Open source security education.

“We did participate in the attacks against the Islamic State back in December, through June we defaced IS propaganda websites and jacked Twitter accounts. I’m going to do a bit of a leak because it isn’t really hacking when you are jacking ISIS Twitter accounts. People located in Saudi Arabia doesn’t need emails to register on Twitter. @ctrlsec on Twitter tweets out vulnerable ISIS accounts every 5 minutes. Since they don’t need an email to register Twitter automatically defaults their email to Gmail, so the email would be [email protected]. All we have to do is make that email which isn’t valid and recover the account. 30% of Twitter is vulnerable to the 0day, have fun jacking ISIS Twitter accounts!”

Must do links from today’s travels...

So I seem to have a little more time up my sleeve.

https://exploit-exercises.com/

https://trailofbits.github.io/ctf/

http://opensecuritytraining.info/Training.html

http://blog.cobaltstrike.com/2015/06/04/cobalt-strike-penetration-testing-labs-download/

http://jeffq.com/blog/setting-up-a-man-in-the-middle-device-with-raspberry-pi-part-1/

http://www.amanhardikar.com/mindmaps/Practice.html

Blog hiatus / busy life

As has probably become apparent from the sudden influx of ugly links sans commentary, I am too busy to blog at the moment -- even about netsec, which is buzzing with 0-days and scandal!

The bottom line is that school plus work (freelance and regular) plus the occasional nap have me at full capacity.

I'm not sure when things will equalise. Until then, it is the blog ball I have to drop.

Flying Blind

Russian Government issued a Tender to crack Tor

Gyges, the mixing of commercial malware with cyber weapon code

Researcher spots spike in cyber-espionage tools

Anonymous Hacktivists to attack countries supporting ISIS

"On June 19, Microsoft filed for an ex parte temporary restraining order (TRO) from the U.S. District Court for Nevada against No-IP. On June 26, the court granted our request and made Microsoft the DNS authority for the company’s 23 free No-IP domains, allowing us to identify and route all known bad traffic to the Microsoft sinkhole and classify the identified threats. The new threat information will be added to Microsoft’s Cyber Threat Intelligence Program (CTIP) and provided to Internet Service Providers (ISPs) and global Community Emergency Response Teams (CERTs) to help repair the damage caused by Bladabindi-Jenxcus and other types of malware. "

Upload your virus and try to take this thing down. I actually can't access, as I think there is possibly some crashing occurring. But I found this link on Reddit and people seem to be having some fun with it.

Side note: I haven't been publishing but behind the scenes I have been doing some work on a template for series/profiles -- that way I can look at state actors, rogue prodigies, hacktivist groups and even programs in a semi-consistent manner down the line.

Welcome, new followers!

Dutch hackers have come up with a simple way to infiltrate and take over Google Glass, the wearable computer system with a headset that resembles an ordinary pair of glasses, according to the Volkskrant.