Clik here to view.
Phishing Frenzy: HTA PowerShell Attacks with BeEF
If you’re not currently using Phishing Frenzy, BeEF, or PowerSploit for your Phishing campaigns you’re really missing out. In this article we are briefly going to cover what I consider to be one of the...
View ArticleClik here to view.
De-obfuscating the DOM based JavaScript obfuscation found in EK’s such as...
There is little doubt that exploit kit (EK) developers are continuing to improve their techniques and are making exploit kits harder to detect. They have heavily leveraged obfuscation techniques for...
View ArticleClik here to view.
Dyre times for online banking customers
Dyreza (or Dyre) is one of the newer banking trojans on the scene, targeting major online banking services – dire indeed for unprotected customers of those institutions. Dyre uses browser hooking – a...
View ArticleClik here to view.
Finding Holes in Banking Security: Operation Emmental
Like Swiss Emmental cheese, the ways your online banking accounts are protected might be full of holes. Banks have been trying to prevent crooks from accessing your online accounts for ages. Passwords,...
View ArticleClik here to view.
Android/Simplocker using FBI child-abuse warnings to scare victims into...
Last time we wrote about Android/Simplocker – the first ransomware for Android that actually encrypts user files – we discussed different variants of the malware and various distribution vectors that...
View ArticleClik here to view.
Timing attack, 6.66% faster
Personally I'm not a big fan of timing attack as I believe they are impractical for web apps (while perfectly useful in other fields). To make them useful you need to reduce latency and put your script...
View ArticleClik here to view.
Secure voice communication on Android
While the topic of secure voice communication on mobile is hardly new, it has been getting a lot of media attention following the the official release of the Blackphone, Consequently, this is a good...
View ArticleClik here to view.
iDATA – Improving Defences Against Targeted Attack [PDF]
iDATA is a CPNI cyber research programme. The programme consists of a number of projects aimedat addressing threats posed by nation states and state-sponsored actors. iDATA has resulted in anumber of...
View ArticleClik here to view.
Metasploit: Wordpress WPTouch Authenticated File Upload Exploit
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Paper: Implementing cryptographic pairings at standard security levels
This study reports on an implementation of cryptographic pairings in a general purpose computer algebra system. For security levels equivalent to the different AES flavours, we exhibit suitable curves...
View ArticleClik here to view.
Paper: Composing security protocols: from confidentiality to privacy
Security protocols are used in many of our daily-life applications, and our privacy largely depends on their design. Formal verification techniques have proved their usefulness to analyse these...
View ArticleClik here to view.
Paper: Gateless Treasure: How to Get Sensitive Information from Unprotected...
The flexibility of Android is mainly based on the cross application (app for short) access mechanism. Aside from providing convenience for both app developers and users, such a mechanism also brings...
View ArticleClik here to view.
android-fde
Tools to work on Android Full Disk Encryption (FDE)more here....................https://github.com/sogeti-esec-lab/android-fde
View ArticleClik here to view.
METRO.US WEBSITE COMPROMISED TO SERVE MALICIOUS CODE
Websense® ThreatSeeker® Intelligence Cloud has detected that the U.S. version of the Metro International website (metro.us) has been compromised and is serving malicious code.more...
View ArticleClik here to view.
Intro to BurpSuite Part IV: Being Intrusive
Welcome to our 4th installment of Intro to BurpSuite. This time around we're going to focus on using another tool in the BurpSuite arsenal to send targeted requests to a web server, rapid-fire....
View ArticleClik here to view.
Secure provisioning of Docker containers
One of the areas for which CohesiveFT is known is our technical support, with everyone pitching in. We provide such a high quality of support for our products that customers often ask about support and...
View ArticleClik here to view.
SILVER BULLETS AND FAIRY TAILS
This week we made mention on Twitter of a zero-day vulnerability we’ve unearthed that affects the popular Tails operating system.more...
View ArticleClik here to view.
Apple Confirms “Back Doors”; Downplays Their Severity
Apple responded to allegations of hidden services running on iOS devices with this knowledge base article. In it, they outlined three of the big services that I outlined in my talk. So again, Apple...
View ArticleClik here to view.
CMS VIA-X SQL Injection
[+] Blind Sql Injection on CMS VIA-X[+] Date: 23/07/2014[+] CWE Number : CWE-89[+] Risk: High[+] Author: Felipe Andrian Peixoto[+] Vendor Homepage: http://www.viax.com.br/[+] Contact:...
View ArticleClik here to view.
Ukora CMS Shell Upload
###################################################################################################Exploit Title : Ukora CMS Shell Upload vulnerability#Author : Jagriti Sahu AKA...
View Article