Clik here to view.
Questioning the chain of trust: investigations into the root certificates on...
All SSL connections rely on a chain of trust. This chain of trust, a part of PKI, is established by certificate authorities (CAs), which serve as trust anchors to verify the validity of who a device...
View ArticleClik here to view.
SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces
SEC Consult Vulnerability Lab Security Advisory < 20141015-0 >======================================================================= title: Potential Cross-Site Scripting...
View ArticleClik here to view.
Bypassing blacklists based on IPy
A few months ago, when working on my slides for Insomni'hack, I had a few conversations with the Prezi security team. Among many defense-in-depth protections, they introduced some code forbidding...
View ArticleClik here to view.
Warbird Operation
Some time ago while working on Windows 8, we came across a rather unusual piece of disassembly in some Microsoft binary files. This post describes some of our findings and how they are related to a...
View ArticleClik here to view.
Operation Windigo: “Good job, ESET!” says malware author
Following the recognition at Virus Bulletin 2014 of ESET’s research on Operation Windigo, I took the opportunity to ask Marc-Etienne Léveillé – who worked directly on the Operation Windigo report a few...
View ArticleClik here to view.
SRTP Memory Leak (CVE-2014-3513)
OpenSSL Security Advisory [15 Oct 2014]=======================================SRTP Memory Leak (CVE-2014-3513)================================Severity: HighA flaw in the DTLS SRTP extension parsing...
View ArticleClik here to view.
New FrameworkPOS variant exfiltrates data via DNS requests
Analysis of a new variant of the famous PoS malwareBetween April and September 2014, the American retailer Home Depot was targeted by criminals who aimed to steal credit card information. The malware...
View ArticleClik here to view.
SA-CORE-2014-005 - Drupal core - SQL injection
Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks.A vulnerability in this API allows an attacker to send...
View ArticleClik here to view.
New torrentlocker variant active in the Netherlands
The Netherlands was hit with a new spamrun designed to spread a cryptolocker variant known as torrentlocker from Monday October 13th 2014 onwards. Please note that torrentlocker appears to present...
View ArticleClik here to view.
How I stole source code with Directory Indexing and Git
The keys to the kingdom pretty much always come down to acquiring source code for the web application you’re attacking from a blackbox perspective. This is a quick review of how I was able to get...
View ArticleClik here to view.
RTSP Brute Forcing for fun and naked pictures?
RTSP… Real Time Streaming Protocol… is a protocol largely ignored these days. Once the infrastructure relied upon in the early days of multimedia (Video) and developed by RealNetworks, RTSP resides...
View ArticleClik here to view.
CVE-2014-2230 - OpenX Open Redirect Vulnerability
Exploit Title: OpenX Open Redirect VulnerabilityProduct: OpenXVendor: OpenXVulnerable Versions: 2.8.10 and probably priorTested Version: 2.8.10Advisory Publication: OCT 8, 2014Latest Update: OCT 8,...
View ArticleClik here to view.
Quick analysis of the CVE-2013-2729 obfuscated exploits
Some months ago I analyzed some PDF exploits that I received via SPAM mails. They contained the vulnerability CVE-2013-2729 leading to a ZeuS-P2P / Gameover sample. Back in June I received more PDF...
View ArticleClik here to view.
MS14-063 – FastFat vulnerability fixed years ago…
In vulnerability research, and computer security, we often deal strictly in the intangible. There are times however when tangible attack vectors can play a big part in real-world attacks. In a lot of...
View ArticleClik here to view.
New York Times nytimes.com Page Design XSS Vulnerability (Almost all Article...
New York Times nytimes.com Page Design XSS Vulnerability (Almost allArticle Pages Before 2013 are Affected)Domain:http://www.nytimes.com/Vulnerability Description:The vulnerability occurs at New York...
View ArticleClik here to view.
Watson
A lightweight packet capture application withsupport for hardware timestamping (ns accuracy)no external lib requirements (no libpcap)TPACKET_V3 RX_RING using AF_PACKETmore...
View ArticleClik here to view.
IIS Crypto
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012. It also lets you...
View ArticleClik here to view.
Account Entrapment: The Victim is Tricked into “Playing for the Wrong Team”...
Ben Broussard of Denim Group presented at OWASP Austin on 9/30 and highlighted a really interesting new kind of attack – Account Entrapment. - See more at:...
View ArticleClik here to view.
[CORE-2014-0007] -SAP Netweaver Enqueue Server Trace Pattern Denial of...
Core Security - Corelabs Advisoryhttp://corelabs.coresecurity.com/SAP Netweaver Enqueue Server Trace Pattern Denial of Service Vulnerability1. **Advisory Information**Title: SAP Netweaver Enqueue...
View ArticleClik here to view.
Revealed: how Whisper app tracks ‘anonymous’ users
Some Whisper users monitored even after opting out of geolocation servicesCompany shares some information with US Department of DefenseUser data collated and indefinitely stored in searchable...
View Article