• Facebook
• Twitter
• Reddit
• LinkedIn

Ya están disponibles para descarga el material de las charlas que se dieron en la BlackHat USA 2012 pasado mes de julio en Las Vegas:

• A Scientific (But Non Academic) Study of How Malware Employs Anti-Debugging, Anti-Disassembly and Anti-Virtualization Technologies
  • BH_US_12_Branco_Scientific_Academic_WP.pdf
  • BH_US_12_Branco_Scientific_Academic_Slides.pdf
• A Stitch in Time Saves Nine: A Case of Multiple Operating System Vulnerability
  • BH_US_12_Wojtczuk_A_Stitch_In_Time_WP.pdf
  • BH_US_12_Wojtczuk_A_Stitch_In_Time_Slides.pdf
• Adventures in Bouncerland
  • BH_US_12_Percoco_Adventures_in_Bouncerland_WP.pdf
  • BH_US_12_Percoco_Bouncerland_Slides.pdf
• AMF Testing Made Easy!
  • BH_US_12_Carettoni_AMF_Testing_WP.pdf
  • BH_US_12_Carettoni_AMF_Testing_Slides.pdf
• Source.zip
• Are You My Type? - Breaking .NET Sandboxes Through Serialization
  • BH_US_12_Forshaw_Are_You_My_Type_WP.pdf
  • BH_US_12_Forshaw_Are_You_My_Type_Slides.pdf
• Blended Threats and JavaScript: A Plan for Permanent Network Compromise
  • BH_US_12_Purviance_Blended_Threats_WP.pdf
  • BH_US_12_Purviance_Blended_Threats_Slides.pdf
• Clonewise - Automated Package Clone Detection
  • BH_US_12_Cesare_Clonewise_WP.pdf
  • BH_US_12_Cesare_Clonewise_Slides.pdf
• Confessions of a WAF Developer: Protocol-Level Evasion of Web Application Firewalls
  • BH_US_12_Ristic_Protocol_Level_WP.pdf
  • BH_US_12_Ristic_Protocol_Level_Slides.pdf
• Control-Alt-Hack(TM): White Hat Hacking for Fun and Profit (A Computer Security Card Game)
  • BH_US_12_Kohno_Control_Alt_Hack_WP.pdf
  • BH_US_12_Kohno_Control_Alt_Hack_Slides.pdf
• DE MYSTERIIS DOM JOBSIVS: Mac EFI Rootkits
  • BH_US_12_LoukasK_De_Mysteriis_Dom_Jobsivs_WP.pdf
  • BH_US_12_LoukasK_De_Mysteriis_Dom_Jobsivs_Slides.pdf
• Digging Deep Into The Flash Sandboxes
  • BH_US_12_Sabanal_Digging_Deep_WP.pdf
  • BH_US_12_Sabanal_Digging_Deep_Slides.pdf
• Don't Stand So Close To Me: An Analysis of the NFC Attack Surface
  • BH_US_12_Miller_NFC_attack_surface_WP.pdf
  • BH_US_12_Miller_NFC_attack_surface_Slides.pdf
  • BH_US_12_Miller_NFC_attack_surface_Code.zip
• Easy Local Windows Kernel Exploitation
  • BH_US_12_Cerrudo_Windows_Kernel_WP.pdf
  • BH_US_12_Cerrudo_Windows_Kernal_Slides.pdf
• Errata Hits Puberty: 13 Years of Chagrin
  • BH_US_12_Jericho_Errata_Slides.pdf
• Exchanging Demands
  • BH_US_12_Hannay_Exchanging_Demands_WP.pdf
  • BH_US_12_Hannay_Exchanging_Demands_Slides.pdf
  • BH_US_12_Hannay_Exchanging_Demands_Code.zip
• Exploit Mitigation Improvements in Win 8
  • BH_US_12_Miller_Exploit_Mitigation_Slides.pdf
• Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap
  • BH_US_12_Argyroudis_Exploiting_the_ jemalloc_Memory_ Allocator_WP.pdf
  • BH_US_12_Argyroudis_Exploiting_the_ jemalloc_Memory_ Allocator_Slides.pdf
  • BH_US_12_Argyroudis_Exploiting_the_ jemalloc_Memory_ Allocator_Code.zip
• File disinfection framework: Striking back at polymorphic viruses
  • BH_US_12_Vuksan_Pericin_Disinfection_Framework_WP.pdf
• Flowers for Automated Malware Analysis
  • BH_US_12_Song_Royal_Flowers_Automated_WP.pdf
  • BH_US_12_Song_Royal_Flowers_Automated_Slides.pdf
• From the Iriscode to the Iris: A New Vulnerability of Iris Recognition Systems
  • BH_US_12_Galbally_Iris_Reconstruction_WP.pdf
  • BH_US_12_Galbally_Iris_Reconstruction_Slides.pdf
• Ghost is in the Air(traffic)
