Clik here to view.
Several NATO websites have been target of significant DDoS attack.
Tweets All / No repliesOana Lungescu @NATOpress 1h.@MicahGrimes the attack hasn't affected the integrity of #NATO's systems. And as @IlvesToomas tweeted, http://ccdcoe.org is back up. View...
View ArticleClik here to view.
Syrian Army Targeting Centcom Penetrating Central Repositories
See below. Sorry for the delay I posted this on my twitter account yesterdaySyrianElectronicArmy @Official_SEA16 Mar 14We didn't publish everything we have and the operation is still on-going so...
View ArticleSyrian Malware Samples
Binaries from the Syrian revolutionWarning: The following files contain malicious software. They are intended for security researchers and should only be executed under controlled environments. The...
View ArticleMore about Google Code malware abuse URL
#More about Google Code malware abuse URL#Status: Up and Alive as per now#MalwareMustDie | @unixfreaxjp /malware/checkdomains]$ dateMon Mar 17 06:06:59 JST 2014click here...
View ArticleECDSA: The digital signature algorithm of a better internet
This blog post is dedicated to the memory of Dr. Scott Vanstone, popularizer of elliptic curve cryptography and inventor of the ECDSA algorithm. He passed away on March 2, 2014.At CloudFlare we are...
View ArticleRemotely Crashing Bluetooth on Android
At CanSecWest last week I demonstrated a remote Bluetooth stack crash in Bluedroid, Android's Bluetooth stack since Android 4.3. This post briefly describes the bug.read...
View ArticleIn-Memory Kernel Driver(IOCTL)Fuzzing using Python
I'm sharing one of my Kernel Driver IOCTL Fuzzer which operates completely from user land. To run this script you should know at least one process which sends IOCTL to your the device you are...
View ArticleHow I got root with Sudo
During security engagements, we regularly come across servers configured with the privilege management software Sudo. As with any software, the principle of least privilege must be closely followed,...
View ArticleTrying out TLS for HTTP:// URLs
The IETF now considers “pervasive monitoring” to be an attack. As Snowden points out, one of the more effective ways to combat it is to use encryption everywhere you can, and “opportunistic encryption”...
View ArticleCHIPSEC: Platform Security Assessment Framework
CHIPSEC is a framework for analyzing security of PC platforms including hardware, system firmware including BIOS/UEFI and the configuration of platform components. It allows creating security test...
View ArticlePlaying Hide-and-Seek with BIOS Implants
In July 2013, MITRE released Copernicus, a tool to allow users to check on whether their BIOS is writable, and, if so, export a copy for inspection. This was the first tool that made it easy to check...
View ArticleCEbot tool that lets you disassemble binary code from your own Twitter!
CEbot is a tool that lets you disassemble binary code from your own Twitter!How? Do this in 2 simple steps:Tweet your hex string with either hashtag #2ce (read: ”To-Capstone-Engine”), or #cebot.Wait 1...
View Articleshodan_pharmer.py: Search Shodan then try concurrently logging into each...
Search Shodan for devices then concurrently test all the results with the same credentials.https://github.com/DanMcInerney/logins.py
View ArticleGPU Password Cracking – Building a Better Methodology
In an attempt to speed up our password cracking process, we have run a number of tests to better match our guesses with the passwords that are being used by our clients. This is by no means a...
View ArticleTeaching Rex another TrustedBSD trick to hide from Volatility
Rex the Wonder Dog (here and here) is a proof of concept that uses TrustedBSD framework to install kernel level backdoors. Volatility is able to detect these malicious modules with a plugin created by...
View ArticleColdFusion Admin Compromise Analysis (CVE-2010-2861)
In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion compromise based on sanitized data from a SpiderLabs IR/Forensics team investigation which resulted in the attacker's...
View Article0Day McAfee Cloud SSO and McAfee Asset Manager vulns (POC)
1. Cloud SSO is vuln to unauthed XSS in the authentication audit form: 2. 1. https://twitter.com/BrandonPrry/status/445969380656943104 2. 1. 2. McAfee Asset Manager v6.6 multiple vulnerabilities 3. 4....
View ArticleRecent activity for authentication credentials
In addition to seeing your browser session activity, you can now view activity for your SSH keys and OAuth tokens as well.https://github.com/blog/1794-recent-activity-for-authentication-credentials
View ArticleIntroducing the iOS Reverse Engineering Toolkit
It should be the goal of every worker to expend less time and energy to achieve a task, while still maintaining, or even increasing, productivity. As an iOS penetration tester, I find myself repeating...
View ArticleWhen you don't have 0days: client-side exploitation for the masses
http://www.slideshare.net/micheleorru2/when-you-dont-have-0days-clientside-exploitation-for-the-masses
View Article