Clik here to view.
Payloads in C with Radare
Writing exploits requires to perform several steps to achieve the final purpose of the attack.find a vulerabilityreverse engineer the bugachieve code executionwrite the payloadprofitThis post will...
View ArticleClik here to view.
Reveton ransomware has dangerously evolved
The old ransomware business model is no longer enough for malware authors. New additions have made Reveton into something even more...
View ArticleClik here to view.
Reversing the dropbox client on windows
Dropbox allows users to create a special folder on each of their computers, which Dropbox then synchronizes so that it appears to be the same folder (with the same contents) regardless of which...
View ArticleClik here to view.
CHS Hacked via Heartbleed Vulnerability
As many of you may have already been aware, a breach at Community Health Systems (CHS) affecting an estimated 4.5 million patients was recently revealed. TrustedSec obtained the first details on how...
View ArticleClik here to view.
HiMan EK and CVE-2013-2551
Recently during one of my analysis of URLs from urlquery, I came up with a URL ending in: /ie8910.html.The link, after being opened, returns an index with the following code...
View ArticleClik here to view.
Cleanup of 1024-bit CA certificates
TL;DR : If you are a system administrator for infrastructure using X.509/PKI certificates, please check that your infrastructure doesn't depend on the following CA certificates to be trusted. Although...
View ArticleClik here to view.
The fall of rogue antivirus software brings new methods to light
Rogue antivirus software has been a part of the malware ecosystem for many years now – Win32/SpySheriff and Win32/FakeRean date all the way back to 2007. These rogues, and the many that have followed...
View ArticleClik here to view.
Havex Malware Analysis and Inside Malware C&C Server
In this article I'll analyze recent Havex malware here.............https://www.codeandsec.net/Havex-Malware-Analysis-and-Inside-Malware-Command-And-Control-Server
View ArticleClik here to view.
Cisco 2014 Midyear Security Report: Security Services and Risk Management
More organizations are starting to view cybersecurity as a strategic risk. They have to—it’s becoming unavoidable. Technology and the business are so intertwined. Regulators are issuing more compliance...
View ArticleClik here to view.
1-15 August 2014 Cyber Attacks Timeline
This month of August will be probably remembered for the massive cache of 1.2 million of password scooped up by the Russian gang Cyber Vor, undoubtedly the most important event that overshadowed all...
View ArticleClik here to view.
CVE-2014-5307 - Privilege Escalation in Panda Security Products
Vulnerability title: Privilege Escalation in Panda SecurityCVE: CVE-2014-5307Vendor: Panda SecurityProduct: MultipleAffected version: Panda 2014 ProductsFixed version: Hotfix hft131306s24_r1Reported...
View ArticleClik here to view.
WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5
WHMCS has been notified.# Exploit Title: WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5# Google Dork: inurl:/modules/gateways/callback/moipapi.php-intext:"Gateway Module "moipapi" Not...
View ArticleClik here to view.
[The ManageOwnage Series, part I]: blind SQL injection in two servlets...
TL;DRCVE-2014-3996 / CVE-2014-3997Blind SQL injection in ManageEngine Desktop Central, Password ManagerPro and IT360 (including MSP versions)Scroll to the bottom for the Metasploit module link; the...
View ArticleClik here to view.
Information disclosure vulnerability in WordPress Mobile Pack allows anybody...
Details================Software: WordPress Mobile PackVersion: 2.0.1Homepage: http://wordpress.org/plugins/wordpress-mobile-pack/Advisory report:...
View ArticleClik here to view.
ReMASTering Applications by Obfuscating during Compilation
In this post, we discuss the creation of a novel software obfuscation toolkit, MAST, implemented in the LLVM compiler and suitable for denying program understanding to even the most well-resourced...
View ArticleClik here to view.
[CORE-2014-0004] - Delphi and C++ Builder VCL library Buffer Overflow
Core Security - Corelabs Advisoryhttp://corelabs.coresecurity.com/Delphi and C++ Builder VCL library Buffer Overflow1. *Advisory Information* Title: Delphi and C++ Builder VCL library Buffer...
View ArticleClik here to view.
Discovering Dynamically Loaded API in Visual Basic Binaries
Performing analysis on a Visual Basic (VB) script, or when Visual Basic is paired with the .NET Framework, becomes an exercise of source code analysis. Unfortunately when Visual Basic is compiled to a...
View ArticleClik here to view.
Paper: Spritz—a spongy RC4-like stream cipher and hash function
This note reconsiders the design of the stream cipherRC4, and proposes an improved variant, which wecall “Spritz” (since the output comes in fine dropsrather than big blocks.)Our work leverages the...
View ArticleClik here to view.
Poweliks – Command Line Confusion
Recently, hFireF0X provided a detailed walkthrough on the reverse engineering forum kernelmode.info about Win32/Poweliks malware. The particularity of this malware is that it resides in the Windows...
View ArticleClik here to view.
Script Execution and Privilege Escalation on Jenkins Server
During a recent penetration test I came across a Jenkins server. Having written a blog post on it, I was really excited and jumped straight to the /script url for the Groovy script console.more...
View Article