Clik here to view.
Paper: Pydgin: Generating Fast Instruction Set Simulators from Simple...
Abstract—Instruction set simulators (ISSs) remain an essentialtool for the rapid exploration and evaluation of instruction set extensionsin both academia and industry. Due to their importancein both...
View ArticleClik here to view.
netool.sh V4.4
Netool its a toolkit written using 'bash, python, ruby' that allows you to automate frameworks like Nmap, Driftnet, Sslstrip, Metasploit and Ettercap MitM attacks. this toolkit makes it easy tasks such...
View ArticleClik here to view.
TestTrack- open source defect tracker
TestTrack is a tool created by the Security Engineering team at Rackspace to track testing efforts. It attempts to streamline the testing process by offering features such as templating, report...
View ArticleClik here to view.
Row hammer detection is possible
First off detection isn't fixing, but it's a good step in that direction and I'm growing continually more confident in my claim that it probably is fixable as I work with this. Anyway following the...
View ArticleClik here to view.
Wig
wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications.The application fingerprinting is based on checksums...
View ArticleClik here to view.
Quttera fails and spews false positives everywhere
By chance, I found out that my blog had been blacklisted by Quttera. No big deal, because it happens from time-to-time due to the nature of the content on the site. But I discovered that it isn't just...
View ArticleClik here to view.
Analyzing obfuscated VBA macros to extract C2 IP/URLs irregardless of runtime...
Lately, we have been seeing quite a lot of Office documents (or XML files with embedded Office documents, etc.) that have embedded VBA macros on our malware analysis service, which try to drop Dridex...
View ArticleClik here to view.
ECFS
ECFS is an extension to the existing ELF core file format in Linux. Its job is to intercept the Linux core-dump handler, catch the core-dump before it is written to disk, and carefully reconstruct it...
View ArticleClik here to view.
Paper: Converting OpenBSD to PIE
ABSTRACTPosition-independent executables (PIEs) are the last step on the journey to a fully randomised address space on OpenBSD, with the goal of providing improved defense against return-oriented...
View ArticleClik here to view.
Reverse_HTTPS_Bot 0.8- Inclusive link to article titled "HTTPS Command and...
A python based https remote access trojan for penetration testing here.......https://github.com/ahhh/Reverse_HTTPS_Bot
View ArticleClik here to view.
OpenReil- Open source library that implements translator and tools for REIL...
REIL was initially developed by Zynamics as part of their BinNavi framework, proprietary code analysis software written in Java. However, after Zynamics was acquired by Google they abandoned BinNavi,...
View ArticleClik here to view.
Defense in depth -- the Microsoft way (part 31): UAC is for binary planting
Hi @ll,the exploit shown here should be well-known to everyWindows administrator, developer or QA engineer.In Microsoft's own terms it doesn't qualify as securityvulnerability since UAC is a security...
View ArticleClik here to view.
Interesting FBI biography on red-teaming doc
Some titles with pdf links include "“Facing Your Flaws: The red team probes the network for a company to identify possible vulnerabilities and design flaws,”, “Reflections from a Red Team Leader”,...
View ArticleClik here to view.
Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution
Document Title:============Citrix Netscaler NS10.5 WAF Bypass via HTTP Header PollutionRelease Date:===========12 Mar 2015Product & Service Introduction:========================Citrix NetScaler...
View ArticleClik here to view.
Metasploit Project initial User Creation CSRF
# Exploit Title: Metasploit Project initial User Creation CSRF# Google Dork: N/A# Date: 14-2-2015# Exploit Author: Mohamed Abdelbaset Elnoby (@SymbianSyMoh)# Vendor Homepage:...
View ArticleClik here to view.
Jolla Phone tel URI Spoofing
______________________________________________________________________-------------------------- NSOADV-2015-001 --------------------------- Jolla Phone tel URI...
View ArticleClik here to view.
A local application could cause a denial-of-service to the audio_policy app...
############################################################################### QIHU 360 SOFTWARE CO. LIMITED...
View ArticleClik here to view.
VMCloak
VMCloak is a tool to fully create and prepare Virtual Machines that can be used by Cuckoo Sandbox. In order to create a new Virtual Machine one should prepare a few configuration values that will be...
View ArticleClik here to view.
Drone Forensics – An Overview
[This is the first in a series of posts about the forensic analysis of drones leading up to presentations at BSides NOLO and SANS DFIR Summit in Austin.]...
View ArticleClik here to view.
CodeGate General CTF 2015: good-crypto
Binary : http://binary.grayhash.com/bd24de5d345c0d1da274fcd7d9a2b244/file.xz We recently intercepted some kind of encrypted traffic, can you help us recover the password?Update: Due to a crappy...
View Article