Clik here to view.
dnscat2 beta release!
As I promised during my 2014 Derbycon talk (amongst other places), this is an initial release of my complete re-write/re-design of the dnscat service / protocol. It's now a standalone tool instead of...
View ArticleClik here to view.
How to share malware with a security team?
With the recent increase of notifications of cryptolocker malware I was wondering if this dropped malware was always the same version or if the attackers used different versions. I was also curious if...
View ArticleClik here to view.
Imperva Releases Latest Hacker Intelligence Initiative Report: Attacking SSL...
Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today released its latest Hacker Intelligence Initiative (HII) report,...
View ArticleClik here to view.
FBI Quietly Removes Recommendation To Encrypt Your Phone... As FBI Director...
from the keeping-you-safe...-or-keeping-you-vulnerable deptBack in October, we highlighted the contradiction of FBI Director James Comey raging against encryption and demanding backdoors, while at the...
View ArticleClik here to view.
Paper: METHODS FOR BINARY SYMBOLIC EXECUTION
AbstractBinary symbolic execution systems are built from complicated stacks of unreliablesoftware components, process large program sets, and have few shallow decisions.Failure to accurately...
View ArticleClik here to view.
Meterpreter Survey 2015: You spoke, we listened, then wrote a bunch of code.
One month ago we asked the community for feedback about how they use Metasploit and what they want to see in the Meterpreter payload suite going forward. Over the course of a week we received over 400...
View ArticleClik here to view.
1501H - MSIE 8 - F12 Developer Tools tooltips use-after-free
TL;DR: Full disclosure of low risk 0-day in MSIE 8 after 60-day deadlinepassedwithout a fix.1501H - MSIE 8 - F12 Developer Tools tooltips...
View ArticleClik here to view.
Insecure file upload in Berta CMS
Berta CMS is a web based content management system using PHP and local file storage.http://www.berta.me/Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to...
View ArticleClik here to view.
Enough With the Salts: Updates on Secure Password Schemes
I’ve been spending some time recently combing through the old Matasano Blog Catacombs and blowing the dust off years old tomes. It’s been amazing to see how much information from years ago is still...
View ArticleClik here to view.
SyScan 2015 - iOS 678 Security - A Study in Fail (Slides/Transcript)
Talk from SyScan 2015 about Apple Security failing to patch vulnerabilities over and over again, because they have apparently no QA at all on security patches.more...
View ArticleClik here to view.
URSNIF: The Multifaceted Malware
The URSNIF malware family is primarily known for being a data-stealing malware, but it’s also known for acquiring a wide variety of behavior. Known URSNIF variants include backdoors (BKDR_URSNIF.SM),...
View ArticleClik here to view.
Insomni’hack finals – InsomniDroid Level 1 Writeup
The challenge was delivered as a zip file (InsomniDroid.zip). The first challenge was perhaps to download it (with its 602.5 MiB). The zip file contains a single file: mmcblk0.dd. A file command gives...
View ArticleClik here to view.
Paper: Utilizing Structural & In-execution PCB Information Analysis for...
AbstractThe advent of pervasive ubiquitous computing and advancement of wirelesscommunication technologies has resulted in the proliferation of innovativemobile computing devices like tablets and...
View ArticleClik here to view.
Baidu statistics js hijacked to DDOS Github
As a Chinese living outside China, I frequently visit Chinese websites, many of which use advertising and visitor tracking provided by Baidu, the largest search engine available in China. As I was...
View ArticleClik here to view.
SSL MiTM attack in AFNetworking 2.5.1 - Do NOT use it in production!
During a recent mobile application security analysis for one of our clients, we identified a quite unobvious behaviour in apps that use the AFNetworking library.It turned out that because of a logic...
View ArticleClik here to view.
Git from the inside out
This essay explains how Git works. It assumes you understand Git well enough to use it to version control your projects.The essay focuses on the graph structure that underpins Git and how the...
View ArticleClik here to view.
Paper: HARES, Hardened Anti-Reverse Engineering System
ABSTRACTThis paper provides a technical overview of theHARES software protection research effort performedby Assured Information Security. HARES is ananti reverse-engineering technique that uses...
View ArticleClik here to view.
Malware Techniques: Code Streaming
This quick post will cover the topic of code streaming. For example, take malware. One way for malware to hide and persist on a system is to not contain any malicious code. This is done by getting the...
View ArticleClik here to view.
Paper: Targeted Automatic Integer Overflow Discovery Using Goal-Directed...
Abstract:We present a new technique and system, DIODE, for auto- matically generating inputs that trigger overflows at memory allocation sites. DIODE is designed to identify relevant sanity checks that...
View ArticleClik here to view.
sysmon-queries
Queries to parse sysmon event log file with Microsoft logparsermore here..........https://github.com/JamesHabben/sysmon-queries
View Article