Clik here to view.
The art of disrespecting AV (and other old-school controls), Part 2
n December 2013 I posted about ‘The art of disrespecting AV (and other old-school controls)‘. I saw people retweeting it at that time and was quite happy that it generated some small feedback. It was...
View ArticleClik here to view.
mysql_forensics
Due to my Master Thesis i developed some scripts to analyse mysql-database systems.more here.........https://github.com/KasperFridolin/mysql_forensics
View ArticleClik here to view.
x509test
x509test is a software written in Python 3 that test the x509 certificate verification process of the target SSL/TLS client. The inspiration of this software comes from multiple reports on the...
View ArticleClik here to view.
PayPal Inc Bug Bounty #53 - Multiple Persistent Vulnerabilities
Document Title:===============PayPal Inc Bug Bounty #53 - Multiple Persistent VulnerabilitiesReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=835Release...
View ArticleClik here to view.
Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities
Document Title:===============Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent VulnerabilitiesReferences...
View ArticleClik here to view.
Pwning the kernel && root
This time we'll discuss how to use the basic building block of the limited form of kernel-write we found last time in order to get unrestricted write to the kernel, and ultimately root privileges.more...
View ArticleClik here to view.
Revisiting Android disk encryption
In iOS 8, Apple has expanded the scope of data encryption and now mixes in the user's passcode with an unextractable hardware UID when deriving an encryption key, making it harder to extract data from...
View ArticleClik here to view.
SOLDIER OF FORTRAN
On this site you will find the only known collection of mainframe hacking tools and links to mainframe hacking weblogsmore here............http://soldieroffortran.org/index.html
View ArticleClik here to view.
Apache mod_cgi - Remote Exploit (Shellshock)
#! /usr/bin/env pythonfrom socket import *from threading import Threadimport thread, time, httplib, urllib, sysstop = Falseproxyhost = ""proxyport = 0def usage(): print """ Shellshock apache...
View ArticleClik here to view.
AutoWeb 3.0 - (noticias.php id_cat) SQL Injection Exploit
#!/usr/bin/env python#-*- coding:utf-8 -*- # Title : AutoWeb v3.0 (noticias.php id_cat) SQL Injection Exploit# Author : ZoRLu / zorlu@milw00rm.com / submit@milw00rm.com# Home :...
View ArticleClik here to view.
Postfix SMTP - Shellshock Exploit
#!/bin/python# Exploit Title: Shellshock SMTP Exploit# Date: 10/3/2014# Exploit Author: fattymcwopr (Phil Blank)# Vendor Homepage: gnu.org# Software Link: http://ftp.gnu.org/gnu/bash/# Version: 4.2.x...
View ArticleClik here to view.
LM Hash Cracking – Rainbow Tables vs GPU Brute Force
Lately, Eric Gruber and I have been speaking about the cracking box that we built at NetSPI. Every time we present, the same question always comes up.“What about Rainbow Tables?”Our standard response...
View ArticleClik here to view.
Bugzilla Zero-Day Exposes Zero-Day Bugs
A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about...
View ArticleClik here to view.
Yahoo! Has been HACKED, and all your information with them is now in danger!
All stemming from them not keeping up with technology and failing to patch a world-known vulnerability!more...
View ArticleClik here to view.
SHELLSHOCK – HANDS-ON
In my previous post I gave an overview about the key events that happened during the week that GNU Bash vulnerability – Shellshock – got disclosed. In this post would like to demonstrate a hand’s on...
View ArticleClik here to view.
AT&T Hit By Insider Breach- Congress Should Require Credit Issuers to Access...
AT&T is warning consumers about a data breach involving an insider who illegally accessed the personal information of an unspecified number of users. The compromised data includes Social Security...
View ArticleClik here to view.
New Class of Vulnerability in Perl Web Applications
We did a Bugzilla security release today, to fix some holes responsibly disclosed to us by Check Point Vulnerability Research, to whom we are very grateful. The most serious of them would allow someone...
View ArticleClik here to view.
Syser + VirtualBox = Win
Recently I’ve had to step into the awful world of kernel debugging. When malware drops a rootkit and conventional userland debugging falls short, you have to step into ring 0. Unfortunately, options...
View ArticleClik here to view.
Start-Ups, Information Security, and Budgets
THE 80'S WERE OK, I GUESSAs a child of the 80's, I was raised with a lot of mixed messages. These messages took a lot of bizarre forms. I distinctly remember Poison's "Open Up and Say Ahh" being...
View ArticleClik here to view.
Paper: Another Tor is possible
The aim of this paper is to introduce some modifications in Tor, in order to improve user’s anonymityand relay’s security. Thus, we introduced a system that will ensure anonymity for all users,...
View Article