Black Hat USA 2013 Day One – Latest News

Black Hat’s Barnaby Jack Statement:

We have lost a member of our family. Everyone would agree that the life and work of Barnaby Jack are legendary and irreplaceable. Barnaby had the ability to take complex technology and intricate research and make it tangible and accessible for everyone to learn and grow from. Beyond his work in our industry, Barnaby was an incredibly warm hearted and welcoming individual with a passion for celebrating life. We all have a hilarious and upbeat story about Barnaby. He is truly a shining example of what we love about this community. (Continue Reading…)

Latest BlackHat news, Courtesy of DarkReading:

‘Hangover’ Persists, More Mac Malware Found
Attackers behind the Operation Hangover cyberspying campaign out of India found dropping OS X malware, covering their tracks online

Researchers To Highlight Weaknesses In Secure Mobile Data Stores
At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices.

‘Tortilla’ Spices Up Active Defense Ops
New free Tor tool due out at Black Hat USA aims to make the Tor anonymizing network easier to use for all types of Intel-gathering

Black Hat USA 2013: Complete Coverage
Articles leading up to and live coverage from Black Hat USA 2013, July 27 – Aug. 1


McAfee Anti-Virus Founder – Bath Salts, Gangsters and Murder?

John McAfee, the founder of the popular McAfee Anti-Virus, is being actively sought by police in Belize as a possible murder suspect. But how did the one time computer security giant end up embroiled in a possible murder attempt?

After McAfee sold his security company for $100 Million, he moved to Belize to try to help the poverty stricken country. But apparently though, John’s life changed dramatically as according to a special report on Gizmodo, as he became affiliated with gangsters & other shady characters and even became addicted to Bath Salts.

“McAfee has become increasingly estranged from his fellow expatriates in recent years. His behavior has become increasingly erratic, and by his own admission he had begun associating with some of the most notorious gangsters in Belize.”

And a lot of this erratic behavior could have been caused by his experimentation with Bath Salts. The drug has become notorious after several taking it began exhibiting abnormal, violent behavior, including eating people – Causing many to call it the “Zombie Drug”.

McAfee was very active on a Russian based message board devoted to Bath Salts. “I’m a huge fan of MDPV (Bath Salts)”, John said, “I think it’s the finest drug ever conceived, not just for the indescribable hypersexuality, but also for the smooth euphoria and mild comedown.”

I will spare you the details on how he recommended taking the drug…

According to reports, there was friction between John and Gregory Faull, a builder from Florida. And according to Gizmodo, Gregory filed a complaint against John claiming he was acting roguish and firing guns.

According to Foxnews, the Belize police are actively looking for John, though no charges have been filed against him yet. “We are looking for him in connection with the murder, no one has been charged with murder yet,” said Vienne Robinson, assistant superintendent at the San Pedro police department in Belize. She also stated that they had one person in custody already.

If the allegations are true, it is very sad indeed that one of the greats has fallen so far.

Hakin9 Exploiting Software July 2012 Issue is out!

Pentesting with Android – new Exploiting Software Hakin9 issue is out!

Are you curious how to turn your Wi-Fi smart phone or tablet into a pentesting tool? Check out the new issue of Exploiting Software Hakin9!


•    Searching For Exploits, SCAPY Fuzzing
•    Weak Wi-Fi Security, Evil Hotspots & Pentesting with Android
•    An In-Depth Analysis on Targeted Attacks
•    Automated security audit of a web application
•    Reverse Engineer Obfuscated
•    Cross Site Scripting(XSS)
•    Implementing Rsylog to forward log messages
•    They Are Offline But I Exploited Them


Weak Wi-Fi Security, Evil Hotspots and Pentesting with Android
By Dan Dieterle

Wireless networks and mobile Wi-Fi devices have saturated both the home front and business arena. The threats against Wi-Fi networks have been known for years, and though some effort has been made to lock down wireless networks, many are still wide open. In this article we will look at a few common Wi-Fi security misconceptions. We will also see how a penetration tester (or unfortunately, hackers) could set up a fake Access Point (AP) using a simple wireless card and redirect network users, capture authentication credentials and possibly gain full remote access to the client.

Finally we will look at the latest app for Android that allows you to turn your Wi-Fi smart phone or tablet into a pentesting tool. With it you can scan your network for open ports, check for vulnerabilities, perform exploits, Man-in-the-Middle (MitM) attacks and even sniff network traffic on both your Wi-Fi network and wired LAN.

Searching For Exploits, SCAPY Fuzzing
By Craig Wright

SCAPY is a series of python based scripts that are designed for network level packet manipulation. With it, we can sniff network traffic, interactively manipulate it, and fuzz services. More, SCAPY decodes the packets that it receives without interpreting them. The article is going into some of the fundamentals that you will need in order to understand the shellcode and exploit creation process, how to use Python as a launch platform for your shellcode and what the various system components are.

And much more…

For additional article information click here or…

Security Conference “ShmooCon 2011” January 28-30th

Check out the annual hacker convention ShmooCon 2011, this January 28th through 30th.

ShmooCon is an annual east coast hacker convention hell-bent on offering three days of an interesting atmosphere for demonstrating technology exploitation, inventive software and hardware solutions, and open discussions of critical infosec issues.  The first day is a single track of speed talks called One Track Mind.  The next two days bring three tracks:  Build It, Break It and Bring It On.

Scheduled events include:

  • Barcodes Shmarcodes
  • Ghost in the Shellcode
  • Lockpick Village
  • ShmooCon Labs
  • Firetalks 

Adrian Crenshaw (aka Irongeek) mentioned in a tweet today that he might have the ShmooCon Firetalks available live on his site.

FireTalks are 15-minute presentations meant to be an alternative to longer traditional session formats. Similar to 5-minute lightening talks the purpose is to skip the background material and make a point by explaining it as quick as possible. The FireTalks will take place Friday and Saturday nights starting at 8:00 PM. Come enjoy both up in coming infosec leaders as well as seasoned speakers challenge the 15-minute format in an relaxed alternative conference environment.

And just in case you weren’t able to get a ticket (Come on they were available for 5 minutes!), the track streams will be available at Ustream.

Check it out!