Clik here to view.
AT&T U-Verse VAP2500: The Passwords, They Do Nothing!
You may have heard by now that AT&T has a “wireless” cable box offering for its U-Verse customers, which is pretty sweet. But what I wasn’t aware of is that, in order for this cable box to connect...
View ArticleClik here to view.
All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS...
*All Links in **Two Topics of Indiatimes (indiatimes.com<http://indiatimes.com/>) Are Vulnerable to XSS (cross site scripting)Attacks **Domain Description:*http://www.indiatimes.com"According to...
View ArticleClik here to view.
CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation
<http://tetraph.com/security/open-redirect/cve-2014-8754-wordpress-ad-manager-plugin-dest-redirect-privilege-escalation/#respond>*CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect...
View ArticleClik here to view.
CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Vulnerability
*Exploit Title: Springshare LibCal XSS (Cross-Site Scripting) Vulnerability*Product: LibCalVendor: SpringshareVulnerable Versions: 2.0Tested Version: 2.0Advisory Publication: Nov 25, 2014Latest Update:...
View ArticleClik here to view.
The Weather Channel weather.com Almost All Links Vulnerable to XSS Attacks
*The Weather Channel weather.com <http://weather.com/> Almost All LinksVulnerable to XSS Attacks*Domain Description:http://www.weather.com/"The Weather Channel is an American basic cable and...
View ArticleClik here to view.
Writing meaningful and professional penetration testing reports
Take a raw report from £199 per year security scanner, pack it into your "methodology template" and sell as "consulting service" on £1000 per day basis, 5 days minimum. Sounds like a recipe for...
View ArticleClik here to view.
CVE-2014-5439 - Root shell on Sniffit [with exploit]
CVE-2014-5439 - Root shell on SniffitSniffit is a packet sniffer and monitoring tool.The attacker can create a specially-crafted sniffit configuration file, which is ableto bypass all three protection...
View ArticleClik here to view.
Defaced websites leading to Dokta Chef Exploit Kit and CVE-2014-6332
Defacing websites has been the main stay for hacktivist groups to spread their message. During recent research, we found multiple compromised websites containing a malicious link to a "lulz.htm" page,...
View ArticleClik here to view.
Agafi/ROP
Agafi/ROP is a Win32 command line tool chain useful to find gadgets and build ROP-Chains used by x86 binary exploits.more here..........https://github.com/CoreSecurity/Agafi
View ArticleClik here to view.
CoinVault Ransomware Jumps on Freemium Model
We have continuously monitored crypto-ransomware’s modifications and evolution since its discovery in late 2013. Though crypto-ransomware is still relatively “new” to the threat landscape, it has...
View ArticleClik here to view.
How Cross-Site WebSocket Hijacking could lead to full Session Compromise
WebSockets is an HTML5 feature providing full-duplex communications channel over a single TCP connection. This enables building real-time applications by creating a persistent connection between the...
View ArticleClik here to view.
New PoS Malware Kicks off Holiday Shopping Weekend
We are currently looking into a new point-of-sale (PoS) malware family detected as TSPY_POSLOGR.K, which is making the rounds just in time for this year’s holiday shopping weekend.more...
View ArticleClik here to view.
AGbot DDoS Attacks Internet VNC Servers
Last week, our FortiGuard Labs Threat Intelligence system was able to capture a DDoS attack targeting internet VNC servers. The attack was raised by a brand new IrcBot, which we are detecting as...
View ArticleClik here to view.
Crackq Client
Distributed GPU-accelerated online password crackermore here.........http://www.reddit.com/r/netsec/comments/2nmyri/crackq_distributed_gpuaccelerated_online_password/
View ArticleClik here to view.
HeapInspector
HeapInspector is an iOS debug tool that monitors the memory heap in your app. You can discover memory leaks, no longer needed living objects and more issues directly on your device without ever...
View ArticleClik here to view.
Zero Knowledge Proofs: An illustrated primer
One of the best things about modern cryptography is the beautiful terminology. You could start any number of punk bands (or Tumblrs) named after cryptography terms like 'hard-core predicate', 'trapdoor...
View ArticleClik here to view.
Using PowerShell for Client Side Attacks
When I started working on this, I just thought of using PowerShell scripts and payloads for client side attacks and not of the generator scripts. There are many awesome Social Engineering tools out...
View ArticleClik here to view.
Responder v2.1.3
Responder is an Active Directory/Windows environment takeover tool suitethat can stealthily take over any default Active Directory environment(including Windows 2012R2).Most of the attacks in this tool...
View ArticleClik here to view.
Exploiting MS14-066 / CVE-2014-6321 (aka “Winshock”)
I think enough time has passed now to provide a little more detail on how to exploit MS14-066 schannel vulnerability (aka “Winshock”). In this post I won’t be providing a complete PoC exploit, but I...
View ArticleClik here to view.
Hacking Facebook.com/thanks Posting on behalf of your friends!
Facebook recently introduced "Say Thanks", an experience that lets Facebook user to create personalized video cards for their facebook friends.To create a Thanks video, a user needs to visit...
View Article