Clik here to view.
Rooted SSH/SFTP Daemon Default Login Credentials
I stumbled on to this while setting up an android vulnerability testing lab.Title: Rooted SSH/SFTP Daemon Default Login CredentialsAuthor: Larry W. Cashdollar, @_larry0OSVDB-ID: 110742Date:...
View ArticleClik here to view.
Clickjacking-Exploit
Multistep Clickjacking Proof-of-Concept Exploit. Edit the config variable for own PoCs.more here.............https://github.com/thomasskora/Clickjacking-Exploit
View ArticleClik here to view.
Hacking Canon Pixma Printers - Doomed Encryption
This blog post is another in the series demonstrating current insecurities in devices categorised as the ‘Internet of Things’.  This instalment will reveal how the firmware on Canon Pixma printers...
View ArticleClik here to view.
Sprint, Windstream: Latest ISPs to hijack foreign networks
Last year my colleague Jim Cowie broke a story about routing hijacks that resulted in Internet traffic being redirected through Iceland and Belarus. Unfortunately, little has changed since then and the...
View ArticleClik here to view.
2014-09-12 - NUCLEAR EK SENDS SILVERLIGHT EXPLOIT
This is the first time I can remember seeing Nuclear EK send a Silverlight exploit.more here........http://malware-traffic-analysis.net/2014/09/12/index.html
View ArticleClik here to view.
Paper: ANDRUBIS - 1,000,000 Apps Later: A View on Current Android Malware...
Abstract—Android is the most popular smartphone operatingsystem with a market share of 80%, but as a consequence,also the platform most targeted by malware. To deal withthe increasing number of...
View ArticleClik here to view.
Maximum Overkill: ROP exploit for Tinysploit
A while ago, someone posted a link to Tinysploit in the IRC channel of #vulnhub. It's an easy challenge, geared towards exploit development. In it, you'll find a vulnerable http server which can be...
View ArticleClik here to view.
Possible Data Leakage of Email and Passwords Bitcoin Lixter
Some entity or entities calling themselves anonymous claim to have compromised the crypto trading platform Lixter in the name of the infamous Stratfor hacker Jeremy Hammond. The leak can be found...
View ArticleClik here to view.
Win32.BlackBerryBBC Malware Analysis
Today I got a mail containing a malware from security@bbc.co.uk. The sender’s address is forged and this is kind of Email Spoofing. Email contains a description about malwares and encourages the...
View ArticleClik here to view.
Detecting Phishing Sites in Your Logs
I recently read the Anti-Phishing Working Group’s 2Q 2014 report and saw the number of unique phishing sites. I then compared the numbers with the previous year.more...
View ArticleClik here to view.
Say Hello to Astrum EK
I was chasing something else (the Kovter adfraud's Sweet Orange thread - Kovter is not a ransomware anymore (since at least march 2014)) when I received bullets from an undocumented "weapon" : an...
View ArticleClik here to view.
AppSensor
AppSensor is a real-time application intrusion detection framework from OWASPmore here...........https://github.com/jtmelton/appsensor
View ArticleClik here to view.
OS X IOKit kernel code execution due to lack of bounds checking in...
IOAccelDisplayPipe2::transaction_set_plane_gamma_table fails to verify the second dword of IOAccelDisplayPipeGammaTableArgs which can be controlled by calling the external method with selector 5 of...
View ArticleClik here to view.
RPCSniffer
RPCSniffer sniffs RPC messages in a given RPC server process.General InformationWith RPCSniffer you can explore RPC Messages that present on Microsoft system. The data given for each RPC message...
View ArticleClik here to view.
Tango down report of OP China ELF DDoS'er
We are releasing the take-down (Tango OP) project information of our current on-going operation against the ELF DDoS malware, the threat with origin from China.more...
View ArticleClik here to view.
AppBuyer: New iOS Malware Steals Apple ID and Password to Buy Apps
Palo Alto Networks recently found and analyzed a new iOS malware affecting jailbroken iOS devices in the wild. The malware will connect to C&C server, download and execute malicious executable...
View ArticleClik here to view.
The NSA Breach of Telekom and Other German Firms (Inclusive Docs)
According to top-secret documents from the NSA and the British agency GCHQ, the intelligence agencies are seeking to map the entire Internet, including end-user devices. In pursuing that goal, they...
View ArticleClik here to view.
IDA Sploiter
IDA Sploiter is a plugin for Hex-Ray's IDA Pro disassembler designed to enhance IDA's capabilities as an exploit development and vulnerability research tool. Some of the plugin's features include a...
View ArticleClik here to view.
Having fun with AndroidManifest.xml
Before w will get back to Sandrorat let's have some fun. It's weekend after all, or rather it was weekend when I wrote this post. Everyone that ever tried to see the insides of the APK file knows...
View ArticleClik here to view.
Briefcase 4.0 iOS - Code Execution & File Include Vulnerability
Document Title:===============Briefcase 4.0 iOS - Code Execution & File Include VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1319Release...
View Article