Clik here to view.
Metasploit: Firefox WebIDL Privileged Javascript Injection
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'require 'rex/exploitation/jsobfu'class Metasploit3...
View ArticleClik here to view.
New Critroni variant offers free test decryption and now uses CTB2 extension
A new variant of the Critroni, or CTB Locker, ransomware is being distributed that now offers the ability to decrypt 5 files as proof that paying the ransom will get you your files back. This variant...
View ArticleClik here to view.
Shining some light on the ‘Unknown’ Exploit Kit
Every now and again we come across new URL patterns when investigating traffic captures. In some cases, they are variations of existing redirectors or exploit kits which play the cat-and-mouse game...
View ArticleClik here to view.
F5 Unauthenticated rsync access to Remote Root Code Execution
( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y...
View ArticleClik here to view.
Paper: In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux
ABSTRACT The forensics community is increasingly embracing the use of memory analysis to enhance traditional storage-based forensics techniques, because memory analysis yields a wealth of information...
View ArticleClik here to view.
New BlackPOS Malware Emerges in the Wild, Targets Retail Accounts
We recently spotted a brand new BlackPOS (point-of-sale) malware detected by Trend Micro as TSPY_MEMLOG.A. In 2012, the source code of BlackPOS was leaked, enabling other cybercriminals and attackers...
View ArticleClik here to view.
The Evolution of Asprox Malware
Analysis SummaryAsprox has four distinct development phases, most recently taking on APT-style obfuscation techniques.Asprox diversified its TTPS, utilizing new languages and attachment filenames...
View ArticleClik here to view.
BIFROSE Now More Evasive Through Tor, Used for Targeted Attack
We recently investigated a targeted attack against a device manufacturer, and in our analysis, we found that the malware deployed into the target network is a variant of a well-known backdoor, BIFROSE....
View ArticleClik here to view.
Connecting the Dots: Syrian Malware Team Uses BlackWorm for Attacks
The Syrian Electronic Army has made news for its recent attacks on major communications websites, Forbes, and an alleged attack on CENTCOM. While these attacks garnered public attention, the activities...
View ArticleClik here to view.
JPMorgan Hack Said to Span Months Via Multiple Flaws
Hackers burrowed into the databanks of JPMorgan Chase & Co. and deftly dodged one of the world’s largest arrays of sophisticated detection systems for months.The attack, an outline of which was...
View ArticleClik here to view.
Video: Windows POSIX API Local Info Disclosure 0day
This bug surfaces when a fwrite() is done followed by an fread(), it allows for up to 4095 bytes of heap disclosure. Could potentially be used for a ASLR bypass in python or something.more...
View ArticleClik here to view.
Ransomware infecting user32.dll, continued
A new variant of the Department of Justice (DOJ) ransomware that embeds itself inside user32.dll is spreading.more...
View ArticleClik here to view.
Sinkholing the Backoff POS Trojan
There is currently a lot of buzz about the Backoff point-of-sale Trojan that is designed to steal credit card information from computers that have POS terminals attached.Trustwave SpiderLab, which...
View ArticleClik here to view.
Understanding IE’s New Exploit Mitigations: The Memory Protector and the...
In a previous article, I explained use-after-free (UAF) vulnerabilities and why they are a common bug, especially in large and complex codebases such as Internet Explorer (IE). Because of this, a...
View ArticleClik here to view.
Peach Orchard
Peach Orchard is a web front-end to the Peach fuzzer; it provides a centralized server and distributed nodes that centralizes all crash and status information. Each system that runs Peach can fire up...
View ArticleClik here to view.
Initial release of Shadow Daemon web honeypot: A modular system to detect and...
Shadow Daemon is a modular system that detects and prevents known and unknown attacks against web applications. It requires no source code changes, is very flexible and can be used for many different...
View ArticleClik here to view.
binglide
binglide is a visual reverse engineering tool. It is designed to offer a quick overview of the different data types that are present in a file.more here..............https://github.com/wapiflapi/binglide
View ArticleClik here to view.
NRPE 2.15 - Remote Code Execution Vulnerability
#!/usr/bin/python### Exploit Title : NRPE <= 2.15 Remote Code Execution Vulnerability## Discovered by : Dawid Golunski# dawid (at) legalhackers (dot) com#...
View ArticleClik here to view.
HTML Help Workshop 1.4 - (SEH) Buffer Overflow
#----------------------------------------------------------------------------------------------------## Exploit Title: HTML Help Workshop - (SEH) Buffer Overflow...
View ArticleClik here to view.
Weekly Metasploit Update: Post-4.10 Edition
Since we Last Left Our Heroes...Wow, it's been a busy couple weeks here, post-DefCon/Black Hat. As you no doubt have noticed, we released Metasploit 4.10, which brings some major architectural changes...
View Article