Clik here to view.
Hacking into Internet Connected Light Bulbs
The subject of this blog, the LIFX light bulb, bills itself as the light bulb reinvented; a “WiFi enabled multi-color [sic], energy efficient LED light bulb” that can be controlled from a smartphone...
View ArticleClik here to view.
SEA hacks Israeli Defence Force Twitter account, posts bogus nuclear warning
Residents of the Southern District of Israel may have felt alarmed on Thursday after the Twitter account of the Israeli Defence Force warned of a possible leak at the Dimona nuclear facility:more...
View ArticleClik here to view.
Ubisoft Uplay 4.6 - Insecure File Permissions Local Privilege Escalation
Ubisoft Uplay 4.6 Insecure File Permissions Local Privilege EscalationVendor: Ubisoft Entertainment S.A.Product web page: http://www.ubi.comAffected version: 4.6.3208 (PC) 4.5.2.3010...
View ArticleClik here to view.
Kansa: Automating Analysis
Kansa, the PowerShell based incident response framework, was written from the start to automate acquisition of data from thousands of hosts, but a mountain of collected data is not worth bits without...
View ArticleClik here to view.
Releasing Stupid v0.1 - The Dumbest File Format Fuzzer (Python+Pydbg)
I developed Stupid in late 2011 to automate fuzzing and problem/app fault detection process of different file formats( mainly Music/Video players etc). I've been receiving many email from my readers...
View ArticleClik here to view.
BlueCoat Proxy log search and analytics with ELK
This is an article of a series to show the power of Elasticsearch, Kibana and Logstash (ELK) in the domain of Incident Handling and forensics.This article contains what you need to import BlueCoat...
View ArticleClik here to view.
Conduct phonecalls on Android without the necessary permission, advisory+test...
We are pleased to announce the public disclosure of two new bugs inAndroid OS.1. CVE-2013-6272 com.android.phoneIntroductionWe conducted a deep investigation of android components and created someCVEs...
View ArticleClik here to view.
Raritan IPMI Vulnerability
Raritan PX power distribution software contains several well known IPMI vulnerabilities, e.g.- ipmi zero cipher- ipmi dump hash passwords Details:E.g. Model DPXR20A-16: Software release all before and...
View ArticleClik here to view.
transient-recovery
Transient custom recovery boot for bootloader locked Nexus devices (mitigates physical attacks)more here.....https://github.com/tyrell-corp/transient-recovery
View ArticleClik here to view.
Install DionaeaFR web frontend to Dionaea honeypot on Ubuntu
Dionaea is a low-interaction honeypot. It is one of the honeypots that can be deployed through the Modern Honey Network. Next to the MHN dashboard I also wanted some specific data on the Dionaea...
View ArticleClik here to view.
Paper: CROSS-SECTIONAL EXAMINATION ON ANDROID SECURITY
Nowadays, mobile terminal has become an indispensable element in people’s daily life as the adventof post-PC era, the security issue of these mobile platforms plays a pivotal role in this...
View ArticleClik here to view.
Paper: STRATEGIES IN IMPROVING ANDROID SECURITY
The rise of mobility has witnessed a skyrocket of the number of mobile devices users. Smart phone isalmost a must-have for most young adult in today’s society and therefore mobile security is a...
View ArticleClik here to view.
Pcap_DNSProxy
A local DNS server base on WinPcap and LibPcap.more here..........https://github.com/chengr28/pcap_dnsproxy/
View ArticleClik here to view.
Metasploit: Oracle Event Processing FileUploadServlet Arbitrary File Upload
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Metasploit: Gitlist Unauthenticated Remote Command Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Metasploit: Wordpress MailPoet (wysija-newsletters) Unauthenticated File Upload
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
funcap
IDA Pro script to add some useful runtime info to static analysisThis script records function calls (and returns) across an executable using IDA debugger API, along with all the arguments passed. It...
View ArticleClik here to view.
Detecting login state for almost any website on the internet
For those who don’t know, Content-Security-Policy or CSP is an attempt at mitigating Cross Site Scripting (XSS) attacks which are generally what you aim for when you manipulate a web endpoint – a web...
View ArticleClik here to view.
Clik here to view.
WordPress Username Enumeration using HTTP Fuzzer
In many WordPress blogs, it's possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met:WordPress permalinks are...
View Article