Clik here to view.
Accessing Employee Settings On Uber- How I accessed employee settings on...
While debugging an upcoming app of mine, I accidentally got a closer glimpse into Uber’s iOS app internals. I was surprised by what I found and how easy it was to accomplish my findings.Method of...
View ArticleClik here to view.
Swiss File Knife v1.7.4 HTTP - Buffer Overflow Vulnerability
Document Title:===============Swiss File Knife v1.7.4 HTTP - Buffer Overflow VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1441Release...
View ArticleClik here to view.
Using Windows Screensaver as a Backdoor with PowerShell
I came across this interesting post about bypassing Windows Lock Screen via Flash Screensaver. While bypassing the lock screen is useful, the method mentioned there needs physical access to the target....
View ArticleClik here to view.
Angler Exploit Kit Using k33nteam’s October Internet Explorer Use After Free
In 2014, Microsoft introduced heap corruption mitigations into Internet Explorer (IE), such as an isolated heap for certain objects, and a delayed free (collectively referred to as MEMPROTECT). While...
View ArticleClik here to view.
[ TECHNICAL TEARDOWN: PHP WEBSHELL ]
Today, my personal scanner found yet another PHP WebShell.Since we at VXSecurity.sg haven’t write anything on PHP WebShell, I will be writing one on it today.So what is a “PHP WebShell”?A PHP WebSehll...
View ArticleClik here to view.
[ TECHNICAL ANALYSIS: DECEIVING ‘PARKED DOMAIN’ & SEVERAL .SG SITES SERVES...
I have reported the following Singapore website(s) which might be serving malicious content to SingCERT back in 29th November 2014.But i have just checked today and all of these site(s) are still...
View ArticleClik here to view.
Paper: Stealing Keys from PCs by Radio: Cheap Electromagnetic Attacks on...
Abstract: We present new side-channel attacks on implementations of RSA and ElGamal encryption. The attacks can extract secret keys using a very low measurement bandwidth (a frequency band of less than...
View ArticleClik here to view.
Remote Desktop Connections, Terminal Services and Plaso
tl;drCheck the Microsoft-Windows-TerminalServices-LocalSessionManager and Microsoft-Windows-TerminalServices-RemoteConnectionManager logs for events relating to user logon/logoff.Terminal Services...
View ArticleClik here to view.
UBER Filing A Subpoena Against GitHub Over Breach
DECLARATION OF JAMES G. SNELL INSUPPORT OF PLAINTIFF UBERTECHNOLOGIES, INC.’S EX PARTEMOTION FOR EXPEDITED DISCOVERYHere............http://regmedia.co.uk/2015/02/28/ubergithubexhibit.pdfand...
View ArticleClik here to view.
PoC for Samba vulnerabilty (CVE-2015-0240)
PoC for Samba vulnerabilty (CVE-2015-0240) by sleepyaThis PoC does only triggering the bugmore here..........https://gist.github.com/worawit/33cc5534cb555a0b710b
View ArticleClik here to view.
Phishing attacks carried out on a non-jailbroken iPhone 6 (iOS 8.1.3) (App...
Last year in March and April is when we discovered an attack on iOS 7.0 capable of phishing on non-jailbroken ios devices (that can steal Apple id passwords, gmail passwords, etc.). Its been quite...
View ArticleClik here to view.
Bogus Search Engine Leads to Exploits
Search at your own risk here..........https://blog.malwarebytes.org/online-security/2015/02/bogus-search-engine-leads-to-exploits/
View ArticleClik here to view.
Using open-uri? Check your code - you're playing with fire!
Ruby’s OpenURI is an easy-to-use wrapper for net/http, net/https and net/ftp. As far as I know it’s the most popular way to read URL content, make a GET request or download a file.require "open-uri"...
View ArticleClik here to view.
Rogue Router Firmware Chaos #Backdoor
Internet is one of the sensational technology that we have known till date. There are more than 3 Billion internet users and this proves the domination of internet worldwide. With the growth of...
View ArticleClik here to view.
Technical "whitepaper" for afl-fuzz
American Fuzzy Lop does its best not to focus on any singular principle ofoperation and not be a proof-of-concept for any specific theory. The tool canbe thought of as a collection of hacks that have...
View ArticleClik here to view.
Modern Defense Against CSRF Attacks- AntiCSRF library
In web application security, Cross-Site Request Forgery (CSRF) is a type of attack that tricks the victim into running a command on behalf of the attacker by sending the victim an otherwise innocent...
View ArticleClik here to view.
Using XSScrapy to Scan for XSS Vulnerabilities
Using XSScrapy to Scan for XSS VulnerabilitiesXSScrapy is an amazing tool for the aspiring cyber security researcher. Entering the cyber security field used to be challenging and full of hours of...
View ArticleClik here to view.
Frida 2.0.0 Released
It’s time for a new and exciting release! Key changes include:No more kernel panics on Mac and iOS!Mac and iOS injector performs manual mapping of Frida’s dylib. This means we’re able to attach to...
View ArticleClik here to view.
PuTTY vulnerability private-key-not-wiped-2
When PuTTY (the free and open-source client program for the SSH, Telnet and Rlogin network protocols) has sensitive data in memory and has no further need for it, it should wipe the data out of its...
View ArticleClik here to view.
Advisory: Seagate NAS Remote Code Execution Vulnerability
Seagate is a well-known vendor of hardware solutions, with products available worldwide. Its line of NAS products targeted at businesses is called Business Storage 2-Bay NAS. These can be found inside...
View Article