Browser Sessions Trick Can Hack Encrypted Webservers

BlackHat¹ videos are up now… Specifically HEIST video²  – Http Encrypted Information can be Stolen through TCP windows By Tom Van Goethem & Mathy Vanhoef Belgian researchers The technical video about how a browser session can attack a server which attempts to prevent an attack using a token. The aspects of the encryption defense (CSRF token) … Read more

Diamond Model Intrusion Analysis

Did you want to set up your own Intrusion Analysis department? Or at least give a framework for creating a method to understand a breach. Then read this document at threatconnect.com¹ by Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. This document goes into the details of what the attacker/adversary can do to your infrastructure and … Read more

Zmodo camera Has hardcoded Security Flaw

Here is the “moneyquote”: Once it is scanned, you assign a name and connect to the camera.  A very simple and elegant setup solution to get up and running quickly.   Unfortunately for Zmodo and the purchasers of this camera this came out today(was 05/2016– then updated 08/2016): CERT² – Computer Emergency Response Team Vulnerability Note … Read more

Modern Hackers Good-Bad-Both

I have explained some of the description and history of a hacker on post¹: I want to refocus on the 3 types of hackers: White, Gray, and Black hat. The White hat hacker is the good guy, the black hat is the bad evil guy, and the grey hat does both good and bad. This  … Read more

Mismanagement in Vulnerability Management Systems

I’m always scouring the net for interesting presentations and this is an interesting one, from Bsides Detroit By Gordon MacKay¹ which have been put on the Net by Adrian Crenshaw (² The presentation is about a flaw in vulnerability management systems which also happens to be what Gordon MacKay programs now for Digital Defense Inc. … Read more