Multiple Vulnerabilities in iMember360
------------BACKGROUND------------"iMember360is a WordPress plugin that will turn a normal WordPress siteinto a full featured membership site. It includes all the protectioncontrols you can imagine,...
View ArticleBuild LibreSSL on non-OpenBSD platforms
This project repackages the [OpenBSD](http://www.openbsd.org/) fork of[OpenSSL](https://www.openssl.org/), [LibreSSL](http://www.libressl.org/), soit is buildable on other systems.more...
View ArticleReversing H.Koenig wireless remote (part 3)
For those who want to read the whole story from the begining, here are Part 1 andPart 2.I haven’t talked about this project for a while but I was still working on it. So, what took me so long that I...
View ArticleKautilya 0.4.5 - Reboot Persistence, DNS TXT exfiltration and more
This update of Kautilya introduces reboot persistence for HTTP Backdoor, DNS TXT Backdoor and Keylogger. The payloads for Windows have been rearranged in five categories making the menu clearer.more...
View ArticleCollection of PHP Bots
click here...https://defense.ballastsecurity.net/decoding/index.php
View ArticleSQL Injection In Dynamically Constructed Images (And Other Sql Related Mischief)
Howdy. Today we’ll be going through a SQL injection edge case that tends to be missed by automated scanning tools - SQL injection in web application image constructors. At times web applications have...
View ArticlePHP Callback Functions: Another Way to Hide Backdoors
We often find new techniques employed by malware authors. Some are very interesting, others are pretty funny, and then there are those that really stump us in their creativity and effectiveness. This...
View ArticleRATDecoders
This Repo will hold a collection of Python Scripts that will extract and decode the configuration settings from common rats.Each of these decoders is running on http://malwareconfig.com and has...
View Articletorrent-mount
Mount a torrent (or magnet link) as a filesystem in real time using torrent-stream and fuse. AKA MAD SCIENCE!more here........https://github.com/mafintosh/torrent-mount
View ArticleMetasploit: Wireshark 1.8.12/1.10.5 wiretap/mpeg.c Stack Buffer Overflow...
This Metasploit module triggers a stack buffer overflow in Wireshark versions 1.8.12/1.10.5 and below by generating an malicious file.## This module requires Metasploit: http//metasploit.com/download#...
View ArticleMetasploit: Mac OS X NFS Mount Privilege Escalation Exploit
This exploit leverage a stack overflow vulnerability to escalate privileges. The vulnerable function nfs_convert_old_nfs_args does not verify the size of a user-provided argument before copying it to...
View ArticleSymantec Endpoint Protection Manager – CVE-2013-1612 – Remote Buffer Overflow...
Do want to help me to turn this PoC into reliable exploit code ? Here is the short story about CVE-2013-1612, a remote buffer overflow that I’ve reported to Symantec in June 2013. The vulnerability...
View ArticleDivx plugin suite heap-based buffer overflow
DirectShowDemuxFilter as part of Divx plugin suite is vulnerable to heap-based buffer overflow, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due...
View ArticlePaper: The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor...
Abstract—Tor is a distributed onion-routing network usedfor achieving anonymity and resisting censorship online. Becauseof Tor’s growing popularity, it is attracting increasingly largerthreats against...
View ArticlePaper: WAFFle: Fingerprinting Filter Rules of Web Application Firewalls
Abstract—Web Application Firewalls (WAFs) are used to detectand block attacks against vulnerable web applications. Theydistinguish benign requests from rogue requests using a set offilter rules. We...
View ArticleDAVOSET v.1.2- DDoS attacks via other sites execution tool
After making public release of DAVOSET(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html),I've made next update of the software. At 26th of April DAVOSET...
View ArticleoclHashcat v1.20 CPU-based password recovery tool major update released
You will need to take some time to go through all of the release notes, as there are megatons of new features. Don't worry, it's mostly just additions, so you won't have to relearn oclHashcat's syntax...
View ArticleNew Zero-Day Exploit targeting Internet Explorer Versions 9 through 11...
FireEye Research Labs identified a new Internet Explorer (IE) zero-day exploit used in targeted attacks. The vulnerability affects IE6 through IE11, but the attack is targeting IE9 through IE11. This...
View ArticleBlackHat-Traffic Direction System TDS (v1.4) -
Infection schemes often implicate TDS (Traffic Direction System - See read more at the end if you don't know what is that). A lot of groups are using custom tools, but when they are not, they are using...
View ArticleExploit: McAfee ePolicy 0wner (ePowner) v0.1 – Release
Hi,I received so many requests for this exploit code. Usually my response was something similar to: “Because the exploit can p0wn a whole network environment within 2 minutes (only by talking with the...
View Article