Clik here to view.
Encryption Companies Throwing Shade Keeps Everyone In the Dark
In the burgeoning market for services that keep your messages safe from hackers and the NSA, every new app wants to be seen as more secure than the last—even if they’re really not.In the last two weeks...
View ArticleClik here to view.
Exploiting the Airties Air Series PoC
Airties Air 5xxx and 6xxx Series login CGI Remote Stack Buffer OverflowI found this vulnerability almost one year ago. I had contacted the vendor. So far, the vulnerability have not been patched....
View ArticleClik here to view.
The month of the RAT in Google Play
A few days ago, Lukas Stefanko from ESET discovered a new remote administration system RAT for Android. Although there are some known RATs for Android, this malware had something special. It used Baidu...
View ArticleClik here to view.
mimikatz 2.0 alpha 20150401 (oe.eo) edition release
You can access 2.0 alpha here.....https://github.com/gentilkiwi/mimikatz/releasesand to learn more about this little tool thats plays with Windows security here....https://github.com/gentilkiwi/mimikatz
View ArticleClik here to view.
Critical vulnerabilities in JSON Web Token libraries
tl;dr If you are using node-jsonwebtoken or pyjwt with asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512) please update to the latest version. If you are using php-jwt or jsjwt with asymmetric...
View ArticleClik here to view.
ropc v2.0
A tool to help you write binary exploits here.....https://github.com/t00sh/ropc
View ArticleClik here to view.
Remote file upload vulnerability in wordpress plugin...
Title: Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17Author: Larry W. Cashdollar, @_larry0Date: 2015-03-29Download Site:...
View ArticleClik here to view.
Remote file upload vulnerability in videowhisper-video-conference-integration...
Title: Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8Author: Larry W. Cashdollar, @_larry0Date: 2015-03-29Download Site:...
View ArticleClik here to view.
Interesting XML Processing in Copy/Paste in Word and Outlook
This issue was not considered to be a security issue based on “Definition of a Security Vulnerability” in https://msdn.microsoft.com/en-us/library/cc751383.aspx as I have been told by Microsoft MSRC...
View ArticleClik here to view.
Advanced PDF Tricks (Video From TROOPERS15 Conference Included)
This repository (for now) is development home to some hand-crafted PDF files. These PDFs should serve as study material for everybody who wants to learn about this format.more...
View ArticleClik here to view.
EvilAP_Defender
The tool basically helps wireless administrators to protect their networks from Evil APs (Evil Twin and any other similar attack including Infernal Wireless Attack). It can discover Evil APs which have...
View ArticleClik here to view.
Rig Exploit Kit Changes Traffic Patterns
Sometime within the past month, Rig exploit kit (EK) changed URL structure.more here.......https://isc.sans.edu/diary/Rig+Exploit+Kit+Changes+Traffic+Patterns/19533
View ArticleClik here to view.
Paper: Optical Delusions: A Study of Malicious QR Codes in the Wild
Abstract—QR codes, a form of 2D barcode, allow easy interactionbetween mobile devices and websites or printed materialby removing the burden of manually typing a URL or contactinformation. QR codes are...
View ArticleClik here to view.
Paper: Opaque Control-Flow Integrity
Abstract—A new binary software randomization and ControlFlowIntegrity (CFI) enforcement system is presented, whichis the first to efficiently resist code-reuse attacks launched byinformed adversaries...
View ArticleClik here to view.
Exploit for CVE-2014-6271, Bash "ShellShock" Remote Code Execution
This is an exploit for the well known "ShellShock" vulnerability in BASH, specifically, targetting CGI scripts. You can see this code is recycled in the MoovMisManage exploit. The interesting/fun bit...
View ArticleClik here to view.
CRIMEWARE-AS-A-SERVICE CAROUSEL
Invincea reviews thousands of security events per day from the more than one million Dell commercial endpoints running our software around the world. Invincea prevents hundreds of infections per day-...
View ArticleClik here to view.
CARISIRT: Request for Logs
Over the past couple weeks, we have been tracking a possible re-emergence of a threat group originating from China: CZT. The security team here at CARI.net has done extensive research on this threat...
View ArticleClik here to view.
notepad++ website hacked (inclusive Boy George's "Karma Chameleon" Song)?
Hacked by Chameleon Liberation Front Here......http://notepad-plus-plus.org/
View ArticleClik here to view.
CVE-2015-0225: Apache Cassandra remote execution of arbitrary code
CVE-2015-0225: Apache Cassandra remote execution of arbitrary codeSeverity: ImportantVendor:The Apache Software FoundationVersions Affected:Cassandra 1.2.0 to 1.2.19Cassandra 2.0.0 to 2.0.13Cassandra...
View ArticleClik here to view.
“Fancybox for WordPress Has Expired” Infection
Today I began to notice quite a massive and very unusual attack that leverages vulnerabilities in older versions of the FancyBox for WordPress plugin.As you might know, versions 3.0.2 and older of this...
View Article