Clik here to view.
Google Analytics by Yoast stored XSS
*Overview*Google Analytics by Yoast is a WordPress plug-in for monitoring websitetraffic. With approximately seven million downloads it’s one of the mostpopular WordPress plug-ins.A security...
View ArticleClik here to view.
Flood Shield
Flood Shield is a very fast http flood blockerPlease be aware! It's first beta realease of tool!We sniff and parse all incoming http requests. If any IP made more than XX requests per second (with same...
View ArticleClik here to view.
Transcript/Slides: DLL Hijacking on OS X Presentation CanSecWest
AN OUTLINE history of dll hijacking dylib hijacking attacks & defenses }hijackingfinding ‘hijackables’ loader/linker featuresmore here......http://www.slideshare.net/Synack/can-secw?=
View ArticleClik here to view.
Taming the wild copy: Parallel Thread Corruption
Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy() call with a negative...
View ArticleClik here to view.
Face Recognition Security, Even With A "Blink Test," Is Easy To Trick
Jack Ma, CEO of the Chinese retail giant Alibaba--that country's answer to Amazon--announced at the CeBit conference in Germany this week that the site would soon let you purchase goods and authorize...
View ArticleClik here to view.
Paper: Rearing its Seven Ugly Heads: the DLL-Preload Attack
AbstractIn computer science and fashion alike, comebacks are often unavoidable, yet not always desirable(think “mullet”). But while the vagaries of fashion are impenetrable, trends in computer...
View ArticleClik here to view.
PACKAGER SHELL OBJECT BEING USED AS INFECTION VECTOR
Today, something interesting came across my desk. A user forwarded me an email that claimed to be an invoice and attached to it was a word document. At first, I was excited to take a look at another...
View ArticleClik here to view.
GoDaddy accounts vulnerable to social engineering and Photoshop
GoDaddy's layered verification protections defeated by a phone call and four hours in Photoshopmore...
View ArticleClik here to view.
BadXNU, a rotten apple! – CodeBlue 2014, SyScan 2015 slides and source code
The last SyScan is almost here so it’s time to get again into a plane and travel to Singapore.This means that the slides and source code can finally be released. Below you can find the archive with...
View ArticleClik here to view.
CVE-2015-0336 (Flash up to 16.0.0.305) and Exploit Kits
As reported by Malwarebytes and FireEye, Nuclear Pack is now taking advantage of a vulnerability patched with the last version of Flash Player ( 17.0.0.134 )more...
View ArticleClik here to view.
Paper: Poisoning Network Visibility in Software-Defined Networks: New Attacks...
Abstract—Software-Defined Networking (SDN) is a new networkingparadigm that grants a controller and its applicationsan omnipotent power to have holistic network visibility andflexible network...
View ArticleClik here to view.
Xerces-C Security Advisory [CVE-2015-0252]
CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed InputSeverity: ImportantVendor: The Apache Software FoundationVersions Affected: Apache Xerces-C XML Parser library versionsprior to...
View ArticleClik here to view.
PoC||GTFO 0x07 is out
Neighbors, please join me in reading this eighth release of the International Journal of Proof of Concept or Get the F Out, a friendly little collection of articles for ladies and gentlemen of...
View ArticleClik here to view.
python-oletools - python tools to analyze OLE files
python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office...
View ArticleClik here to view.
DRIVE IT YOURSELF: USB CAR
EVER WONDERED HOW DEVICE DRIVERS ARE REVERSE ENGINEERED? WE’LL SHOW YOU WITH A SIMPLE YET COMPLETE EXAMPLE HERE.......http://www.linuxvoice.com/drive-it-yourself-usb-car-6/
View ArticleClik here to view.
GitLab User Enumeration
MWR InfoSecurity discovered a username enumeration vulnerability in GitLab v5.0.0 to v7.5.0 which provides a Ruby on Rails web interface to manage git repositories. MWR have worked with the GitLab team...
View ArticleClik here to view.
mimikatz 2.0 alpha 20150320 (oe.eo) edition just released
A little tool to play with Windows securityIncludes Windows 10 support/Domain and SID from hives here https://github.com/gentilkiwi/mimikatz/releases/tag/2.0.0-alpha-20150320
View ArticleClik here to view.
Buffer-Overflows
An introduction to buffer overflow vulnerabilities exploitation here.......https://github.com/JasonPap/Buffer-Overflows
View ArticleClik here to view.
rfishell
Provide a shell-like interface for exploiting Remote File Inclusion vulnerabilities here........https://github.com/superkojiman/rfishell
View ArticleClik here to view.
findsploit
Finsploit is a simple bash script to quickly and easily search both local and online exploit databasesmore here........https://github.com/1N3/findsploit
View Article