Clik here to view.
rr records nondeterministic executions and debugs them deterministically
rr aspires to be your primary debugging tool, replacing — well, enhancing — gdb. You record a failure once, then debug the recording, deterministically, as many times as you want. Every time the same...
View ArticleClik here to view.
Comma Separated Vulnerabilities
This post introduces Formula Injection, a technique for exploiting ‘Export to Spreadsheet’ functionality in web applications to attack users and steal spreadsheet contents. It also details a command...
View ArticleClik here to view.
An in-depth analysis of SSH attacks on Amazon EC2
The research study investigates Secure Shell (SSH) attacks on Amazon EC2 cloud instances across different AWS zones by means of deploying Smart Honeypot (SH). It provides an in-depth analysis of SSH...
View ArticleClik here to view.
Introducing Gupt: A Backdoor which uses Wireless network names for command...
Few weeks back, I was playing with my mobile WiFi hotspot and powershell. Using powershell, I was listing the SSIDs created by the mobile hotspot, wondering if it could be exploited some way? It turned...
View ArticleClik here to view.
Angler EK : now capable of "fileless" infection (memory malware)
Few days ago I spotted a new pattern in some Angler EK threadsmore here............http://malware.dontneedcoffee.com/2014/08/angler-ek-now-capable-of-fileless.html
View ArticleClik here to view.
Introduction to the ZeroLocker ransomware
A new ransomware called ZeroLocker has surfaced. The files are encrypted with AES (*) encryption.Currently the threat is considered as the most destructive ransomware we have seen to date.ZeroLocker...
View ArticleClik here to view.
The Untold Story of the Target Attack Step by Step
How were the Target attackers able to leap from the machine of a sub-contractor to the heart of the payment systems? This report builds out the entire Target attack story. Use our key findings as...
View ArticleClik here to view.
Mogwai Security Advisory MSA-2014-01: ManageEngine EventLog Analyzer Multiple...
Mogwai Security Advisory MSA-2014-01----------------------------------------------------------------------Title: ManageEngine EventLog Analyzer Multiple VulnerabilitiesProduct:...
View ArticleClik here to view.
XSS vulnerability in In-Portal CMS
After I informed developers in August about multiple vulnerabilities in In-Portal CMS and they answered they would fix them soon (so wait for disclosure of the first vulnerabilities), I found a new...
View ArticleClik here to view.
1900/UDP (SSDP) Scanning and DDOS
Over the last few weeks we have detected a significant increase in both scanning for 1900/UDP and a huge increase of 1900/UDP being used for amplified reflective DDOS attacks.\more...
View ArticleClik here to view.
Professor Accused of Hacking Louisiana-based University Health Conway...
In June, I found an FTP server full of medical information. I didn't show it to anyone, but emailed several addresses at the institution responsible for the server, lsuhsc.edu.Within a few hours, the...
View ArticleClik here to view.
Leaked Nude Photos Via Hacker of Jennifer Lawrence , Kate Upton and Others...
Its appears that there has been a bunch of nude photos leaked of Oscar winning actress Jennifer Lawrence, Kate Upton and others here......http://boards.4chan.org/b/In addition Buzzfeed claims the...
View ArticleClik here to view.
Popping a shell on the Facebook Oculus developer portal (Nice Bounty Paid As...
It's not every day you find a CSRF-RCE, where sending an admin to a malicious webpage gives you a shell on their server, but that's what I discovered while exploring the security of the Oculus...
View ArticleClik here to view.
Unlinking Windows Services from the Service Record List
Greetings!I'm excited to finally put a real post up! My motivation for writing this was that I couldn't find anything else on this topic except for two articles relating to enumerating services via the...
View ArticleClik here to view.
ibrute- I wonder if this is one of the exploit methods utilized in the...
The end of fun, Apple have just patchedHere is appleID password bruteforce pOc. It's only p0c, so there is noMultiThreading featureSave-State-On-Exception featuredo it yourselfIt uses Find My Iphone...
View ArticleClik here to view.
Inception Metasploit integration
Over the last months I’ve completely restructured Inception. The tool is now more loosely coupled, and I’ve made it easier to create modules exploiting DMA. More on that in a later post.I’ve also added...
View ArticleClik here to view.
WWW File Share Pro v7.0 - Denial of Service Vulnerability
Document Title:===============WWW File Share Pro v7.0 - Denial of Service VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1310Video:...
View ArticleClik here to view.
Avira License Application - Cross Site Request Forgery Vulnerability
Document Title:===============Avira License Application - Cross Site Request Forgery VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1302Video:...
View ArticleClik here to view.
Europol launches taskforce to fight world’s top cybercriminals
oint Cybercrime Action Taskforce to coordinate investigations into hacking, malware and other online crimesmore...
View ArticleClik here to view.
iCloud Keychain and iOS 7 data protection
Here are some slides that come at an opportune time.......http://www.slideshare.net/alexeytroshichev/icloud-keychain-38565363
View Article