phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerability
Happy easter..* Product: phpManufaktur / kitForm* Version: <= 0.43 (2013-11-22)* Date: 2014-04-20* Criticality: Medium* Exploitable from: Remote* Impact: SQL Injection* Product URL:...
View ArticleCodeigniter Object Injection Vulnerability via Encryption Key
Codeigniter is one of my favorite PHP framework. Like every one else, I’ve learned PHP MVC programming with this framework. Today, I decided to analyze Codeigniter for PHP Object Injection...
View ArticleAttacking Audio reCaptcha using Google's Web Speech API
I had a fun project months back, Where I had to deal with digital signal processing and low level audio processing. I was never interested in DSP and all other control system stuffs, But when question...
View ArticleCROSSDOMAIN.XML PROOF OF CONCEPT TOOL
After recently looking into how Adobe flash player does cross site requests I noticed that there was a shocking lack of tools to demonstrate crossdomain.xml insecurities. It seems like a pretty easy...
View ArticleP2P Zeus Performs Critical Update
P2P Zeus, a.k.a. Zbot, has evolved into a powerful bot since its discovery in 2007. It is capable of stealing infected hosts’ banking information, installation of other malware, and other...
View ArticlemojoPortal 2.4.0.3 Multiple XSS Vulnerabilities
#Title: mojoPortal 2.4.0.3 Multiple XSS Vulnerabilities#Version: >= 2.4.0.3 / 2014-04-14 (Latest ATM)#Date: 20.04.14#Vendor: mojoportal.com#Demo: demo.mojoportal.com#Tested on: IIS 7.0, ASP.NET...
View ArticleSecure storage of BIGNUM's
In order to help protect applications (particularly long-running servers) from pointer overruns or underruns that could return arbitrary data fromthe program's dynamic memory area, where keys and other...
View ArticleA New Approach to Prioritizing Malware Analysis
Every day, analysts at major anti-virus companies and research organizations are inundated with new malware samples. From Flame to lesser-known strains, figures indicate that the number of malware...
View ArticleBlackArch Linux / New ISOs released
Today, we released new BlackArch Linux ISOs including more than 750 tools andlot's of improvements. Also, armv6h and armv7h repositories are filled withabout 650 tools.A short ChangeLog: - added new...
View ArticleNeoPocket: A new ATM malware
In 2013, during the late September the discovery of a new malware family - known as Ploutus - was announced. The malware was designed to attack a specific brand of ATM cash machines that were widely...
View ArticleMobile Switching Center DoS
Mobile Services Switching Center (MSC) is a core element in GSM/UMTS network. MSC is responsible for routing voice calls, as well as other services.Is it difficult to conduct DoS against MSC and leave...
View ArticleInterview with Yubico's Stina Ehrensvard on 2-Factor Authentication
rew Gates and Jason McMullan interview Stina Ehrensvard, Founder and CEO of Yubico, Inc. Ehrensvard spoke about the history and ideas behind Yubico and the Yubikey, and the future of two-factor...
View ArticleTriaging with the RecentFileCache.bcf File
When you look at papers outlining how to build an enterprise-scale incident response process it shows the text book picture about what it should look like. It's not until you start building out the...
View ArticleMODx Blind SQL Injection
Product description:============MODX (originally MODx) is a free, open source content management system and web application framework for publishing content on the world wide web and...
View ArticleSecurity Onion
Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). It's based on Ubuntu and contains Snort, Suricata, Bro, Sguil, Squert, Snorby, ELSA, Xplico,...
View ArticleRestoring external symbol calls in IDA when ELF sections are deleted
Some time ago I wrote ZwoELF, an ELF parsing and manipulation library for Python, to learn about the ELF format. I used it for the hack.lu 2013 CTF challenge ELF to manipulate the binary file after it...
View ArticleWiFi hacking on tablets
Disclaimer: Don't hack anything where you don't have the authorisation to do so. Stay legal.Ever since I bought my first Android device, I wanted to use the device for WEP cracking. Not because I need...
View ArticleSlides: How broken is TLS?
TLS had various problems recently. The BEAST attack, the CRIME attack, the Lucky Thirteen attack, problems with RC4 and of course Heartbleed. Standards from the NSA aren't trustworthy any more. Where...
View ArticleNotSoSecure's 2nd SQLiLab CTF Writeup
This year’s Easter weekend featured NotSoSecure’s 2nd SQLiLab CTF event. The contest promised two flags to capture, and lasted about 72 hours (it ended up being extended due to some muppet’s DNS DoS...
View ArticleParallels Plesk Panel 12.x & 11.x /etc/psa/private/secret_key leakage
While auditing the source code for Parallels Plesk Panel 12.x on Linux Inoticed the following feature that leads to leakage of the'/etc/psa/private/secret_key'-file in md5 format to non-authenticated...
View Article