Clik here to view.
Carbonator
Integris Security Carbonator - The Burp Suite Pro extension that automates scope, spider & scan from the command line. Carbonator helps automate the vulnerability scanning of web applications....
View ArticleClik here to view.
Malicious SHA-1
TL;DR: If the four 32-bit constants of SHA-1 can be modified, then exploitable collisions can be constructed. No need to panic, this doesn’t affect the original SHA-1. However, vendors and customers of...
View ArticleClik here to view.
Ransomware Race (Part 1): CryptoWall ups the ante
This summer has included the appearance of two strong new malware families onto the file encrypting Windows ransomware market: CryptoWall and CTB-Locker. Of these, CTB-Locker has been the more advanced...
View ArticleClik here to view.
A Peek Into the Lion's Den – The Magnitude [aka PopAds] Exploit Kit
Recently we managed to have an unusual peek into the content that is used on the servers of the prevalent exploit kit, Magnitude. In this blog post we’ll review its most up-to-date administration panel...
View ArticleClik here to view.
ChinaDNS-C
A DNS forwarder that filters bad IPs. Quite useful if you live in China. This is a port of ChinaDNS to C.more here............https://github.com/clowwindy/ChinaDNS-C
View ArticleClik here to view.
Chunk Scatter
"Chunk Scatter" is a simple tool for analyzing HTTP responses that use chunked encoding. It plots each chunk on a scatter graph to help visualize when each chunk was received by the client. By...
View ArticleClik here to view.
Paper: Hidden in snow, revealed in thaw: Cold boot attacks revisited
In this paper, we will provide an overview of the current state-of-the-art with regards to so-called cold boot attacks, their practical applicability and feasibility, potential counter-measures and...
View ArticleClik here to view.
Trailing the Trojan njRAT
One Trojan that just won’t go away is the remote access tool njRAT. Microsoft recently took down a leading domain associated with the malware, but that action did not come off as smoothly as the...
View ArticleClik here to view.
MivaVM disassembler
This is a small MivaVM disassembler I coded when bored. (Yes, it's completely unofficial. I have no affiliation with Miva, Inc. I'm still unsure if Miva themselves have any kind of disassembler that...
View ArticleClik here to view.
About 72,500 TotalBank Customers Notified of Personal Data Exposure
This letter was posted today, although it was issued on July 3rd of this yearclick here......http://m.softpedia.com/about-72-500-totalbank-customers-notified-of-personal-data-exposure-453632.html
View ArticleClik here to view.
Symantec Endpoint Protection Kernel Pool Overflow (CVE-2014-3434)
Authored by sickness ryujinrom ctypes import *from ctypes.wintypes import *import struct, sys, os, timentdll = windll.ntdllkernel32 = windll.kernel32TH32CS_SNAPPROCESS = 0x02PROCESS_ALL_ACCESS =...
View ArticleClik here to view.
Russian Gang Amasses Over a Billion Internet Passwords
A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion username and password combinations and more than 500 million email addresses,...
View ArticleClik here to view.
HybridAuth
####################################################################### _ ___ _ _ ____ ____ _ _____# | | / _ \| \ | |/ ___|/ ___| / \|_ _|# | | | | | | \| | | _| | / _ \ |...
View ArticleClik here to view.
CryptoLocker ransomware intelligence report and decrypt cryptolocker free...
In the beginning of September 2013, the CryptoLocker malware variant appeared in the wild, spread exclusively by the infamous P2P ZeuS (aka Gameover ZeuS) malware. CryptoLocker had a simple purpose: to...
View ArticleClik here to view.
Gameover Increases Use of Domain Generation Algorithms
Earlier this year, the Federal Bureau of Investigation disrupted the activities of the Gameover botnet. That disruption had a significant effect on the scale of the ZBOT threat, but it was unlikely...
View ArticleClik here to view.
Low hanging Web Application bugs in Digital Cable :Hacking Cable TV Networks...
We did two presentations on the security issues in Digital Cable TV network back in February at Nullcon[Goa] and another at HITB [Amsterdam ] . We disclosed few of the many security issues we reported...
View ArticleClik here to view.
Obfuscated malicious office documents adopted by cybercriminals around the world
After going out of fashion for a number of years, malicious macros inside Office files have recently experienced a revival. And why not, especially if they are a lot cheaper than exploits and capable...
View ArticleClik here to view.
PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability
Document Title:===============PhotoSync Wifi & Bluetooth v1.0 - File Include VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1289Release...
View ArticleClik here to view.
PhotoSync v2.2 iOS - Command Inject Web Vulnerability
Document Title:===============PhotoSync v2.2 iOS - Command Inject Web VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1290Release...
View ArticleClik here to view.
MapDump x64
MapDump is one dll file utility which let's you dump PE files. The purpose is to create IDA friendly dumps. It gets around two common tricks, unlinking from PEB and erasing PE headers.more...
View Article