Infosec Digest – February 2017


@author Randy Gingeleski

@since 03/05/2017

@see infosec digest


a.k.a. random stuff we bookmarked + notes we took in February

“If they can’t extract a new camera’s firmware some other way, they’ll install a module that iterates through memory until they find the address that controls the LED, then they’ll blink the firmware out one bit at a time.” – best_of_badgers via /r/netsec

Bypassing passwords on older OS (<= Win7) using Direct Memory Access (need physical access to the machine) –

Disguising PostScript as PDF to achieve remote code execution in a file conversion service –

“Blockchain is a distributed DB that maintains records of digital data/events in a way that makes them tamper-resistant. While many users may access, inspect, or add to the data, they can’t change or delete it. The original information stays put, leaving a permanent or public information trail, or chain, of transactions.” – Dawn Beyer, PhD (Lockheed Martin)

AWS put up a cloud security challenge… it’s gamified AWS-specific issues –

Get a stream of red team bounty work via Synack if you have teh skillz (recommended by Zombiehelp54) –

Also credited to Zombiehelp54, here’s an XSS dork to carpet bomb research targets with…

'"><img src=x onerror=alert(2) x=