Clik here to view.
Phase Bot - A Fileless Rootkit
Phase Bot is a fileless rootkit that went on sale during late October, the bot is fairly cheap ($200) and boasts features such as formgrabbing, ftp stealing, and of course the ability to run without a...
View ArticleClik here to view.
Trojanized and Pirated Assassins Creed app
During our daily research, we recently came across Android malware disguising itself as an Assassins Creed app, which is a popular paid gaming application. The malware in question will install a...
View ArticleClik here to view.
Microsoft Tool Updates
Microsoft recently released an update (KB 3004375) that allows certain versions the Windows OS to record command line options, if Process Tracking is enabled, in the Windows Event Log. Microsoft also...
View ArticleClik here to view.
Microsoft Internet Explorer 9-11 Windows 7-8.1 Vulnerability (patched in late...
I. Vunerability Description: Uninitialized Memory Corruption Lead to Code Execution.II.Analysis: I crafted an HTML file called 1.html and opened it with IE11/Windows 8.1, the following crash...
View ArticleClik here to view.
Decrypting TLS Browser Traffic With Wireshark – The Easy Way!
Most IT people are somewhat familiar with Wireshark. It is a traffic analyzer, that helps you learn how networking works, diagnose problems and much more. One of the problems with the way Wireshark...
View ArticleClik here to view.
Volatility plugin for Dyre
Dyre is a banking malware discovered in middle of 2014. It can intercept HTTPS traffic, using techniques documented in this Introduction to Dyreza.In the context of our review of malware faced by...
View ArticleClik here to view.
A Crypto Trick That Makes Software Nearly Impossible to Reverse-Engineer and...
Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It’s also what...
View ArticleClik here to view.
LD_NOT_PRELOADED_FOR_REAL
LD_PRELOAD is probably one of the most amusing feature of Linux operating systems. It is the starting piece of dynamic instrumentation, reverse engineering madness and every fun userland rootkits. The...
View ArticleClik here to view.
Session Hijacking of EBay
What follows is the communication between the EBay security team and myself. I've identified the vulnerability, YET... They refuse to fix it -- To be honest, I don't believe they took the time to...
View ArticleClik here to view.
How I Hacked Your Facebook Photos
What if your photos get deleted without your knowledge?Obviously that's very disgusting isn't it? Yup this post is about a vulnerability found by me which allows a malicious user to delete any photo...
View ArticleClik here to view.
CTB-Locker Dropper Analysis
You will find below an attempt to understand and describe the operation of CTB-Locker dropper recent malware (CTB Locker: a new massive crypto-ransowmare campaign).more...
View ArticleClik here to view.
Attackers Using New MS SQL Reflection Techniques
The bad guys are using a fairly new technique to tamper with the Microsoft SQL Server Resolution Protocol (MC-SQLR) and launch DDoS attacks.In an advisory released this morning, Akamai's Prolexic...
View ArticleClik here to view.
First ever Dark Leaks auction: I was the lead programmer for Silk Road 2.0.
Good morning.Allow me to introduce myself. My name is SR Doug.In October 2013, I was hired by Dread Pirate Roberts a/k/a Blake Benthall aslead programmer for Silk Road 2.0. From November 2013 up until...
View ArticleClik here to view.
(^Exploiting)\s*(CVE-2015-0318)\s*(in)\s*(Flash$)
So; issue 199/PSIRT-3161/CVE-2015-0318. Quick summary - it’s a bug in the PCRE regex engine as used in Flash. (Note that the published version of the avmplus code is significantly out of date; there...
View ArticleClik here to view.
eTouch SamePage v4.4.0.0.239 multiple vulnerabilities
Couldn’t find anyone to contact regarding this, so dropping it.eTouch SamePage v4.4.0.0.239 multiple vulnerabilitieshttp://www.etouch.net/products/samepage/index.htmlEnterprise trial was installed in...
View ArticleClik here to view.
EggSandwich – An Egghunter with Integrity
A while back I introduced the EggSandwich in my tutorial on Egghunting as a means to implement some basic integrity checks into the traditional Egghunter and overcome the problem of fragmented /...
View ArticleClik here to view.
NetGear WNDR Authentication Bypass / Information Disclosure PoC & Detailed...
>> NetGear WNDR Authentication Bypass / Information DisclosureReported by:----Peter Adkins <peter.adkins () kernelpicnic.net>Access:----Local network; unauthenticated access.Remote network;...
View ArticleClik here to view.
A New UAC Bypass Method that Dridex Uses
Today, I would like to describe a new UAC bypass method that has been used by the Dridex malware since December, 2014...
View ArticleClik here to view.
How to circumvent executable space protection on 64-bit Linux using a...
Nobody’s perfect. Particularly not programmers. Some days, we spend half our time fixing mistakes we made in the other half. And that’s when we’re lucky: often, a subtle bug escapes unnoticed into the...
View ArticleClik here to view.
White Lightning
WhiteLightning is the next generation of MiTM web exploitation. This tool was created for the Red Team, OpSec conscience pen tester, and for future inovators to show what can happen when you put a...
View Article