Clik here to view.
OpenVZ simfs container filesystem breakout
An attacker is able to access files outside of his container.Function open_by_handle_at() enables process to access files on a mounted filesystemusing file_handle structure. This structure is using...
View ArticleClik here to view.
Kraken - a Host-based IOC collection framework
The Kraken is a host-based IOC collection framework, crucial in the identification phase of any incident response.The Kraken is built around two main components:Lightweight agent that is installed on...
View ArticleClik here to view.
Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication
Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication (the Security Key mechanism, in PayPal nomenclature)....
View ArticleClik here to view.
Mobile Ransomware : Status Quo
Ransomware is a type of malware that restricts usage of the device it infects, demanding a ransom from the end-user in order to regain control over the device.Now, the malware could actually...
View ArticleClik here to view.
JackPOS - Another Credit Card Stealer
In a previous blog post on Dexter, we briefly mentioned a new strain of point-of sale (PoS) malware that has compromised over 4,500 credit cards in the United States and Canada. This new strain of...
View ArticleClik here to view.
Metasploit: Cogent DataHub Command Injection
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote #...
View ArticleClik here to view.
kilroy- Android GPU driver exploit, (CVE-2014-0972)
A combination of weaknesses in the android GPU driver (kgsl) and ion asdeployed on snapdragon devices allow access to physical memory to non-privileged user.This effects snapdragon devices with adreno...
View ArticleClik here to view.
Monitoring Thread Injection
A lot of malware inject threads into other process to bypass Security Products.Usually malwares write the the shellcode into remote process using WriteProcessMemory() and then start threads using...
View ArticleClik here to view.
Internet Explorer 8, 9 & 10 - CInput Use-After-Free (MS14-035) - Crash PoC
<!--Exploit Title: MS14-035 Internet Explorer CInput Use-after-free POCProduct: Internet ExplorerVulnerable version: 8,9,10Date: 23.06.2014Exploit Author: Drozdova Liudmila, ITDefensor Vulnerability...
View ArticleClik here to view.
Thomson TWG87OUIR - POST Password CSRF
#Author: nopesled#Date: 24/06/14#Vulnerability: POST Password Reset CSRF#Tested on: Thomson TWG87OUIR (Hardware Version)<html><head> <title>Thomson TWG87OUIR...
View ArticleClik here to view.
[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting
Advisory: Endeca Latitude Cross-Site ScriptingRedTeam Pentesting discovered a Cross-Site Scripting (XSS)vulnerability in Endeca Latitude. By exploiting this vulnerability anattacker is able to execute...
View ArticleClik here to view.
[RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery
Advisory: Endeca Latitude Cross-Site Request ForgeryRedTeam Pentesting discovered a Cross-Site Request Forgery (CSRF)vulnerability in Endeca Latitude. Using this vulnerability, an attackermight be able...
View ArticleClik here to view.
ShareCount As Anti-Debugging Trick
n this post i will share with you an Anti-Debugging trick that is very similar to the "PAGE_EXECUTE_WRITECOPY" trick mentioned here, where we had to flag code section as writeable such that any memory...
View ArticleClik here to view.
CVE-2014-3752 - Arbitrary Code Execution in G Data TotalProtection 2014
Vulnerability title: Arbitrary Code Execution in G Data TotalProtection 2014CVE: CVE-2014-3752Vendor: G DataProduct: TotalProtection 2014Affected version: v24.0.2.1Fixed version: N/AReported by:...
View ArticleClik here to view.
CVE-2014-2385 - Multiple Cross Site Scripting in Sophos Antivirus...
Vulnerability title: Multiple Cross Site Scripting in Sophos AntivirusConfiguration Console (Linux)CVE: CVE-2014-2385Vendor: SophosProduct: AntivirusAffected version: 9.5.1Fixed version: 9.6.1Reported...
View ArticleClik here to view.
Bypassing Windows 8.1 Mitigations using Unsafe COM Objects
In October last year I was awarded the first $100,000 bounty for a Mitigation Bypass in Microsoft Windows. My original plan was to not discuss it in any depth until Microsoft had come up with a...
View ArticleClik here to view.
HP-UX 0day local privilege escalation
We worked for a big company in Hungary and there were some HP-UX targets. I got local user access easily to the servers but the operating system was HP-UX 11.31 without public privilege escalation...
View ArticleClik here to view.
Weak passwords? Better call The Doctor.
Every network presents its own unique opportunity for a penetration tester. Often, hidden among the innumerable workstations, servers, printers and switches, a tester will stumble across a specialty...
View ArticleClik here to view.
Cracking Open PowerShell’s Constrained Runspace
Recently at the PowerShell Summit, Lee Holmes and I did a talk on PowerShell security. One of the demonstrations we did showed how to find and exploit a command injection bug in a constrained runspace....
View ArticleClik here to view.
Hackers Recreate NSA Snooping Kit Using Off-the-shelf Parts
So some curious hardware hackers grabbed the leaked catalogue that detailed the hardware involved in the NSA Snooping Kit, and have recreated some of the ‘high-tech’ top secret tools with off-the-shelf...
View Article