Clik here to view.
Forrester Research Uncovers Gaps in Mobile Certificate Security
The increasing reliance on mobile devices and applications is driving the need for mobile certificates to ensure that devices and applications are secure, authenticated, and encrypted for enterprise...
View ArticleClik here to view.
BYPASSING ROOT DETECTION IN THREE INTOUCH
Three recently released “InTouch”, an application for Android and iOS that allows you to use a WiFi network to send/receive phone calls and text messages, meaning that you can continue to use your...
View ArticleClik here to view.
SSDP Amplified Attacks, a Sitting Duck against Sophisticated DDoS Analytics
The craftiness of cyber attackers never ceases to amaze me and now a new kid on the block has emerged – the SSDP Reflective/Amplified DDoS attack. Many people may wonder what SSDP is. SSDP otherwise...
View ArticleClik here to view.
More Free Facebook Hacking Sites Surface Online
Four months ago, I unmasked a Facebook “hacking” service called FBSniffing and how it really doesn’t really “hack” but instead sign in users to a mobile service they never asked for.In this post, I’ll...
View ArticleClik here to view.
Machine Learning in Security Part 1: Language Model Detection in Domains
At OpenDNS our resolvers are flooded with massive amounts of Chinese domains on a daily basis, many of which security researchers are unfamiliar with. One of the projects our team was initially tasked...
View ArticleClik here to view.
Old Adobe Vulnerability Used in Dyreza Attack, Targets Bitcoin Sites
Cybercriminals and threat actors often use tried-and-tested vulnerabilities in order to infect user systems and consequently, penetrate an enterprise network. This highlights the importance of patching...
View ArticleClik here to view.
Backoff: propagation and possible authorship
The Nuix Cyber Threat Analysis Team has recently discovered a piece of malware that is responsible for propagating the newly discovered Backoff point of sale (PoS) malware family. This post will...
View ArticleClik here to view.
A year of Web Attacks
My Web Honeypot reached the first year, so i decide to write a summary with some statistics.Some informations about this Web Honeypot.The address : http://www.malekal.com/modsec/The attacks detections...
View ArticleClik here to view.
SHELLSHOCK: A SURVEY OF DOCKER IMAGES
When I look at the whole Shellshock debacle I am mostly sad. Sad that one can exploit a bug in a piece of software from 1989 to hack internet-connected devices in 2014. I always have this naive hope...
View ArticleClik here to view.
Application Security Economics
When you want to buy something that you can afford, what do you do? Well if you’re like most people you go to some financial institution and take out a loan in the amount of the item you wish to...
View ArticleClik here to view.
Malware Analysis: Case Study
In this blog we present a case-study from a recently concluded Malware Analysis.If you would like to leverage our’s team capability on Incident Response/Malware Analysis, please get in touch.more...
View ArticleClik here to view.
Microsoft: Close means close: New adware detection criteria
In April we introduced the rules that software developers should follow when creating advertisements to avoid being detected by Microsoft security products as adware. These rules are designed to keep...
View ArticleClik here to view.
Drupal Core
<?php#-----------------------------------------------------------------------------## Exploit Title: Drupal core 7.x - SQL Injection ## Date: Oct 16 2014...
View ArticleClik here to view.
Drupal Core
#Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005#Creditz to https://www.reddit.com/user/fyukyukimport urllib2,sysfrom drupalpass import DrupalHash #...
View ArticleClik here to view.
Drupal Core
#!/usr/bin/python### Drupal 7.x SQL Injection SA-CORE-2014-005 https://www.drupal.org/SA-CORE-2014-005# Inspired by yukyuk's P.o.C (https://www.reddit.com/user/fyukyuk)## Tested on Drupal 7.31 with...
View ArticleClik here to view.
Fonality trixbox CE remote root exploit
#!/usr/bin/perl## Title: Fonality trixbox CE remote root exploit# Author: Simo Ben youssef# Contact: Simo_at_Morxploit_com# Discovered & Coded: 2 June 2014# Published: 17 October 2014# MorXploit...
View ArticleClik here to view.
ffs ssl
I just set up SSLTLS on my web site. Everything can be had via https://wingolog.org/, and things appear to work. However the process of transitioning even a simple web site to SSL is so clownshoes bad...
View ArticleClik here to view.
Exploiting MS14-059 because sometimes XSS is fun, sometimes
This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide...
View ArticleClik here to view.
Building Ultimate Anonymous Malware Analysis and Reverse Engineering Machine
In this article, I'll show you my malware analysis environment and setup. I have to say that all software and configurations written in this article are totally my personal preference, this is my...
View ArticleClik here to view.
New attack hides stealthy Android malware in images
A new technique that allows attackers to hide encrypted malicious Android applications inside images could be used to evade detection by antivirus products and possibly Google Play’s own malware...
View Article