Weekly Reading List for 2/1/1401 Feb 2014
Previews for BSides SF 2014
A couple of new articles have been posted with previews of this year’s BSides San Francisco. Akamai has a preview of several talks and Tripwire previews a day in the life of an information security researcher.
Application Whitelist Bypass
@infosecsmith2 guest posts over at Room362 about using IEexec.exe to bypass application whitelisting.
Chief Monkey over at IT Security Toolbox reports on a tool called SmeegeScrape that allows you to build a wordlist from the contents of a system. He reports on it in the context of a forensics task, but it seems like it would be a great option for penetration testing as well.
Encryption with Plausible Deniability
Michael Mimoso at ThreatPost describes a new encryption mechanism called ‘Honey Encryption’. The idea is that an attacker can get a plausible decryption output from a wrong password, making it harder to know if a decryption was valid when performing offline attacks.
The reading list is a little short this week – it’s been crazy.