Clik here to view.
OpenSSL CookBook
A Short Guide to the Most Frequently Used OpenSSL Features and Commandsmore here...........https://www.feistyduck.com/library/openssl-cookbook/
View ArticleClik here to view.
Wood Island (Crypto - 150) writeup from BostonKeyParty CTF
Task:You can try to sign messages and send them to the server, 52.0.217.48 port 60231. Sign the right message and you\'ll get the flag! Only problem---you don\'t have the signing key. I will give you...
View ArticleClik here to view.
CryptoFortress : Teerac.A (aka TorrentLocker) got a new identity
Blitz post.I was hunting for Gootkit (pushed in a Nuclear Pack instance in France those days) but instead I got a Teerac.Amore...
View ArticleClik here to view.
CSRF in Contact Form DB allows attacker to delete all stored form submissions...
Details================Software: Contact Form DBVersion: 2.8.29Homepage: https://wordpress.org/plugins/contact-form-7-to-database-extension/Advisory report:...
View ArticleClik here to view.
USN Journal: Where have you been all my life
One of the goals of IR engagements is to locate the initial infection vector and/or patient zero. In order to determine this, timeline analysis becomes critical, as does determining when the malware...
View ArticleClik here to view.
A new breed of startups is helping hackers make millions — legally
Shashank Kumar was in seventh grade when he was introduced to computer hacking. At first he had fun breaking in and defacing web sites, something he says he now regrets, but then he learned that he can...
View ArticleClik here to view.
Tokenization as a companion to Encryption
For the protection of sensitive data, tokenization is every bit as important as data encryption.more here.........http://security-musings.blogspot.ca/2015/03/tokenization-as-companion-to-encryption.html
View ArticleClik here to view.
No Wireshark? No TCPDump? No Problem!
Have you ever been on a pentest, or troubleshooting a customer issue, and the "next step" was to capture packets on a Windows host? Then you find that installing winpcap or wireshark was simply out of...
View ArticleClik here to view.
Computer Fraud and Abuse Act (“CFAA”) Court of Appeals (USA Vs BRIAN MATTHEW...
Argument:I. The CFAA does not criminalize accessing a computer by using ashared password A. This Court has held that the CFAA’s “unauthorizedaccess” element prohibits computer hacking, not mere...
View ArticleClik here to view.
Thousand ways to backdoor a Windows domain (forest)
When the Kerberos elevation of privilege (CVE-2014-6324 / MS14-068) vulnerability has been made public, the remediation paragraph of following blog post made some...
View ArticleClik here to view.
Domain Trusts: Why You Should Care
Red teams have been abusing Windows domain trusts for years with great success, but the topic is still underrepresented in public infosec discussions. While the community has started to talk more about...
View ArticleClik here to view.
FTC Announces New Robocall Contests to Combat Illegal Automated Calls
The Federal Trade Commission announced today that it is launching two new robocall contests challenging the public to develop a crowd-source honeypot and better analyze data from an existing honeypot....
View ArticleClik here to view.
Exploiting CVE-2015-0311: A Use-After-Free in Adobe Flash Player
At the end of January, Adobe published the security bulletin APSA15-01 for Flash Player, which fixes a critical use-after-free vulnerability affecting Adobe Flash Player 16.0.0.287 and earlier...
View ArticleClik here to view.
Decoding ZeuS Disguised as an .RTF File
While going through emails that were reported by our internal users using Reporter, I came across a particularly nasty looking phishing email that had a .doc attachment. At first when I detonated the...
View ArticleClik here to view.
CVE-2014-6440: Heap Overflow in VLC Transcode Module
VLC versions before 2.1.5 contain a vulnerability in the transcode module that may allow a corrupted stream to overflow buffers on the heap. With a non-malicious input, this could lead to heap...
View ArticleClik here to view.
Meet Casper: Yet Another Malware Likely Created by France for Surveillance
Two weeks ago, a group of cybersleuths revealed the best evidence yet that France is hacking and infecting surveillance targets—just like the NSA or the British spy agency GCHQ.Now, researchers have...
View ArticleClik here to view.
CIRCL releases the source code of its URL Abuse software
CIRCL announces the release of the source code of its latest software URL Abuse, which is being developed as part of the “European Union anti-Phishing Initiative” (EU PI) project. This project is...
View ArticleClik here to view.
NetTraveler (Chinese APT) RCEd Source Code
Hi to all,I want to share with you guys this piece of code RCEd from the chinese APT known as "NetTraveler" or "TravNet". Hope this knowledge will somehow be useful and interesting to you. The code...
View ArticleClik here to view.
Obama criticises China's mandatory backdoor tech import rules
US prez Barack Obama has criticised China's new tech rules, urging the country to reverse the policy if it wants a business-as-usual situation with the US to continue.As previously reported, proposed...
View ArticleClik here to view.
Another Writeup On Casper Today: Casper Malware: After Babar and Bunny,...
In March 2014, French newspaper Le Monde revealed that France is suspected by the Communications Security Establishment Canada (CSEC) of having developed and deployed malicious software for espionage...
View Article