Training

  • The BHIS "Gorilla Webcast!! VPN 0-day and stunt hacking" slides should be up soon. Will post 'em in next week's roundup.

  • Tim Tomes is teaching a special edition of his Practical Web Application Pentesting course in Charleston and Spartanburg, SC. Check out his page for specific dates, but this offering is of particular interest because there's an extra day of dev-focused content. I'd definitely go if I could!

  • I started taking the CCSP through ITPro.tv. Decent so far, but mostly a lot of really high level concepts without a lot of hands-on, practical advice. But maybe that's just how the cert/training is designed.

General News

  • The person behind The Hacking Team hack did a write-up of how the breach occurred. It's a gripping read, summed up nicely here or here or you can read directly here or here. My favorite bit is probably how the attacker tested his exploits many times on other vulnerable companies before pulling the trigger on The Hacking Team.

  • Webhost 123-reg accidentally deleted everything on their customer sites. Read through some of the horror stories. They'll make your skin crawl. Then take this time to go backup all your stuff :-). There seems to be some dispute on whether this is indeed the same company/individual who posted on Serverfault asking how to recover from an "rm -rf" - yikes!

  • Fascinating story about a hacker going on a Facebook bug bounty only to find some FB virtual properties already hacked.

  • The NYPD's campaign for #UnlockJustice massively backfires.

Tools/Scripts

Misc/Humor