Clik here to view.
PowerSploit
PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid reverse engineers, forensic analysts, and penetration testers during all phases of an assessment. PowerSploit is...
View ArticleClik here to view.
PART 1. FREE (AS IN BEER) SIEM USING SPLUNK AND LINUX
After working extensively to review multiple possibilities and eventually deploy a production SIEM solution, I have come across many joys and pitfalls in this area of security. I would like to share...
View ArticleClik here to view.
White Paper: Protection from Kerberos Golden Ticket
Mitigating pass the ticket on Active DirectoryKerberos authentication protocol is the preferred authentication mechanism used by Windows in a domainbased environment, and interoperates with Kerberos...
View ArticleClik here to view.
Yahoo Full Application Source Code Disclosure Vulnerability
Today I will be talking about a “Full Application Source Code Disclosure” Vulnerability in one of Yahoo domains.Domain name: https://tw.user.mall.yahoo.com/Vulnerability Type: SVN Repository Disclosure...
View ArticleClik here to view.
Facebook Custom Audiences OAuth 2.0 Redirect URI Bypass
I am sharing one of my findings that I submitted to Facebook's Whitehat program earlier this year.Facebook Ads Manager provides a sort of integration with MailChimp, to fetch data to Facebook Ads...
View ArticleClik here to view.
Generic XXE Detection
In this article I present some thoughts about generic detection of XML eXternal Entity (XXE) vulnerabilities during manual pentests supplemented with some level of automated tests. The ideas in this...
View ArticleClik here to view.
Nginx + LibreSSL - a first test
tl;dr: One night with LibreSSL ... still running fineOn July 11th the LibreSSL-Team announced the release of LibreSSL-Portable, the first version that runs on OpenBSD, Linux, OSX, Solaris and FreeBSD....
View ArticleClik here to view.
.NET Method Internals - Common Intermediate Language (CIL) Basics
For those who have had the privilege of reverse engineering heavily obfuscated .NET code, you've probably encountered cases where your decompiler of choice completely fails (or even crashes in an epic...
View ArticleClik here to view.
zer0m0n v0.7
zer0m0n is a driver for Cuckoo Sandbox, it will perform kernel analysis during the execution of a malware. There are many ways for a malware author to bypass Cuckoo detection, he can detect the hooks,...
View ArticleClik here to view.
United Airways(r) united.com Insecure Transmission of User Credentials
United Airways(r) united.com Insecure Transmission of User CredentialsRevision Date: May 6th, 2014Reason for Revision: Issue has been fixed by united.comSystems: www.united.comSeverity:...
View ArticleClik here to view.
XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress
These are Cross-Site Scripting, Full path disclosure and OS Commanding vulnerabilities in plugin DZS Video Gallery for WordPress.Earlier I've disclosed Content Spoofing and Cross-Site Scripting...
View ArticleClik here to view.
TrueCrypt - Privilege Escalation
Privilege Escalation using truecrypt. Cannot be considered a vulnerability, but it’s got my attention when I needed to escalate privileges!more...
View ArticleClik here to view.
OpenCart
-----------------------------------------------------------------OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability-----------------------------------------------------------------[-]...
View ArticleClik here to view.
Beware Keyloggers at Hotel Business Centers
The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center...
View ArticleClik here to view.
Issues with Flash Player & Firefox in Non-default Configurations
Few months ago I encountered a bug when a fuzzed flash file is being rendered by Flash Player in Firefox. This bug can be reached only in the non-default configuration described below so very unlikely...
View ArticleClik here to view.
Paper: API-EPO
Most file infectors attempt to avoid heuristic detection byimplementing an EPO (entry-point obscuring) technique.EPO confuses anti-virus scanners by emulating theinstructions from the beginning of the...
View ArticleClik here to view.
Metasploit: Flash "Rosetta" JSONP GET/POST Response Disclosure Exploit
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'open-uri'require 'uri'class Metasploit3...
View ArticleClik here to view.
The Backdoor Factory (BDF)
For security professionals and researchers only.The goal of BDF is to patch executable binaries with user desired shellcode and continue normal execution of the prepatched state.more...
View ArticleClik here to view.
Bypassing AV with Veil-Evasion
Veil-Framework is a collection of tools that help with information gathering and post-exploitation. One such tool is Veil-Evasion which is used for creating payloads that can easily bypass Antivirus...
View ArticleClik here to view.
Paper: Proving differential privacy in Hoare logic
Differential privacy is a rigorous, worst-case notion of privacy-preserving computation. Informally, a probabilistic program is differentially private if the participation of a single individual in the...
View Article