Clik here to view.
MyConnection Server (MCS) 9.7i Cross Site Scripting Vulnerability
Author: 1N3Website: http://treadstonesecurity.blogspot.caVender Website: http://www.visualware.com/Affected Product: MyConnection ServerAffected Version: 9.7i (others may also be...
View ArticleClik here to view.
Data breach revealed by Supervalu
There's been a data breach at a number of Supervalu grocery stores, as well as at some of its stand-alone liquor shops.The company said Friday that hackers accessed a network that processes store...
View ArticleClik here to view.
Understanding the Rosetta Flash vulnerability
Rosetta is a new way to create Flash files, which made possible a new kind of vulnerability affecting many websites, including very popular ones.more...
View ArticleClik here to view.
Analysis of ‘TorrentLocker’ – A New Strain of Ransomware Using Components of...
At iSIGHT Partners we are constantly monitoring the cyber crime underground and tracking new vulnerabilities and their exploitation for our clients. Our cyber threat intelligence services were built...
View ArticleClik here to view.
ContradictionC2- A TAKEDOWN-RESISTANT BOTNET BASED ON DEAD DROPS
Botnets are networks of malware-infected computers that are coordinated to accomplish typicallymalicious tasks. The compromised hosts run programs called bots to carry out the commands of botmasters...
View ArticleClik here to view.
Schrodinger’s Cat Video and the Death of Clear-Text
Key FindingsCommercial network injection appliances are actively targeting Google’s YouTube and Microsoft’s Live services in order to install surveillance implants on targets across the globe.Documents...
View ArticleClik here to view.
XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual...
I. VULNERABILITY -------------------------XSS Reflected vulnerability in RiverBed Stingray Traffic Manager VirtualAppliance V 9.6II. BACKGROUND-------------------------Silver Peak VX software marries...
View ArticleClik here to view.
Analyzing heap objects with mona.py
Hi all,While preparing for my Advanced exploit dev course at Derbycon, I’ve been playing with heap allocation primitives in IE. One of the things that causes some frustration (or, at least, tends to...
View ArticleClik here to view.
Important: Microsoft Security Bulletin Re-release
********************************************************************Title: Microsoft Security Bulletin Re-ReleasesIssued: August 15,...
View ArticleClik here to view.
DEFCON 22 Badge Contest
This writeup is not for the weak of heart or the ill of will. It is for those who nestle in a bed of crazy and snuggle with a layer of insane.more here............http://elegin.com/dc22/
View ArticleClik here to view.
Network Forensics Puzzle Contest 2014 Walkthrough
Finally, it’s what you’ve all been waiting for: the walkthrough and solutions to this year’s puzzle!more...
View ArticleClik here to view.
Beginners error: Windows Live Mail 2011 runs rogue C:\Program.exe when...
Hi @ll,the following command lines associated with the URL protocols ofWindows Live Mail 2011 (15.4.3538.513)WLMail.Url.Mailto=C:\Program Files (x86)\Windows Live\Mail\wlmail.exe...
View ArticleClik here to view.
Beginners error: Apple's Software Update runs rogue program C:\Program.exe...
Hi @ll,"C:\Program Files\Apple Software Update\SoftwareUpdate.exe", partof Apple's Software Update and installed together with iTunes,QuickTime and other of Apple's crap for Windows, is...
View ArticleClik here to view.
Beginners error: Apple's iCloudServices for Windows run rogue program...
Hi @ll,"C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe",part of Apple's iCloudServices (see <https://www.apple.com/icloud/>), isconfigured to be started as (COM) server...
View ArticleClik here to view.
CSRF in Disqus WordPress Plugin v2.77
There are several cross site request forgery vulnerabilities in the Disqus WordPress Plugin, version 2.77.Let’s start with the technical details, then I’ll get to the commentary.Three settings in the...
View ArticleClik here to view.
TCP PACKET INJECTION WITH PYTHON
Packet injection is the process of interfering with an established network connection by constructing arbitrary protocol packets (TCP, UDP, ...) and send them out through raw socketsit's used widely in...
View ArticleClik here to view.
Scan the Internet & Screenshot All the Things
During Defcon 22, @ErrataRob, @paulm and @Viss (mass)scanned the Internet and presented some Tips, Tricks and Results. Lots of people confronted @Viss after he posted some VNC screenshots on his...
View ArticleClik here to view.
Mac OS X , iOS Chrome & Safari web browsers heap corruption bug
I think heap verify mechanism of Safari prevents the actual crash.PoC 1 –> http://ibrahimbalic.com/ios2/PoC 2 –> http://ibrahimbalic.com/nets/more...
View ArticleClik here to view.
Outlook.com for Android fails to validate server certificates
------------------------------------------------------------------------Outlook.com for Android fails to validate server...
View ArticleClik here to view.
CryptoShark
A quick demo of interactive tracing with CryptoShark, an open source debugger built on top of http://www.frida.re/. Source code at:https://github.com/frida/cryptoshark
View Article