Clik here to view.
Defense in depth -- the Microsoft way (part 19): still no "perfect forward...
Hi @ll,on April 8, 2014 Microsoft published an update for Windows 8.1 andWindows Server 2012 R2 (see <http://support.microsoft.com/kb/2929781>)which enables "perfect forward secrecy" per default...
View ArticleClik here to view.
WebEdition 6.3.8-s1 SQL Injection Vulnerability
IntroductionWebEdition CMS is an open source CMS written in PHP that seems to be mostly used by german websites. It came to our attention a few months ago, because another party performed an audit on...
View ArticleClik here to view.
[ TECHNICAL TEAR DOWN : CHROME EXTENSION - PRO VISITOR ]
Today, I’ll be doing another technical tear-down of a Chrome Extension that does more than what it advertises.more...
View ArticleClik here to view.
Crowdsourced Malware Triage
This is the long annotated version of a short presentation I put together outlining the the crowdsource tools I have used in the past for malware triage. Not to be confused with malware reverse...
View ArticleClik here to view.
ALCASAR
#!/usr/bin/env python# -*- coding: utf-8 -*-####### ALCASAR <= 2.8 Remote Root Code Execution Vulnerability## Author: eF# Date : 2014-02-10### db 88 ,ad8888ba,...
View ArticleClik here to view.
Paper: DEEP ANALYSIS OF BINARY CODE TO RECOVER PROGRAM STRUCTURE
Reverse engineering binary executable code is gaining more interest in the research community. Agencies as diverse as anti-virus companies, security consultants, code forensics consultants,...
View ArticleClik here to view.
IP Board 3.x - CSRF Token hjiacking
#Title: IP Board 3.x CSRF - Token hjiacking#Date: 03.09.14#Version: <= 3.4.6#Vendor: invisionpower.com#Author: Piotr S.#Video-PoC: https://www.youtube.com/watch?v=G5P21TA4DjY1) IntroductionLatest...
View ArticleClik here to view.
Will Selling Your 0-Days Soon Be Illegal?
We covered this Wassenaar Arrangement thing before. The latest version of the agreement included 0-days, exploits, and backdoors as regulated and export-controlled “dual-use” technologies. Previously,...
View ArticleClik here to view.
Phishing - All you need is one
NCC Group recently carried out a phishing and Advanced Persistent Threat (APT) simulation assessment against one of its clients using email-based phishing as a method to gain initial access.This type...
View ArticleClik here to view.
RIG EK outbreak continues
During daily data mining activities, we observe continual outbreaks of many exploit kits (EK) such as RIG EK. Logs are monitored and analyzed to come up with new protections, which are eventually...
View ArticleClik here to view.
Colliding password protected MS office 97-2003 documents
I recently worked on adding support to oclHashcat in order to crack the different versions of password protected MS Office documents. So far I've finished MS Office 2013, 2010, 2007 and the 97-2003...
View ArticleClik here to view.
ABUSING DOCKER'S REMOTE APIS
Forewords: is this post about a security vulnerability?Ultimately it's not. This is a short note on how to exploit a somehow under-documented feature in the Docker remote APIs, since I did not manage...
View ArticleClik here to view.
[ TECHNICAL TEAR DOWN: FAKE WECHAT ANDROID APP (PACKED USING BANGCLE)]
MD5: 35C0A075CBC6135D957BD10769E3A620SHA1: 554FD3D80B696F0677231A54F35B61B5774F2940This is an Android malware found in the wild. You may be wondering what’s so special about this malware as there are...
View ArticleClik here to view.
TorrentLocker Unlocked
TorrentLocker is a new breed of ransomware that has been spreading lately. Like CryptoLocker and CryptoWall it encrypts files on a victim's machine and then demands ransom. The victim has to pay to get...
View ArticleClik here to view.
SHA1 deprecation: what you need to know
The news is that SHA1, a very popular hashing function, is on the way out. Strictly speaking, this development is not new. The first signs of weaknesses in SHA1 appeared (almost) ten years ago. In...
View ArticleClik here to view.
Arbitrary File Deletion as Root in Webmin
A vulnerability exists in Webmin <= 1.680 (CVE-2014-2952) that allows authenticated users to delete arbitrary files on the host server as root. The problem exists in the cron module, specifically in...
View ArticleClik here to view.
Chat apps leak: Billion app users from OKCupid to Grindr at risk
Nearly a billion users of a dozen chat apps for Android including popular apps such as Instagram, Oovoo, OKCupid and Grindr could be at risk from eavesdroppers and snoopers after University of New...
View ArticleClik here to view.
Nice Way To Evade Dynamic Analysis
One of the most important rules in building dynamic analysis environments is to avoid internet connection by the "potential malicious code". Indeed the "potential malicious code" would try to exploit...
View ArticleClik here to view.
OSX Persistence via PHP Webshell
As I learn more and more about OSX I find things that surprise me. For instance, in this post I will be showing you how to, with root or sudo priviledge, enable the built-in apache server on OSX and...
View ArticleClik here to view.
5 million ‘compromised’ Google accounts leaked
A database of what appears to be some 5 million login and password pairs for Google accounts has been leaked to a Russian cyber security internet forum. It follows similar leaks of account data for...
View Article