Clik here to view.
Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. Authentication is not required to exploit this vulnerability.more...
View ArticleClik here to view.
FakeNet – Windows Network Simulation Tool For Malware Analysis
FakeNet is a Windows Network Simulation Tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run...
View ArticleClik here to view.
One Weird Kernel Trick
Hijacking the IPython Notebook’s WebSocketsTL; DR On IPython ≤ 1.1 a remote site can exploit a vulnerability in cross origin websocket handling to execute code on an IPython kernel, with knowledge of...
View ArticleClik here to view.
vBulletin Exploitable Through SQL Injection
The developers of popular forum software vBulletin are currently working on releasing a fix for an SQL injection vulnerability discovered by members of the largest hacking community in Romania,...
View ArticleClik here to view.
Is use-after-free exploitation dead? The new IE memory protector will tell you
The Isolated Heap for DOM objects included in the Microsoft Patch Tuesday for June 2014 was just a fire drill aimed at making the exploitation of use-after-free (UAF) vulnerabilities more difficult....
View ArticleClik here to view.
Keeping the RATs out: an exercise in building IOCs - Part 1
Reader Jake sent us an awesome bundle of RAT-related mayhem collected during performance of his duties while investigating the unfortunate and prolonged compromise of a company we'll fictitiously call...
View ArticleClik here to view.
Win32/Aibatook: Banking Trojan Spreading Through Japanese Adult Websites
This blog post will explore a malware family named Win32/Aibatook, which targets Japanese users’ banking information and hosting providers’ account credentials.more...
View ArticleClik here to view.
MAYHEM – A HIDDEN THREAT FOR *NIX WEB SERVERS
Over the last several years, malware writers have clearlycome to understand that gaining access to web servers canbring more benefi ts than infecting users’ PCs. Nowadays,there are millions of...
View ArticleClik here to view.
How I gained access to Amazon EC2 servers from Github Search
Github is a great place o host public code repositories so you can share and show off youwork. However, some unwary programmers will include sensitive information such as passwordsor private keys in...
View ArticleClik here to view.
Hacking Asus RT-AC66U and Preparing for SOHOpelesslyBroken CTF
So it's finally July, time to pack for DEFCON, follow @defconparties on Twitter and decide which villages to visit and which talks to attend.There's a new hacking competition this year called...
View ArticleClik here to view.
Paper: Security of OS-level virtualization technologies: Technical report
The need for flexible, low-overhead virtualization is evident on many fronts ranging from high-density cloud servers to mobile devices. During the past decade OS-level virtualization has emerged as a...
View ArticleClik here to view.
Paper: Privacy-Preserving Population-Enhanced Biometric Key Generation from...
Biometric key generation techniques are used to reliably generate cryptographic material from biometric signals. Existing constructions require users to perform a particular activity (e.g., type or say...
View ArticleClik here to view.
Omeka 2.2 - CSRF And Stored XSS Vulnerability
<!--Omeka 2.2 CSRF And Stored XSS VulnerabilityVendor: Omeka Team (CHNM GMU)Product web page: http://www.omeka.orgAffected version: 2.2Summary: Omeka is a free, flexible, and open source...
View ArticleClik here to view.
How Russian Hackers Stole the Nasdaq
In October 2010, a Federal Bureau of Investigation system monitoring U.S. Internet traffic picked up an alert. The signal was coming from Nasdaq (NDAQ). It looked like malware had snuck into the...
View ArticleClik here to view.
The Rickmote Controller: Hacking One Chromecast at a Time
Have you ever wanted to be as rich as Tony Stark of “Iron Man” fame? How about as cool as Tony Stark? Have you ever imagined yourself hijacking TVs, just like Stark does in the second film?Well, you...
View ArticleClik here to view.
Paper: Unpacking Virtualization Obfuscators
Abstract—Nearly every malware sample is sheathed in anexecutable protection which must be removed before staticanalyses can proceed. Existing research has studied automaticallyunpacking certain...
View ArticleClik here to view.
Java Method Overriding Is FUBAR Part 10 of ∞
Yesterday's JDK 7u65 and 8u11 updates changed method overriding yet again and, of course, it is still broken.more...
View ArticleClik here to view.
Weekly Metasploit Update: Embedded Device Attacks and Automated Syntax Analysis
D-Link Embedded Device ShellsThis week, esteemed Metasploit contributor @m-1-k-3 has been at it again with his valiant personal crusade against insecure SOHO (small office/home office) embedded devices...
View ArticleClik here to view.
Breach: A Browser for the HTML5 Era
Modular Everything in the browser is a module, a web-app running in its own process. Construct your own browsing experience by selecting the right modules for you.Hackable (NSA WAS HERE :D) Want...
View ArticleClik here to view.
Oracle Data Redaction is Broken
As part of yesterday’s Critical Patch Update, Oracle fixed 3 security flaws in data redaction services – one a privilege escalation vulnerability and two redaction bypass methods. I reported these...
View Article