Clik here to view.
Big file diffing with DarunGrim
One of the challenges with patch analysis is diffing big files. The definition of big files can vary, but usually we are talking about files that are bigger than a few mega-bytes. Usually Windows...
View ArticleClik here to view.
NODE.JS CONNECT CSRF BYPASS ABUSING METHODOVERRIDE MIDDLEWARE
n the previous post, I discussed the importance of well-written documentation and uncomplicated APIs suggesting that poor documentation and negligence should be considered as silent threats.Almost a...
View ArticleClik here to view.
radare2- unix-like reverse engineering framework and commandline tools
r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary filesThis is the rewrite of radare (1.x branch) to provide a framework with a set of...
View ArticleClik here to view.
Live from InfoSecurity Europe 2014: The Nitty Gritty of Sandbox Evasion
Infosecurity Europe 2014 was a great gathering of the top minds in cybersecurity, and in case you missed the event, we were excited to capture live content from the show floor to share with our...
View ArticleClik here to view.
have i been pwned?
Check if you have an account that has been compromised in a data breachhere.......https://haveibeenpwned.com/
View ArticleClik here to view.
Metasploit: Adobe Flash Player Integer Underflow Remote Code Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Metasploit: Windows NTUserMessageCall Win32k Kernel Pool Overflow
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require...
View ArticleClik here to view.
Vionlink comments 2.2 Remote File Include Vulnerability
# Exploit-Title: vionlink comments 2.2 Remote File Include Vulnerability# Date: 2014-05-06# Author: bd0rk# Software-Link: http://www.vionlink.de/downloadcounter.php?version=v_comments2.2#...
View ArticleClik here to view.
Dropbox users leak tax returns, mortgage applications and more
If you are using file-sharing systems like Dropbox and Box without proper care and attention, there is a risk that you could be unwittingly leaking your most private, personal information to others.And...
View ArticleClik here to view.
VOLAFOX MAC OS X MEMORY ANALYSIS TOOLKIT
Volafox is an open source toolkit that you can use for Mac OS X and BSD forensics. The tool is a python based and allows investigating security incidents and finding information for malwares and any...
View ArticleClik here to view.
The evolution of Rovnix: new Virtual File System (VFS)
We recently discovered another evolution in Rovnix – a variant that introduces a new Virtual File System (VFS).With our latest signature update we detect this Rovnix dropper as...
View ArticleClik here to view.
Paper: Safety Envelope for Security
ABSTRACTWe present an approach for detecting sensor spoo fingattacks on a cyber-physical system. Our approach consists oftwo steps. In the fi rst step, we construct a safety envelope ofthe system....
View ArticleClik here to view.
A Windows Authentication Flaw Allows Deleted/Disabled Accounts to Access...
As part of our extensive research on the Kerberos authentication protocol we found that contrary to the actual aim of Kerberos and as opposed to common sense, a disabled account in Windows’ network...
View ArticleClik here to view.
PHP-FPM and PHP-CGI - Denial of Service POC
When running under Apache or NGINX servers, the default (and/or commonly accepted) configurations of PHP-FPM and PHP-CGI (mod_fcgi) are easily susceptible to denial of service attacks.This attack...
View ArticleClik here to view.
SOAPpy 0.12.5 Multiple Vulnerabilities
SOAPpy provides tools for building SOAP clients and servers.The goal of the SOAPpy team is to provide a full featured SOAP library for Python that is very simple to use and that fully supports dynamic...
View ArticleClik here to view.
Norse, McAfee Joint Webinar to Show Enterprises the Value of Dark Threat...
Webinar Attendees to Learn the Role of Dark Threat Intelligence in Preventing Data Breaches and Improving the Incident Response Process here.....http://www.norse-corp.com/webinars.html
View ArticleClik here to view.
AppRiver Releases Q1 Global Security Report
2014 starts with record-breaking malware traffic; HMRC, IRS and National Institute for Health and Excellence used as covers for several attacks; Asprox botnet activity skyrockets; Heartbleed...
View ArticleClik here to view.
Rails 3.2.18, 4.0.5 and 4.1.1 have been released!
These three releases contain important security fix, so please upgrade as soon as possible! In order to make upgrading as smooth as possible, we've only included commits directly related to each...
View ArticleClik here to view.
Watch a bank-raiding ZeuS bot command post get owned in 60 seconds
Vid Web thieves may get more than they bargained for if tech pros follow the lead of one researcher – who demonstrated how to hack the systems remote-controlling the infamous ZeuS crime bot in 60...
View ArticleClik here to view.
Anti-virus keeps dying "AV is Dead."
Three easy words that make an almost guaranteed route to headlines in the technical press.But what do they actually mean?That anti-malware software is useless?Let's dig down into this thorny issue and...
View Article