - Paper
• Finding Unknown Malice in 10 Seconds: Mass Vetting for New Threats at the Google-Play Scale - Paper
• You Shouldn’t Collect My Secrets: Thwarting Sensitive Keystroke Leakage in Mobile IME Apps - Paper
• Boxify: Full-fledged App Sandboxing for Stock Android - Paper
• Cookies Lack Integrity: Real-World Implications - Paper
• The Unexpected Dangers of Dynamic JavaScript - Paper
• ZigZag: Automatically Hardening Web Applications Against Client-side Validation Vulnerabilities - Paper
• Anatomization and Protection of Mobile Apps’ Location Privacy Threats - Paper
• LinkDroid: Reducing Unregulated Aggregation of App Usage Behaviors - Paper
• PowerSpy: Location Tracking Using Mobile Device Power Analysis - Paper
• In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services - Paper
• Bohatei: Flexible and Elastic DDoS Defense - Paper
• Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge - Paper
• GSMem: Data Exfiltration from Air-Gapped Computers over GSM Frequencies - Paper
• Thermal Covert Channels on Multi-core Platforms - Paper
• Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors - Paper
• Cache Template Attacks: Automating Attacks on Inclusive Last-Level Caches - Paper
• A Placement Vulnerability Study in Multi-Tenant Public Clouds - Paper
• A Measurement Study on Co-residence Threat inside the Cloud - Paper
• Towards Discovering and Understanding Task Hijacking in Android - Paper
• Cashtags: Protecting the Input and Display of Sensitive Data - Paper
• SUPOR: Precise and Scalable Sensitive User Input Detection for Android Apps - Paper
• UIPicker: User-Input Privacy Identification in Mobile Applications - Paper
• Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents - Paper
• WebWitness: Investigating, Categorizing, and Mitigating Malware Download Paths - Paper
• Vulnerability Disclosure in the Age of Social Media: Exploiting Twitter for Predicting Real-World Exploits - Paper
• Needles in a Haystack: Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence - Paper

A este evento le preceden una serie de talleres enfocados en temas más específicos, también dentro del ámbito de la seguridad informática: WOOT, CSET, FOCI, HealthTech, 3GSE, HotSet y JETS.

Cada uno de dichos talleres, a excepción de HotSet, también han publicado el contenido de sus sesiones, aunque en el caso the HealthTech sólo tienen publicada una de ellas.

Hoy ha sido lanzada la nueva versión de Kali Linux. Este es sin duda el sistema más usado en auditorias de seguridad. No necesita presentación alguna y todas sus novedades las podéis encontrar en su blog oficial.

Las diferentes imágenes de descarga las tenéis aquí, aunque se recomienda el uso de torrents para no saturar el servidor.

Aquí os dejo el vídeo de presentación:

Hace un tiempo publicamos aquí una entrada con una serie de tutoriales sobre arranque e inicialización en sistemas operativos con el núcleo de Linux.

El autor de las mismas ha seguido escribiendo sobre interrupciones, manejo de la memoria y conceptos varios, y además a creado un libro en Gitbook llamado Linux Inside con todo el contenido que ha ido escribiendo y que está escribiendo.

Dicho libro lo puedes leer online de forma gratuita, e incluso lo puedes descargar en formato PDF, EPUB o MOBI.

Y después de Black Hat, llega Defcon. Ya podemos acceder a las presentaciones de la edición 23 de la conferencia más grande sobre seguridad informática.

