Clik here to view.
Demonstrating ClickJacking with Jack
Jack is a tool I created to help build Clickjacking PoC's. It uses basic HTML and Javascript and can be found on github - See more at: http://www.sensepost.com/blog/11105.html#sthash.OXRlSyNM.dpuf
View ArticleClik here to view.
Paper: Machine Learning Classification over Encrypted Data
Machine learning classification is used for numeroustasks nowadays, such as medical or genomics predictions,spam detection, face recognition, and financial predictions. Dueto privacy concerns, in some...
View ArticleClik here to view.
Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone
#Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZoneTaoguang Chen <[@chtg](http://github.com/chtg)> - Write Date:2015.1.29 - Release Date: 2015.2.20> A Type Confusion...
View ArticleClik here to view.
Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273]
#Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273]Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date:2015.1.29 - Release Date: 2015.2.20> A use-after-free...
View ArticleClik here to view.
Komodia rootkit findings by @TheWack0lian
First off: this is the first time I "seriously" reversed a kernel-mode NT driver, so keep that in mind when you read this here.........https://gist.github.com/Wack0/f865ef369eb8c23ee028and more on...
View ArticleClik here to view.
Multiple SQLi-, stored/reflected XSS- and CSRF-vulnerabilities in...
Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities inphpBugTracker v.1.6.0Advisory ID: SROEADV-2015-16Author: Steffen RösemannAffected Software: phpBugTracker v.1.6.0Vendor URL:...
View ArticleClik here to view.
Multiple stored XSS-vulnerabilities in MyBB v. 1.8.3
Advisory: Stored XSS-Vulnerabilities in MyBB v. 1.8.3Advisory ID: SROEADV-2015-15Author: Steffen RösemannAffected Software: MyBB v. 1.8.3Vendor URL: http://www.mybb.comVendor Status: patchedCVE-ID:...
View ArticleClik here to view.
Samsung iPolis XnsSdkDeviceIpInstaller.ocx ActiveX Remote Code Execution...
CVE-2015-0555Introduction*************************************************************There is a Buffer Overflow Vulnerability which leads to Remote CodeExecution.Vulnerability is due to input...
View ArticleClik here to view.
x86obf code virtualizer released for free
x86obf is a tool for executable binary protection. It works by locating marked code blocks of code and converting them to a series of instructions understood only by a randomly generated virtual...
View ArticleClik here to view.
Exploiting the Superfish certificate
As discussed in my previous blogpost, it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in...
View ArticleClik here to view.
It All Swings Round-- Malicious Macros
I was recently intrigued by a TrendMicro blog talking about VAWTRAK malware. Baddies are going way back to using some old-school methods of infection. Heck, I used a malicious macro embedded in a Word...
View ArticleClik here to view.
Paper: PowerSpy: Location Tracking using Mobile Device Power Analysis
Abstract—Modern mobile platforms like Android enable applicationsto read aggregate power usage on the phone. Thisinformation is considered harmless and reading it requires nouser permission or...
View ArticleClik here to view.
Bowcaster Feature: multipart/form-data
Need to reverse engineer or exploit a file upload vulnerability in an embedded web server? I added a multipart/form-data class to Bowcaster to help with that.more...
View ArticleClik here to view.
xaviershay-dm-rails v0.10.3.8 mysql credential exposure
Title: xaviershay-dm-rails v0.10.3.8 mysql credential exposureAuthor: Larry W. Cashdollar, @_larry0Date: 2015-02-17Download Site: https://rubygems.org/gems/xaviershay-dm-railsVendor: Martin Gamsjaeger,...
View ArticleClik here to view.
Paper: Evaluation of Security Solutions for Android Systems
With the increasing usage of smartphones a plethora of securitysolutions are being designed and developed. Many of the securitysolutions fail to cope with advanced attacks and are not awaysproperly...
View ArticleClik here to view.
Automating DFIR (Digital Forensics and Incident Response) - How to series on...
As you can see from the title of this post I'm starting on a series all about automating your work flow when doing DFIR work. It is my belief that our industry as we know it is poised for change due to...
View ArticleClik here to view.
Paper: Bitcoin over Tor isn’t a good idea
Abstract—Bitcoin is a decentralized P2P digital currencyin which coins are generated by a distributed set of minersand transaction are broadcasted via a peer-to-peer network.While Bitcoin provides some...
View ArticleClik here to view.
proxenet
proxenet is a Write-Your-Own-Plugins multi-threaded web proxy for pentesters designed to allow you to use your favorite scripting language (Python, Lua, Ruby, etc.) to perform targeted attacks on HTTP...
View ArticleClik here to view.
universal copy/paste in linux
I’d like to use the same copy/paste keyboard bindings in every application on linux. I spent some time determining if such is possible (spoiler, at best it’s hacky).more...
View ArticleClik here to view.
Hex-Rays Decompiler Enhanced View (HRDEV)
This is a simple IDA Pro Python plugin to make Hex-Rays Decompiler output bit more attractive. HRDEV plugin retrieves standard decompiler output, parses it with Python Clang bindings, does some magic,...
View Article