mauvehed came down from Austin to give us an AHA! lesson and show us some physical security stuff. Sciatic demoed some TPM items in Windows I showed some ways to roll your own OTP system without Azure Rights Management (see: https://github.com/angelovescio/arms and http://theytookmyinterwebs.blogspot.com/2015/08/you-down-with-otp-you-know-me-how-to.html) Also, we moved the SAHA! schedule so pay attention to the dates […]
Here are the SAHA!-affiliated blogs: https://scriptjunkie.us
Go to this page to extract all the info you need to start cracking dem hashes. http://ntdsd.it/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters Show hidden characters extern crate getopts; extern crate redis; extern crate time; use redis::RedisResult; use redis::Value as RV; use […]
As pointed out in https://twitter.com/grsecurity/status/508354758940581888, there is some new fun in overwriting running executables in the upcoming Ubuntu release. It’s a kernel thing, so other distros are affected, but I’m going with the old standby Ubuntu. (thank you, sadbox for the inotify stuff) I’m just going to post findings, because they mostly speak for themselves. […]
http://cybernigma.blogspot.com/2014/03/using-sspap-lsass-proxy-to-mitigate.html NOTE: mitigate means to lessen or make less severe, not solve or completely get rid of. Please, see the definition at the top of the post.