• 3alarmlampscooter
  • 3alarmlampscooter-DIY-Nukeproofing.pdf
• Alessandro Di Federico
  • Alessandro-Di-Federico-Leakless-How-The-ELF-ruined.pdf
• Amit Ashbel & Maty Siman
  • Amit-Ashbel-Maty-Siman-Game-of-Hacks-Play-Hack-and.pdf
• AmmonRa
  • ammonRA-How-to-hack-your-way-out-of-home-detention.pdf
• Andres Blanco & Andres Gazzoli
  • Andres-Blanco-802.11-Massive-Monitoring.pdf
• Atlas
  • Atlas-Fun-With-Symboliks.pdf
• Bart Kulach
  • Bart-Kulach-Hack-the-Legacy-IBMi-revealed.pdf
• Brent White
  • Brent-White-Hacking-Web-Apps-WP.pdf
• Brian Gorenc & Abdul Aziz Hariri & Jason Spelman
  • Hariri-Spelman-Gorenc-Abusing-Adobe-Readers-JavaSc.pdf
• Bruce Potter
  • Bruce-Potter-Hackers-Guide-to-Risk.pdf
• Chris Domas
  • Chris-Domas-REpsych.pdf
• Chris Rock
  • Chris-Rock-I-Will-Kill-You-How-to-Get-Away-with-Mu.pdf
• Chris Sistrunk
  • Chris-Sistrunk-NSM-101-for-ICS.pdf
• Colby Moore
  • Colby-Moore-Spread-Spectrum-Satcom-Hacking.pdf
• Colin O'Flynn
  • Colin-O'Flynn-Dont-Whisper-My-Chips.pdf
• Collin Anderson & Tom Cross
  • Collin-Anderson-Tom-Cross-Export-Controls-on-Intru.pdf
• Collin Cassidy & Robert Lee & Eireann Leverett
  • Cassidy-Leverett-Lee-Switches-Get-Stitches.pdf
• Craig Young
  • Extras/
  • Craig-Young-How-To-Train-Your-RFID-Hacking-Tools.pdf
• Dakahuna & Satanklawz
  • DaKahuna-Satanlawz-Introduction-to-SDR-and-Wifi-Vi.pdf
• Damon Small
  • Damon-Small-Beyond-the-Scan.pdf
• Daniel Crowley & Damon Smith
  • Daniel-Crowley-Damon-Smith-Bugged-Files.pdf
• Daniel Selifonov
  • Daniel-Selifonov-Drinking-from-LETHE.pdf
• David An
  • David-An-When-the-Secretary-of-State-says-Stop-Hac.pdf
• David Huerta
  • David-Huerta-Alice-and-Bob-are-Really-Confused.pdf
• David Mortman
  • David-Mortman-Docker.pdf
• Eijah
  • Eijah-Crypto-for-Hackers.pdf
• Eric (XlogicX) Davisson
  • Eric-XlogicX-Davisson-ReDoS.pdf
• Eric Van Albert & Zack Banks
  • Eric-Van-Albert-Zack-Banks-Looping-Surveillance-Ca.pdf
• Etienne Martineau
  • Etienne-Martineau-Inter-VM-Data-Exfiltration.pdf
• Evilrob & Xaphan
  • Evilrob-Xaphan-TLS-Canary-Keeping-Your-Dick-Pics-S.pdf
• Fatih Ozavci
  • Fatih-Ozavci-The-Art-of-VoIP-Workshop.pdf
• Fernando Arnaboldi
  • Fernando-Arnaboldi-Abusing-XSLT-for-Practical-Atta.pdf
  • Fernando-Arnaboldi-Abusing-XSLT-for-Practical-_002.pdf
• Gerard Laygui
  • Gerard-Laygui-Forensic-Artifacts-Pass-The-Hash-Att.pdf
• Grant Bugher
  • Grant-Bugher-Obtaining-and-Detecting-Domain-Persis.pdf
• Gregory Pickett
  • Extras/
  • Gregory-Pickett-Staying-Persistant-in-Software-Def.pdf
• Ian Kline
  • Ian-Kline-LTE-Recon-and-Tracking-with-RTLSDR.pdf
• Ian Latter
  • Ian-Latter-Remote-Access-the-APT.pdf
• Ionut Popescu
  • Ionut-Popescu-NetRipper-WP.pdf
  • Ionut-Popescu-NetRipper.pdf
• Jason Haddix
  • Jason-Haddix-How-Do-I-shot-Web.pdf
• Jeremy Dorrough
  • Jeremy-Dorrough-USB-Attack-to-Decrypt-Wi-Fi-Commun.pdf
• John Menerick
  • John-Menerick-Backdooring-Git.pdf
• John Seymour
  • John-Seymour-Quantum-Classification-of-Malware-WP.pdf
  • John-Seymour-Quantum-Classification-of-Malware.pdf
• Jose Selvi
  • Jose-Selvi-Breaking-SSL-Using-Time-Synchronisation.pdf
• Joshua Smith
  • Joshua-Smith-High-Def-Fuzzing-Exploitation-Over-HD.pdf
• Justin Engler
  • Justin-Engler-Secure-Messaging-For-Normal-People-W.pdf
  • Justin-Engler-Secure-Messaging-For-Normal-People.pdf
• Ken Westin
  • Ken-Westin-Confessions-of-a-Cyberstalker.pdf
• Lance Butters (Nemus)
  • Lance-Buttars-Nemus-SQLi-on-LAMP.pdf
• Li Jun & Yang Qing
  • Li-Jun-Yang-Qing-I-AM-A-NEWBIE-YET-I-CAN-HACK-ZIGB.pdf
• Lin Huang & Qing Yang
  • Lin-Huang-Qing-Yang-GPS-Spoofing.pdf
• Luke Young
• Mahdi Namazifar
  • Mahdi-Namazifar-Detecting-Random-Strings-Language-.pdf
• Maiubiz
  • Miaubiz-Put-on-Your-Tinfo_t-Hat.pdf
• Marina Krotofil & Jason Larsen
  • Marina-Krotofil-Jason-Larsen-Rocking-the-Pocke_002.pdf
  • Marina-Krotofil-Jason-Larsen-Rocking-the-Pocketboo.pdf
• Mark Ryan Talabis
  • Mark-Ryan-Talabis-The-Bieber-Project.pdf
• Marte L0ge
