This should be an interesting presentation at HITB..Exploiting Passbook to...
PRESENTATION TITLE: Exploiting Passbook to Fly for FreePRESENTATION ABSTRACT:A lot of concerns arise about modern civil aviation by the day. From sophisticated hardware to control airplanes to ways of...
View ArticleUncontrolled Resource Consumption with XMPP-Layer Compression
Several XMPP server implementations that support application-layer compression (XEP-0138) suffer from an uncontrolled resource consumption vulnerability (CWE-400). This vulnerability can be remotely...
View ArticleNew Standard Proposal: SHA-3 Standard: Permutation-Based Hash and...
This Standard specifies the Secure Hash Algorithm-3 (SHA-3) family of functions onbinary data. Each of the SHA-3 functions is based on an instance of the KECCAKalgorithm that NIST selected as the...
View ArticleFrankencert- Adversarial Testing of Certificate Validation in SSL/TLS...
Frankencerts are specially crafted SSL certificates for testing certificate validation code in SSL/TLS implementations. The technique is described in detail in the 2014 IEEE Symposium on Security and...
View ArticleCryptoDefense: The story of insecure ransomware keys and self-serving bloggers
The past week has been particularly eventful for the Emsisoft Malware Research team. It all started about 2 weeks ago, when we received reports of a new ransomware from our friends over at...
View ArticleComodo AV Labs Identifies Dangerous Zeus Banking Trojan Variant
Comodo Antivirus Labs has identified a new and extremely dangerous variant of the Zeus banking Trojan. Hackers use Zeus to launch attacks that obtain the login credentials of visitors to online banking...
View ArticleCredit Cards for 1.2 Million Drivers Vulnerable at TxTag.org
It's been a bad couple of weeks for transportation authorities in the two biggest US states. On March 22, Brian Krebs broke the story of a wide-ranging credit card breach at the California DMV. That...
View ArticleInteresting Paper on Dynamic Searchable Encryption via Blind Storage
Dynamic Searchable Symmetric Encryption allows a client to store a dynamic collection of encrypted documents with a server, and later quickly carry out keyword searches on these encrypted documents,...
View ArticleAnalyzing the "Power Worm" PowerShell-based Malware
On March 27, 2014, Trend Micro revealed the so called “Power Worm” PowerShell-based malware that is actively being used in the wild. With so few publicly reported instances of PowerShell malware in...
View ArticleImproving Chrome's Security Warnings by Adrienne Porter Felt
I’m a member of the Chrome Security team. Chrome Security is responsible for a number of things, including: security reviews, finding bugs, secure architecture, and security features. I’m going to be...
View ArticlexssValidator- This is a burp intruder extender that is designed for...
The burp intruder extender will be designed to forward responses to the XSS detection server, that will need to be running externally.more here.......https://github.com/nVisium/xssValidator
View ArticleVBE Script Leads to Bank Fraud
I only stumbled on this at the middle so I don’t know how this is being targeted to users. Apparently this particular scam has been out there since at least August 2013 and it’s still up and...
View Article8×8 Script Leads to Infinity Drive-By
The “8×8″ script I’m referring to includes a link that looks like this:hxxp://www.example .com/JB3xd6iX.php?id=87342871And can be detected using a regular expression that looks something like...
View ArticleFake Voting Campaign Steals Facebook Users’ Identities
Phishers continuously come up with various plans to enhance their chances of harvesting users’ sensitive information. Symantec recently observed a phishing campaign where data is collected through a...
View ArticleSyScan2014 Conference Slides
Car Hacking for Poories, Setup for Failure: Defeating SecureBoot, Mission mPOSsible, Scientific Best Practices for Recurrent Problems in Computer Security R&D, Deep-Submicron Backdoorand more...
View ArticleAVM Fritz!Box root RCE: From Patch to Metasploit Module - I
This post illustrates the path from diffing the firmware versions and finding the interesting files via reverse engineering the patch through to finally writing an exploit (a Metasploit module) for the...
View ArticleExploiting with BeEF Bind shellcode
Some time ago Michele blogged about the BeEF bind shellcode that Ty Miller wrote for the BeEF project. In the meantime we have committed the full source of this shellcode to the BeEF repository and it...
View ArticleRunning Tru64 UNIX inside a VM for Metasploit testing
With Virtual technology nowadays it is possible to emulate almost anything, and for those that wish to play around with not-so-common operation systems for the Alpha processor family there exists a...
View ArticleCuckoo Sandbox 1.1
This release should have come a lot earlier, it took three months instead. Initially we meant to push out a quick hotfix that would resolve some bugs affecting Cuckoo 1.0.As we procrastinated, more...
View ArticleDynamically Unpacking Malware With Pin
A common approach that malware takes to hide itself is packing. Traditionally, packing was a means to compress your executable, then unpack and execute it at run time. Packing can also be used as an...
View Article