Clik here to view.
PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail...
Document Title:===============PayPal Inc Bug Bounty Issue #70 France - Persistent (Escape Shopping) Mail VulnerabilityReferences...
View ArticleClik here to view.
BulletProof Security Wordpress v50.8 - POST Inject Vulnerability
Document Title:===============BulletProof Security Wordpress v50.8 - POST Inject VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1326Release...
View ArticleClik here to view.
HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability
Document Title:===============HTTP Commander AJS v3.1.9 - Client Side Exception VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1329Release...
View ArticleClik here to view.
Paper: Repeatable Reverse Engineering for the Greater Good with PANDA
We present PANDA, an open-source tool that has been purpose-built to support whole system reverse engineering. It is built upon the QEMU whole system emulator, and so analyses have access to all code...
View ArticleClik here to view.
Outsmarting the smart meter
The Conpot team recently introduced what we call the proxy module. Basically we forward the traffic from one service in Conpot to a service running on a real piece of hardware. This is a very...
View ArticleClik here to view.
CVE-2014-7278 DoS in ZyXEL SBG-3300 Security Gateway
#########################################Vulnerability Title: DoS in ZyXEL SBG-3300 Security Gateway#Date: 02/10/2014#CVE-ID: CVE-2014-7278#Product: ZyXEL SBG3300-N series#Vendor:...
View ArticleClik here to view.
CVE-2014-7277 Stored Server XSS in ZyXEL SBG-3300 Security Gateway
#########################################Vulnerability Title: Stored Server XSS in ZyXEL SBG-3300 Security Gateway#Date: 02/10/2014#CVE-ID: CVE-2014-7277#Product: ZyXEL SBG3300-N series#Vendor:...
View ArticleClik here to view.
toolsmith: HoneyDrive - Honeypots in a Box
Late in July, Ioannis Koniaris of BruteForce Lab (Greece) released HoneyDrive 3, the Royal Jelly edition. When Team Cymru’s Steve Santorelli sent out news of same to the Dragon News Bytes list the...
View ArticleClik here to view.
A Tale Of Another SOP Bypass In Android Browser < 4.4
Since, my recent android SOP bypass [CVE-2014-6041] triggered a lot of eruption among the infosec community, I was motivated to research a bit more upon the android browser, it turns out that things...
View ArticleClik here to view.
Do You Trust Your Computer?
These past couple weeks have been a blur. I had the opportunity to attend and speak at both AppSecUSA and DerbyCon and can not say enough good things about these conferences. There were so many...
View ArticleClik here to view.
Adventures in Empty UDP Scanning
One of the interesting things about security research, and I guess research in general, is that all too often the only research that is publicized is research that proves something or shows something...
View ArticleClik here to view.
Dynamic Automatic Unpacking for RunPE,Process Hollowing Malware(winappdbg)
The code shows simple usage of winappdbg. This can be implemented in other debugger in Pydbg.Process Hollowing ,RunPE or Process Forking are more or less the same terms used for the same technique. In...
View ArticleClik here to view.
WebLogic undocumented hacking
During an external pentest – what a surprise – I found a WebLogic server with no interesting contents. I searched papers and tutorials about WebLogic hacking with little success. The public...
View ArticleClik here to view.
Chiron – An All-In-One IPv6 Penetration Testing Framework
Last week I had the pleasure to give you my impressions regarding my experience about hacking for b33r at Ghent, that is, my participation at BruCON 2014 hacking conference. As I said among else, the...
View ArticleClik here to view.
Shellshock Simple User-Agent Exploit
I was on an assessment this week just second checking some scanner results and I ran across an interesting pagemore here..........http://securenetworkmanagement.com/shellshock-simple-user-agent-exploit/
View ArticleClik here to view.
Why can't Apple decrypt your iPhone?
Last week I wrote about Apple's new default encryption policy for iOS 8. Since that piece was intended for general audiences, I mostly avoided technical detail. But since some folks (and apparently the...
View ArticleClik here to view.
iWorm method of infection found!
On Thursday, I wrote about new malware called iWorm. This morning I awoke to find an e-mail waiting for me in my Inbox from someone who wished to remain anonymous. This person indicated that he had...
View ArticleClik here to view.
Testing for opened ports with firewalk technique
There is an interesting way of knowing what kind of filters are placed in the gateway of a specific host. It is called firewalk and it is based on IP TTL expiration. The algorithm goes as follows:The...
View ArticleClik here to view.
Google Indonesia Hacked and defaced by Team MaDLeeTs
The Google Indonesia domain (www.google.co.id) was hacked into and left defaced for several hours today, The Hacker collective MaDLeeTs who claimed responsibility for the hack and also left there...
View ArticleClik here to view.
Easy to intercept and send information from/to Firechat App users
I recently discovered the existence of Firechat when I heard that it was being used by thousands of protester during the ongoing "Umbrella Revolution" in Hong Kong. Firechat is said to be a messaging...
View Article