Collaborate Disseminate
Researchers at Endgame are expected at Black Hat to introduce Hardware Assisted Control Flow Integrity (HA-CFI), which leverages features in the micro-architecture of Intel processors for security. Continue reading New Technique Checks Mitigation Bypasses Earlier
Nishang is a framework, and a collection of scripts and payloads which enables PowerShell usage for offensive security, penetration testing and red teaming. The tool is the brainchild of information security researcher Nikhil Mittal, who created it after realizing he needed something custom for his penetration testing engagements, and later decided to share it with the community through GitHub. “The wide use of Windows as server and user desktop in the enterprise made PowerShell an … More → Continue reading Nishang: Using PowerShell for penetration testing
Sniffing HTTPS URLs with malicious PAC files gets easier with a new technique that exploits flaws in the Web Proxy AutoDiscovery protocol. Continue reading WPAD Flaws Leak HTTPS URLs
In a session at Black Hat USA 2016 on Wednesday, Marco Lancini, Security Consultant at MWR InfoSecurity, will demonstrate publicly for the first time a new iOS security testing tool. Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be … More → Continue reading Needle iOS security testing tool to be unveiled at Black Hat Arsenal
Attivo Networks announced that its ThreatMatrix Deception and Response Platform has been enhanced to provide an organization’s visibility and assessment of vulnerable attack paths. It provides insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure. The software has also enhanced its deception technology to misdirect and detect attackers seeking to begin their … More → Continue reading Visibility and assessment of vulnerable attack paths
Pwnie Express announced the availability of open sourced versions of its Blue Hydra and Android build system software. The release of these tools enable comprehensive Bluetooth detection and community based development of penetration testing Android devices. Bluetooth detection is critical for effective device threat detection and must cover both Low energy (LE) and Classic Bluetooth standards. Blue Hydra has also been integrated into Pwnie’s monitoring platform, Pulse, to provide continuous Bluetooth visibility and threat detection … More → Continue reading Pwnie Express open sources IoT and Bluetooth security tools
IOActive launched its Advisory Services practice, offering strategic security consulting that leverages IOActive’s testing and research expertise to help customers better align their security programs with business objectives. While most risk management services are based primarily on legal, accounting, or audit/compliance pedigrees, IOActive is in a distinctive position to assess security programs from the perspective of actual attackers. The company’s offensive security experience provides insight to customers well before threats, countermeasures, and best practices make … More → Continue reading IOActive offers offensive security approach to risk assessment
Infection Monkey, a tool designed to test the resiliency of modern data centers against cyber attacks, was developed as an open source tool by GuardiCore’s research group. “Traditional testing tools are no longer able to effectively detect vulnerabilities in today’s data center networks as they cannot continuously exploit the weakest link and propagate in-depth, resulting in a very partial view of network vulnerabilities,” said Pavel Gurvich, CEO of GuardiCore. How Infection Monkey works Infection Monkey … More → Continue reading Infection Monkey: Test a network from an attacker’s point of view
IRONSCALES, a multi-layered phishing mitigation solution that combines human intelligence with machine learning, today announced the launch of Federation, a product that will automatically and anonymously share phishing attack intelligence with organizations worldwide. “Instantaneous sharing of phishing attack intelligence will make it substantially easier for enterprises and organizations to consistently remain secure and in control,” said Eyal Benishti, CEO of IRONSCALES. IRONSCALES’ employee-based intrusion prevention system is the first phishing solution with an automatic one-click … More → Continue reading Global network shares phishing attack intelligence in real-time