  • Marte-L0ge-I-will-Tell-you-your-Lock-Pattern.pdf
• Matt Graeber & Willi Ballenthin & Claudio Teodorescu
  • Ballenthin-Graeber-Teodorescu-WMI-Attacks-Defense-.pdf
• Matteo Becarro & Matteo Collura
  • Matteo-Becarro-Matteo-Collura-Extracting-The-Painf.pdf
• Michael Robinson
  • Michael-Robinson-Knocking-My-Neighbors-Kids-Drone-.pdf
• Michael Schrenk
  • Michael-Schrenk-Applied-Intelligence.pdf
• Mickey Shkatov & Jesse Michael
  • Mickey-Shkatov-Jesse-Michael-Scared-poopless-LTE-a.pdf
• Mike Sconzo
  • Mike-Sconzo-I-am-packer-and-so-can-you.pdf
• Nadeem Douba
  • Extras/
  • Nadeem-Douba-BurpKit.pdf
• Nir Valtman & MosheFerber
  • Nir-Valtman-Moshe-Ferber-From-zero-to-secure-in-1-.pdf
• Omer Coskun
  • Omer-Coskun-Why-Nation-State-Malwares-Target-Telco.pdf
• Panel - Comedy Inception
  • Panel-Comedy-Inception-Amanda-Berlin-Blue-Team-Hel.pdf
• Patrick McNeil
  • Patrick-McNeil-Guidelines-For-Securing-Your-VoIP-P.pdf
• Patrick McNeil & Snide Owen
  • Patrick-McNeil-Owen-Sorry-Wrong-Number.pdf
• Patrick Wardle
  • Patrick-Wardle-DLL-Hijacking-on-OSX.pdf
  • Patrick-Wardle-Stick-that-in-your-(Root)Pipe-and-S.pdf
• Paul Amicelli & David Baptiste
  • Paul-Amicelli-David-Baptiste-How-to-secure-the-key.pdf
• Peter Desfigies, Joshua Brierton & Naveed Ul Islam
  • Desfigies-Brierton-Islam-Guests-N-Goblins-Referenc.txt
  • Desfigies-Brierton-Islam-Guests-N-Goblins.pdf
• Phil Polstra
  • Extras/
  • Phil-Polstra-Hacker-in-the-Wires.pdf
  • Phil-Polstra-One-device-to-Pwn-them-all.pdf
• Phil Young & Chad Rikansrud
  • Extras/
  • Phil-Young-Chad-Rikansrud-Security-Necromancy-Furt.pdf
• Phillip Aumasson
  • Phillip-Aumasson-Quantum-Computers-vs-Computers-Se.pdf
• Rich Kelley
  • Rich-Kelley-Harness-Powershell-Weaponization-Made-.pdf
• Richo Healey & Mike Ryan
  • Richo-Healey-Mike-Ryan-Hacking-Electric-Skateboard.pdf
• Ricky Lawshae
  • Extras/
  • Rickey-Lawshae-Lets-Talk-About-SOAP.pdf
• Rodrigo Almeida
  • Extras/
  • Rodringo-Almeida-Embedded-System-Design-From-E_002.pdf
  • Rodringo-Almeida-Embedded-System-Design-From-Elect.pdf
• Ronny Bull & Jeanna Matthews
  • Extras/
  • Ronny-Bull-Jeanna-Matthews-Exploring-Layer-2-N_002.pdf
  • Ronny-Bull-Jeanna-Matthews-Exploring-Layer-2-Netwo.pdf
• Ryan Castelluci
  • Ryan-Castellucci-Cracking-Cryptocurrency-Brainwall.pdf
• Ryan Mitchell
  • Ryan-Mitchell-Separating-Bots-from-Humans.pdf
• Ryan O'Neil
  • Ryan-O'Neil-Advances-in-Linux-Forensics-ECFS.pdf
• Saif El-Sherei & Etienne Stalmans
  • Saif-El-Sherei-Etienne-Stalmans-SensePost-Introduc.pdf
• Sam Bowne
  • Sam-Bowne-Workshop-Android-Security-Auditing-Mobil.pdf
  • Sam-Bowne-Workshop-Violent-Python.pdf
• Samy Kamkar
  • Extras/
  • Samy-Kamkar-README.txt
• Sarah Edwards
  • Sarah-Edwards-Ubiquity-Forensics.pdf
• Sean Metcalf
  • Sean-Metcalf-Red-vs-Blue-AD-Attack-and-Defense.pdf
• Shawn Webb
  • Shawn-Webb-HardenedBSD-Internals.pdf
• Tamas Szakaly
  • Tamas-Szakaly-Shall-We-Play-A-Game.pdf
• Tony Trummer & Tushar Dalvi
  • Tony-Trummer-Tushar-Dalvi-QARK.pdf
• Topher Timzen & Ryan Allen
  • Topher-Timzen-Acquiring-NET-Objects-From-The-Manag.pdf
  • Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-NET-A.pdf
  • Topher-Timzen-Ryan-Allen-Hijacking-Arbitrary-N_002.pdf
• Tottenkoph & IrishMASMS
  • Tottenkoph-IrishMASMS-Hackers-Hiring-Hacker.pdf
• Vivek Ramachadran
  • Vivek-Ramachadran-Chellam.pdf
• Wesley McGrew
  • Wesley-McGrew-I-Hunt-Penetration-Testers-WP.pdf
  • Wesley-McGrew-I-Hunt-Penetration-Testers.pdf
• Weston Hecker
  • Weston-Hecker-Goodbye-Memory-Scraping-Malware.pdf
• Xntrik
  • xntrik-Hooked-Browser-Meshed-Networks-with-webRTC-.pdf
• Yan Shoshitaishvili & Fish Wang
  • Yan-Shoshitaishvili-Fish-Wang-Angry-Hacking.pdf
• Yaniv Balmas & Lior Oppenheim
  • Yaniv-Balmas-Lior-Oppenheim-Key-Logger-Video-Mouse.pdf
• Yuwei Zheng & Haoqi Shan
  • Yuwei-Zheng-Haoqi-Shan-Build-a-Free-Cellular-Traff.pdf
• Zach Allen & Rusty Bower
  • Zack-Allen-Rusty-Bower-Malware-In-Gaming.pdf
• fluxist
  • Fluxist-Unbootable-Exploiting-Paylock-Smartboot.pdf

