Clik here to view.
win32 / windows 7 Add Admin User Shellcode - 194 bytes
Description:Title: Add Admin User Shellcode (194 bytes) - Any Windows VersionRelease date: 21/06/2014Author: Giuseppe D'Amore (http://it.linkedin.com/pub/giuseppe-d-amore/69/37/66b)Size: 194 byte (NULL...
View ArticleClik here to view.
SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer...
SEC Consult Vulnerability Lab Security Advisory < 20140710-1 >=======================================================================Â Â Â Â Â Â Â title: Multiple high risk vulnerabilities in...
View ArticleClik here to view.
Quick.Cart 6.4 & Quick.Cms 5.4 -XSS Vulnerability
#Title: Quick.Cart 6.4 & Quick.Cms 5.4 - Cross Site Scripting#Date: 09.07.14#Vendor: opensolution.org#Affected verions: Quick.Cart and Quick.Cms, latest versions#Tested on: Apache 2.2.22 [at]...
View ArticleClik here to view.
SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack...
SEC Consult Vulnerability Lab Security Advisory < 20140710-2 >=======================================================================Â Â Â Â Â Â Â title: Multiple critical vulnerabilites...
View ArticleClik here to view.
SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in...
SEC Consult Vulnerability Lab Security Advisory < 20140710-3 >=======================================================================Â Â Â Â Â Â Â title: Design Issue / Password Disclosure...
View ArticleClik here to view.
Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web Vulnerability
Document Title:===============Yahoo! Bug Bounty #29 YM - Filter Bypass & Persistent Web VulnerabilityReferences...
View ArticleClik here to view.
Yahoo! Bug Bounty #30 YM - Application Side Mail Encoding (File Attachment)...
Document Title:===============Yahoo! Bug Bounty #30 YM - Application-Side Mail Encoding (File Attachment) VulnerabilityReferences...
View ArticleClik here to view.
TR-25 Analysis - Turla/Pfinet/Snake/Uroburos/Pfinet
During the last weeks, various samples of Uroburos (also named Urob, Turla, Sengoku, Snark and Pfinet) were analyzed and reports have been published 1234, also analyses about a suspected predecessor,...
View ArticleClik here to view.
Introducing CFSSL - CloudFlare's PKI toolkit
Today we’re proud to introduce CFSSL—our open source toolkit for everything TLS/SSL. CFSSL is used internally by CloudFlare for bundling TLS/SSL certificates chains, and for our internal Certificate...
View ArticleClik here to view.
How a malware or an exploit can use the Steam local service to escalate its...
"Steam is an internet-based digital distribution, digital rights management, multiplayer, andcommunications platform developed by Valve Corporation. It is used to distribute games and related mediafrom...
View ArticleClik here to view.
disassembler for PPC64 ELFs
This is a simple program that disassemble PPC64. It uses capstone (https://github.com/aquynh/capstone) to disassemble the PPC64 code, i just implemented a parser to load the ELFs into the...
View ArticleClik here to view.
Random Stuff
There are a lot of folks with different skill sets and specialties involved in targeted threat analysis and threat intel collection and dissemination. Â There are a lot of researchers with specific...
View ArticleClik here to view.
Bye Bye Flash EK ? (and Windigo group adapting)
Some days ago researchers following closely the exploit kit landscape started to notice some problem on Flash EK (afaik first noticed by Will Metcalf from Emerging Threats)Few days after on underground...
View ArticleClik here to view.
Law enforcement and industry collaborate to combat Shylock malware
An international operation involving law enforcement agencies and private sector companies is combating the threat from a type of malicious software (malware) used by criminals to steal from bank...
View ArticleClik here to view.
New gTLDs, same attacks
Cybercriminals around the world have already started to point their guns and attacks at the new gTLDs, the 'generic Top Level Domains' approved by ICANN and offered by registrars to people interested...
View ArticleClik here to view.
New Version Of NgrBot Wipes Hard Drives
NgrBot is a modified IrcBot. It has the capability to join different Internet Relay Chat (IRC) channels to perform various attacks according to the IRC-based commands from the command-and-control...
View ArticleClik here to view.
dirs3arch- HTTP(S) directory/file brute forcer
dirs3arch is a simple command line tool designed to brute force directories and files in websitesmore here.........https://github.com/maurosoria/dirs3arch
View ArticleClik here to view.
Dell Scrutinizer 11.01 multiple vulnerabilities
The below gists detail at a high level[1] many SQL injectionvulnerabilities as well as a privilege escalation vulnerability andcorresponding Metasploit modules[2].[1]...
View ArticleClik here to view.
Tinba/Hunterz source code published
In 2011, the source code for the ZeuS crimekit was leaked on the Internet. CSIS was the first to report this and the blog can be found here: https://www.csis.dk/en/csis/blog/3229/. As a direct result...
View ArticleClik here to view.
Security Advisory 2982792 released, Certificate Trust List updated
Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be...
View Article