Clik here to view.
Shellcode
This is a repository of Shellcode written by students in NYU-Polytechnic's ISIS lab. This repository came about as a need for trustworthy and reliable 32/64 bit Intel shellcode for CTF style...
View ArticleClik here to view.
Valuable information on Kimble and Verto, Evolution Source Code, SQL Dump
This may peak your curiousity regarding the valuable info posting here........ https://www.reddit.com/r/DarkNetMarkets/comments/2zlju6/valuable_information_on_kimble_and_verto/and for those not...
View ArticleClik here to view.
Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware
When consumers make purchases from a retailer, the transaction is processed through Point-of-Sale (PoS) systems. When a credit or debit card is used, a PoS system is used to read the information stored...
View ArticleClik here to view.
Paper: Understanding Digital Intelligence and the Norms That Might Govern It
This paper describes the nature of digital intelligence and provides context for the material published as a result of the actions of National Security Agency contractor Edward Snowden. It looks at the...
View ArticleClik here to view.
Type Confusion Infoleak Vulnerabilities in SoapClient
# Type Confusion Infoleak Vulnerabilities in SoapClientTaoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.3.1- Release Date: 2015.3.20> Four type confusion vulnerabilities were...
View ArticleClik here to view.
Type Confusion Vulnerability in SoapClient
# Type Confusion Vulnerability in SoapClientTaoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.3.1- Release Date: 2015.3.20> A type confusion vulnerability was discovered in...
View ArticleClik here to view.
Use After Free Vulnerability in unserialize() with DateInterval
#Use After Free Vulnerability in unserialize() with DateIntervalTaoguang Chen <[@chtg](http://github.com/chtg)> - Write Date:2015.2.28 - Release Date: 2015.3.20> A use-after-free vulnerability...
View ArticleClik here to view.
Use After Free Vulnerability in unserialize()
#Use After Free Vulnerability in unserialize()Taoguang Chen <[@chtg](http://github.com/chtg)> - Write Date: 2015.2.3- Release Date: 2015.3.20> A use-after-free vulnerability was discovered in...
View ArticleClik here to view.
Automated algebraic cryptanalysis with OpenREIL and Z3
One week ago I released my OpenREIL project - open source implementation of well known Reverse Engineering Intermediate Language (REIL). OpenREIL library has much more features than just binary to IR...
View ArticleClik here to view.
XML External Entity (XXE) Injection in Apache Batik Library [CVE-2015-0250]
During one of our latest web application code review projects I came across a vulnerability for which I think it is worth to speak about. It is an injection based attack against XML parsers which uses...
View ArticleClik here to view.
Paper: Introduction to Modern Code Virtualization
This paper describes how code protection is done via “virtual machines” and techniques used in popular virtual machines, giving a considerable level of understanding of such virtual machines for...
View ArticleClik here to view.
Office Alerts: Yes, We Care About These
In this short post, I wanted to take a few and examine a fun little artifact: OAlerts.evtx. Is this a "new" artifact? No, not necessarily. However, I think there can be a wealth of information within...
View ArticleClik here to view.
3vilTwinAttacker v0.5.3 Release
This tool create an rogue Wi-Fi access point , purporting to provide wireless Internet services, but snooping on the traffic.more here.......https://github.com/P0cL4bs/3vilTwinAttacker
View ArticleClik here to view.
PaX Refcount Protection Explained Documentation
AbstractThis document defines the inner workings of PaX's reference counter protection and aims to create a bigger community around the project.It begins with an overview of the PaX Project and...
View ArticleClik here to view.
Detect System File Manipulations with SysInternals Sysmon
SysInternals Sysmon is a powerful tool especially when it comes to anomaly detection. I recently developed a method to detect system file manipulations, which I would like to share with you.We know how...
View ArticleClik here to view.
oclHashcat v1.34 release
This version 1.34 is about performance increase and bug fixes. Even if you did not face any errors with v1.33 we recommend upgrading.more here.........https://hashcat.net/forum/thread-4203.html
View ArticleClik here to view.
Defeating EMET 5.2 Protections (2)
Since my last post, i've thought maybe its not bad to explain how bypassing EMET protections work rather than giving out a weaponized POC...
View ArticleClik here to view.
Few days old but didn't see this until now "Court Orders Erie County Sheriff...
In a victory for the public’s right to know, a Supreme Court judge in Buffalo this afternoon ruled that the Erie County Sheriff’s Office must disclose public information “stingrays,” devices that can...
View ArticleClik here to view.
On the state of cryptography in Haskell
In the past months, I was attempting to write an application that uses cryptographic primitives in Haskell. In the process I found out some disturbing things about the state of cryptography in Haskell...
View ArticleClik here to view.
Cisco Unified Computing System Manager (UCSM) username and password hashes...
Subject: Cisco UCSM username and password hashes sent via SYSLOGImpact: Information Disclosure / Privilege ElevationVendor: CiscoProduct: Cisco Unified Computing System Manager (UCSM)Notified:...
View Article