Ya tenemos disponible la mayoría de las presentaciones de la Black Hat USA 2015.

La lista es la siguiente:

• The Lifecycle of a Revolution us-15-Granick-The-Lifecycle-Of-A-Revolution.pdf
• Abusing Silent Mitigations - Understanding Weaknesses Within Internet Explorers Isolated Heap and MemoryProtection us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection.pdf us-15-Gorenc-Abusing-Silent-Mitigations-Understanding-Weaknesses-Within-Internet-Explorers-Isolated-Heap-And-MemoryProtection-wp.pdf
• Abusing Windows Management Instrumentation (WMI) to Build a Persistent Asynchronous and Fileless Backdoor us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor.pdf us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-wp.pdf us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent Asynchronous-And-Fileless-Backdoor-WMIBackdoor.ps1
• Abusing XSLT for Practical Attacks us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks.pdf us-15-Arnaboldi-Abusing-XSLT-For-Practical-Attacks-wp.pdf
• Advanced IC Reverse Engineering Techniques: In Depth Analysis of a Modern Smart Card us-15-Thomas-Advanced-IC-Reverse-Engineering-Techniques-In-Depth-Analysis-Of-A-Modern-Smart-Card.pdf
• Adventures in Femtoland: 350 Yuan for Invaluable Fun
• Ah! Universal Android Rooting is Back us-15-Xu-Ah-Universal-Android-Rooting-Is-Back.pdf us-15-Xu-Ah-Universal-Android-Rooting-Is-Back-wp.pdf
• Android Security State of the Union
• API Deobfuscator: Resolving Obfuscated API Functions in Modern Packers us-15-Choi-API-Deobfuscator-Resolving-Obfuscated-API-Functions-In-Modern-Packers.pdf
• Assessing and Exploiting BigNum Vulnerabilities
• Attacking ECMAScript Engines with Redefinition us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition us-15-Silvanovich-Attacking-ECMA-Script-Engines-With-Redefinition-wp.pdf
• Attacking Hypervisors Using Firmware and Hardware
• Attacking Interoperability - An OLE Edition us-15-Li-Attacking-Interoperability-An-OLE-Edition.pdf
• Attacking Your Trusted Core: Exploiting Trustzone on Android us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android.pdf us-15-Shen-Attacking-Your-Trusted-Core-Exploiting-Trustzone-On-Android-wp.pdf
• Automated Human Vulnerability Scanning with AVA us-15-Bell-Automated-Human-Vulnerability-Scanning-With-AVA.pdf
• Back Doors and Front Doors Breaking the Unbreakable System
• Battle of the SKM and IUM: How Windows 10 Rewrites OS Architecture
• Behind the Mask: The Agenda Tricks and Tactics of the Federal Trade Commission as they Regulate Cybersecurity us-15-Daugherty-Behind-The-Mask-The-Agenda-Tricks-And-Tactics-Of-The-Federal-Trade-Commission-As-They-Regulate-Cybersecurity.pdf
• BGP Stream
• Big Game Hunting: The Peculiarities of Nation-State Malware Research us-15-MarquisBoire-Big-Game-Hunting-The-Peculiarities-Of-Nation-State-Malware-Research.pdf
• Breaking Access Controls with BLEKey
• Breaking Honeypots for Fun and Profit
• Breaking HTTPS with BGP Hijacking us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking.pdf us-15-Gavrichenkov-Breaking-HTTPS-With-BGP-Hijacking-wp.pdf
• Breaking Payloads with Runtime Code Stripping and Image Freezing us-15-Mulliner-Breaking-Payloads-With-Runtime-Code-Stripping-And-Image-Freezing.pdf us-15-Mulliner-Breaking-Payloads-With-Runtime-Code-Stripping-And-Image-Freezing-wp.pdf
• Bring Back the Honeypots
• Bringing a Cannon to a Knife Fight
• Broadcasting Your Attack: Security Testing DAB Radio in Cars
• Bypass Control Flow Guard Comprehensively us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively.pdf us-15-Zhang-Bypass-Control-Flow-Guard-Comprehensively-wp.pdf
• Bypass Surgery Abusing Content Delivery Networks with Server-Side-Request Forgery (SSRF) Flash and DNS
• Certifi-gate: Front-Door Access to Pwning Millions of Androids us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids.pdf us-15-Bobrov-Certifi-Gate-Front-Door-Access-To-Pwning-Millions-Of-Androids-wp.pdf
• Cloning 3G/4G SIM Cards with a PC and an Oscilloscope: Lessons Learned in Physical Security us-15-Yu-Cloning-3G-4G-SIM-Cards-With-A-PC-And-An-Oscilloscope-Lessons-Learned-In-Physical-Security.pdf us-15-Yu-Cloning-3G-4G-SIM-Cards-With-A-PC-And-An-Oscilloscope-Lessons-Learned-In-Physical-Security-wp.pdf
