mauvehed came down from Austin to give us an AHA! lesson and show us some physical security stuff. Sciatic demoed some TPM items in Windows I showed some ways to roll your own OTP system without Azure Rights Management (see: https://github.com/angelovescio/arms and http://theytookmyinterwebs.blogspot.com/2015/08/you-down-with-otp-you-know-me-how-to.html) Also, we moved the SAHA! schedule so pay attention to the dates […]
Here are the SAHA!-affiliated blogs: https://scriptjunkie.us
Go to this page to extract all the info you need to start cracking dem hashes. http://ntdsd.it/
As pointed out in https://twitter.com/grsecurity/status/508354758940581888, there is some new fun in overwriting running executables in the upcoming Ubuntu release. It’s a kernel thing, so other distros are affected, but I’m going with the old standby Ubuntu. (thank you, sadbox for the inotify stuff) I’m just going to post findings, because they mostly speak for themselves. […]
http://cybernigma.blogspot.com/2014/03/using-sspap-lsass-proxy-to-mitigate.html NOTE: mitigate means to lessen or make less severe, not solve or completely get rid of. Please, see the definition at the top of the post.