Clik here to view.
Towelroot exploit reversed
You can get the code here on pastebin........http://pastebin.com/A0PzPKnM
View ArticleClik here to view.
The Secret NSA/Apple Covert Capture Program?
Is this the secret NSA/Apple covert packet capture program on iOS nobody had a clue existed but apparently is located in this Apple Developers entry?...
View ArticleClik here to view.
Security Data Science Papers
Over the past several years I have collected and read many security research papers/slides and have started a small catalog of sorts. The topics of these papers range from intrusion detection, anomaly...
View ArticleClik here to view.
binary dumping a 24LC64 i2c eeprom by sniffing reads
I was gifted an old USB to compact flash adaptor recently. Inside, it's based around a SL11RIDE USB to ATA chip, a T14L256 SRAM chip and a 25LC64 i2c serial eeprom. I've been wanting to have a play...
View ArticleClik here to view.
IBM GCM16/32 v1.20.0.22575 vulnerabilities
*Product description* The IBM 1754 GCM family provides KVM over IP and serial console managementtechnology in a single appliance. Versions v1.20.0.22575 and prior arevulnerables. Note that this...
View ArticleClik here to view.
CVE-2014-4699: Linux Kernel ptrace/sysret vulnerability analysis
I believe this bug was first discovered around 2005 and affected a number of operating systems (not just Linux) on Intel 64-bit CPUs. The bug is basically how the SYSRET instruction is used by 64-bit...
View ArticleClik here to view.
Review of Hash Runner Tasks
This year, Hashrunner had been taking place during three days before Positive Hack Days — from May, 16 19:00 (UTC+4, Moscow) till May, 19 19:00 (UTC+4, Moscow).more...
View ArticleClik here to view.
Sayad (Flying Kitten) Infostealer – is this the work of the Iranian Ajax...
Information stealing malware has become increasingly popular among malware authors targeting not just typical end-users, but also specific organizations and states. We have come across an intriguing...
View ArticleClik here to view.
The Korean Gaming Industry Is Still Under Fire
The online game industry in South Korea has been a favorite target for hackers - apparently operating out of China - for quite some time. In the period from at least beginning of 2010 a number of...
View ArticleClik here to view.
Stealing unencrypted SSH-agent keys from memory
If you've ever used SSH keys to manage multiple machines, then chances are you've used SSH-agent. This tool is designed to keep a SSH key in memory so that the user doesn't have to type their...
View ArticleClik here to view.
Paper: Your Voice Assistant is Mine: How to Abuse Speakers to Steal...
Previous research about sensor based attacks on Android platform focused mainly on accessing or controlling over sensitive device components, such as camera, microphone and GPS. These approaches get...
View ArticleClik here to view.
What is memory safety?
I am in the process of putting together a MOOC on software security, which goes live in October. At the moment I’m finishing up material on buffer overflows, format string attacks, and other sorts of...
View ArticleClik here to view.
Control Panels, Cross Site Request Forgery, and Case 74889
The rise of web hosting control panels has changed the landscape of the web hosting industry dramatically. They reduce the barrier to entry for server administration by automating configuration and...
View ArticleClik here to view.
The Unimaginative Mainframe Bruter/Screen Automation Tool
Tool to brute force APPLIDs on a z/OS mainframe where you can connect to VTAM Truthfully, it's just a useful way of automating mainframe screen interactions, i.e. I make copies of this to perform...
View ArticleClik here to view.
EFF Privacy Badger
Privacy Badger is a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be...
View ArticleClik here to view.
Hacker claims breach of Wall Street Journal and Vice websites, punts 'user...
A hacker known for attacking news websites has claimed successful hacks against both the Wall Street Journal and Vice.more...
View ArticleClik here to view.
Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701...
I. VULNERABILITY-------------------------Reflected XSS vulnerabilities in DELL SonicWALL GMS 7.2 Build: 7221.1701II. BACKGROUND-------------------------Dell® SonicWALL® provides intelligent network...
View ArticleClik here to view.
Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent...
Document Title:===============Barracuda Networks #35 Web Firewall 610 v6.0.1 - Filter Bypass & Persistent VulnerabilityReferences...
View ArticleClik here to view.
Massive Malware Infection Breaking WordPress Sites
The last few days has brought about a massive influx of broken WordPress websites. What makes it so unique is that the malicious payload is being blindly injected which is causing websites to break....
View ArticleClik here to view.
Paper: The Web never forgets: Persistent tracking mechanisms in the wild
We present the first large-scale studies of three advanced webtracking mechanisms — canvas fingerprinting, evercookiesand use of “cookie syncing” in conjunction with evercookies.Canvas fingerprinting,...
View Article