• Commercial Mobile Spyware - Detecting the Undetectable us-15-Dalman-Commercial-Spyware-Detecting-The-Undetectable.pdf us-15-Dalman-Commercial-Spyware-Detecting-The-Undetectable-wp.pdf
• CrackLord: Maximizing Password Cracking Boxes us-15-Morris-CrackLord-Maximizing-Password-Cracking.pdf us-15-Morris-CrackLord-Maximizing-Password-Cracking-wp.pdf us-15-Morris-CrackLord-Maximizing-Password-Cracking-src.zip
• Crash & Pay: How to Own and Clone Contactless Payment Devices us-15-Fillmore-Crash-Pay-How-To-Own-And-Clone-Contactless-Payment-Devices.pdf us-15-Fillmore-Crash-Pay-How-To-Own-And-Clone-Contactless-Payment-Devices-wp.pdf
• Dance Like Nobodys Watching Encrypt Like Everyone Is: A Peek Inside the Black Hat Network
• Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and Sharing
• Deep Learning on Disassembly us-15-Davis-Deep-Learning-On-Disassembly.pdf
• Defeating Machine Learning: What Your Security Vendor is Not Telling You
• Defeating Pass-the-Hash: Separation of Powers us-15-Moore-Defeating Pass-the-Hash-Separation-Of-Powers.pdf us-15-Moore-Defeating Pass-the-Hash-Separation-Of-Powers-wp.pdf
• Distributing the Reconstruction of High-Level Intermediate Representation for Large Scale Malware Analysis
• Dom Flow - Untangling the DOM for More Easy-Juicy Bugs us-15-Nafeez-Dom-Flow-Untangling-The-DOM-For-More-Easy-Juicy-Bugs.pdf
• Emanate Like a Boss: Generalized Covert Data Exfiltration with Funtenna
• Exploiting Out-of-Order Execution for Covert Cross-VM Communication us-15-DAntoine-Exploiting-Out-Of-Order-Execution-For-Covert-Cross-VM-Communication.pdf us-15-DAntoine-Exploiting-Out-Of-Order-Execution-For-Covert-Cross-VM-Communication-wp.pdf
• Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges us-15-Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges.pdf us-15-Seaborn-Exploiting-The-DRAM-Rowhammer-Bug-To-Gain-Kernel-Privileges-wp.pdf
• Exploiting XXE Vulnerabilities in File Parsing Functionality us-15-Vandevanter-Exploiting-XXE-Vulnerabilities-In-File-Parsing-Functionality.pdf us-15-Vandevanter-Exploiting-XXE-Vulnerabilities-In-File-Parsing-Functionality-tool.zip
• Faux Disk Encryption: Realities of Secure Storage on Mobile Devices us-15-Mayer-Faux-Disk-Encryption-Realities-Of-Secure-Storage-On-Mobile-Devices-wp.pdf
• FileCry - The New Age of XXE us-15-Wang-FileCry-The-New-Age-Of-XXE.pdf us-15-Wang-FileCry-The-New-Age-Of-XXE-ie-wp.pdf us-15-Wang-FileCry-The-New-Age-Of-XXE-java-wp.pdf
• Fingerprints on Mobile Devices: Abusing and Leaking us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking.pdf us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf
• Forging the USB Armory an Open Source Secure Flash-Drive-Sized Computer
• From False Positives to Actionable Analysis: Behavioral Intrusion Detection Machine Learning and the SOC us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-Detection-Machine-Learning-And-The-SOC.pdf us-15-Zadeh-From-False-Positives-To-Actionable-Analysis-Behavioral-Intrusion-Detection-Machine-Learning-And-The-SOC-wp.pdf
• Fuzzing Android System Services by Binder Call to Escalate Privilege us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege-wp.pdf
• GameOver Zeus: Badguys and Backends us-15-Peterson-GameOver-Zeus-Badguys-And-Backends.pdf us-15-Peterson-GameOver-Zeus-Badguys-And-Backends-wp.pdf
• Graphic Content Ahead: Towards Automated Scalable Analysis of Graphical Images Embedded in Malware us-15-Long-Graphic-Content-Ahead-Towards-Automated-Scalable-Analysis-Of-Graphical-Images-Embedded-In-Malware.pdf
• Harnessing Intelligence from Malware Repositories us-15-Lakhotia-Harnessing-Intelligence-From-Malware-Repositories.pdf
• HI THIS IS URGENT PLZ FIX ASAP: Critical Vulnerabilities and Bug Bounty Programs us-15-Price-Hi-This-Is-Urgent-Plz-Fix-ASAP-Critical-Vulnerabilities-And-Bug-Bounty-Programs.pdf
• Hidden Risks of Biometric Identifiers and How to Avoid Them us-15-Keenan-Hidden-Risks-Of-Biometric-Identifiers-And-How-To-Avoid-Them.pdf us-15-Keenan-Hidden-Risks-Of-Biometric-Identifiers-And-How-To-Avoid-Them-wp.pdf
• How to Hack Government: Technologists as Policy Makers
• How to Implement IT Security After a Cyber Meltdown us-15-Kubecka-How-To-Implement-IT-Security-After-A-Cyber-Meltdown.pdf
• How Vulnerable are We to Scams? us-15-Jakobsson-How-Vulnerable-Are-We-To-Scams.pdf us-15-Jakobsson-How-Vulnerable-Are-We-To-Scams-wp.pdf
