Clik here to view.
OnionPhone- VOIP tool for calling over Tor
OnionPhone (OPH) is a VOIP tool for calling over Tor network which can be used as a VOIP plugin for TorChat. Call is targeted to the onion address of the recipient (its hidden service HS).OPH provides...
View ArticleClik here to view.
fix macosx
This script modifies the current user's Spotlight preferences, disabling sharing of Spotlight searches with Apple. Spotlight appears to send live keystrokes directly to Apple notes Landon Fuller of...
View ArticleClik here to view.
ADVobfuscator
ADVobfuscator demonstates how to use C++11 language to generate, at compile time, obfuscated code without using any external tool and without modifying the compiler. The technics presented rely only on...
View ArticleClik here to view.
White Paper: Micro-Targeted Malvertising via Real-time Ad Bidding
Most targeted attacks against organizations originate as spear-phish campaigns or watering hole styleweb driveby attacks. Within the last six months, Invincea has discovered and stopped...
View ArticleClik here to view.
Know Your Threat Landscape - Standardized Security Threat Information (STIX &...
Over the years, many managed security service providers have been publishing variants of an external Threat Analysis in one form or another. Annual, Quarterly, Weekly, Daily, and live feeds are regular...
View ArticleClik here to view.
CVE-2014-0556 (Adobe Flash Player) integrating Exploit Kits
A proof of concept (for Flash 14.0.0.145) of a heap-based buffer overflow patched on September 9th, affecting Flash 13.0.0.<244, 14.0.0.<=179 15.0.0.<152 was published on September 30th on...
View ArticleClik here to view.
CVE-2014-7292 Newtelligence dasBlog Open Redirect Vulnerability
Exploit Title: Newtelligence dasBlog Open Redirect VulnerabilityProduct: dasBlogVendor: NewtelligenceVulnerable Versions: 2.3 (2.3.9074.18820) 2.2 (2.2.8279.16125)2.1(2.1.8102.813)Tested Version: 2.3...
View ArticleClik here to view.
Mozilla mozilla.org Two Sub-Domains ( Cross Reference) XSS Vulnerability (...
Domains:http://lxr.mozilla.org/http://mxr.mozilla.org/(The two domains above are almost the same)Websites information:lxr.mozilla.org, mxr.mozilla.org are cross references designed to displaythe...
View ArticleClik here to view.
Breaking International Voicemail Security via VVM Exploitation
A few days ago, I gave a presentation at Ruxcon about breaking international voicemail security. Whilst the crowd and conference were absolutely amazing - my overall research, I think has a much wider...
View ArticleClik here to view.
Criticism - Revisiting XSS Sanitization
This is a criticism about Ashar Javed's BlackHat EU Talk: Revisiting XSS Sanitization.I believe as in any field of science we need to have a discussion about published research. Especially when we...
View ArticleClik here to view.
How to root the LPX13D preview on the ADT-1
Molly also has an OTA available to LPX13D. It only took me a couple of hours to get my ADT-1 to actually accept it. As with the new Nexus 5 and 7 previews, this device needs a modified kernel for...
View ArticleClik here to view.
Keep calm and take a Tcpdump
Tcpdump is just one of the tools that will make troubleshooting network issues, or testing applications, or even finding out what traffic is being generated on a host. This podcast is to help you...
View ArticleClik here to view.
An Analysis of A Windows Kernel-Mode Vulnerability (CVE-2014-4113)
Three zero-day vulnerabilities - CVE-2014-4114, CVE-2014-4148, and CVE-2014-4113 - were reported last week and patched by Microsoft in their October 2014 Patch Tuesday. CVE-2014-4114, also known as the...
View ArticleClik here to view.
AST-2014-011: Asterisk Susceptibility to POODLE Vulnerability
Asterisk Project Security Advisory - AST-2014-011 Product Asterisk Summary Asterisk Susceptibility to POODLE Vulnerability Nature of Advisory Unauthorized Data...
View ArticleClik here to view.
Chinese MITM Attack on iCloud
Users in China are reporting a MITM attacks on SSL connections to iCloud.GreatFire.org, who monitor the Great Firewall of China (GFW), also published a blog post on their website earlier today...
View ArticleClik here to view.
Did the “Man With No Name” Feel Insecure?
Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the...
View ArticleClik here to view.
Virginia Police Have Been Secretively Stockpiling Private Phone Records
While revelations from Edward Snowden about the National Security Agency’s massive database of phone records have sparked a national debate about its constitutionality, another secretive database has...
View ArticleClik here to view.
Update: PDFiD With Plugins Part 1
Almost from the beginning when I released PDFiD, people asked me for anti-virus like feature: that PDFiD would tell you if a PDF was malicious or not. Some people even patched PDFiD with a scoring...
View ArticleClik here to view.
Banks: Credit Card Breach at Staples Stores
Multiple banks say they have identified a pattern of credit and debit card fraud suggesting that several Staples Inc. office supply locations in the Northeastern United States are currently dealing...
View ArticleClik here to view.
Document: iOS Security
Apple designed the iOS platform with security at its core. When we set out to create thebest possible mobile platform, we drew from decades of experience to build an entirelynew architecture. We...
View Article