Wednesday, February 27
TOP STORY
Thunderclap, Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals (see the research paper).
TWEET OF THE DAY
How-To: Cloud Cracker
1) Create AWS EC2 Instance
2) Choose p3.16xlarge
3) Install nVidia drivers
4) Install Hashcat
5) Crack Password Hashes
Alt) Choose an upToDate AMI from nVidia in the AWS Marketplace that already has nvidia drivers & configs installed. Then install Hashcat. - @TinkerSec
OTHER ARTICLES WE’RE READING
US Cyber Command went on the offensive on election day, attacking Russian troll farm
Reddit chimes in: good twitter accounts to follow re: computer security
Keep your opsec on point when chatting with Mister Krebs at RSA this week and all journos for that matter (and if any journos are reading, we love you all!).
Coinbase acquires Neutrino, a startup founded by former Hacking Team members reports Motherboard
What is the “street price” for a used power meter? Ask DefCon
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Credential stuffing is going to impact your organization. Not if, not maybe, it - will - happen. When these numbers first hit my desk, my mind was blown.
A single organization was the target of 6% of all credential abuse attacks during the reporting period.