• Information Access and Information Sharing: Where We are and Where We are Going
• Internet Plumbing for Security Professionals: The State of BGP Security us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security.pdf us-15-Remes-Internet-Plumbing-For-Security-Professionals-The-State-Of-BGP-Security-wp.pdf
• Internet-Facing PLCs - A New Back Orifice us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice.pdf us-15-Klick-Internet-Facing-PLCs-A-New-Back-Orifice-wp.pdf
• Internet-Scale File Analysis us-15-Hanif-Internet-Scale-File-Analysis.pdf us-15-Hanif-Internet-Scale-File-Analysis-wp.pdf
• Is the NSA Still Listening to Your Phone Calls? A Surveillance Debate: Congressional Success or Epic Fail
• Mobile Point of Scam: Attacking the Square Reader us-15-Mellen-Mobile-Point-Of-Scam-Attacking-The-Square-Reader.pdf us-15-Mellen-Mobile-Point-Of-Scam-Attacking-The-Square-Reader-wp.pdf
• Most Ransomware Isnt as Complex as You Might Think us-15-Kirda-Most-Ransomware-Isn’t-As-Complex-As-You-Might-Think.pdf us-15-Kirda-Most-Ransomware-Isn’t-As-Complex-As-You-Might-Think-wp.pdf
• My Bro the ELK: Obtaining Context from Security Events us-15-Smith-My-Bro-The-ELK-Obtaining-Context-From-Security-Events.pdf us-15-Smith-My-Bro-The-ELK-Obtaining-Context-From-Security-Events-wp.pdf
• Optimized Fuzzing IOKit in iOS us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS.pdf us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS-wp.pdf
• Panel: Getting It Right: Straight Talk on Threat & Information Sharing
• Panel: How the Wassenaar Arrangements Export Control of Intrusion Software Affects the Security Industry
• Pen Testing a City us-15-Conti-Pen-Testing-A-City.pdf us-15-Conti-Pen-Testing-A-City-wp.pdf
• Red vs Blue: Modern Active Directory Attacks Detection and Protection us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection.pdf us-15-Metcalf-Red-Vs-Blue-Modern-Active-Directory-Attacks-Detection-And-Protection-wp.pdf
• Remote Exploitation of an Unaltered Passenger Vehicle
• Remote Physical Damage 101 - Bread and Butter Attacks us-15-Larsen-Remote-Physical-Damage-101-Bread-And-Butter-Attacks.pdf
• Repurposing OnionDuke: A Single Case Study Around Reusing Nation State Malware us-15-Pitts-Repurposing-OnionDuke-A-Single-Case-Study-Around-Reusing-Nation-State-Malware.pdf us-15-Pitts-Repurposing-OnionDuke-A-Single-Case-Study-Around-Reusing-Nation-State-Malware-wp.pdf
• Return to Where? You Cant Exploit What You Cant Find
• Review and Exploit Neglected Attack Surfaces in iOS 8 us-15-Wang-Review-And-Exploit-Neglected-Attack-Surface-In-iOS-8.pdf
• Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion us-15-Krotofil-Rocking-The-Pocket-Book-Hacking-Chemical-Plant-For-Competition-And-Extortion.pdf us-15-Krotofil-Rocking-The-Pocket-Book-Hacking-Chemical-Plant-For-Competition-And-Extortion-wp.pdf
• ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion us-15-Xenakis-ROPInjector-Using-Return-Oriented-Programming-For-Polymorphism-And-Antivirus-Evasion.pdf us-15-Xenakis-ROPInjector-Using-Return-Oriented-Programming-For-Polymorphism-And-Antivirus-Evasion-wp.pdf
• Securing Your Big Data Environment us-15-Gaddam-Securing-Your-Bigdata-Environment.pdf us-15-Gaddam-Securing-Your-Bigdata-Environment-wp.pdf
• Server-Side Template Injection: RCE for the Modern Web App us-15-Kettle-Server-Side-Template-Injection-RCE-For-The-Modern-Web-App-wp.pdf
• SMBv2: Sharing More than Just Your Files us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files-wp.pdf
• Social Engineering the Windows Kernel: Finding and Exploiting Token Handling Vulnerabilities
• Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service us-15-Moore-Spread-Spectrum-Satcom-Hacking-Attacking-The-GlobalStar-Simplex-Data-Service.pdf us-15-Moore-Spread-Spectrum-Satcom-Hacking-Attacking-The-GlobalStar-Simplex-Data-Service-wp.pdf
• Stagefright: Scary Code in the Heart of Android
• Staying Persistent in Software Defined Networks us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks.pdf us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks-wp.pdf us-15-Pickett-Staying-Persistent-In-Software-Defined-Networks-tool.py
• Stranger Danger! What is the Risk from 3rd Party Libraries?
