Showing Posts From
September 2016
-
Dave Hartley - 30 Sep 2016
Popping my DoS Cherry at DerbyCon
DerbyCon 6 was a cybersecurity conference featuring notable offensive security talks and tool releases. Key presentations covered topics like privilege escalation, threat emulation, and Exchange/Outlook security. Several new offensive security tools were introduced, including Rotten Potato, Lucky Strike, MailSniper, and OWA-Toolkit.
- Piotr Osuch
- 16 Sep 2016
H-field electromagnetic sniffing
An electromagnetic side-channel attack technique using a custom H-field sensor is demonstrated to sniff secret information from electronic devices. The method involves capturing electromagnetic emissions during data transmission using off-the-shelf components like a shielded-loop antenna, low-noise amplifier, and software-defined radio. By processing the captured signals through cross-correlation and statistical analysis, hidden serial communication data can be successfully extracted.
- Dave Hartley Luke Roberts
- 2 Sep 2016
Malicious Outlook Rules
XRulez is a tool that enables programmatic creation of malicious Outlook rules by injecting rules directly into Exchange servers. The tool allows attackers to create persistent remote code execution mechanisms via email triggers without requiring direct credential access. By exploiting MAPI sessions, malicious rules can be set up to execute payloads when specific email conditions are met.