Security News #0x28: The BSidesDE Edition
I had a great time with my students at the BSidesDE event this past Friday & Saturday. I will definitely look to make it back next year!
Now for the news of the week….
- Students- I can’t overstate how important it is to be able to write your own code- if you can’t, then you can do nothing other than what the folks who do know how to code have decided to do. If you want to get started with a little C code and learn how to write your own packet capturing tool, then perhaps you should visit The Geek Stuff for a primer.
- Shareef12 shows how to exploit a simple Linux program protected with NX.
- Dan Kottmann has penned a nice demonstration of anti-virus evasion. Suppose that you have your credentials, say for a domain admin, but none of your targets are running RDP, and that the local anti-virus shoots down all of your tools. What to do? He shows how to use Powershell to upload and execute a shell.
- Suppose that you have domain credentials, but not domain admin. Sometimes this can be leveraged to local admin privileges on one or more domain members. How can this be done? Go see what zeknox over at Pentest Geek has to say!
- Ars Technica reports on claims that there is a currently circulating zero-day attack on Adobe Reader X & XI.
- ZDNet reports that many Twitter users were warned to change their passwords.
- The folks at NETRESEC have a nice analysis of the