Clik here to view.
Lynis - Security auditing and hardening tool for Unix/Linux based systems
Lynis is an security auditing and hardening tool for Unix derivatives like Linux, BSD and Solaris. It performs an in-depth security scan on the system to detect software and security issues. Besides...
View ArticleClik here to view.
Malware Cleanup to Arbitrary File Upload in Gravity Forms
During our regular cleanup process we came across a reinfection case that caught our attention.This particular environment didn’t have anything special or fancy, it was an updated WordPress...
View ArticleClik here to view.
The FBI's request for single-warrant, remote computer searches: Examining the...
With little fanfare, zero congressional review or debate, and barely any public awareness, the FBI is requesting a rule change to gain broad powers to remotely search multiple computers, no matter...
View ArticleClik here to view.
Deceiving cPanel ‘Account Suspended’ page serves exploits
cPanel is one of the most popular web hosting control panels out there. It allows administrators to manage their website(s) using a graphical front end, perform maintenance and review important logs...
View ArticleClik here to view.
SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home
SEC Consult Vulnerability Lab Security Advisory < 20150227-0 >======================================================================= title: Multiple vulnerabilities...
View ArticleClik here to view.
Windows: AppInfo AiCheckSecureApplicationDirectory Bypass
The AppInfo service handles requests for UAC elevation. There's an issue with the checking of secure directories which allows a user to install a UIAccess application without requiring full access to...
View ArticleClik here to view.
Some statistics about onions
We are starting a project to study and quantify hidden services traffic. As part of this project, we are collecting data from just a few volunteer relays which only allow us to see a small portion of...
View ArticleClik here to view.
Vulnerability found in Sourceforge
Attacker can get shell and modify the homepageDisclosed here........http://wooyun.org/bugs/wooyun-2015-098566
View ArticleClik here to view.
FlashHacker
FlashHacker is an ActionScript Bytecode instrumentation framework. The RABCDasm tool is used for disassembling and assembling of ActionScript Bytecode. The tool uses Bytecode disassembly to inject...
View ArticleClik here to view.
Adventures in Xen exploitation
This post is about my experience trying to exploit the Xen SYSRET bug (CVE-2012-0217).This issue was patched in June 2012 and was disclosed in Xen Security Advisory 7 [1]. The bug was found by Rafal...
View ArticleClik here to view.
dnsdist
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive...
View ArticleClik here to view.
Caphaw - the advanced persistent pluginer
Caphaw (also known as Shylock) is a bit of a rarity among today's botnets: its source code hasn't been leaked and the malware has never been offered for sale on underground forums, suggesting that the...
View ArticleClik here to view.
The Anthem Hack: All Roads Lead to China
When news of the Anthem breach was reported on February 4th, 2015, the security industry quite understandably went wild. A breach of this magnitude was certainly unprecedented. Naturally, many...
View ArticleClik here to view.
Analysis of Windows USB Descriptor Vulnerability – MS13-081 (CVE-2013-3200)
Occasionally we receive requests to develop Core Impact modules for specific vulnerabilities. Here, I’d like to dive into what that process looked like for CVE-2013-3200, Windows USB vulnerability...
View ArticleClik here to view.
Abusing Blu-ray Players Pt. 1 – Sandbox Escapes
In today’s (28 February) closing keynote talk at the Abertay Ethical Hacking Society’s Secuir-Tay conference I discussed how it was possible to build a malicious Blu-ray disc.By combining different...
View ArticleClik here to view.
Damn Vulnerable iOS App (DVIA)
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS...
View ArticleClik here to view.
Awesome Penetration Testing
A collection of awesome penetration testing resources, tools, books, confs, magazines and other shiny thingsmore here...........https://github.com/enaqx/awesome-pentest#ddos-tools
View ArticleClik here to view.
Uber security breach may have affected up to 50,000 drivers
Thousands of Uber driver names and driver's license numbers may be in the hands of an unauthorized third party due to a data breach that occurred last year, the ride-hailing company announced...
View ArticleClik here to view.
(0Day) Microsoft Word Heap Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must...
View ArticleClik here to view.
dnstest – Monitor Your DNS for Hijacking
In light of the latest round of attacks against and/or hijacking of DNS, it occurred to me that most people really don’t know what to do about it. More importantly, many companies don’t even notice...
View Article