Clik here to view.
Hard disk hacking - Intro
Hard disks: if you read this, it's pretty much certain you use one or more of the things. They're pretty simple: they basically present a bunch of 512-byte sectors, numbered by an increasing address,...
View ArticleClik here to view.
Google Chrome caused a kernel crash..!
Google Chrome caused a kernel crash here..........http://www.binarysniper.net/2014/11/google-chrome-caused-kernel-crash.html
View ArticleClik here to view.
Dumping a Domain’s Worth of Passwords With Mimikatz pt. 2
A year ago, @mubix published a cool post on http://carnal0wnage.attackresearch.com/ about “Dumping a domain’s worth of passwords with mimikatz“. In the article, he talked about using a combination of...
View ArticleClik here to view.
Paper: Wait a minute! A fast, Cross-VM attack on AES
In cloud computing, efficiencies are reaped by resource shar-ing such as co-location of computation and deduplication of data. Thiswork exploits resource sharing in virtualization software to build a...
View ArticleClik here to view.
Stupid is as Stupid Does When It Comes to .NET Remoting
Finding vulnerabilities in .NET is something I quite enjoy, it generally meets my criteria of only looking for logic bugs. Probably the first research I did was into .NET serialization where I got some...
View ArticleClik here to view.
GemFire: From OQLi to RCE through reflection
During a penetration testing activity on one of our customers, we had to assess the security of some web services that interacted with an underlying GemFire database.more...
View ArticleClik here to view.
Burp CO2 now sports some Laudanum Scripts!
There have been a number of updates to the Burp CO2 extension suite over the past couple of months but the most exciting one is the addition of Laudanum functionality. The Laudanum Project consists of...
View ArticleClik here to view.
CVE-2014-8610 Android < 5.0 SMS resend vulnerability
INTRODUCTION==================================In Android <5.0, an unprivileged app can resend all the SMS stored in the user's phone to their corresponding recipients or senders (without user...
View ArticleClik here to view.
CVE-2014-8609 Android Settings application privilege leakage vulnerability
INTRODUCTION==================================In Android <5.0 (and maybe >= 4.0), Settings application leaks Pendingintent with a blank base intent (neither the component nor the action is...
View ArticleClik here to view.
Typos Can have a Bigger Impact Than Expected
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk in that?You may have seen the Grammar Police...
View ArticleClik here to view.
CVE-2014-8507 Android < 5.0 SQL injection vulnerability in WAPPushManager
INTRODUCTION==================================In Android <5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch...
View ArticleClik here to view.
Infected HTML Files Bundled in Android Apps
Computer malware can have a long arms reach, given the right environment. In today’s computing age there are more platforms for malware to crossover and spread, easily latching on to their favorite...
View ArticleClik here to view.
device42 DCIM authenticated remote root via appliance manager
Remote Authenticated Root in Device42 DCIM Appliance Manager v5.10 and v6.0http://www.device42.com/download/ Device42 ships virtual appliances ready for production use as a trial(essentially dictated...
View ArticleClik here to view.
ModSecurity Advanced Topic of the Week: Detecting Malware with Fuzzy Hashing
In the most recent release of ModSecurity v2.9.0-RC1, we introduced a new operator called @fuzzyHash which uses functionality from the ssdeep tool. This blog post will demonstrate a powerful use-case...
View ArticleClik here to view.
phpBB
When PHP's register_globals configuration directive set on, phpBB will callderegister_globals() function, all global variables registered by PHP willbe destroyed. But deregister_globals() functions...
View ArticleClik here to view.
MyBB
#MyBB <= 1.8.2 unset_globals() Function Bypass and Remote CodeExecution VulnerabilityTaoguang Chen <[@chtg57](twitter.com/chtg57)> - 2014.11.21> MyBB's unset_globals() function can be...
View ArticleClik here to view.
CITAS – Computer Intrusion Threat Assessment System
Last weekend, I was at a small conference and one of the people whose presentations I attended was an FBI special agent named John B. Chesson.After he got through the obligatory introductory material...
View ArticleClik here to view.
Paper: Erlang Security 101
NCC Group’s Security Technical Assurance team performs code reviews for clients on numerousdifferent programming languages. Some are well understood from a security perspective (e.g. C,C++, C#, PHP and...
View ArticleClik here to view.
Slider Revolution/Showbiz Pro shell upload exploit
#!/usr/bin/perl## Title: Slider Revolution/Showbiz Pro shell upload exploit# Author: Simo Ben youssef# Contact: Simo_at_Morxploit_com# Discovered: 15 October 2014# Coded: 15 October 2014# Updated: 25...
View ArticleClik here to view.
Close Encounters with Symbolic Execution
At THREADS 2014, I demonstrated a new capability of mcsema that enables the use of KLEE, a symbolic execution framework, on software available only in binary form. In the talk, I described how to use...
View Article