  • BH_US_12_Costin_Ghosts_In_Air_WP.pdf
  • BH_US_12_Costin_Ghosts_In_Air_Slides.pdf
• Google Native Client - Analysis Of A Secure Browser Plugin Sandbox
  • BH_US_12_Rohlf_Google_Native_Client_WP.pdf
  • BH_US_12_Rohlf_Google_Native_Client_Slides.pdf
• Hacking the Corporate Mind: Using Social Engineering Tactics to Improve Organizational Security Acceptance
  • BH_US_12_Philput_Hacking_The_Corporate_Mind_WP.pdf
  • BH_US_12_Philput_Hacking_The_Corporate_Mind_Slides.pdf
• Hacking with WebSockets
  • BH_US_12_Shekyan_Toukharian_Hacking_Websocket_Slides.pdf
• Hardware backdooring is practical
  • BH_US_12_Brossard_Backdoor_Hacking_WP.pdf
  • BH_US_12_Brossard_Backdoor_Hacking_Slides.cpgz
• Here Be Backdoors: A Journey Into The Secrets Of Industrial Firmware
  • BH_US_12_Santamarta_Backdoors_WP.pdf
• Hookin' ain't easy: BeEF injection with MITM
  • BH_US_12_Ocepek_Linn_BeEF_MITM_WP.pdf
  • BH_US_12_Ocepek_Linn_BeEF_MITM_Slides.pdf
• How many bricks does it take to crack a microcell?
  • BH_US_12_Rowley_Microcell_Bricks_WP.pdf
  • BH_US_12_Rowley_Microcell_Bricks_Slides.pdf
• How the Analysis of Electrical Current Consumption of Embedded Systems Could Lead to Code Reversing?
  • BH_US_12_Allain_Current Consumption-WP.pdf
  • BH_US_12_Allain_Current Consumption-Slides.pdf
  • BH_US_12_Allain_Current Consumption-Code.zip
• HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits
  • BH_US_12_Shah_Silent_Exploits_WP.pdf
  • BH_US_12_Shah_Silent_Exploits_Slides.pdf
• iOS Application Security Assessment and Automation: Introducing SIRA
  • BH_US_12_Engler_SIRA_WP.pdf
  • BH_US_12_Engler_SIRA_Slides.pdf
• iOS Kernel Heap Armageddon Revisited
  • BH_US_12_Esser_iOS_Kernel_Heap_Armageddon_WP.pdf
  • BH_US_12_Esser_iOS_Kernel_Heap_Armageddon_Slides.pdf
• Legal Aspects of Cyberspace Operations
  • BH_US_12_Clark_Legal_Aspects_Slides.pdf
• Looking Into The Eye Of The Meter
  • BH_US_12_Weber_Eye_of_the_Meter_WP.pdf
  • BH_US_12_Weber_Eye_of_the_Meter_Slides.pdf
• My Arduino Can Beat Up Your Hotel Room Lock
  • BH_US_12_Brocious_Hotel_Key_WP.pdf
  • BH_US_12_Brocious_Hotel_Key_Slides.pdf
• Owning bad guys {and mafia} with javascript botnets
  • BH_US_12_Alonso_Owning_Bad_Guys_WP.pdf
  • BH_US_12_Alonso_Owning_Bad_Guys_Slides.pdf
• Probing Mobile Operator Networks
  • BH_US_12_Milliner_Probing Mobile Operating_WP.pdf
  • BH_US_12_Milliner_Probing Mobile Operating_Slides.pdf
• SexyDefense - Maximizing the Home-Field Advantage
  • BH_US_12_Amit_Sexy_Defense_WP.pdf
  • BH_US_12_Amit_Sexy_Defense_Slides.pdf
• SQL Injection to MIPS Overflows: Rooting SOHO Routers
  • BH_US_12_Cutlip_SQL_Exploitation_WP.pdf
  • BH_US_12_Cutlip_SQL_Exploitation_Slides.pdf
  • BH_US_12_Cutlip_SQL_Exploitation_Code.zip
• SSRF vs. Business Critical Applications
  • BH_US_12_Polyakov_SSRF_Business_WP.pdf
  • BH_US_12_Polyakov_SSRF_Business_Slides.pdf
• State of Web Exploit Toolkits
  • BH_US_12_Jones_State_Web_Exploits_WP.pdf
  • BH_US_12_Jones_State_Web_Exploits_Slides.pdf
• Still Passing the Hash 15 Years Later? Using the Keys to the Kingdom to Access All your Data
  • BH_US_12_Duckwall_Campbell_Still_Passing_WP.pdf
  • BH_US_12_Duckwall_Campbell_Still_Passing_Slides.pdf
  • BH_US_12_Duckwall_Campbell_Still_Passing_Code.zip
• Targeted Intrusion Remediation: Lessons From The Front Lines
  • BH_US_12_Aldridge_Targeted_Intrustion_WP.pdf
