In March during TROOPERS’18, I discovered a very nice tiny device developed by Luca Bongiorni (see my wrap-up here): The WiFi HID Injector. Just to resume what’s behind this name, we have a small USB evil device which offers: a Wireless access point for the configuration and exfiltration of data, an HID
I published the following diary on isc.sans.org: “Collecting Users Credentials from Locked Devices“. It’s a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, it’s just a matter of time. The best hacks are the ones which use
I received a comment from a reader of this blog (hi Ziyad!) about an very old article posted in 2008 (!) about tools to wipe files from drives. I reviewed a list of tools available on Linux (or other UNIX flavors) to safely delete files. As you probably already know,
Next step in my investigations with OSSEC. The possibilities of OSSEC are awesome and could clearly, in some case, replace a commercial log management solution! After collecting the Secunia vulnerabilities into OSSEC, I switched to the “dark side”: the Microsoft Windows agent. The USB sticks are very popular at users
