Clik here to view.
cSploit
cSploit is an Android network analysis and penetration suite which aims to offer to IT security experts/geeks the most complete and advanced professional toolkit to perform network security assesments...
View ArticleClik here to view.
Cartero
A robust Phishing Framework with a full featured CLI interface. The project was born out necessity through of years of engagements with tools that just didn't do the job. Even though there are many...
View ArticleClik here to view.
KARMA ROGUE ACCESSPOINT OFFENSE WITH BADKARMA.PY
For those that don’t know, karma is a patch that is applied to hostapd which allows the creation of a wifi honeypot. This honeypot listens for probe requests from devices which announce SSIDs used to...
View ArticleClik here to view.
The Reports of Passwords’ Demise Have Been Greatly Exaggerated
Passwords suck. We cannot remember them. We dread having to type them. We struggle with safeguarding them. Yet, passwords are so ubiquitous, it’s hard to get rid of them. Judging by the frequency with...
View ArticleClik here to view.
Paper- JMD: A Hybrid Approach for Detecting Java Malware
AbstractWith the rapid rise in the number of exploits targetingthe Java runtime environment, new tools are requiredto detect these malicious Java applications. This paperproposes one such tool, the...
View ArticleClik here to view.
New VMCloak Version 0.2: Windows 7 Support
A couple of months ago I released the first version of VMCloak, now it’s time for version 0.2. VMCloak is a tool for automatically creating and configuring Virtual Machines for Cuckoo Sandbox.more...
View ArticleClik here to view.
Investigating Skype cloud based media_cache/image sharing with the Forensic...
Skype recently introduced cloud based operation and started moving away from peer-to-peer messaging with a view, to paraphrase Skype, of improving the service that we receive.Without going into the...
View ArticleClik here to view.
PDF: Evolution of Exploit Kits
Exploring Past Trends and Current Improvementsmore here.....http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-evolution-of-exploit-kits.pdf
View ArticleClik here to view.
Paper: The Spy in the Sandbox – Practical Cache Attacks in Javascript
AbstractWe present the first micro-architectural side-channel attackwhich runs entirely in the browser. In contrast toother works in this genre, this attack does not require theattacker to install any...
View ArticleClik here to view.
Security Audit Notes: OpenSSL d1_srvr.c Overflow - Advanced Information Security
-=[ Advanced Information Security Corporation ]=- ------------------------------------------------------------------------ Author: Nicholas Lemonias Type: Security Audit Notes Date: 17/3/2015 Email:...
View ArticleClik here to view.
Remote administration trojan using Baidu Cloud Push service
I recently discovered a remote administration trojan (RAT), there is nothing interesting about it but what is is that it is the first one I saw that communicates with server through Baidu Cloud Push...
View ArticleClik here to view.
openssl
OpenSSL fix to "prevent handshake with unseeded PRNG" here.....https://github.com/openssl/openssl/commit/e1b568dd2462f7cacf98f3d117936c34e2849a6b
View ArticleClik here to view.
A Finnish man created this simple email account - and received Microsoft's...
A Finnish IT professional was able to obtain an HTTPS certificate for the Finnish version of Microsoft's Windows Live service simply by asking for it.The browser-trusted certificate authority Comodo...
View ArticleClik here to view.
Websense Data Security DLP incident Forensics Preview is vulnerable to...
------------------------------------------------------------------------Websense Data Security DLP incident Forensics Preview is vulnerable toCross-Site...
View ArticleClik here to view.
Doc: IBM X-Force Threat Intelligence Quarterly, 1Q 2015
When we look back in history to review and understand thepast year, you can be assured it will be remembered as a year ofsignificant change.In early January 2014, companies large and small scrambled...
View ArticleClik here to view.
XSS via a spoofed React element
In late February 2015, I reported an XSS vulnerability in HackerOne itself. This one took advantage of the way the arguments passed to React functions were being validated, tricking React into thinking...
View ArticleClik here to view.
[CORE-2015-0006] - Fortinet Single Sign On Stack Overflow
1. Advisory InformationTitle: Fortinet Single Sign On Stack OverflowAdvisory ID: CORE-2015-0006Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflowDate published:...
View ArticleClik here to view.
Windows Source Code on GitHub!
OK, well, maybe that title was a bit misleading. But, it’s not entirely untrue: portions of the Kernel and User Mode Driver Frameworks are going to be available on GitHub for the benefit of the driver...
View ArticleClik here to view.
AeroFS is now free up to 30 users
AeroFS is an on-premises, fast, and secure file sync and share tool for businesses. Think Dropbox, but completely behind your corporate firewall.more...
View ArticleClik here to view.
MANUALLY REMOVING THE PASSWORD FROM MALICIOUS VBA PROJECTS
Malicious actors are always looking for a way to deliver their malware to their targets. Recently, they have resorted to distributing malicious Office documents containing VBA macros. This method is...
View Article