Clik here to view.
Hacking file uploaders with race condition
TL;DR I use a race condition to upload two avatars at the same time to exploit another Paperclip bug and get remote code execution on Apache+Rails stacks. I believe many file uploaders are vulnerable...
View ArticleClik here to view.
Windows Userland Persistence Fundamentals
This tutorial will cover several techniques that can be used to gain persistent access to Windows machines. Usually this doesn't enter into play during a pentest (with the exception of red team...
View ArticleClik here to view.
MS14-063 A Potential XP Exploit
New vulnerabilities for old operating systems may not seem particularly interesting, until you consider the large number of legacy machines running outdated versions of Windows. Windows XP has reached...
View ArticleClik here to view.
HAUHRA AND HILDR RELEASE
Finally after one of year I’m releasing two new codes. I worked on them originally to contribute to DC issue 6, but things have turned rather complicated with the zine so far. I worked on them on...
View ArticleClik here to view.
Reverse Engineer a Verisure Wireless Alarm part 2 – Firmwares and crypto keys
So we’re back, ready to run through an additional step into our Verisure Wireless alarm journey. This post is the second chapter of my Verisure story where we’ll learn how to extract and dig into...
View ArticleClik here to view.
Updated OSXCOLLECTOR with a bunch of filters to do automatic analysis and...
A "How'd that malware get there?" tool for OS Xmore here..........https://github.com/Yelp/osxcollector
View ArticleClik here to view.
bro-scripts
One of the many ways to look for Exploit Kit/drive-by behaviormore here.........https://github.com/sooshie/bro-scripts/tree/master/exploitkit
View ArticleClik here to view.
HACKING THE STREET? FIN4 LIKELY PLAYING THE MARKET
FireEye is currently tracking a group thattargets the email accounts of individualsprivy to the most confidential information ofmore than 100 companies. The group, which wecall FIN4, appears to have a...
View ArticleClik here to view.
[RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf
Advisory: Remote Code Execution in TYPO3 Extension ke_dompdfDuring a penetration test RedTeam Pentesting discovered a remote codeexecution vulnerability in the TYPO3 extension ke_dompdf, which...
View ArticleClik here to view.
[RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire
Advisory: Information Disclosure in TYPO3 Extension ke_questionnaireThe TYPO3 extension ke_questionnaire stores answered questionnaires in apublicly reachable directory on the webserver with filenames...
View ArticleClik here to view.
[RT-SA-2014-011] EntryPass N5200 Credentials Disclosure
Advisory: EntryPass N5200 Credentials DisclosureEntryPass N5200 Active Network Control Panels allow the unauthenticateddownloading of information that includes the current administrativeusername and...
View ArticleClik here to view.
CVE-2014-9016 and CVE-2014-9034 Proof of Concept
Assuming that time enough has happened since the security update was released by Wordpress and Drupal, we want to share our researches. As you already know, we believe in Responsible Disclosure and...
View ArticleClik here to view.
ColdSub-Zero.pyFusion v2
CF9-10 Remote Root Zerodaymore here........http://downloads.securityfocus.com/vulnerabilities/exploits/59773.py
View ArticleClik here to view.
Android Internals: Package Verifiers
Inspired by Nikolay Elenkov’s detailed technical posts on Android Explorations, I decided to dig into the Android source code myself and document the package verification mechanism in Android.more...
View ArticleClik here to view.
A SHARK ON THE NETWORK
I’ve spent a lot of time this year thinking about networking, the web, and security on the Internet. Since the Snowden leaks, revelations about the scale and sophistication of government cyberweapons...
View ArticleClik here to view.
[RT-SA-2014-012] Unauthenticated Remote Code Execution in IBM Endpoint...
Advisory: Unauthenticated Remote Code Execution in IBM Endpoint Manager Mobile Device Management ComponentsDuring a penetration test, RedTeam Pentesting discovered that severalIBM Endpoint...
View ArticleClik here to view.
Windows Journal has a lot of 0days!
I was reading the blog at beyondtrust and decided to check if Journal was really an easy target.Behold, multiple exploitable looking crashes in a couple of minutes of mutation!more...
View ArticleClik here to view.
CVE-2014-6332 PoC to get shell (packed everything in one html)
CVE-2014-6332 PoC to bypass IE protected mode if enabled (with localhost) then get shellhere.........https://gist.github.com/worawit/84ab41358b8465966224
View ArticleClik here to view.
OPERATION CLEAVER
A new global cyber power has emerged; one that has already compromised some of the world’s most critical infrastructure. The Operation Cleaver report sheds light on the efforts of a coordinated and...
View ArticleClik here to view.
Step-by-Step Setup of ELK for NetFlow Analytics
The ELK stack is a set of analytics tools. Its initials represent Elasticsearch, Logstash and Kibana. Elasticsearch is a flexible and powerful open source, distributed, real-time search and analytics...
View Article