Twitter Archive of 14/04/2017 Friday

1) Hacking Customer Information Control System : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Ayoub%20Elaassal%20-%20Hacking%20Customer%20Information%20System.pdf (Slides)

2) The Secret of ChakraCore : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T2%20-%20Linan%20Hao%20and%20Long%20Liu%20-%20The%20Secret%20of%20ChakraCore.pdf (Slides) #HITB2017AMS

3) Harnessing Intel Processor Trace on Windows for Vulnerability Discovery :  http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Richard%20Johnson%20-%20Harnessing%20Intel%20Processor%20Trace%20on%20Windows%20for%20Vulnerability%20Discovery.pdf (Slides) #HITB2017AMS

4) Drammer : TheMaking-Of : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T1%20-%20Victor%20van%20der%20Veen%20-%20Drammer%20The%20Making%20Of.pdf (Slides) #HITB2017AMS

5) FemtoCell Hacking - From Zero to 0-day ! : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T2%20-%20JeongHoon%20Shin%20-%20Femotcell%20Hacking.pdf (Slides) #HITB2017AMS

6) Can’t Touch This : Cloning Any Android HCE Contactless Card : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T2%20-%20Slawomir%20Jasek%20-%20Cloning%20Any%20Android%20HCE%20Contactless%20Card.pdf (Slides) #HITB2017AMS

7) Lure10 : Exploiting Windows Automatic Wireless Association Algorithm : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20George%20Chatzisofroniou%20-%20Exploiting%20Windows%20Automatic%20Wireless%20Association%20Algorithm.pdf (Slides) #HITB2017AMS

8) iOS KPP/watchtower bypass : https://xerub.github.io/ios/kpp/2017/04/13/tick-tock.html

9) Meet & Greet with the Mac Malware Class of 2016 : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Patrick%20Wardle%20-%20Meet%20and%20Greet%20with%20the%20MacOS%20Malware%20Class%20of%202016.pdf (Slides) #HITB2017AMS

10) Pwning Banks : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Miika%20Turkia%20-%20Pwning%20Banks.pdf (Slides) #HITB2017AMS

11) So You Want to Hack Radios - A Primer on Wireless Reverse Engineering : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Marc%20Newlin%20and%20Matt%20Knight%20-%20So%20You%20Want%20to%20Hack%20Radios.pdf (Slides) #HITB2017AMS


12) Shadow-Box : The Practical and Omnipotent Sandbox : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T2%20-%20Seunghun%20Han%20-%20Shadow-Box%20-%20The%20Practical%20and%20Omnipotent%20Sandbox.pdf (Slides) #HITB2017AMS


13) Side Channel Attacks Against iOS Crypto Libraries and More :  http://conference.hitb.org/hitbsecconf2017ams/materials/D1T2%20-%20Najwa%20Aaraj%20-%20Side%20Channel%20Attacks%20Against%20iOS%20Crypto%20Libraries%20and%20More.pdf (Slides) #HITB2017AMS

14) Fault Injection Attacks on Secure Boot : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Niek%20Timmers%20and%20Albert%20Spruyt%20-%20Fault%20Injection%20Attacks%20On%20Secure%20Boot.pdf (Slides) #HITB2017AMS

15) Setting up a Shiny Development Environment within Linux on Windows 10 : https://www.hanselman.com/blog/SettingUpAShinyDevelopmentEnvironmentWithinLinuxOnWindows10.aspx

Twitter Archive of 13/04/2017 Thursday (@binitamshah)

1) Five Prison Inmates Built Two PCs and Hacked a Prison From Within : https://www.bleepingcomputer.com/news/security/five-inmates-built-two-pcs-and-hacked-a-prison-from-within/  , Report by ODRC : http://watchdog.ohio.gov/Portals/0/pdf/investigations/2015-CA00043.pdf (pdf) #Hacking

2)RCE in Linux Kernel ( < 4.5 + inc. Android) via specially crafted  UDP packets (Pl. update kernel) : https://nvd.nist.gov/vuln/detail/CVE-2016-10229 #Linux #Kernel #UDP

3)Write-up for alloc8 untethered bootrom exploit for iPhone 3GS : https://github.com/axi0mX/alloc8  #Exploit

4)ipwndfu : open-source jailbreaking tool for older iOS devices : https://github.com/axi0mX/ipwndfu cc @axi0mX #jailbreak #iOS

5)Identifying HTTPS-Protected Netflix Videos in Real-Time : https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf (pdf) #Netflix

6) Remote Code Execution (CVE-2017-7280) - Part 1 : https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/ #RCE #Security

7) ApiScout : Painless Windows API information recovery : http://byte-atlas.blogspot.in/2017/04/apiscout.html #API #Hacking

8) Breaking the Security Model of Subgraph OS : https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/

9) Exploiting Broadcom’s Wi-Fi Stack (Part 2): https://googleprojectzero.blogspot.in/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html , Part 1 : https://googleprojectzero.blogspot.in/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html #Broadcom

10) Reverse Engineering a DGA (Domain Generation Algorithm) : https://vimeo.com/212352397 #ReverseEngineering #DGA

11) Go-SCP : Go programming language secure coding practices guide : https://github.com/Checkmarx/Go-SCP  #Go  #SecureCoding

12) Chrome 59 has cross-platform headless support : https://www.chromestatus.com/features/5678767817097216   #Chrome

13) Xenotix-Python-Keylogger : Xenotix Python Keylogger for Windows : https://github.com/ajinabraham/Xenotix-Python-Keylogger/blob/master/xenotix_python_logger.py #keylogger #Python #Windows

14) Disarming EMET 5.52 : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Niels%20Warnars%20-%20Disarming%20EMET.pdf (Slides)

15) Network-based Ransomware Detection : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Paulus%20Meesen%20and%20Don%20Mulders%20-%20A%20Passive%20Listing%20Ransomware%20Detector.pdf (Slides)

16) iCloud syncing and 2FA: friend or foe? : http://conference.hitb.org/hitbsecconf2017ams/materials/D1T4%20-%20Vladamir%20Katalov%20-%20Breaking%20Apple%E2%80%99s%20iCloud%20Keychain.pdf (Slides)

17) Exploiting CVE-2017-0199 : HTA Handler Vulnerability : https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/