Clik here to view.
Attack of the week: FREAK (or 'factoring the NSA for fun and profit')
This is the story of how a handful of cryptographers 'hacked' the NSA. It's also a story of encryption backdoors, and why they never quite work out the way you want them to.more...
View ArticleClik here to view.
net-creds: Sniffs sensitive data from interface or pcap
Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. Screenshots: http://imgur.com/opQo7Bb...
View ArticleClik here to view.
binvis.io - a browser-based tool for visualising binary data
Over the years, I've written a number of posts on this blog on the topic of binary data visualisation. I looked at using space-filling curves to understand the structure of binary data, I've showed how...
View ArticleClik here to view.
Airodump-NG Scan Visualizer ver 0.1
We all love Airodump-NG! I am personally a fan of the entire Aircrack-NG tool suite and the fantastic work done by Mister_X over the years. As most of you know Airodump-NG can export the scan data as a...
View ArticleClik here to view.
Hospital Sues Bank of America Over Million-Dollar Cyberheist
A public hospital in Washington state is suing Bank of America to recoup some of the losses from a $1.03 million cyberheist that the healthcare organization suffered in 2013.more...
View ArticleClik here to view.
GAO 46 Page Document:FAA Needs to Address Weaknesses in Air Traffic Control...
While the Federal Aviation Administration (FAA) has taken steps to protect its airtraffic control systems from cyber-based and other threats, significant securitycontrol weaknesses remain, threatening...
View ArticleClik here to view.
Monitoring tools: user notification required
The Microsoft Malware Protection Center (MMPC) helps to keep Windows customers in control of their computing experience, information, and privacy. We use objective criteria to help protect customers...
View ArticleClik here to view.
Threat Spotlight from Cisco on Previously Discussed Exploit Kit: Angler...
Over the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant accounts to create large amounts of subdomains for both initial...
View ArticleClik here to view.
Multiple SQL injections in core Orion service affecting many Solarwinds...
I found a couple SQL injection vulnerabilities in the core Orion serviceused in most of the Solarwinds products (SAM, IPAM, NPM, NCM, etc…). Thisservice provides a consistent configuration and...
View ArticleClik here to view.
PHPMoAdmin Unauthorized Remote Code Execution (0-Day) PoC
####################################################################### _ ___ _ _ ____ ____ _ _____# | | / _ \| \ | |/ ___|/ ___| / \|_ _|# | | | | | | \| | | _| | / _ \ |...
View ArticleClik here to view.
An Example of Evolving Obfuscation
Since May of 2014, I've been tracking a particular group that uses the Sweet Orange exploit kit to deliver malware. This group also uses obfuscation to make it harder to detect the infection chain of...
View ArticleClik here to view.
PCAP of the traffic: 2015-03-03-traffic-analysis-exercise.pcap
SCENARIOTime for another shift at your organization's Security Operations Center (SOC). You review some EmergingThreats alerts for Angler exploit kit on a host within your network.You review the pcap...
View ArticleClik here to view.
C99Shell not dead
I recently got contacted on Twitter in regards to a hacked webpage:After I received the files two things became apparent:- the webserver (and thus the website) was infected with C99shell- the webserver...
View ArticleClik here to view.
Android Application hacking with Insecure Bank Part 2
In the previous article, we looked at setting up a mobile pentesting platform for Android applications. By now, you must have set up an emulator using genymotion and installed all the android command...
View ArticleClik here to view.
SuperFish SSL Sniffing
Since everyone has blogged about SuperFish and other Komodia products we can skip all that and get to the good stuff. It’s extremely easy to sniff SSL traffic and get headers, cookies, whatever you...
View ArticleClik here to view.
What is noninterference, and how do we enforce it?
In this post I discuss a program security property called noninterference. I motivate why you might like it if your program satisfied noninterference, and show that the property is fundamental to many...
View ArticleClik here to view.
Deobfuscating a Wicked-Looking Script
Bart Blaze, one of my security researcher friends passed along this PHP script to me. Let’s have a look here..........http://www.kahusecurity.com/2015/deobfuscating-a-wicked-looking-script/
View ArticleClik here to view.
toolsmith: Faraday IPE - When Tinfoil Won’t Work for Pentesting
I love me some tinfoil-hat-wearing conspiracy theorists, nothing better than sparking up a lively conversation with a “Hey man, what was that helicopter doing over your house?” and you’re off to the...
View ArticleClik here to view.
PwnPOS: Old Undetected PoS Malware Still Causing Havoc
We have been observing a new malware that infects point-of-sale (POS) systems. This malware may have been active since 2013, possibly earlier. Trend Micro will be naming this new malware family as...
View ArticleClik here to view.
ElasticSearch Groovy script remote code execution vulnerability analysis...
ElasticSearch is a JAVA development of search engine analysis. In 2014, had been discovered over a remote code execution vulnerability (CVE-2014-3120), loopholes in the script to query module, because...
View Article