• Subverting Satellite Receivers for Botnet and Profit us-15-Talmat-Subverting-Satellite-Receivers-For-Botnet-And-Profit.pdf us-15-Talmat-Subverting-Satellite-Receivers-For-Botnet-And-Profit-wp.pdf
• Switches Get Stitches us-15-Cassidy-Switches-Get-Stitches.pdf
• Take a Hacker to Work Day - How Federal Prosecutors Use the CFAA us-15-Bailey-Take-A-Hacker-To-Work Day-How-Federal-Prosecutors-Use-The-CFAA.pdf
• Taking Event Correlation with You us-15-King-Taking-Event-Correlation-With-You.pdf us-15-King-Taking-Event-Correlation-With-You-wp.pdf us-15-King-Taking-Event-Correlation-With-You-tool.tgz
• Targeted Takedowns: Minimizing Collateral Damage Using Passive DNS us-15-Vixie-Targeted-Takedowns-Minimizing-Collateral-Damage-Using-Passive-DNS.pdf
• Taxonomic Modeling of Security Threats in Software Defined Networking us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pdf us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking-wp.pdf
• The Applications of Deep Learning on Traffic Identification us-15-Wang-The-Applications-Of-Deep-Learning-On-Traffic-Identification.pdf us-15-Wang-The-Applications-Of-Deep-Learning-On-Traffic-Identification-wp.pdf
• The Battle for Free Speech on the Internet
• The Kali Linux Dojo Workshop #1: Rolling Your Own - Generating Custom Kali Linux 20 ISOs
• The Kali Linux Dojo Workshop #2: Kali USB Setups with Persistent Stores and LUKS Nuke Support
• The Little Pump Gauge that Could: Attacks Against Gas Pump Monitoring Systems us-15-Wilhoit-The-Little-Pump-Gauge-That-Could-Attacks-Against-Gas-Pump-Monitoring-Systems.pdf us-15-Wilhoit-The-Little-Pump-Gauge-That-Could-Attacks-Against-Gas-Pump-Monitoring-Systems-wp.pdf
• The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf
• The Nodejs Highway: Attacks are at Full Throttle us-15-Siman-The-Node-Js-Highway-Attacks-Are-At-Full-Throttle.pdf
• The NSA Playset: A Year of Toys and Tools us-15-Ossmann-The-NSA-Playset-A-Year-Of-Toys-And-Tools.pdf
• The Tactical Application Security Program: Getting Stuff Done
• These are Not Your Grand Daddys CPU Performance Counters - CPU Hardware Performance Counters for Security us-15-Herath-These-Are-Not-Your-Grand-Daddys-CPU-Performance-Counters-CPU-Hardware-Performance-Counters-For-Security.pdf
• THIS IS DeepERENT: Tracking App Behaviors with (Nothing Changed) Phone for Evasive Android Malware us-15-Park-This-Is-DeepERENT-Tracking-App-Behaviors-With-Nothing-Changed-Phone-For-EvasiveAAndroid-Malware.pdf
• ThunderStrike 2: Sith Strike us-15-Hudson-Thunderstrike-2-Sith-Strike.pdf
• TrustKit: Code Injection on iOS 8 for the Greater Good us-15-Diquet-TrustKit-Code-Injection-On-iOS-8-For-The-Greater-Good.pdf
• Understanding and Managing Entropy Usage us-15-Potter-Understanding-And-Managing-Entropy-Usage.pdf us-15-Potter-Understanding-And-Managing-Entropy-Usage-wp.pdf
• Understanding the Attack Surface and Attack Resilience of Project Spartans New EdgeHTML Rendering Engine us-15-Yason-Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine.pdf us-15-Yason-Understanding-The-Attack-Surface-And-Attack-Resilience-Of-Project-Spartans-New-EdgeHTML-Rendering-Engine-wp.pdf
• Unicorn: Next Generation CPU Emulator Framework
• Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware us-15-Kruegel-Using-Static-Binary-Analysis-To-Find-Vulnerabilities-And-Backdoors-In-Firmware.pdf
• Web Timing Attacks Made Practical us-15-Morgan-Web-Timing-Attacks-Made-Practical.pdf us-15-Morgan-Web-Timing-Attacks-Made-Practical-wp.pdf
• When IoT Attacks: Hacking a Linux-Powered Rifle us-15-Sandvik-When-IoT-Attacks-Hacking-A-Linux-Powered-Rifle.pdf
• Why Security Data Science Matters and How Its Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat Intelligence us-15-Saxe-Why-Security-Data-Science-Matters-And-How-Its-Different.pdf
• Winning the Online Banking War us-15-Park-Winning-The-Online-Banking-War.pdf us-15-Park-Winning-The-Online-Banking-War-wp.pdf
• Writing Bad @$$ Malware for OS X us-15-Wardle-Writing-Bad-A-Malware-For-OS-X.pdf
• WSUSpect - Compromising the Windows Enterprise via Windows Update us-15-Stone-WSUSpect-Compromising-Windows-Enterprise-Via-Windows-Update.pdf us-15-Stone-WSUSpect-Compromising-Windows-Enterprise-Via-Windows-Update-wp.pdf
• ZigBee Exploited the Good the Bad and the Ugly us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly.pdf us-15-Zillner-ZigBee-Exploited-The-Good-The-Bad-And-The-Ugly-wp.pdf

