Clik here to view.
Parsing Windows Live Messenger data from iOS devices
Good afternoon readers, the past couple of weeks have been pretty busy with case work, but thankfully I finally had some time to dig in to some messaging data that I extracted from an iOS device that...
View ArticleClik here to view.
This is good stuff: Researcher snaps a Zeus hacker's photo through his webcam
Security researcher Raashid Bhatt has detailed how to bust the security protections of the Zeus banking trojan allowing him to take a webcam photo of the scammer.Bhatt (@raashidbhatt) wrote in a...
View ArticleClik here to view.
Paper: Extreme Privilege Escalation On Windows 8/UEFI Systems
The UEFI specification has more tightly coupled the bonds of the operating system and the platformfirmware by providing the well-defined “Runtime Service” interface between the operating system andthe...
View ArticleClik here to view.
Binary fuzzing strategies: what works, what doesn't
Successful fuzzers live and die by their fuzzing strategies. If the changes made to the input file are too conservative, the fuzzer will achieve very limited coverage. If the tweaks are too aggressive,...
View ArticleClik here to view.
Instrumenting Flash Player to Inspect JITted Pages for Integer Errors
In this blog post I'm writing about the method I experiment with to discover potential areas, that may or may not be prone to integer errors, in Flash Player.more...
View ArticleClik here to view.
The Hacker of Finfisher Explains How He Performs Reconnaissance To Compromise...
The Gamma Hacker who recently exploited Finfisher has written notes on how he compromised the controversial surveillance software firm. He goes on to explain how he made use of the whois lookup query...
View ArticleClik here to view.
Evading IDPS by Combining IPv6 Extension Headers and Fragmentation “Features”...
In the “A Novel Way of Abusing IPv6 Extension Headers to Evade IPv6 Security Devices” blogpost I described a way to evade a high-end commercial IDPS device, the Tipping Point IDPS (TOS Tipping Point,...
View ArticleClik here to view.
Complete application ownage via Multi-POST XSRF
I enjoy performing penetration tests, I also enjoy teaching how to do penetration testing correctly. When I am teaching one of the points I make is to never consider the vulnerabilities in isolation,...
View ArticleClik here to view.
SHARP MX Series - DoS
# Exploit Title: SHARP MX Series - Denial Of Service# Date: 08/08/2014# Exploit Author: pws# Vendor Homepage: Sharp Printers# Firmware Link: Not found# Tested on: Latest version# Shodan d0rk: "SHARP...
View ArticleClik here to view.
Sky Broadband Router SR101 - Weak WPA-PSK Generation Algorithm
# Exploit Title: Sky Broadband Router Weak algorithm used to generate WPA-PSK Key# Google Dork:# Date: 08/08/2014# Author: Matt O'Connor / Planit Computing# Advisory Link:...
View ArticleClik here to view.
The MANA toolkit - for wifi rogue AP attacks and MitM
The MANA toolkit by singe & ian de villiers @ sensepost (research@sensepost.com)A toolkit for rogue access point (evilAP) attacks presented at Defcon 22.This is a placeholder readme until we get...
View ArticleClik here to view.
[TUTORIAL] [C] USING LD_PRELOAD TO OVERWRITE LINUX SYSCALLS
What is LD_PRELOAD?Exactly what it sounds like, LD_PRELOAD points to a shared library and loads it before any other libraries, allowing you to overwrite predefined libraries or instructions before...
View ArticleClik here to view.
Computing on the edge of chaos: Structure and randomness in encrypted...
This survey, aimed mainly at mathematicians rather than practitioners, covers recent developments in homomorphic encryption (computing on encrypted data) and program obfuscation (generating encrypted...
View ArticleClik here to view.
Nishang
Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security usage and during Penetration Tests. Nishang is useful during various phases of a...
View ArticleClik here to view.
Supervised Classification with k-fold Cross Validation on a Multi Family...
Classifying a malware to a specific family is quite challenging with the growing number of malware and their families. Here, I will briefly describe how to do supervised classification on a...
View ArticleClik here to view.
Incident Response with Triage-ir
In many cases having a full disk image is not an option during an incident. Imagine that you are suspecting that you have dozen of infected or compromised system. Can you spend 2-3 hours to make a...
View ArticleClik here to view.
Memcached Injections
Memcached is a distributed memory caching system. It is in greatdemand in big-data Internet projects as it allows reasonablyspeed up web applications by caching data in RAM. Cached dataoften includes...
View ArticleClik here to view.
Countering darknet tracking docs with Cryptam (and yara)
We've been keeping an eye on the big conferences going on this week - Blackhat/Defcon/BSidesLV and noticed an interesting presentation at this years Defcon "Dropping Docs on Darknets: How People Got...
View ArticleClik here to view.
reGeorg
The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.more here..........https://github.com/sensepost/reGeorg
View ArticleClik here to view.
Joe Sandbox 10: Analysing unpacked PE Files and Memory Dumps with IDA
As you know the current Joe Sandbox version is 9.0.0 which we released in the end of March 2014. Since then we have implemented a set of very cool new features which we are going to release soon with...
View Article