•
• Oct - 8 Patches – 1 Critical - 8 CVEs
• MS15-001 - Windows Application Compatibility Cache, Privilege
Escalation
• MS15-002 - Windows Telnet Service, Remote Code
• MS15-003 - Windows User Profile Service, Privilege Escalation
• MS15-004 - Windows Components, Privilege Escalation
• MS15-005 - Network Location Awareness Service, Security Bypass
• MS15-006 - Windows Error Reporting, Security Bypass
• MS15-007 - Network Policy Server RADIUS Implementation, DoS
• MS15-008 - Windows Kernel-Mode Driver, Privilege Escalation
Other updates, MSRT, Defender Definitions, Junk Mail Filter
– Due out 20 Jan 2015
– APSB15-01 – Flash Player
– ISB8320-E High-Definition IP-Only
DVR, Remote Auth
– Mearki, multi vuln
– ASA – syslog leak
– Jabber Guest Server – multi vuln
– iOS 8.1.2
– Safari 8.0.2
– Xcode 6.2 beta 3
– OS X NTP
– VMSA-2014-0014 - AirWatch
• VPN bypass for NetFlix Regions
• NetFlix Denies proxy crack down
• UEFI, ByPass Secure Boot and more
• Google Drops 8.1/Word 0-day
• MS drops call for better disclosure
• Google shreds Aviator broswer
• White Hat Security responds
– “Advising users to not use Aviator misses the bigger picture.”
• Google to stop patching Webview
– Use alternate browser or full ROM
• UDP Braodcast = Root Execution on Asus Routers
• Multiple 0-days for Corel titles
• Schneider patches Wonderware SCADA server
• 8 patches for OpenSSL
• 2,4Ghz Wireless Keyboard Sniffer
• New ATM hack “black-box”
– Requirs physical access
• New variant of CryptoWall
• SilkRoad Reloaded
– It’s not just for Tor anymore
• Skeletonkey - ByPass AD
• Inception Framework
– RAM only, polymorphic
• RedStar OS
• PenToo RC3.7
• BitStamp Off-line Post breach
• Box Inc IPO
• Cyber is Physical – German steel mill damaged
• XBox One SDK Leaked
• mini board roundup
– 86Duino
– A10-OLinuXino-Lime
– Arduino TRE
– Banana Pi
– BPi D1
– HummingBoard-i1
– Odroid-C1
– Orange P
– pcDuino3 Nano
• New DoJ ‘Cyber Security Unit’
• Feds Hate Security, esp. encryption
• North Korean Sanctions
• CentCom twitter hacked
• New Jersey requires insurance providers to encrypt
• G Chill
• UK Draft Communications Data Bill “Snoopers Charter”
• National Standard for Breach Notifications?
– EFF and Krebs have good comments against proposal
• All the Patriots Are Dead
• or how some pieces of the patriot act expire in 2015
• NK ‘Glorious Leader’ game developer hacked
data collection via twitter http://resources.infosecinstitute.com/intelligence-information-gathering-collecting-twitterfollowers-25-lines-python
AIX for Pentesters https://www.sans.org/reading-room/whitepapers/unix/aix-penetration-testers-35672
McCain's security bill https://www.congress.gov/bill/112th-congress/senate-bill/3342
Global Chilling http://pen.org/global-chill
Hacking Point of Sale - Slava Gomzine http://www.amazon.co.uk/Hacking-Point-Sale-Application-Solutions/dp/1118810112
MS14-068 to Full Compromise – Step by Step https://www.trustedsec.com/december-2014/ms14-068-full-compromise-step-step/
Improve mac scanning for ssh http://www.securityorb.com/delayed-slow-ssh-connection-mac-os-x-systems-fix
project artillery
Threat Intell
Apple brute forcer
Openwall 3.1
wifiwhisperer
Automate phishing powersploit script collection
GitRob automated git search
EFF Mobil App
News feed (not on iPhone)
• CCC – Copy finger prints from a photo
• CCC – Mac BootKit
•
Encryption
•
Tor
•
Privacy / Rights
• Automobiles
• But wait there’s more…..
• CCC – 2014 Videos http://media.ccc.de/browse/congress/2014/
• CCC – PodCast chaosradio.ccc.de
• Shmoo 16-18 Jan
• Dallas Tech-Security Conference 22 Jan
• Darknet and the primordial soup of Cyber Crime
•
B-Sides Austin 12
– 13 Mar
12 Feb
•
CanSecWest 18 - 20 Mar
•
InfoSec Southwest 10
– 12 Apr
• B-Sides Nashville
• B-Sides San Antonio
11 Apr
? May
• ThotCon 0x6 14 – 15 May
• PenTest Austin (SANS) 18 – 23 May
•
DefCon 23 6
– 9 Aug
DHA
( 1 st Wednesday / looking for new spot , plano )
TX2600
( 1 st Fri / Wild Turkey 35&WalnutHill, dallas )
(1 st Fri / 1418 Coffeehouse, plano)
The Lab.MS
( 2 nd Monday / varies , plano )
Crypto Party
( 3 rd Thursday / Improving Enterprises, addison )
NAISG
( 4 th Thursday / CrossPointe Theatre, carrollton )
LockPick DFW
( Last Monday / looking for new spot , dallas )
Dallas MakerSpace
Random / carrollton
All images scavenged without permission
All images scavenged without permission