Clik here to view.
From a Username to Full Account Takeover
In the past year there have been many major data breach incidents in which usernames, email addresses and sometimes even passwords were compromised. Some of these incidents included big organizations...
View ArticleClik here to view.
Centry
Centry is a panic button intended to protect users against Cold Boot Attacks, Direct Memory Access Attacks and other live system threats. Centry is most effective when deployed on systems with Full...
View ArticleClik here to view.
Multiple Vulns in Openfiler 2.99
#Tested on Openfiler NAS/SAN Appliance version 2.99#Author: MiDoveteMollare#Date: 10 June 2014OS Command Injection (after authentication) #1page: services_iscsi_target.htmlparamenter: passwordPOST...
View ArticleClik here to view.
Internal Network Enumeration and Privilege Escalation
The process of performing internal assessments varies by penetration testing firm. For many, the most common approach is to run a vulnerability scan and provide the rebranded results with a hefty bill...
View ArticleClik here to view.
Paper: Detecting Logic Vulnerabilities in E-Commerce Applications
E-commerce has become a thriving business model.With easy access to various tools and third-party cashiers, it isstraightforward to create and launch e-commerce web applications.However, it remains...
View ArticleClik here to view.
One Token to Rule Them All - The Tale of the Leaked Gmail Addresses
Since I don't really know where to start, let's start at the end. At the very end of this attack, I am going to hold what appears to be every single email address hosted on Google. So what? I mean why...
View ArticleClik here to view.
Playing with Adobe Flash Player Exploits and Byte Code
Adobe Flash Player has been a major target for exploits and malware in recent years. I wrote about CVE-2014-1776 and CVE-2014-0515 exploits just a few weeks ago. CVE-2014-1776 is an IE vulnerability,...
View ArticleClik here to view.
CVE-2014-3977 - Privilege Escalation in IBM AIX
Vulnerability title: Privilege Escalation in IBM AIXCVE: CVE-2014-3977Vendor: IBMProduct: AIXAffected version: 6.1.8 and laterFixed version: N/AReported by: Tim BrownDetails:It has been identified that...
View ArticleClik here to view.
XSS Shell Payloads
XSSing Your Way to Shell Presentationmore here.......https://github.com/Varbaek/xss-shell-payloads
View ArticleClik here to view.
What latest changes to Play Store app means for privacy
TL;DR version: Google did just something very very stupid that affects all Android users.Googles latest changes to the Store app was discussed very briefly on reddit this week (see here and here ). But...
View ArticleClik here to view.
Feedly DoS Attack
2:04am PST – Criminals are attacking feedly with a distributed denial of service attack (DDoS). The attacker is trying to extort us money to make it stop. We refused to give in and are working with our...
View ArticleClik here to view.
Banks: Credit Card Breach at P.F. Chang’s
Nationwide chain P.F. Chang’s China Bistro said today that it is investigating claims of a data breach involving credit and debit card data reportedly stolen from restaurant locations nationwide.read...
View ArticleClik here to view.
Latest version of Svpeng targets users in US
Almost a year ago, we wrote our first blog about the mobile Trojan Svpeng. Back then, the first impression was that it was a standard Trojan-SMS class malicious program that stole money from SMS...
View ArticleClik here to view.
WordPress Plugin Alert — LoginWall Imposter Exposed
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a similar way and remembering the initial...
View ArticleClik here to view.
Monitoring APIs with RPC and Protocol Buffers
This post will discuss API monitoring in a remote process through RPCs (via sockets) and Google’s Protocol Buffers encoding/message interchange format. The purpose is to use the example as a building...
View ArticleClik here to view.
New Pandemiya Trojan Emerges as Alternative to Zeus-based Variants
Pandemiya is a new commercial Trojan malware application that has recently been promoted in underground forums as an alternative to more widely used Zeus Trojan and its variants. The fraudsters behind...
View ArticleClik here to view.
XSS on Samsung Site
*******************************************************************************************************************Advisory: design.samsung.com– Cross-Site Script Vulnerability (XSS) AdvisoryID:...
View ArticleClik here to view.
Paper: A Pattern-based Survey and Categorization of Network Covert Channel...
Network covert channels are used to hide communication inside network protocols. Within the last decades, various techniques for covert channels arose. We surveyed and analyzed 109 techniques developed...
View ArticleClik here to view.
Paper: IMPROVED SECURE ADDRESS RESOLUTION PROTOCOL
In this paper, an improved secure address resolution protocol is presented where ARP spoofing attack is prevented. The proposed methodology is a centralised methodology for preventing ARP spoofing...
View ArticleClik here to view.
a boring xss dissection
Today, I was briefly worried by the observation that mainstream media takes 24-36 hours to start freaking out about over half of web encryption being fundamentally broken, compared to 2-3 hours for an...
View Article