Clik here to view.
botnetservfail- Filtering botnets that try to use your resolver as a packet...
If you note that some of your users are sending you queries to weirdly named domains(sdfhsdfkh.www.7xinggua.com. for example), and that those queries in turn are contributingto a denial of service...
View ArticleClik here to view.
LZ4 memory corruption PoC (Expires on Pastebin in 6 Days)
Authored by Don A. BaileyFounder / CEOLab Mouse Security@InfoSecMousehttps://www.securitymouse.com/A simulated 64bit exploit against the Linux kernel LZ4 implementation. The C file in the pastebin is a...
View ArticleClik here to view.
TRACT de la SOCIÉTÉ SECRÈTE POC||GTFO [PDF]
Neighbors, please join me in reading this fifth issue of the International Journal of Proof of Concept or Getthe Fuck Out, a friendly little collection of articles for ladies and gentlemen of...
View ArticleClik here to view.
CSRF vulnerability in LinkedIn allowing remote attacker to delete any user’s...
=============================================Varutra Consulting Responsible Vulnerability Disclosure- Vulnerability release date: November 20th, 2013- Last revised: May 4th, 2014- Discovered by:...
View ArticleClik here to view.
check_dhcp - Nagios Plugins = 2.0.2 Race Condition
=============================================- Release date: 28.06.2014- Discovered by: Dawid Golunski- Severity: Moderate=============================================I....
View ArticleClik here to view.
elFinder 2.0 - file manager for web(rc1) - File Upload Vulnerability
_\|/_ (o o) +----oOO-{_}-OOo--------------+ |==> Author: MR.XpR + +==> FB.Com/Mr.XpR + +==> IRaNHACK.ORG + |==> Hosseinxpr@gmail.com +...
View ArticleClik here to view.
SECV-05-1401 - Vulnerability on World of Tanks servers
SECV-05-1401 - Vulnerability on World of Tanks serversProduct description:World of Tanks is a massively multiplayer online game developed byBelarusian company Wargaming.net featuring early to mid-20th...
View ArticleClik here to view.
SECV-05-1402 - Reportico php admin credentials leak
SECV-05-1402 - Reportico software admin credentials leakProduct description:Reportico is a comprehensive Open Source web reporting tool writtenpurely in PHP. Reportico provides a web-based front end...
View ArticleClik here to view.
openSIS 4.5 - 5.3 Cross Site Request Forgery Vulnerability
openSIS 4.5 - 5.3 Cross Site Request Forgery Vulnerability==========================================================Author: Ubani Anthony Balogun <ubani@sas.upenn.edu>Reported: June 26,...
View ArticleClik here to view.
openSIS 4.5 - 5.3 SQL Injection vulnerability
openSIS 4.5 - 5.3 SQL Injection vulnerability=============================================Author: Ubani Anthony Balogun <ubani@sas.upenn.edu>Reported: June 26, 2014Product Description:-...
View ArticleClik here to view.
chkrootkit 0.49 - Local Root Vulnerability [CVE: 2014-0476]
We just found a serious vulnerability in the chkrootkit package, whichmay allow local attackers to gain root access to a box in certainconfigurations (/tmp not mounted noexec).The vulnerability is...
View ArticleClik here to view.
UPnP Pentest Toolkit
This tool aims to bring together a range of UPnP assessment features, enabling quick assessment with minimal configuration and set-up. It has been developed to aid security consultants in exploring,...
View ArticleClik here to view.
knockknock
KnockKnock is command line python script that displays persistent OS X binaries that are set to execute automatically at each boot. Since KnockKnock takes an unbiased approach it can generically detect...
View ArticleClik here to view.
Paper: How to Generate and use Universal Parameters
Abstract: We introduce the notion of \emph{universal parameters} as a method for generating the trusted parameters for many schemes from just a single trusted setup. In such a scheme a trusted setup...
View ArticleClik here to view.
The problem behind mobile TOR browsers' ip disclosure
As shown in the previous article from the end of May, nearly all mobile "private" tor browsers leak the ip address under normal circumstances. The first problem occurs because of external multimedia...
View ArticleClik here to view.
KernelMode rootkits: Part 1, SSDT hooks
This is the first part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: Necurs) do hide their presence and protect themselves from removal by...
View ArticleClik here to view.
linux/x86 shutdown -h now x86_64 Shellcode - 65 bytes
/*; Title: shutdown -h now x86_64 Shellcode - 65 bytes; Platform: linux/x86_64; Date: 2014-06-27; Author: Osanda Malith Jayathissa (@OsandaMalith)section .textglobal _start_start:xor rax, raxxor rdx,...
View ArticleClik here to view.
linux/x86 shutdown -h now Shellcode - 56 bytes
/*; Title: shutdown -h now Shellcode - 56 bytes; Date: 2014-06-27; Platform: linux/x86; Author: Osanda Malith Jayathissa (@OsandaMalith)Disassembly of section .text:08048060 <_start>:8048060: 31...
View ArticleClik here to view.
linux/x86 mkdir() 'haxor' and exit() Shellcode - 39 bytes
/*; Title: mkdir() 'haxor' and exit() Shellcode - 39 bytes; Platform: linux/x86_64; Date: 2014-06-26; Author: Osanda Malith Jayathissa (@OsandaMalith)section .text global _start_start: jmp...
View ArticleClik here to view.
Static analysis of CySCA 2014 portknock using Hopper Disassembler
CySCA is a CTF with challenges ranging from crypto to reverse engineering, and from forensic to web pentest. You can get all the challenges in a VM, or just the binary. (md5:...
View Article