Clik here to view.
Capstone disassembly framework 3.0.2 is out!
e are happy to announce the stable version 3.0.2 of Capstone disassembly framework!The source code is available in zip and tar.gz formats, or at tagname 3.0.2 in our Github repo.more...
View ArticleClik here to view.
Inverted WordPress Trojan
Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously does something bad. In WordPress, typical...
View ArticleClik here to view.
Raritan PowerIQ known session secret
Raritan PowerIQ versions 4.1, 4.2, and 4.3 ship with a Rails 2 webinterface with a hardcoded session secretof 8e238c9702412d475a4c44b7726a0537.This can be used to achieve unauthenticated remote code...
View ArticleClik here to view.
Introducing dnsdist: DNS, abuse- and DoS-aware query distribution for optimal...
Over the years, PowerDNS users have frequently asked us about our preferred DNS load balancing solution, and we’ve never had a satisfying answer for that. Users of dedicated hardware often tell us that...
View ArticleClik here to view.
Defending Against PoS RAM Scrapers
Stealing payment card data has become an everyday crime that yields quick monetary gains. Attackers aim to steal the data stored in the magnetic stripe of payment cards, optionally clone the cards, and...
View ArticleClik here to view.
Hijacking SSH to Inject Port Forwards
During red team post exploitation I sometimes run into jump boxes leading to test environments, production servers, DMZs, or other organizational branches. As these systems are designed to act as...
View ArticleClik here to view.
ARMPwn
Repository to train/learn memory corruption on the ARM platform. here....https://github.com/saelo/armpwn
View ArticleClik here to view.
Windows Event Log Driven Back Doors
Well it's about time to get that white hat a little dirty.None of this is original ideas, I've heard of this being done in theory of "oh, you know what would make a good persistence idea?" but I've...
View ArticleClik here to view.
'Locked Out'
The evolution of encrypters and user errors here........https://securelist.com/analysis/publications/68960/locked-out/
View ArticleClik here to view.
CYCLICAL REDUNDANCY CHECK – AN EXPLANATION FOR THE LAYMAN
During a recent audit, I ran into something interesting while reviewing a script as part of a control related to data integrity. The script performed a simple ETL function (Extract Transform &...
View ArticleClik here to view.
QEMU + GDB + PE IMPORTS
QEMU implements a GDB server making it possible to attach to the operating system from outside the virtual machine, via the target remote command of the debugger. When analysing a Windows malware, this...
View ArticleClik here to view.
Who got the bad SSL Certificate? Using tshark to analyze the SSL handshake.
Ever wonder if any of your users connect to sites with bad SSL certificates? I ran into this issue recently when debugging some SSL issues, and ended up with this quick tshark and shell script trick to...
View ArticleClik here to view.
VBA Maldoc: We Don’t Want No Stinkin Sandbox/Virtual PC
Today I got an interesting maldoc sample (77f3949c2130b268bb18061bcb483d16): it will not activate if it runs in a sandboxed or virtualized environment.The following statements are executed right before...
View ArticleClik here to view.
New Facebook Worm Variant Leverages Multiple Cloud Services
Social networks are particularly interesting for malware authors because they can be leveraged to spread an infection starting with a single person.Patient zero can transmit the piece of malware to all...
View ArticleClik here to view.
Pythons Restkit HTTP resource kit does not validate TLS which means it's...
Pythons Restskit[1][2][3][4] does not properly validate TLS(see https://github.com/benoitc/restkit/issues/140). It appears to simply usessl.wrap_socket from the standard library, which does not do any...
View ArticleClik here to view.
Paper: Control Flow Graph Based Attacks
This report addresses de-obfuscation on programs. The targetedobfuscation scheme is the control flow flattening, which is an obfuscationmethod focusing on hiding the control flow of a program. This...
View ArticleClik here to view.
How secure are you online? The Cyber Security Month Security test!
Welcome to the Network and Information Security quiz!This tool is designed to help you update your internet security knowledge, begin whenever you feel ready. It will take max 10 minutes...
View ArticleClik here to view.
tcpdump Version: 4.7.3 / 1.7.2 is latest release
A powerful command-line packet analyzer; and libpcap, a portable C/C++ library for network traffic capture here..........http://www.tcpdump.org/#latest-release
View ArticleClik here to view.
MSA-2015-03: iPass Mobile Client Service Local Privilege Escalation
Mogwai Security Advisory MSA-2015-03----------------------------------------------------------------------Title: iPass Mobile Client service local privilege escalationProduct:...
View ArticleClik here to view.
Compromised Root Cause Analysis Model Revisited
How? The one question that is easy to ask but can be very difficult to answer. It's the question I kept asking myself over and over. Reading article after article where publicized breaches and...
View Article