  • BH_US_12_Aldridge_Targeted_Intrustion_Slides.pdf
• The Defense RESTs: Automation and APIs for Improving Security
  • BH_US_12_Mortman_Defense_RESTs_WP.pdf
  • BH_US_12_Mortman_Defense_RESTs_Slides.pdf
• The Info Leak Era on Software Exploitation
  • BH_US_12_Serna_Leak_Era_WP.pdf
  • BH_US_12_Serna_Leak_Era_Slides.pdf
• The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet
  • BH_US_12_Ritter_Stamos_Myth_of_Twelve_More_Bytes_Slides.pdf
• The subway line 8 - Exploitation of Windows 8 Metro Style Apps
  • BH_US_12_Tsai_Pan_Exploiting_Windows8_WP.pdf
  • BH_US_12_Tsai_Pan_Exploiting_Windows8_Slides.pdf
• Torturing OpenSSL
  • BH_US_12_Bertacco_TorturingOpenSSL_WP.pdf
  • BH_US_12_Bertacco_TorturingOpenSSL_Slides.pdf
• Trust, Security, and Society
  • BH_US_12_Schneier_Liars_and_Outliers_WP.pdf
• We have you by the Gadgets
  • BH_US_12_Shkatov_Kohlenberg_Blackhat_Have_You_By_The_Gadgets_WP.pdf
  • BH_US_12_Shkatov_Kohlenberg_Blackhat_Have_You_By_The_Gadgets_Slides.pdf
• Web Tracking for You
  • BH_US_12_Fleischer_Implementing_Web_Tracking_gfleischer_WP.pdf
  • BH_US_12_Fleischer_Implementing_Web_Tracking_gfleischer_Slides.pdf
  • BH_US_12_Fleischer_Implementing_Web_Tracking_gfleischer_Code.zip
• Windows Phone 7 Internals and Exploitability
  • BH_US_12_Oi_Windows_Phone_WP.pdf
  • BH_US_12_Oi_Windows_Phone_Slides.pdf
• Windows 8 Heap Internals
  • BH_US_12_Atlas_GHZ_Workshop_Slides.pdf
  • BH_US_12_Atlas_GHZ_Workshop_Code.zip
• Advanced Chrome Extension Exploitation - Leveraging API Powers for the Better Evil
  • BH_US_12_Osborn_Kotowicz_Advanced_Chrome_Extension_WP.pdf
  • BH_US_12_Osborn_Kotowicz_Advanced_Chrome_Extension_Slides.pdf
  • BH_US_12_Osborn_Kotowicz_Advanced_Chrome_Extension_Code.zip
• Code Reviewing Web Application Framework Based Applications (Struts 2, Spring MVC, Ruby on Rails (Groovy on Grails), .NET MVC)
  • BH_US_12_Kang_Code_Reviewing_WP.pdf
• Lessons Of Binary Analysis
  • BH_US_12_Rioux_Lessons_Of_Binary_Analysis_Slides.pdf
• Linux interactive exploit development with GDB and PEDA
  • BH_US_12_Le_Linux_Interactive_Exploit_Development_with_GDB_and_PEDA_Slides.pdf
• Ruby for Pentesters: The Workshop
  • BH_US_12_Scott_ruby_for_pentesters_the_workshop_Slides.pdf
• HTExploit Bypassing Htaccess Restrictions
  • BH_US_12_Katz_Soler_HTExploit_WP.pdf
  • BH_US_12_Katz_Soler_HTExploit_Slides.pdf
  • HTExploit_v0.7b.zip
• libinjection: A C library for SQLi detection and generation through lexical analysis of real world attacks
  • BH_US_12_Galbreath_Libinjection_Slides.pdf
• ModSecurity as Universal Cross-platform Web Protection Tool
  • BH_US_12_Wroblewski_ModSecurity_Universal_WP.pdf
  • BH_US_12_Wroblewski_ModSecurity_Universal_Slides.pdf
• Passive Bluetooth Monitoring in Scapy
  • BH_US_12_Holeman_Demo.pdf
  • BH_US_12_Holeman_Panda.pdf
  • BH_US_12_Holeman_Passive_Bluetooth_Slides.pdf
  • source.zip
• Stamp Out Hash Corruption, Crack All The Things
  • BH_US_12_Reynods_Stamp_Out_Hash_WP.pdf
  • BH_US_12_Reynods_Stamp_Out_Hash_Slides.pdf
  • BH_US_12_Reynods_Stamp_Out_Hash_Code.zip
• SYNful Deceit, Stateful Subterfuge
  • BH_US_12_Patten_Steele_SYNful_Deceit_Slides.pdf
• The last gasp of the industrial air-gap...
  • BH_US_12_Leverett_Last_Gasp_Slides.pdf
• When security gets in the way: PenTesting mobile apps that use certificate pinning
  • BH_US_12_Diqut_Osborne_Mobile_Certificate_Pinning_Slides.pdf

