Clik here to view.
Web Server Attack Investigation - Installing a Bot and Reverse Shell via a...
With Windows malware getting so much attention nowadays, it's easy to forget that attackers also target other OS platforms. Let's take a look at a recent attempt to install an IRC bot written in Perl...
View ArticleClik here to view.
300Gbps DDoS attack on firm exploits server flaw
Hacktivists launched up an immense and formerly undocumented 300Gbps DDoS attack earlier this summer by taking advantage of an obscure motherboard-level exploit on 100,000 unpatched servers, VeriSign...
View ArticleClik here to view.
NSA/GCHQ/CESC Infecting Innocent Computers Worldwide
There's a new story on the c't magazin website about a 5-Eyes program to infect computers around the world for use as launching pads for attacks. These are not target computers; these are innocent...
View ArticleClik here to view.
Report: Syrian Malware, the ever-evolving threat
The Global Research and Analysis Team (GReAT) at Kaspersky Lab has discovered new malwareattacks in Syria, with malicious entities using a plethora of methods from their toolbox to hideand operate...
View ArticleClik here to view.
Darshak
Darshak is an application serving two primary usage -detecting any suspicious activity of being tracked via cellular network for example Silent SMSto assess security capabilities of your current...
View ArticleClik here to view.
XRay: A New Tool for Tracking the Use of Personal Data on the Web
A real problem with personal data today is that the terms of trade so often seem both opaque and askew. Browse for information, send messages or go shopping online and data about you, your habits and...
View ArticleClik here to view.
Tenda A5s Router 3.02.05_CN - Authentication Bypass Vulnerability
----------------------------------------------------------------------- Tenda A5s Router Authentication Bypass...
View ArticleClik here to view.
CVE-2014-3577: Apache HttpComponents client: Hostname verification...
Security Advisory - Apache Software Foundation Apache HttpComponents / hc.apache.org Hostname verification susceptible to MITM attack CVE-2014-3577 /...
View ArticleClik here to view.
Metasploit: Gitlab-shell Code Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'net/ssh'class Metasploit3 <...
View ArticleClik here to view.
Community Health says data stolen in cyber attack from China
Community Health Systems Inc (CYH.N), one of the biggest U.S. hospital groups, said on Monday it was the victim of a cyber attack from China, resulting in the theft of Social Security numbers and other...
View ArticleClik here to view.
Metasploit: Firefox toString console.time Privileged Javascript Injection
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'rex/exploitation/jsobfu'class Metasploit3...
View ArticleClik here to view.
Senkas Kolibri WebServer 2.0 Buffer Overflow Exploit
Exploit Details------------------Senkas Kolibri WebServer 2.0 (available at http://www.senkas.com/kolibri/download.php) is vulnerable to RCE via an overly long POST request.Sending the exploit will...
View ArticleClik here to view.
How to DDoS through Facebook Datacenter with almost 1Gbs. They’ve started to...
The vulnerability, found by Teofil Cojocariu in June 12, Security Researcher @CCSIR.org has a simple concept but it can leave a big impact on websites of small companies or individuals. He made Open...
View ArticleClik here to view.
iSEC Partners Conducts Tor Browser Hardening Study
In May, the Open Technology Fund commissioned iSEC Partners to study current and future hardening options for the Tor Browser. The Open Technology Fund is the primary funder of Tor Browser development,...
View ArticleClik here to view.
Learning Exploitation with FSExploitMe
I've been an adjunct professor at NYU Poly for almost two years now. It's been a great experience for a number of reasons, one of which is because I'm teaching a hot topic: Vulnerability Analysis and...
View ArticleClik here to view.
Vulnerabilities found in Dendroid mobile Trojan
On Friday, the full source code of the Dendroid Remote Access Trojan (RAT) was leaked. Dendroid is a popular crimeware package that targets Android devices and is sold on underground forums for $300....
View ArticleClik here to view.
Patching the Mach-o Format the Simple and Easy Way
This is a strange post for me.I'm relatively new to mac research. So when I find something new, that seems cutting edge, but relatively simple I question it. Has anyone else done this before? Is this...
View ArticleClik here to view.
The Case Of The Bloated Reference Count: Handle Table Entry Changes in...
As part of my daily reverse engineering and peering into Windows Internals, I started noticing a strange effect in Windows 8.1 whenever looking at the reference counts of various objects with tools...
View ArticleClik here to view.
Counterfeit Legal Notices continue to spread malware
Counterfeit legal notices continue to spread malware Today a friend mentioned that they had seen several ASProx messages being distributed by domains that looked like law firm names warning of court...
View ArticleClik here to view.
Rumor: Undisclosed security breach cause of Apple's new Gatekeeper app...
A report on Monday suggests Apple's recently modified OS X app signing policy is the result of an undisclosed Developer Portal security breach that leaked keys for multiple services, including...
View Article