Rapid7 has just released their first PSP evasion module for the Metasploit Framwork (MSF). Check out their official announcement:
A newly discovered vulnerability in RouterOS, which is the software that runs on all MikroTik devices was discovered by Tenable Security. You can read about it here:
Thanks to everyone that went to and participated in the DerbyCon 2018 CTF this weekend. Thanks to everyone we came in 5th place! Special thanks to the people to went to the conference and provided us with the ability to participate remotely: g0day, n0tazombie and void.star. Additional thanks to m2 for leading the NoVA group.
Offensive Security just release a free guide to using Kali Linux. It is intended as an introductory guide to Linux and the specific applications that are loaded onto Kali.
SANS just announced registration is open for the SANS Holiday Hack Challenge 2018 which they said will run in “mid-December”. You can register for your free account by going here:
The say that space is limited this year, so go register so you can participate in the event when it comes around this year!
Shmoo Group has recently announced their dates for ticket sales for ShmooCon 2019:
* Round 1: November 1, 2018 @ 12PM EST
* Round 2: December 1, 2018 @ 12PM EST
* Final Round: December 13, 2018 @ 12PM EST
* ShmooCon: January 18-20, 2019
The URL to buy your tickets is: http://landing.shmoocon.org
As we did last year, we are looking for volunteers for all three rounds of sales. If you are interested in volunteering, please register to volunteer here:
CSAW just published a website that has various guides on various topics ranging from digital forensics, to reverse engineer and exploit development. It looks like the plan on hosting various labs, but they aren’t available right now. The website is:
A new website that is an alternative to ExploitDB is now available to the public. It can be found here:
BSides Delaware recently announced on Twitter that the dates for this year will be: November 9-10, 2018. Pros vs Joes will be their CTF event again this year.
I have identified the following CTF labs which are 24/7 and most if not all are free:
* Immersive Labs: https://immersivelabs.online
* pwnable.xyz (good for people new to CTF): https://pwnable.xyz/
* 365 CSAW: https://365.csaw.io
* CTF101: https://ctf101.org/
* Shellter Hacking Express: https://shellterlabs.com/en/contests/
* Backdoor: https://backdoor.sdslabs.co/
* ShellWePlayAGame?: https://shellweplayagame.org/
* RootMe: https://www.root-me.org/?lang=en
* OverTheWire: https://overthewire.org/wargames/
* Virginia Cyber Range: https://portal.virginiacyberrange.net/
* Hack The Box: https://www.hackthebox.eu/
* FuzzyLand: https://fuzzy.land/
* Hacking Lab: https://www.hacking-lab.com/index.html
To everyone that made me aware of these thank you!