2015-05-01から1ヶ月間の記事一覧

Tool: idb

#rvmインストール $ curl -sSL https://get.rvm.io | bash -s stable #ruby2.1インストール $ rvm install 2.1 --enable-shared #他のものをインストール $ brew install qt cmake usbmuxd libimobiledevice #iebインストール $ gem install idb $ gem insta…

Security: 「情報システムに係る政府調達におけるセキュリティ要件策定マニュアル」の策定について

http://www.nisc.go.jp/active/general/sbd_sakutei.html

Security: Security Analysis of Consumer-Grade Anti-Theft Solutions Provided by Android Mobile Anti-Virus Apps

http://www.cl.cam.ac.uk/~lmrs2/publications/mav_most15.pdf

Security: Security Analysis of Android Factory Resets

http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf Flawed Android factory reset leaves crypto and login keys ripe for pickingarstechnica.com Androidスマホを初期化してもメール、画像、連絡先などが復元される可能性が判明gigazine.net

Security: Penetration Testing Tools that (do not) Support IPv6

https://www.ernw.de/download/newsletter/ERNW_Newsletter_45_PenTesting_Tools_that_Support_IPv6_v.1.1_en.pdf

Tool: Pwn Pi

Pwn Pi | A Pen Test Drop Box Distro using the Raspberry Pi

Tool: PwnPi 3.0 - Pentest Oriented Raspberry Pi Distribution

PwnPi 3.0 - Pentest Oriented Raspberry Pi Distributionwww.hackinsight.org

Vulnerability: NetUSB

http://arstechnica.com/security/2015/05/90s-style-security-flaw-puts-millions-of-routers-at-risk/ SEC Consult: KCodes NetUSB: How a Small Taiwanese Software Company Can Impact the Security of Millions of Devices Worldwide https://www.sec-c…

Vulnerability: The Logjam Attack

Logjam: How Diffie-Hellman Fails in Practiceweakdh.org

Security: IPsec Vulnerabilities and Software Security Prediction

IPsec Vulnerabilities and Software Security Prediction

Exploit: pwndbg

zachriggle/pwndbggithub.com

Security: VENOM Vulnerability

VENOM Vulnerabilityvenom.crowdstrike.com

Exploit: Win32k LPE vulnerability used in APT attack.

hfiref0x/CVE-2015-1701github.com

Security: CRYPTREC 暗号技術ガイドライン (SSL/TLS における近年の攻撃への対応 )

http://www.cryptrec.go.jp/report/c13_kentou_giji02_r2.pdf

Security: SSL/TLS暗号設定ガイドライン~安全なウェブサイトのために(暗号設定対策編)~

SSL/TLS暗号設定ガイドライン~安全なウェブサイトのために(暗号設定対策編)~:IPA 独立行政法人 情報処理推進機構www.ipa.go.jp

Security: Ad Injection at Scale: Assessing Deceptive Advertisement Modifications

http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/43346.pdf

Security: JVNTA#99041988 標的型攻撃に使用されるリスクの高い脆弱性 Top 30

JVNTA#99041988: 標的型攻撃に使用されるリスクの高い脆弱性 Top 30

Mobile: CVE-2014-7954 MTP path traversal vulnerability in Android

Full Disclosure: CVE-2014-7954 MTP path traversal vulnerability in Android

Mobile: CVE-2014-7953 Android backup agent code execution

Full Disclosure: CVE-2014-7953 Android backup agent code execution

Exploit: ARMPwn

saelo/armpwngithub.com

Security: how to crack mifare classic cards

how to crack mifare classic cards | FireFart

Mobile: Amazon Firephone source code

AmazonSmile Help

Mobile: The nightmare behind the cross platform mobile apps dream

[CODEGATE] The nightmare behind the cross platform mobile apps dream // Speaker Deck

Mobile: HOW I FORCED AN ANDROID VULNERABILITY INTO BYPASSING MDM RESTRICTIONS + DIY MALWARE ANALYSIS

http://dfrws.org/2015eu/proceedings/DFRWS-EU-2015-short-presentation-3.pdf

Mobile: Android wpa_supplicant WLAN Direct remote buffer overflow

Bugtraq: [ALICLOUDSEC-VUL2015-001]Android wpa_supplicant WLAN Direct remote buffer overflow

Mobile: simplify; Generic Android Deobfuscator

CalebFenton/simplifygithub.com

Mobile: New Root Method for LG Devices

http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772

Mobile: ApkDetector

Mobile: ADB Backup Traversal / File Overwrite

ADB Backup Traversal / File Overwrite ≈ Packet Stormpacketstormsecurity.com

Mobile: Android App "PROTECTION"

http://strazzere.com/papers/AAP-QPSI.pdf