Clik here to view.
Paper: Exploiting CVE-2014-4113 on Windows 8.1
On the 14th of October 2014 both CrowdStrike1 and FireEye2 published a blog post describing a new zero-day privilege escalation vulnerability on Windows. The CrowdStrike article explains that this new...
View ArticleClik here to view.
Message Security Layer: A Modern Take on Securing Communication
Netflix serves audio and video to millions of devices and subscribers across the globe. Each device has its own unique hardware and software, and differing security properties and capabilities. The...
View ArticleClik here to view.
PS Vita Level 1: Webkitties
A few weeks ago, a couple of friends and I decided to take a look at the PS Vita in order to see if we could exploit it in any way. Since I didn't really have an idea where to start, I did some...
View ArticleClik here to view.
Paper: How Secure is TextSecure?
Instant Messaging has attracted a lot of attention by users for both private and business communication and has especially gained popularity as low-cost short message replacement on mobile devices....
View ArticleClik here to view.
Reversing D-Link’s WPS Pin Algorithm
While perusing the latest firmware for D-Link’s DIR-810L 80211ac router, I found an interesting bit of code in sbin/ncc, a binary which provides back-end services used by many other processes on the...
View ArticleClik here to view.
MS Bitlocker device encryption automatically uploads recovery keys to SkyDrive
A sends:1) Bitlocker keys are uploaded to OneDrive by 'device encryption'."Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always...
View ArticleClik here to view.
Password hash disclosure in Linksys Smart WiFi routers
This is my tale about reporting a specific security vulnerability in a major product, just to give some insight in how responsible disclosures are handled by a security researcher (me) and various...
View ArticleClik here to view.
[BugBounty] The 5000$ Google XSS
Dear followers,i recently searched for vulnerabilities on a Google service called tagmanager, this service is used for SEO operations.more...
View ArticleClik here to view.
Can We Rely on an Air-Gap to Secure our Critical Systems?
Following our recent disclosure on how to breach air gap security with a simple mobile phone and RF emitted from the air-gapped computer we wanted to provide some overview on the topic. - See more at:...
View ArticleClik here to view.
Possible leaked credentials from United Nation Development Program
Possible leaked credentials from United Nation Development Program here....http://siph0n.in/exploits.php?id=3576
View ArticleClik here to view.
burpstaticscan
Use burp's JS static code analysis on code from your local system. Here's generally how the process works:Go static file server is started to host the specified directoryAdd file server URL to burp's...
View ArticleClik here to view.
For Those Who Missed This News: Commission updates EU control list on dual...
The Commission has updated the EU list of dual-use items – goods, software and technology normally used for civilian purposes but which might have military applications or contribute to the...
View ArticleClik here to view.
Hacking Android phone using Metasploit
World is contracting with the growth of mobile phone technology. As the number of users is increasing day by day, facilities and the statistics are changing likewise. The mobile phones are providing...
View ArticleClik here to view.
Over 227,000 New Malware Samples Emerged Daily in Q3 2014
Cybercriminals have taken the fast lane to thieving and plundering, creating more than 20 million fresh strains of malware in the third quarter of the year, which translates into a rate of 227,747 new...
View ArticleClik here to view.
CVE-2014-5387 - Multiple Authenticated SQL Injections in EllisLab...
Vulnerability title: Multiple Authenticated SQL Injections in EllisLab ExpressionEngine CoreCVE: CVE-2014-5387Vendor: EllisLabProduct: ExpressionEngine CoreAffected version: Versions earlier than 2.9.0...
View ArticleClik here to view.
Drupal 7.32 two weeks later - PoC
Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection. You should...
View ArticleClik here to view.
Report: A Flaw In Visa's Contactless Card Lets Anyone Charge It $999,999
Contactless credit cards are a hit in the UK. But a British research team has revealed a serious security flaw that allows anyone to charge up to $999,999.99 in foreign currency to a nearby card, even...
View ArticleClik here to view.
AntiVirus-evading Executable and Post-Exploitation with the Veil-Evasion...
In this post, i’m covering the creation of a shell_reverse_tcp payload-ed executable that will evade all antivirus software, and some post-exploitation stuff using the Veil-Evasion Framework and...
View ArticleClik here to view.
CNIL CookieViz XSS + SQL injection leading to user pwnage
# CNIL CookieViz XSS + SQL injection leading to user pwnage## Product link: https://github.com/LaboCNIL/CookieViz# CVE references CVE-2014-8351, CVE-2014-8352TL;DR-----Since October...
View ArticleClik here to view.
ROM – A New Version of the Backoff PoS Malware
A few months have passed since the release of the “Backoff” point-of-sale (PoS) malware advisory, but Backoff and other PoS malware continue to be an active threat as businesses keep reporting data...
View Article