Iremos actualizando la lista con el material que se vaya publicando.

Powershell es uno de los recursos que se han convertido en indispensable a la hora de realizar una auditoría que involucra sistemas Windows.

Nishang es una colección de scripts escritos en Powershell listos para la acción. En dicha colección tienes scripts que puedes usar en todas las fases de la auditoría, pero quizás los más poderosos sean aquellos para la fase de post-explotación.

Las diferentes secciones en las que se organiza esta colección es:

La función más importante en un desensamblador es la conversión o recomposición de las instrucciones en lenguaje ensamblador a partir de los códigos de operacion (OP / operation code).

En la arquitectura X86, a diferencia de otras, la longitud en bytes de una instrucción, varía dependiendo de la instrucción en sí y de los operandos sobre las que ésta actúa.

Últimamente, gracias en entre otros a proyectos como Capstone hemos visto el lanzamiento de desensambladores de todo tipo, así como la migración o adaptación de desensambladores previamente existentes a este motor.

En la web de CyberGuerrilla, bajo el nombre de: Lo que los Blackhats no quieren que sepas, recopilan una seria de tutoriales sobre ingeniería inversa. Desde la utilización de las herramientas esenciales, técnicas de inyección, cracking, creación de tu propio laboratorio, etc. Hay un buen número de tutoriales (en inglés) que sin duda alguna pueden serte útil.

Copio y pego la lista:

• Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?
• Whitehat Lab
• ASM Programming
• Introduction Part 1 Ollydbg
• Introduction Part 2 Using Ollydbg and Tracing Botnets
• Analyzing Botnets
• Introduction Part 3 Ollydbg: Cheating a Crackme
• Introduction Part 4 Ollydbg: Your first Patch
• Encryption 101
• Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com
• Introduction to Honeydrive: A Brief Walk Through
• Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up
• Resource Hacker
• Dll Injection the Easy Way
• Visual Basic Binaries Walk Through Part 1
• Ollydbg on Steroids
• Creating Patchers Part 1
• Have you supported the gas mask campaign over the years?
• Crack to win a gas mask gift pack
• How to edit a register me crack me Pre Part 1
• Unwinding Delphi Binaries Walk Through if not Preview
• Cracking Delphi Part 2
• Reversing Timed Trials: Ollydbg Tricks Part 3
• Analyzing Adware
• Preview Against Debugging
• Bypassing Registering 101
• Bypassing Part 2
• Android/iOS Reversing
• Introducing IDA Pro: Static Analyzing
• Hacker’s Disassembler
• Ripping Apart Adware
• Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file
• IDA PRO Book
• Unpacking & Crypting there is a difference
• Covert Debugging whitepaper from blackhat.com
• Manually Unpacking with Ollydbg
• Manually Unpacking Part 2
• Manually Unpacking 101
• ASM Injecting
• ASM Injecting Part 2
• ASM Injecting Part 3: Crypt your malicious file
• Reversing Trials
• Adding Your Menu
• ASM Injecting Part 4
• ASM Injecting Part 5
• Finding Nag Screens & Removing them
• REMnux: Linux Toolkit for Reverse-Engineering and Analyzing Malware
• REMnux: Volatility Framework ~ Memory Forensics
• Volatility Analyzing the ZeuS Bot Part 2
• Infected Machine? Create a memory dump
• What the gov doesn’t want you to know: All your pastebin data is being LOGGED
• Connect to IRC more securely with SSL, add a fingerprint to your nick
• Do you have pictures of yourself on the internet? You might of leaked your location of where the pic was taken through EXIF Data
• Bulk Extractor: Walk Through for a Windows Platform
• Bulk Extractor: Walk Through for Linux
• Memory Forensics: Windows Analyzing for Malicious Activity

Ya está disponibles los vídeos de la Infiltrate 2015, conferencia sobre seguridad informática celebrada el pasado mes de abril en Miami, Florida.

Los vídeos publicados son los siguientes:

• Alex Ionescu Insection: AWEsomely Exploiting Shared Memory Objects
• Ram Shankar & Sacha Faust Data Driven Offense
• Neil Archibald Modern Objective-C Exploitation
• James Forshaw A Link to the Past: Abusing Symbolic Links on Windows
• Rusty Wagner & Jordan Wiens Hacking Games in a Hacked Game
• Infiltrate2015 BJJ Open Mat - part 2
• Infiltrate2015 BJJ Open Mat - Part 1
• Braden Thomas Technical Keynote: Practical Attacks on DOCSIS
• Nathan Rittenhouse Problems in Symbolic Fuzzing
• Joaquim Espinhara & Rafael Silva MIMOSAWRITERROUTER - Abusing EPC on Cisco Router to collect data
• Patrick Wardle Writing Bad@ss OS X Malware
• Jacob Torrey HARES: Hardened Anti-Reverse Engineering System
• Ray Boisvert [keynote] Abyss or Turning Point: Strategy Skills and Tradecraft in the Age of 21st Century Warfare