Clik here to view.
0ctf 2015 quals – forward (web250)
At the start we’ve only got an url to our target webserver:When we click on “Login” we get a javascript popup which tells us “You Are Not Authorized!”. Then we click on “FLAG”, because that’s what we...
View ArticleClik here to view.
nmap2nessus Release and Slides From Black Hat Asia Arsenal 2015
How nmap2nessus works:Takes a nmap XML file as input and extracts the 'open' ports and live IP addresses.Logins into Nessus server and makes a copy of the 'selected' policy.Modifies the port_range...
View ArticleClik here to view.
metasploitHelper Release and Slides at Blackhat Asia Arsenal 2015
Metasploit contains port-based modules as well as URI-based modules (web servers). This tool bridges Nmap XML file with Metasploit and generates a resource script containing matching Metasploit...
View ArticleClik here to view.
Airbnb JavaScript Style Guide
A mostly reasonable approach to JavaScript here.....https://github.com/airbnb/javascript
View ArticleClik here to view.
Detection, analysis and display of attacks using Honeypots
Thanks to the use of honeypots (open a new window)and the analysis of the data they generate we can scope the magnitude of the problem we face, obtaining valuable data regarding:Attack...
View ArticleClik here to view.
REVERSE ENGINEERING AN RC SPY TANK
[Michael] sells a remote control spy tank through his company, and although it’s a toy, there’s an impressive amount of electronics in this R/C tank. It’s controlled from an Android or iDevice over a...
View ArticleClik here to view.
THE SAD STATE OF SMTP ENCRYPTION
This is a quick recap of why I'm sad about SMTP encryption. It explains how TLS certificate verification in SMTP is useless even if you force it.more...
View ArticleClik here to view.
Introducing VirtuaPlant 0.1, Industrial Control System Simulator with Physics...
Today I’m releasing a project I’ve been working on for the past week which I called VirtuaPlant more here...........http://wroot.org/posts/introducing-virtuaplant-0-1/
View ArticleClik here to view.
DOMPurify 0.6.2 release
DOMPurify the DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG 0.6.2 here.......https://github.com/cure53/DOMPurify/releases/tag/0.6.2and for those not familiar with DOMPurify...
View ArticleClik here to view.
XSS flaws expose weaknesses on Amazon and UK newspaper websites
Cross-site scripting (XSS) flaws are amongst the most commonly encountered security flaws found on websites, opening up opportunities for malicious hackers to hijack customer accounts, change users’...
View ArticleClik here to view.
CTF challenges on docker hub
insomnihack's recently updated repositories.......https://hub.docker.com/u/insomnihack/
View ArticleClik here to view.
FreeBSD/SH Stack Overflow Vulnerability
I found sh have a stack overflow bug on freebsd(9.0-10.0), it may betriggered on all freebsd systems, but i have not tested yet. the poc belowis tested on freebsd10.0 amd64 arch:$ lsbrootkit.sh$ ....
View ArticleClik here to view.
New reconnaissance threat Trojan.Laziok targets the energy sector
A new information stealer, Trojan.Laziok, acts as a reconnaissance tool allowing attackers to gather information and tailor their attack methods for each compromised computer.more...
View ArticleClik here to view.
Bcrypt is great, but is password cracking “infeasible”?
There are a lot of technical terms that mean something very specific to cryptographers but often mean something else to everyone else, including security professionals. Years ago I wrote about when it...
View ArticleClik here to view.
Tails 1.3.2 is out. That was fast!
Tails, The Amnesic Incognito Live System, version 1.3.2, is out here......https://tails.boum.org/news/version_1.3.2/
View ArticleClik here to view.
How the German Foreign Intelligence Agency BND tapped the Internet Exchange...
Since 2009 the German intelligence agency BND accesses traffic from the internet node DE-CIX in Frankfurt am Main – as a follow-up to „Operation Eikonal“ at the German company „Deutsche Telekom“. This...
View ArticleClik here to view.
FCC Explains Decisions on Broadband, Net Neutrality
In a webinar, the FCC briefs state and local governments on its decisions to vacate state laws and preserve an open Internet.more...
View ArticleClik here to view.
[VU#550620] Multicast DNS (mDNS) Misconfiguration Can Lead to Information...
Multicast DNS and DNS service discovery daemons deployed on various systems across the Internet are misconfigured and reply to queries targeting their unicast addresses, including requests from their...
View ArticleClik here to view.
How I could delete any video on YouTube
A Few months ago Google announced a new experimental program called Vulnerability Research Grants. It's a definitely good idea, thanks Google for inventing and trying such cool things!How it works:more...
View ArticleClik here to view.
bash-pass
A Simple bash script to manage password with GPG encryption here...........https://github.com/boussouira/bash-pass
View Article