Using Static Analysis And Clang To Find Heartbleed
Friday night I sat down with a glass of Macallan 15 and decided to write a static checker that would find the Heartbleed bug. I decided that I would write it as an out-of-tree clang analyzer plugin and...
View ArticleAn Evaluation of the Effectiveness of Chrome's CRLSets
Google tells us how broken the security certificate revocation system is, that we should not use it, and that Chrome's unique CRLSet solution provides all the protection we need . . .Does it?more...
View ArticleTDL4 rootkit can be modified to pwn any security product, Bromium researchers...
Kernel mode rootkits are more viable than has been realised and could be used to bypass more or less any security product in existence, researchers at Bromium have discovered after conducting a...
View ArticleVTGuard
The web browser is a war zone. We continue to see the latest and most cutting edge research, mitigation technologies, and exploitation techniques in popular web browsers such as Internet Explorer. One...
View ArticleSSH Kung Fu
OpenSSH is an incredible tool. Though primarily relied upon as a secure alternative to plaintext remote tools like telnet or rsh, OpenSSH (hereafter referred to as plain old ssh) has become a swiss...
View ArticleNew Flash Player 0-day (CVE-2014-0515) used in watering-hole attacks
In mid-April we detected two new SWF exploits. After some detailed analysis it was clear they didn-t use any of the vulnerabilities that we already knew about. We sent the exploits off to Adobe and a...
View ArticleDecrypting IIS Passwords to Break Out of the DMZ: Part 2
In my last blog I showed how to use native Windows tools to break out of DMZ networks by decrypting database connection strings in IIS web.config files, and using them to pivote through SQL Servers. If...
View ArticleCrimeware based Targeted Attacks: Citadel case, Part III
In our previous blog (part 2 in this 3 part series), we outlined how Citadel infects a host machine, and we extracted some string references that we used to detect it via YARA. However, we have yet to...
View ArticleAOL Security Update
At AOL, we care deeply about the safety and security of your online experience. We are writing to notify you that AOL is investigating a security incident that involved unauthorized access to AOL's...
View ArticleGrey Hat Hacker "weev" Andrew Auernheimer on CNBC
It appears weev who just was recently released from prison will be plugging his, TRO LLC (the troll corporation) fund on CNBC's Power Lunch hour today. Weev's hedge fund focuses on shorting equities...
View ArticleStriCat (pronounced "stree cat") multi-use cryptographic tool
This is a quick tutorial to the StriCat (pronounced "stree cat") multi-use cryptographic tool, which can be used to hash, encrypt, and decrypt files and to establish secure communication links over...
View Article[Onapsis Security Advisory 2014-005] Information disclosure in SAP Software...
Onapsis Security Advisory 2014-005: Information disclosure in SoftwareLifeclycle ManagerThis advisory can be downloaded in PDF format fromhttp://www.onapsis.com/.By downloading this advisory from the...
View ArticleMultiple CSRF and XSS vulnerabilities in D-Link DAP 1150
In 2011 and beginning of 2012 I wrote about multiple vulnerabilities (http://securityvulns.ru/docs27440.html, http://securityvulns.ru/docs27677.html, http://securityvulns.ru/docs27676.html) in D-Link...
View ArticleCIS-CERT releases CIS Enumeration and Scanning Program (CIS-ESP) for Incident...
The Center for Internet Security (CIS) Computer Emergency Response Team (CERT) has released its Enumeration and Scanning Program (CIS-ESP). CIS developed the ESP to assist its partners in identifying...
View ArticleBrowlock Goes Russian
In a surprising turn of events, it appears that Browlock is now targeting Russians.If for some reason, some unfortunate fellow ends up in an infected site that has been prepended with the Browlock...
View ArticleSefnit is Back
Facebook has dissected a new variant of Sefnit that appears to no longer utilize Tor. Details and indicators are provided to help security teams audit their hosts for signs of infection.Prior WorkIn...
View ArticleSyrian Electronic Army hacks RSA Conference website after presentation at RSA...
Official website of RSA Conference is the latest to the list of victims of Syrian Electronic Army.RSA Conference website (http://www.rsaconference.com/) was hacked earlier this saturday after the RSA...
View ArticleA Tale of CenturyLink Backdoors, PCI Compliance, and Pain. Lots of Pain.
I have a client with an ActionTec M1000 modem running firmware QA02.5-3.60.3.0.8.6-M1000. It’s on a business CenturyLink DSL line and routes for five public IP addresses. For ease of writing, I’m going...
View Article[Onapsis Security Advisory 2014-006] Missing authorization check in SAP...
Onapsis Security Advisory 2014-006: Missing authorization check in SAPBackground Processing RFCThis advisory can be downloaded in PDF format from http://www.onapsis.com/.By downloading this advisory...
View Article[Onapsis Security Advisory 2014-007] Missing authorization check in SAP...
Onapsis Security Advisory 2014-007: Missing authorization check inProfile MaintenanceThis advisory can be downloaded in PDF format from http://www.onapsis.com/.By downloading this advisory from the...
View Article