Clik here to view.
Privacy Alert: Millions of Cat Identities Have Been Exposed!
Attention: Your cat’s identity may have been compromised.9838331_s Sound serious? Well, it depends on how camera-shy your kitty is. - See more at:...
View ArticleClik here to view.
Using SSL Certificates with HAProxy
If your application makes use of SSL certificates, then some decisions need to be made about how to use them with a load balancer.A simple setup of one server usually sees a client's SSL connection...
View ArticleClik here to view.
Exploit Analysis via Process Snapshotting
In this third post in our blog series on process snapshotting (see previous posts on PlugX and Shiz’ code injection), we will show how to dissect exploit payloads using the LLama full-process snapshot...
View ArticleClik here to view.
SocialBlade.com compromised, starts redirection chain to Nuclear Pack exploit...
Last week, we wrote about the compromise on AskMen.com that was leading unsuspecting visitors to the Nuclear Pack exploit kit and infecting computers that were vulnerable.In what appears to be a...
View ArticleClik here to view.
Android Fake ID Vulnerability Lets Malware Impersonate Trusted Applications,...
Every Android application has its own unique identity, typically inherited from the corporate developer’s identity. The Bluebox Security research team, Bluebox Labs, recently discovered a new...
View ArticleClik here to view.
Encrypted Phone Calls for iPhone
At Open Whisper Systems, we want everyone to have access to advanced secure communication tools that are as easy and reliable to use as making a normal phone call or sending a normal text message.Over...
View ArticleClik here to view.
Vulnerabilities in Facebook and Facebook Messenger for Android [STIC-2014-0529]
Security advisory of Programa STIC at Fundación Dr. Manuel Sadosky www.fundacionsadosky.org.arVulnerabilities in Facebook and Facebook Messenger for Android1. *Advisory...
View ArticleClik here to view.
Former NSA Chief: Why I’m Worth $1 Million a Month to Wall Street
Former NSA Director Keith Alexander says his services warrant a fee of up to a million dollars, due to a cyber-surveillance technique he and his partners at his new security firm IronNet Cybersecurity...
View ArticleClik here to view.
Still in Hiding, CVE2012-0158
A post on Malware-Tracker's blog mentioned a couple new .doc's that seem are not detected by any engine. This post was written over 3 months ago, and there has been no improvement in the detection...
View ArticleClik here to view.
Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS 6.x)
>> > Bypassing Content-Disposition: attachment for XSS on Chrome/Safari(IOS)> >> > by Superhei of KnownSec team (www.knownsec.com) 2013.6.3> >> > Test Environment>...
View ArticleClik here to view.
Symantec Endpoint Protection 0Day
In a recent engagement, we had the opportunity to audit the Symantec Antivirus Endpoint Protection solution, where we found a multitude of vulnerabilities. Some of these made it to CERT, while others...
View ArticleClik here to view.
CEnigma is an web-based tool helping to disassemble hexcode to assembly
CEnigma is more user-friendly, lighter, faster & backed by Capstone, the most updated disassembly engine available. Thanks to Capstone, 8 architectures are supported: X86, Arm, Arm64, Mips,...
View ArticleClik here to view.
Pwntools
This is the CTF framework used by Gallopsled in every CTFmore here........................https://github.com/Gallopsled/pwntools
View ArticleClik here to view.
How to got root access on FireEye OS
A couple of months ago we had the opportunity to take a closer look at a FireEye AX 5400 malware analysis appliance. The systems of FireEye are famous for catching targeted attacks that tend to evade...
View ArticleClik here to view.
Practical Suggestions for Writing a Pintool
This is my list of practical suggestions to people developing a pintool. Since I dealt with these previously I thought to jot them down to help others. By applying this you should be somewhat closer to...
View ArticleClik here to view.
Tor security advisory: "relay early" traffic confirmation attack
On July 4 2014 we found a group of relays that we assume were trying to deanonymize users. They appear to have been targeting people who operate or access Tor hidden services. The attack involved...
View ArticleClik here to view.
SkaDate Lite 2.0 - Remote Code Execution Exploit
#!/usr/bin/env python### SkaDate Lite 2.0 Remote Code Execution Exploit### Vendor: Skalfa LLC# Product web page: http://lite.skadate.com | http://www.skalfa.com# Affected version: 2.0 (build 7651)...
View ArticleClik here to view.
SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities
<!--SkaDate Lite 2.0 Multiple XSRF And Persistent XSS VulnerabilitiesVendor: Skalfa LLCProduct web page: http://lite.skadate.com | http://www.skalfa.comAffected version: 2.0 (build 7651) [Platform...
View ArticleClik here to view.
More Spiders, Fewer Trees: Meterpreter Hop
Just about every time you see a serious network intrusion where the attackers obtain access to internal networks, the attackers used “hop points” to conceal their identity and evade detection. Hop...
View ArticleClik here to view.
Paper: Intrusions Detection System Based on Ubiquitous Network Nodes
Ubiquitous computing allows to make data and services within the reach of users anytime and anywhere. This makes ubiquitous networks vulnerable to attacks coming from either inside or outside the...
View Article