Breakpoint-labs

InfoSec News Summary 02/19/2016

Posted on February 19th, 2016

glibc Vulnerability: A stack based buffer overflow in the “getadrrinfo” function in glibc is currently trending as a critical severity vulnerability.  The full scope of affected products are not currently none, but are suspected to include linux binaries such as ssh, sudo, and curl.  The vulnerability should be patched across Linux distributions leveraging all versions […]

InfoSec News Summary 02/12/2016

Posted on February 12th, 2016

Microsoft Patch Tuesday Release (2/9/15): 13 bulletins with 6 being deemed critical in severity. None of the vulnerabilities have been exploited in the wild as of the patch tuesday bulletins release. Although one vulnerability stands out (MS16-013) as it affects all supported versions of Windows and can allow remote code execution if a user opens […]

Beyond Automated Tools

Posted on February 5th, 2016

< Overview > This talk is all about how to go beyond automated tools to hunt for vulnerabilities.  I discuss a lot of tips and tricks for use in external security assessments.  This talk was given live at the DC Cyber Warriors Meetup group on 02/09/2015. < Outline > Overview Testing Methodologies Soft Skills Why […]

How to Start Your InfoSec Career

Posted on January 15th, 2016

Overview: This webcast is hosted by Andrew, Luke, and Zack and we discuss tips and tricks for starting your InfoSec career.  The goal of this webcast is to share our knowledge and experience to help students bridge the gap between college and career.

Use the X-Forwarded-For Header, Luke: Joomla RCE CVE-2015-8562

Posted on December 17th, 2015

Summary: A recent vulnerability in Joomla (CVE-2015-8562) has been patched after reports of exploitation occurring in the wild impacting all versions from 1.5.0 to 3.4.5.  A new version of Joomla (3.4.6) has been released in response, as well as hotfixes for backdated versions of the software (1.5.x and 2.5.x). Initial reports by Sucuri, of the […]

Image

Next Level Reconnaissance with Shodan and Censys

Posted on December 2nd, 2015

During the initial phases of a penetration test, online resources such as Shodan can serve as a starting point to identifying the technology footprint of your target organization. A new resource has been released, known as Censys.io, that collects data on internet facing websites and systems through daily ZMap and ZGrab scans of the IPv4 […]