Archives: February 2016

InfoSec News Summary 02/26/2016

Posted on February 26th, 2016

Hacker Backdoored Linux Mint Repo: Hacked web application + posted backdoored ISOs Ransomware springboards from WordPress to Joomla domains Drupal 6 EOL February 24th 2016 Operation Blockbuster Reveals Information Behind the Lazarus APT Group Drupal Updates Fixes 10 Vulnerabilities including a Critical Access Bypass Anticipated High Severity OpenSSL Patch to be Released Tuesday March 1st […]

InfoSec News Summary 02/19/2016

Posted on February 19th, 2016

glibc Vulnerability: A stack based buffer overflow in the “getadrrinfo” function in glibc is currently trending as a critical severity vulnerability.  The full scope of affected products are not currently none, but are suspected to include linux binaries such as ssh, sudo, and curl.  The vulnerability should be patched across Linux distributions leveraging all versions […]

InfoSec News Summary 02/12/2016

Posted on February 12th, 2016

Microsoft Patch Tuesday Release (2/9/15): 13 bulletins with 6 being deemed critical in severity. None of the vulnerabilities have been exploited in the wild as of the patch tuesday bulletins release. Although one vulnerability stands out (MS16-013) as it affects all supported versions of Windows and can allow remote code execution if a user opens […]

Beyond Automated Tools

Posted on February 5th, 2016

< Overview > This talk is all about how to go beyond automated tools to hunt for vulnerabilities.  I discuss a lot of tips and tricks for use in external security assessments.  This talk was given live at the DC Cyber Warriors Meetup group on 02/09/2015. < Outline > Overview Testing Methodologies Soft Skills Why […]