Clik here to view.
MOBILE SECURITY TECHNOLOGIES (MOST) 2014
Papers and Slides on Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device Sensors, Differentially Private Location Privacy in Practice, Location Privacy...
View ArticleClik here to view.
Vulnerability in Microsoft Malware Protection Engine
Could Allow Denial of Servicemore here..... https://technet.microsoft.com/library/security/2974294
View ArticleClik here to view.
Todays Microsoft Security Bulletin Revisions
Bulletin Information:=====================* MS14-035 - Critical - https://technet.microsoft.com/library/security/ms14-035 - Reason for Revision: V1.1 (June 17, 2014): Corrected the severity table...
View ArticleClik here to view.
Attacks before system startup
A major objective pursued by malware writers when developing malicious code is to make it start as early as possible, enabling it to make key modifications to the operating system’s code and system...
View ArticleClik here to view.
Metasploit: Rocket Servergraph Admin Center fileRequestor Remote Code Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Introduction to Dyreza, the Banker that bypasses SSL
Today we will have a closer look at Dyreza, a new banker Trojan able to bypass SSL traffic. Dyreza is able to hook several browsers (Internet Explorer, Chrome and Firefox) and intercepts the traffic...
View ArticleClik here to view.
Paper: Unsupervised Anomaly-based Malware Detection using Hardware Features
Recent works have shown promise in using microarchitecturalexecution patterns to detect malware programs. Thesedetectors belong to a class of detectors known as signaturebased detectors as they catch...
View ArticleClik here to view.
Ubisoft Rayman Legends 1.2.103716 - Remote Stack Buffer Overflow Vulnerability
#!/usr/bin/perl### Ubisoft Rayman Legends v1.2.103716 Remote Stack Buffer Overflow Vulnerability### Vendor: Ubisoft Entertainment S.A.# Product web page: http://www.ubi.com# Affected version:...
View ArticleClik here to view.
BarracudaDrive 6.7.2 XSS
################################################################################Exploit Title : BarracudaDrive 6.7.2 Administrator Panel Rflected Cross-Site Scripting#Author : Govind Singh aka...
View ArticleClik here to view.
YAPOET TOOL
Yet Another Padding Oracle Exploitation Tool here..........https://github.com/kochetkov/Yapoet
View ArticleClik here to view.
docker PoC VMM-container breakout --This is the first exploit I have seen in...
/* shocker: docker PoC VMM-container breakout (C) 2014 Sebastian Krahmer * * Demonstrates that any given docker image someone is asking * you to run in your docker setup can access ANY file on your...
View ArticleClik here to view.
Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module Vulnerability
Document Title:===============Paypal Inc Bug Bounty #36 - SecurityKey Card Serialnumber Module VulnerabilityReferences...
View ArticleClik here to view.
Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities
Document Title:===============Secunia CSI/VIM - Filter Bypass & Persistent Validation VulnerabilitiesReferences...
View ArticleClik here to view.
Parameter Injection in jCryption
jCryption is an open-source plugin for jQuery that is used for performing encryption on the client side that can be decrypted server side. It works by retrieving an RSA key from the server, then...
View ArticleClik here to view.
[TECHNICAL TEAR DOWN] FIESTA EXPLOIT KIT – SILVERLIGHT EXPLOIT (CVE-2013-3896...
While analysing the Fiesta Exploit Kit, a number of “java applets” and a Silverlight application was downloaded by the exploit kit. This post will describe the Silverlight exploit. The purpose of this...
View ArticleClik here to view.
Neutrino Bot (aka MS:Win32/Kasidet)
Advertised on underground by n3utrino since december 2013 Neutrino Bot is another "HTTP stress testing tool" , read DDos Bot.read...
View ArticleClik here to view.
Xfinity Pineapple - cloning Comcast access points for fun and profit
Open wireless access points have always been a hot topic within the security community. Due to their nature, there are a plethora of attacks that allow hackers to breach these networks, mirror...
View ArticleClik here to view.
XSS on Dell Site
*******************************************************************************************************************Advisory: support.software.dell.com – Cross-Site Script Vulnerability (XSS)Advisory...
View ArticleClik here to view.
[CVE-2014-3244]SugarCRM v6.5.16 rss dashlet LFI via XXE Attack
Product:SugarCRMDescription:SugarCRM enables businesses to create extraordinary customer relationships with the most innovative and affordable CRM solution in the market.Version affected:v6.5.16 and...
View ArticleClik here to view.
Why Javascript Crypto Is Useful
It's approximately a year ago when I wrote my first Javascript crypto library for a production system at Google - it's a thin wrapper on top a library that has been released as End-To-End. Since then...
View Article