Clik here to view.
Managing and Exploring Malware Samples with Viper
Keeping track of all the samples on your plate can become cumbersome and at times, next to impossible; that's where projects like Viper come in. Viper is "a framework to store, classify and investigate...
View ArticleClik here to view.
PDF: Sold Down the River
A world-wide scan of the Intelligent Platform Management Interface (IPMI) protocolidentified over 230,000 Baseboard Management Controllers (BMCs) exposed to theinternet, of which upwards of 90% could...
View ArticleClik here to view.
BTA
BTA is an open-source Active Directory security audit framework. Its goal is to help auditors harvest the information they need to answer such questions as:Who has rights over a given object (computer,...
View ArticleClik here to view.
Black marketed Windows banking & POS Trojan Minerva turns in-the-wild
The path from the creation of malicious program to its delivery onto victims’ computers is long nowadays and involves many different players with the same goal – to make a financial gain. Malware...
View ArticleClik here to view.
Paper: An Argumentation-Based Framework to Address the Attribution Problem in...
Attributing a cyber-operation through the use of multiple pieces of technical evidence (i.e., malware reverse-engineering and source tracking) and conventional intelligence sources (i.e., human or...
View ArticleClik here to view.
Hooker: Automated Dynamic Analysis of Android Applications
Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls...
View ArticleClik here to view.
PDF: Description of "Russian AES" in English
Low-Weight and Hi-End:Draft Russian Encryption StandardWe give a brief analysis for the current demands in standardized encryptionalgorithms and present a draft of a new block cipher which in the...
View ArticleClik here to view.
Paper: Decodability Attack against the Fuzzy Commitment Scheme with Public...
The fuzzy commitment scheme is a cryptographic primitive that can be used to protect biometric templates when stored. If multiple records of the scheme protecting templates extracted from the same...
View ArticleClik here to view.
Paper: On the Feasibility of Software Attacks on Commodity Virtual Machine...
The security of virtual machine monitors (VMMs) is a challengingand active field of research. In particular, due to the increasingsignificance of hardware virtualization in cloud solutions, it...
View ArticleClik here to view.
[RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager
Advisory: Directory Traversal in DevExpress ASP.NET File ManagerDuring a penetration test RedTeam Pentesting discovered a directorytraversal vulnerability in DevExpress' ASP.NET File Manager and...
View ArticleClik here to view.
SSL/TLS MITM vulnerability (CVE-2014-0224)
Matt Caswell of the OpenSSL development team.SSL_MODE_RELEASE_BUFFERS session injection or denial of service...
View ArticleClik here to view.
Hacking Soraya Panel - Free Bot? Free Bots!
Some security agencies have been raving about a revolutionary new bot that combines point-of-sales card grabbing (ram scraping) with form grabbing. The bot is actually not very interesting and pretty...
View ArticleClik here to view.
Early ChangeCipherSpec Attack (05 Jun 2014)
OpenSSL 1.0.1h (and others) were released today with a scary looking security advisiory and that's always an event worth looking into. (Hopefully people are practiced at updating OpenSSL now!)Update:...
View ArticleClik here to view.
How flawed firmware can really give your DAG some replication headaches
Generally it's a good idea to keep firmware up to date for components like storage controllers. But just like you would never put an Exchange 2013 cumulative update into production without testing, you...
View ArticleClik here to view.
The Power of Cookbooks - generic HTTPS Analysis
Besides Hybrid Code Analysis, one of the top features of Joe Sandbox is the Cookbook technology. Cookbooks? Sounds like cooking. That is correct, Cookbooks lets one "cook" the malware. To be more...
View ArticleClik here to view.
Reset the Net
f we properly encrypt our sites and devices, we can make mass surveillance much more difficult. We’ll be serving pages only over SSL for all *.wordpress.com subdomains by the end of the year.more...
View ArticleClik here to view.
DNSCrypt user interface for OSX New Release
Mac OSX application to control the DNSCrypt Proxy has a new release 1.0.2more info can be found here........https://github.com/alterstep/dnscrypt-osxclient
View ArticleClik here to view.
Microsoft Security Bulletin Advance Notification for June 2014
********************************************************************Microsoft Security Bulletin Advance Notification for June 2014Issued: June 5,...
View ArticleClik here to view.
ABZ Srl CMS SQL Injection
[+] Exploit Title: (ABZ Srl) Cms SQL Injection[+] Exploit Author: Medrik[+] Found Date: 13-03-2014[+] Vendor Homepage: http://www.abzsrl.com/[+] Google Dork: intext:"powered by ABZ Srl"...
View ArticleClik here to view.
BSI Advance Hotel Booking System Persistent XSS Vulnerability
[+] Exploit Title: BSI Advance Hotel Booking System Persistent XSS Vulnerability[+] Exploit Author: Angelo Ruwantha[+] Vendor : http://www.bestsoftinc.com/php-advance-hotel-booking-system.html[+]...
View Article