by moth Hard-coded cryptographic secrets? In my commercially purchased, closed-source software? It’s more likely than you think. Like, a lot more likely.  This blog post details a true story of […]

The post Indecent Exposure: Your Secrets are Showing  appeared first on Black Hills Information Security, Inc..

Every Android application has a “manifest.xml” file located in the root directory of the APK. (Remember APKs are just zip files.) The manifest file is like a guide to the application.

The post Field Guide to the Android Manifest File appeared first on Black Hills Information Security, Inc..

Raymond Felch // Preface: I began my exploration of reverse-engineering firmware a few weeks back (see “JTAG – Micro-Controller Debugging“), and although I made considerable progress finding and identifying the […]

The post How to Hack Hardware using UART appeared first on Black Hills Information Security, Inc..

Last month I gave a workshop for a group of 20-25 enthusiastic women, all either starting in infosec, or with an interest to start in this field.

For that purpose, I had created a full workshop: slides or a presentation introducing the concepts of Malware Analysis, Threat Intelligence and Reverse Engineering.

The idea was to convey these topics in a clear and approachable manner, both theory and in practice; for the latter, I had set up a custom VM, with Labs, including my own created applications, some with simple obfuscation.

All participants were very enthusiastic, and I hope to have sparkled most, if not some of them to pursue a career in this field. For this exact same reason, I am now releasing the presentation to the public - the VM and recordings however will not be published, as I created these solely for CWF.

You may however download the LAB material from Github below:
https://github.com/bartblaze/MaTiRe

Without any further ado, you may find the slides below, on SlideShare:


Any feedback is always appreciated.

I would also like to thank Nathalie for putting me in touch with Rosanna, the organiser of the CyberWayFinder program. And of course, my gratitude to all the attendees for making it!

Mind the disclaimer for the slides. License: CC Attribution-NonCommercial-NoDerivs License

Lawrence Hoffman // So Microsoft is open sourcing PowerShell and putting it on Linux. Realistically Linux already has a full suite of administrative tools and some very powerful scripting languages […]

The post Lawrence’s List 081916 appeared first on Black Hills Information Security, Inc..

Lawrence Hoffman // It’s been one of those crazy busy weeks. I always feel like I didn’t get enough time to read articles, surf Reddit, and attempt to keep up […]

The post Lawrence’s List 061016 appeared first on Black Hills Information Security, Inc..