• Facebook
• Twitter
• Reddit
• LinkedIn

En la genial e indispensable web de CodeAcademy, han empezado un curso de Python (basado en la versión 2.7) del que ya hay cuatro unidades.

En este enlace tienes la web principal del curso.

Ahora es un buen momento para aprender Python usando el genial método de enseñanza que nos ofrece CodeAcademy.

• Facebook
• Twitter
• Reddit
• LinkedIn

Entre HowToGeek y algunos comandos de WatchingTheNet hemos recopilado estas instrucciones (y formas de utilizar) de la línea de comandos bastantes útiles (y que realmente no utilizamos frecuentemente):

Enviar la salida de un comando al portapapeles:

[sourcecode languaje=“bash”] ipconfig | clip [/sourcecode]

Abrir la línea de comandos desde una carpeta: Botón derecho sobre la carpeta y desde allí abrir línea de comandos:

Historial de comandos ejecutados:

[sourcecode languaje=“bash”] doskey /history [/sourcecode]

Arrastrar ficheros y carpetas directamente a la línea de comandos: De esta forma puedes copiar o mover lo que quieras a la posición actual en la que estés en la línea de comandos.

Ejecutar varios comandos a vez

[sourcecode languaje=“bash”] ipconfig && netstat [/sourcecode]

Información del sistema

[sourcecode languaje=“bash”] systeminfo [/sourcecode]

y para ver los datos de un equipo remoto:

[sourcecode languaje=“bash”] systeminfo /S system /U user [/sourcecode]

Gestionar los procesos (comandos tasklist y taskkill) [sourcecode languaje=“bash”] tasklist [/sourcecode]

(Imagen que encabeza este post)

Y para parar los procesos, comando taskkill, que se puede usar de diferentes maneras, por ejemplo:

[sourcecode language=“bash”] taskkill /IM notepad.exe taskkill /PID 1230 /PID 1241 /PID 1253 /T [/sourcecode]

El primero usamos el nombre del procesos /IM nombre para pararlo, y el segundo su PID. También se pueden usar de forma remota, con /S (nombre del sistema) y /U (usuario)

netsh, el comando más poderoso de la línea de comandos: Con él puedes:

• Configurar interfaces
• Configurar protocolos
• Configurar filtros
• Configurar rutas
• etc...

[sourcecode language=“bash”] netsh firewall set opmode enable netsh firewall set opmode disable [/sourcecode]

Configurar tu tarjeta de red para que de forma automática obtenga una IP de un servidor DCHP:

[sourcecode language=“bash”] netsh interface ip set address "Local Area Connection" dhcp [/sourcecode]

Si quieres profundizar más en este potente comando, visita este enlace.

Seguro que hay muchos más, seguiremos buscando. Si tienes algunos no dudes en enviárnoslo e iremos ampliando esta lista.

Siempre nos pueden sacar de un apuro …