Tools / Techniques
- How to Extract Flash Objects From Malicious MS Office Documents
- Burp plugin for scanning GWT and JSON HTTP requests
- SQLite3 Injection Cheat Sheet
- Unoffical Guide to scapy
Scapy is immensely powerfull as a seperate tool or as instrumented within your scripts. This guide is a good start.
- Andrubis: A Tool for Analyzing Unknown Android Applications
Flame / Malware
- Flame gets suicide command
- Analysis & pwnage of herpesnet botnet (Malware.lu)
The Malware.lu crew analysed the herpes bot in depth and stumbled up on an SQL injection flaw server-side. Hilarity ensues - must read.
- Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet
Mikko's mea culpa
- Operation Olympic Games, Project X, and the assault on the IT security industry
Microsoft's Certificate Fiasco
- Microsoft Emergency Bulletin: Unauthorized Certificate used in "Flame
- ‘Flame’ Malware Prompts Microsoft Patch
- Microsoft certification authority signing certificates added to the Untrusted Certificate Store
- Flame: Before and After KB2718704
- Flame, certificates, collisions. Oh my. - Must read
- Samsung bug bounty
Samsung went the bug bounty root after flaws within samsung TVs have been published. I personally welcome bug bounty, it is however clear that most of them are used as a tactic to tame and control the news on vulnerabilities.
- Historic view on Password Security
A very good and informal run down of how passwords have been secured in the past ad today by Solar Designer. I used and referenced this presentation in the blog post "Storing password securely - hashses, salts and bit stretching put into context"
- The Four Critical Security Flaws that Resulted in Last Friday's Hack - Must read
- Inside Flash Player Protected Mode for Firefox