One of my favorite OSINT resources internet-haganah have opened up a new
thread on their forums that are dedicated to Iran, called Ashiyane.
This is basically the hacker forum that I was researching a couple of years
ago (see my DefCon18 talk, and here, and here).
The forum thread is
And an interesting intelligence profile for the group actually quotes my past
research (which unlike what it may seem was NOT done as part of my reserve
duty tasks in the Israeli AriForce…)
Keep up the great work guys! Truly humbled to have my work mentioned on your
Just a quick share on something that made me very happy this week (that’s
what happens when the wife is not around): Enabling AirPlay on a non-apple
device to stream both music as well as video to my Boxee (on an Xtreamer
Ultra Linux box).
Pascal Widdershoven has published a really simple and quick to install script
Albert Zeyer has the equivalent one for playing audio: Shairport
Installation of both is fairly straightforward (just read the readme/install
files) and worked flawlessly on my rig. Have fun!
This paper has been published in several security conferences during 2011,
and is now being made fully available (as well as a PDF version for
Penetration testing and red-team exercises have been running for years using
the same methodology and techniques. Nevertheless, modern attacks do not
conform to what the industry has been preparing for, and do not utilize the
same tools and techniques employed by such tests. This paper discusses the
different ways that attacks should be emulated, and focuses mainly on data
The ability to “break into” a... (more)
Here’s a common question I get asked a lot: “What technology should I use
to secure my server/network/[some technology]?”
The question is usually presented by someone who’s in charge of
“Security” in an organization. Now, I wouldn’t have had a problem with
this if this was a technician, or a pen-tester of sorts, but I get really
nervous when the CISO/CIO/Security manager is the one asking.
I think that this question is highly inappropriate for two reasons:
You should not be looking for “technology”. Buying a product is not going
to make you more secure or less secure. You should n... (more)
Aha! Can’t believe I managed to avoid the unbelievable hype flood that
swept across the interwebs in the last month. And to think that the last post
(long overdue, I know… had REALLY good reasons for not being able to post
anything) was somewhat oracleish in predicting that this would be the focus
of this year.
Just to set the stage right – we are at a point where I just saw a USA
Today “Money” section front page article on how Google’s engagement
with the NSA post the breach will affect the security vendor market, and a
few VCs were also quoted to the fact that we will be seein... (more)