Clik here to view.
Microsoft Phone Scam
Friday 9th of may around 12:15 CET time I get a call on my direct line at home.I managed to get a bit of fun out of it so I am giving a quick summary.Because the talk went on for a while I had the...
View ArticleClik here to view.
Part of StealRAT Emerging Spambot Source Code
I contacted a sys-admin who gave me a couple of mail logs and a php file. I quickly realised that the code was part of the StealRAT because of the error reporting method implemented.Just in case this...
View ArticleClik here to view.
Connecting El Jefe 2.0 with the Cuckoo malware sandbox
One of the great new features in ElJefe May release is the integration of the Cuckoo malware analysis system as part of our interface. Cuckoo runs the malware executable in a sandboxed environment...
View ArticleClik here to view.
Important information for all WooThemes Customers
Over the past 3 days we have had a handful of reports of fraudulent activities on customer’s credit cards. We take these matters very seriously and immediately investigated each case to try and...
View ArticleClik here to view.
Jet Audio 8.1.1 Memory Corruption Vulnerability
# Exploit Title: [JetAudio memory corruption in latest Version 8.1.1 ]# Date: [2014/05/08]# Exploit Author: [Aryan Bayaninejad]# Linkedin : [https://www.linkedin.com/profile/view?id=276969082]# Vendor...
View ArticleClik here to view.
Project unicorn exploitable index
Dropping this here,No questions, I'll just read opinions about this proof of concept andact upon.http://unicorntufgvuhbi.onion/orhttps://unicorntufgvuhbi.tor2web.fi/It won't harm your computer, of...
View ArticleClik here to view.
Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due...
Drupal Flag 7.x-3.5 Module Vulnerability ReportAuthor: Ubani Anthony Balogun <ubani () sas upenn edu>Reported: May 07, 2014Module Description:- -------------------Flag is a flexible flagging...
View ArticleClik here to view.
Hyperion PE crypter: new version 1.1
—=== ((( nEwS ))) ===—A new release of our open source PE crypter Hyperion (version bump 1.1)—=== ((( ch4ng3s ))) ===—Code base has been cleaned up to decrease size and increase...
View ArticleClik here to view.
Massive Unexplained DDoS Attack Hits USA
There is a massive internal DDoS attack taking place in USA today. The attack seems to be a DNS amplification that is affecting at least 220,000 domains belonging to domain hosts, Point DNS. We are...
View ArticleClik here to view.
Metasploit: Yokogawa CS3000 BKESimmgr.exe Buffer Overflow Exploit
Description:This Metasploit module exploits an stack based buffer overflow on Yokogawa CS3000. The vulnerability exists in the BKESimmgr.exe service when handling specially crafted packets, due to an...
View ArticleClik here to view.
How Common Are HTTP Security Headers Really?
A recent issue of the German iX magazine featured an article on improving end user security by enabling HTTP security headersX-XSS-Protection,X-Content-Type-Options MIME type...
View ArticleClik here to view.
Joomla Component com_qpersonel SQL Injection Vulnerability
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]|:: >> General Information|:: Advisory/Exploit Title = Joomla Component QPersonel SQL Injection Vulnerability|::...
View ArticleClik here to view.
Slides: Zeroing in On Zero Days- DNS OARC
To access these slides click here......https://indico.dns-oarc.net//getFile.py/access?contribId=23&resId=1&materialId=slides&confId=19
View ArticleClik here to view.
BitID -Bitcoin Authentication Open Protocol
Pure Bitcoin sites and applications shouldn’t have to rely on artificial identification methods such as usernames and passwords. BitID is an open protocol allowing simple and secure authentication...
View ArticleClik here to view.
SevPod: The Waledac (Spambot.Kelihos) Affiliate by Severa
Waledac (aka spambot.kelihos) is the Kelihos bot Loader (mod2/[whatever].exe) and is also loading Simda (right now : Simda.AT (MS) - mod1/[whatever].exe).As all affiliate stuff you'll see it in many...
View ArticleClik here to view.
Detecting Malware by using the Application Icon
Have you ever wondered how many malicious applications use an application icon from a legit application?We did the same and thought about implementing a cool signature to detect if a potential...
View ArticleClik here to view.
Book: Reverse Engineering for Beginners
I worked more than year on this book, here are more than 600 pages, and it’s free.more here.........http://yurichev.com/writings/RE_for_beginners-en.pdf
View ArticleClik here to view.
Incident Response at Heroku
As a service provider, when things go wrong you try to get them fixed as quickly as possible. In addition to technical troubleshooting, there’s a lot of coordination and communication that needs to...
View ArticleClik here to view.
Dumb Fuzzing for Bugs - Fortissimo
The last section of my Windows Exploitation study was on finding bugs in proprietary or open source software through whatever means necessary. It covers static code analysis tools, fuzzing, and manual...
View ArticleClik here to view.
DOMPurify - XSS sanitizer
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (9+),...
View Article