Clik here to view.
HoneyMalt
HoneyMalt is a Maltego transform pack for the analysis (graphing) of Honeypots. Starting with Kippo (that uses MySQL) you can now export all that lovely SQL data and have your Maltego graphs displaying...
View ArticleClik here to view.
SHIVA
SHIVA: Spam Honeypot with Intelligent Virtual Analyzer, is an open but controlled relay Spam Honeypot (SpamPot), built on top of Lamson Python framework, with capability of collecting and analyzing all...
View ArticleClik here to view.
Reversing the Dropcam Part 3: Digging into complied Lua functionality
In Part 1 & Part 2 of this RE blog series you saw how we reverse engineered the Dropcam and got access to the file system. In this final post of the series we'll examine some of the binaries found...
View ArticleClik here to view.
Tiny Malware PoC: Malware Without IAT, DATA OR Resource Section
Have you ever wondered about having an EXE without any entry in IAT (Import Address Table) at all? Well, I knew that it's possible, but never saw an actual exe file without IAT entry. So I developed an...
View ArticleClik here to view.
Milkman: Creating Processes as Any Currently Logged in User
One of the problems with using PSEXEC from Metasploit (any of the psexec modules) is that it runs as SYSTEM. What’s the problem with that? Isn’t SYSTEM god mode? Ya, and normally I’d agree that it’s...
View ArticleClik here to view.
Metasploit: VirtualBox 3D Acceleration Virtual Machine Escape
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'rex'class Metasploit3 <...
View ArticleClik here to view.
Metasploit: VMTurbo Operations Manager 4.6 vmtadmin.cgi Remote Command Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Google Chrome 36.0.1985.142 Use-after-free vulnerability
[WebSocket] Task creation should be separated from task posting.Having a complex argument as a waitForMethodCompletion may keep alivetemporary objects which must be killed before posting a task to...
View ArticleClik here to view.
AdThief malware infected jailbroken Apple devices
Malware expert Axelle Apvrille explained how the iOS AdThief malware infected more than 75000 jailbroken iOS devices hijacking millions advertisements.more...
View ArticleClik here to view.
Tek Security Group's Password Repository
In this repository you will find helpful authentication brute forcing files. These files include known password defaults, usernames, common and specialized dictionaries, etc. Feel free to contribute to...
View ArticleClik here to view.
Google Online Security: That’s not the download you’re looking for...
You should be able to use the web safely, without fear that malware could take control of your computer, or that you could be tricked into giving up personal information in a phishing scam.That’s why...
View ArticleClik here to view.
The Windows 8.1 Kernel Patch Protection
In the last 3 months we have seen a lot of machines compromised by Uroburos (a kernel-mode rootkit that spreads in the wild and specifically targets Windows 7 64-bit). Curiosity lead me to start...
View ArticleClik here to view.
Deanonymizing Facebook Users By CSP Bruteforcing
Did you ever wish to have all relevant information about a visitor right when he hits your site? Think of (full) name, gender and maybe hobbies and interests? Thanks to social networks we could at...
View ArticleClik here to view.
Certificate transparency for PGP?
Yesterday, Prof. Matthew Green wrote a nice blog post about why PGP must die. Ignoring the UX design problem for now, his four main points were: (1) the keys themselves are too unwieldy, (2) key...
View ArticleClik here to view.
ESPot - ElasticSearch Honeypot
An Elasticsearch honeypot written in NodeJS, to capture every attempts to exploit CVE-2014-3120 (The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote...
View ArticleClik here to view.
Optimizing a Birthday Attack
A birthday attack is a generic attack on hash functions (and some other cryptographic primitives) that trades time for space (memory).more...
View ArticleClik here to view.
SANS Institute Recent Paper: Botnet Tracking Tools
AbstractBotnets are a serious threat to internet security. Botnets consist of networkedcollections of compromised machines called robots or ‘bots’ for short. Bots are alsocalled ‘zombies,’ and botnets...
View ArticleClik here to view.
Paper: An Evasion and Counter-Evasion Study in Malicious Websites Detection
Malicious websites are a major cyber attack vector, and effective detection of them is an important cyber defense task. The main defense paradigm in this regard is that the defender uses some kind of...
View ArticleClik here to view.
Paper: A CryptoCubic Protocol for Hacker-Proof Off-Chain Bitcoin Transactions
Off-Chain transactions allow for the immediate transfer of Cryptocurrency between two parties, without delays or unavoidable transaction fees. Such capabilities are critical for mainstream...
View ArticleClik here to view.
Lyris ListManagerWeb 8.95a Cross Site Scripting Vulnerability
Author: 1N3Website: http://xerosecurity.comVender Website: http://lyris.com/us-en/products/listmanagerAffected Product: Lyris ListManagerWebAffected Version: 8.95aABOUT:Lyris ListManager (Lyris LM) is...
View Article