Clik here to view.
Attackers abusing Internet Explorer to enumerate software and detect security...
During the last few years we have seen an increase on the number of malicious actors using tricks and browser vulnerabilities to enumerate the software that is running on the victim’s system using...
View ArticleClik here to view.
hails.js -Policy agnostic sandboxing for Node.JS
This project implements a generic, policy-agnostic sandboxing mechanism for Node.js. The system is inspired by the Hails project (hence the name), but turned out to be more general than the information...
View ArticleClik here to view.
Writing your own blind SQLi script
We all know that sqlmap is a really great tool which has a lot of options that you can tweak and adjust to exploit the SQLi vuln you just found (or that sqlmap found for you). On rare occasions however...
View ArticleClik here to view.
Inspection of SAR Instructions
SAR stands for Shift Arithmetic Right and the instruction performs arithmetic shift. The instruction preserves the sign of the value to be shifted and so the vacant bits are filled according to the...
View ArticleClik here to view.
HashPump
A tool to exploit the hash length extension attack in various hashing algorithms.Currently supported algorithms: MD5, SHA1, SHA256, SHA512.more here..................https://github.com/bwall/HashPump
View ArticleClik here to view.
GobiesVM
A Ruby VM written in Go aims to exploit parallelism via Software Transactional Memorymore here...........https://github.com/brucehsu/GobiesVM
View ArticleClik here to view.
Kismet with GPS in Kali Linux
I recently ran into a situation where I needed to use Kismet with GPS support. This was extremely difficult to accomplish, not because the installation is difficult (its actually fairly simple when...
View ArticleClik here to view.
RouterPWN
RouterPWN is a web application that aids in the exploitation of vulnerabilities in residential/SOHO edge devices such as routers, access points and switches.FeaturesRouterPWN allows you to run local...
View ArticleClik here to view.
SSLsplit on WiFi Pineapple
Recently I was asked by a client to do a penetration test on one of their mobile apps. Fun stuff. One of the things I always test is security of the communication channel. Often SSL over HTTP is used...
View ArticleClik here to view.
SECV-07-1403 - Android SQLi Api - SQL Injection on delete() method
SECV-07-1403 - Android SQLi Api - SQL Injection on delete() methodProduct description:Android is a mobile operating system (OS) based on the Linux kernel thatis currently developed by Google. With a...
View ArticleClik here to view.
HoneyDrive 3 Royal Jelly edition
Dear security enthusiasts, it’s been around one year and a half since the last release of HoneyDrive Desktop. Upon learning that my honeypots workshop has been accepted at BSides Las Vegas 2014, the...
View ArticleClik here to view.
Noodling about IM protocols
The last couple of months have been a bit slow in the blogging department. It's hard to blog when there are exciting things going on. But also: I've been a bit blocked. I have two or three posts...
View ArticleClik here to view.
data_hacking
Welcome to the Click Security Data Hacking Project"Hacking in the sense of deconstructing an idea, hardware, anything and getting it to do something it wasn’t intended or to better understand how...
View ArticleClik here to view.
Streisand
A single command sets up a brand new server running a wide variety of anti-censorship software that can completely mask and encrypt all of your Internet traffic.more...
View ArticleClik here to view.
Sagem Fast 3304-V1 - DoS Vulnerability
# Title : Sagem F@st 3304-V1 denial of service Vulnerability# Vendor Homepage : http://www.sagemcom.com# Tested on : Firefox, Google Chrome# Tested Router : Sagem F@st...
View ArticleClik here to view.
DirPHP 1.0 - LFI Vulnerability
# Exploit Title: DirPHP - version 1.0 Local File Inclusion# Google Dork: intext:DirPHP - version 1.0 - Created & Maintained by StuartMontgomery# Date: 7/26/14# Exploit Author: -Chosen-# Contact:...
View ArticleClik here to view.
One mystery less Or how to get the "undumpable" ROM content dumped!
The long believed to be inaccessible for mortals 6500/1 firmware of the VC-1520 device has been retrieved!more here............http://e4aws.silverdr.com/hacks/6500_1/
View ArticleClik here to view.
Obfuscating Android Applications using O-LLVM and the NDK
Obfuscation is a technique employed to hide the intent of an application. The techniques used to obscure the intent of an application can vary widely. The most effective techniques can increase the...
View ArticleClik here to view.
Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site...
Document Title:===============Barracuda Networks Spam&Virus Firewall v5.1.3 - Client Side Cross Site VulnerabilityReferences...
View ArticleClik here to view.
Dissecting the CVE-2013-2460 Java Exploit
In this vulnerability, code is able to get the references of some restricted classes which are cleverly used for privilege escalation and bypassing the JVM sandbox. The vulnerable “invoke” method of...
View Article