Clik here to view.
Identifying Xml eXternal Entity vulnerability (XXE)
Here is a small writeup on how a XXE was discover on the website RunKeeper.com. The website, as the name suggest, keep track of your trainings (running, cycling, skying, etc.) The vulnerabilities...
View ArticleClik here to view.
Phishy Steam Guard File Steals SSFN
A few months ago, we looked at how phishers had come up with a way to get around Steam Guard protection on Steam gaming accounts: asking users to dig out the relevant Steam Guard SSFN file from their...
View ArticleClik here to view.
Back To The Future: Unix Wildcards Gone Wild
First of all, this article has nothing to do with modern hackingtechniques like ASLR bypass, ROP exploits, 0day remote kernel exploits or Chrome'sChain-14-Different-Bugs-To-Get-There...Nope, nothing of...
View ArticleClik here to view.
Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities
Document Title:============Mailspect Control Panel version 4.0.5 Multiple VulnerabilitiesRelease Date:===========June 21, 2014Product & Service Introduction:========================Mailspect is the...
View ArticleClik here to view.
Advanced Guide to Understanding OS X Malware
Note: This is an advanced topic aimed at expert Mac users. Macs are generally thought of as secure, certainly at least compared to the alternative world of Windows. But the reality is that while Macs...
View ArticleClik here to view.
HP Enterprise Maps 1.00 Authenticated XXE
HP Enterprise Maps 1.00 Authenticated XXE vulnerabilityhttp://www8.hp.com/us/en/software/enterprise-software.htmlAny user that has the ability to import a file to create an artifact (most,if not all...
View ArticleClik here to view.
Use the force Luuuk
Stealing more than half a million euro in just a week – it sounds like a Hollywood heist movie. But the organizers of the Luuuk banking fraud pulled it off with a Man-in-the-Browser (MITB) campaign...
View ArticleClik here to view.
Defense in depth -- the Microsoft way (part 17): even a one-line script is...
Hi @ll,the batch script WINRM.CMD, which contains just the single line@cscript //nologo "%~dpn0.vbs" %*allows a binary planting or squatting attack: WINRM.CMD executes arogue CSCRIPT.COM, CSCRIPT.EXE,...
View ArticleClik here to view.
CSRF and stored XSS in Simple Share Buttons Adder 4.4 (WordPress plugin)
Details================Software: Simple Share Buttons AdderVersion: 4.4Homepage: https://wordpress.org/plugins/simple-share-buttons-adder/Advisory report:...
View ArticleClik here to view.
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code...
Advisory: Python CGIHTTPServer File Disclosure and Potential Code ExecutionThe CGIHTTPServer Python module does not properly handle URL-encodedpath separators in URLs. This may enable...
View ArticleClik here to view.
Android Koler trojan: analysis driven by application components
While I’m reversing a malware I usually use pen and paper to write down findings, no matter what’s the importance of any single clue. Sometimes it’s only a particular address or a handle, but for...
View ArticleClik here to view.
Exceptional behavior: the Windows 8.1 X64 SEH Implementation
In my last post, you may remember how the latest Uroburos rootkit was able to disarm Patchguard on Windows 7. I was recently looking into how Patchguard is implemented in Windows 8.1 and decided to dig...
View ArticleClik here to view.
Shakacon #6 presentation: F you Hacking Team, From Portugal with Love.
Aloha,Shakacon number 6 is over, it was a blast and I must confess it beat my expectations. Congratulations to everyone involved in making it possible. Definitely recommended if you want to speak or...
View ArticleClik here to view.
Raising Lazarus - The 20 Year Old Bug that Went to Mars
It's rare that you come across a bug so subtle that it can last for two decades. But, that's exactly what has happened with the Lempel-Ziv-Oberhumer (LZO) algorithm. Initially written in 1994, Markus...
View ArticleClik here to view.
RCRand- Race condition based random number generaton. Works similarly to the...
After struggling with a race condition issue for an hour or two, I decided to make use of this wonderful unpredictability that is shared resource mutation.Here's the (summarized) algorithm.more...
View ArticleClik here to view.
Debunking the LZ4 "20 years old bug" myth and rebuttal from initial author
A recent post on a security blog has claimed that LZ4 is affected by a subtle bug which could result in remote code execution on basically any machine using LZ4 algorithm. Given that LZ4 is installed...
View ArticleClik here to view.
Metasploit: HP AutoPass License Server File Upload
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Metasploit: MS14-009 .NET Deployment Service IE Sandbox Escape
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'rex'require 'msf/core/exploit/exe'require...
View ArticleClik here to view.
Metasploit: MS13-097 Registry Symlink IE Sandbox Escape
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'rex'require 'msf/core/exploit/exe'require...
View ArticleClik here to view.
Saurik Releases AFC2 Package Offering iOS 7.1.x Jailbreakers Full Filesystem...
A lot of iOS users have tried the Pangu Jailbreak, But yesterday Jay Freeman aka saurik, the founder of Cydia released a tweak by the name of Apple File Conduit 2 or AFC2, which allows users with...
View Article