Paper: A Wake-up Call for SATCOM Security
Satellite Communications (SATCOM) play a vital role in the globaltelecommunications system. IOActive evaluated the security posture of the mostwidely deployed Inmarsat and Iridium SATCOM...
View ArticleHere's the security software Snowden is using to evade the NSA
Most of the focus surrounding former NSA analyst Edward Snowden has been regarding the actual information he leaked to the media, not on how these folks are actually doing that. Snowden, as you likely...
View ArticleMetasploit: MS14-012 Microsoft Internet Explorer CMarkup Use-After-Free (CVE:...
Description: This Metasploit module exploits an use after free condition on Internet Explorer as used in the wild on the "Operation SnowMan" in February 2014. The module uses Flash Player 12 in order...
View ArticleConsul-solution for service discovery and configuration
Today we announce Consul, a solution for service discovery and configuration. Consul is completely distributed, highly available, and scales to thousands of nodes and services across multiple...
View ArticlePlaidCTF writeup for Web-100 (blind sql injection)
Hey folks,I know in my last blog I promised to do a couple exploit ones instead of doing boring Web stuff. But, this level was really easy and I still wanted to do a writeup, so you're just going to...
View ArticleEaster Challenge - The Mystery of the Missing Easter Bunny
The Easter Bunny has been kidnapped, and YOU have to save him! Quickly collect yourself and help save him. Put on your detective hat and start investigating the clues provided.We managed to intercept a...
View ArticleMichaels Identifies and Contains Previously Announced Data Security Issue
Michaels Stores, Inc. (the “Company” or “Michaels”) today provided an update on its ongoing investigation into the data security issue it previously reported. In January, the Company learned of...
View ArticleVideo: Host Unknown presents: I'm a C I Double S P (CISSP Parody)
Think you know what being a CISSP is all about? Not all CISSP's are equal, some are more equal than others!click here for a bit of humor.....https://www.youtube.com/watch?v=whEWE6WC1Ew
View ArticleHow to exploit home routers for anonymity
This article is just a demo for educational purposes. To those who say this sort of information should be censored, I say you can close your eyes and shout, “la-la-la-la-this-doesn’t-exist” all you...
View ArticleApple iOS Malware Campaign "Unflod Baby Panda"
On 17th April 2014 a malware campaign targetting users of jailbroken iPhones has been discovered and discussed by reddit users. This malware appears to have Chinese origin and comes as a library called...
View ArticleU.S. Agent Lures Romanian Hackers in Subway Data Heist
U.S. Secret Service Agent Matt O’Neill was growing nervous. For three months, he’d been surreptitiously monitoring hackers’ communications and watching as they siphoned thousands of credit card numbers...
View ArticleCS and XSS vulnerabilities in CU3ER
These are Content Spoofing and Cross-Site Scripting vulnerabilities inCU3ER. Which I found in October 2013 at one web site. This is popular flashfile and in Google's index there are up to million web...
View ArticleRemote Command Injection in Ruby Gem sfpagent 0.4.14
Title: Remote Command Injection in Ruby Gem sfpagent 0.4.14Date: 4/15/2014Author: Larry W. Cashdollar, @_larry0CVE: 2014-2888Download: http://rubygems.org/gems/sfpagentVulnerabilityThe list variable...
View ArticleUnreal, a TCP32764 backdoor again! How Sercomm saved my Easter! PoC Included
I don't know about you, but I love Easter!And with Sercomm, it's Easter every day!Remember the TCP/32764 routerbackdoor?more here......http://www.synacktiv.com/ressources/TCP32764_backdoor_again.pdf
View ArticlePaper: Revisiting Mac OS X Kernel Rootkits
In Phrack #66, ghalen and wowie wrote about interesting OS X kernel rootkittechniques. That article is almost 4 years old and 4 major OS X releases behind.Today Mountain Lion is king and many of the...
View ArticleMetasploit: Adobe Flash Player Regular Expression Heap Overflow
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework#Authored by juan vazquez, temp66, Boris dukeBarman Ryutin##require...
View ArticleOpencart
# Exploit Title: Opencart <= 1.5.6.3 Upload Shell [ admin required ]# Date: 18.04.2014# Exploit Author: waszilica# Author HomePage: http://rstforums.com# Software Link:...
View ArticlePaper: Fine grain Cross-VM Attacks on Xen and VMware are possible!
Abstract: This work exposes further vulnerabilities in virtualized cloud servers by mounting Cross-VM cache attacks in Xen and VMware VMs targeting AES running in the victim VM. Even though there...
View ArticleFeedly Android Application Zero-day Vulnerability - JavaScript Code Injection
Hey all,(Updated: See yellow)Do you guys remember that I kinda "spammed" my own site with a series of blog posts filled with javascript codes? I was performing tests on the Feedly app to verify a...
View ArticleFairy tales in password hashing with scrypt
TL;DR: scrypt is a password-based key derivation function that is often used as a password hashing scheme. libscrypt is considered the official implementation of scrypt, but it's actually a file...
View Article