Clik here to view.
Scanning Alexa's Top 1M for AXFR
In this blogpost we will discuss a simple information disclosure problem called unauthorized AXFR. This can be used to leak DNS settings of a particular target, thus revealing internal / private...
View ArticleClik here to view.
Compromised WordPress sites launch drive-by attacks off Pirate Bay clone
WordPress, the leading Content Management System, is one of cyber criminals’ favourite target when it comes to hacking websites.Contrary to some beliefs, it’s not because WordPress is a bad or...
View ArticleClik here to view.
Recovering deleted records from an SQLite database (updated)
In this slightly lengthy article I want to discuss how we can recover deleted records from an SQLite database, or rather how we can recover all records and distinguish between those that are live in...
View ArticleClik here to view.
toolsmith: Rapid Assessment of Web Resources (RAWR!)
Let’s put philosophy into action this month with Adam Byers’ RAWR (NJ Ouchn, our friend @toolswatch, is on the RAWR team too). I asked Adam for the typical tool author’s contribution to the column and...
View ArticleClik here to view.
OS X & iOS IOKit IOSurfaceRoot (available from sandbox) kernel code execution...
External method 0 of IOSurfaceRoot is IOSurfaceRootUserClient::create_surface. This method expects to receive an xml string which itdeserializes into an OSDictionary. It then passes that dictionary to...
View ArticleClik here to view.
SECUREDROP >= 0.3 - Possible Backdoor & Privileges Escalation by Unauth User
__________.__ .__ .__ __ .__ ________________ ________ \_ _____/| | | | |__|______/ |_|__| ____ \__ ___/ _ \ \_____ \ | __)_ | | | | | \____ \ __\ |/ ___\ | | / /_\ \ / | \ | \| |_| |_| | |_> > |...
View ArticleClik here to view.
Vulnerability in site leads to rcrypt packer source code dump
/__/\ /__/\ /_______/\ /_____/\ /___/\/__/\ /_____/\ /_____/\ \::\ \\ \ \\::: _ \ \\:::__\/ \::.\ \\ \ \\::::_\/_\:::_ \ \ \::\/_\ .\ \\::(_) \ \\:\ \ __\:: \/_) \ \\:\/___/\\:\ \ \ \ \:: ___::\ \\::...
View ArticleClik here to view.
Ceragon FibeAir IP-10 SSH Private Key Exposure (CVE-2015-0936)
# Ceragon FibeAir IP-10 SSH Private Key Exposure (CVE-2015-0936)## Product DescriptionCeragon produces a series of ruggedized, microwave backhaul devices usedto provide connectivity to mobile, IP-based...
View ArticleClik here to view.
PDF: TROJAN.DROPPER.BISONAL RAT
Bisonal is a malware whose primary purpose is to attack Japanese sites. It functions asa RAT (remote administrative tool) and communicates with its command-and-control(C&C) serverwithout the user...
View ArticleClik here to view.
RDP Cert Scan with nmap
We recently had a red team where we had a lot of RDP endpoints, but not many other endpoints. We had some time pressure, so we looked to see if nmap had a script (we didn’t see one) and wrote a python...
View ArticleClik here to view.
Android apps in sheep's clothing
We identified a security weakness in Android's approach of handling UI elements, circumventing parts of Android's sandboxing approach. While this attack is simple from a technical point of view, the...
View ArticleClik here to view.
.Net injection with Mono.Cecil
This may not be news for everyone but I find it interesting. Mono.Cecil is a impressive work and can provide a lot of cool features such as runtime .NET assembly manipulation. We can inject opcodes (IL...
View ArticleClik here to view.
Intercepting all System Calls by Hooking KiFastSystemCall
Usually I don't post things like this, but because KiFastSystemCall hooking only works on x86 systems and doesn't work on Windows 8 or above, it no longer has much use in malware. There are also...
View ArticleClik here to view.
Certificate Binary Posters (Part Seven)
Certificate revocation has been done in two primary ways Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) at least until some browsers stopped checking for...
View ArticleClik here to view.
Instrumenting Android Applications with Frida
As you may have heard, our latest publication the Mobile Application Hacker’s Handbook is out. When you’re writing a book you have to agree a number of things with the publisher beforehand, one of...
View ArticleClik here to view.
Security Audit Notes - OpenSSL v1.0.2a (latest) Issues - Advanced Information...
-=[Advanced Information Security Corp]=-Author: Nicholas LemoniasReport Date: 2/4/2015Email: lem.nikolas () gmail comIntroduction ==========During a source-code audit of the OpenSSL v1.0.2a...
View ArticleClik here to view.
Wordpress plugin Simple Ads Manager - SQL Injection
#Vulnerability title: Wordpress plugin Simple Ads Manager - SQL Injection#Product: Wordpress plugin Simple Ads Manager#Vendor: https://profiles.wordpress.org/minimus/#Affected version: Simple Ads...
View ArticleClik here to view.
Wordpress plugin Simple Ads Manager - Information Disclosure
#Vulnerability title: Wordpress plugin Simple Ads Manager - InformationDisclosure#Product: Wordpress plugin Simple Ads Manager#Vendor: https://profiles.wordpress.org/minimus/#Affected version: Simple...
View ArticleClik here to view.
Wordpress plugin Simple Ads Manager - Arbitrary File Upload
#Vulnerability title: Wordpress plugin Simple Ads Manager - Arbitrary FileUpload#Product: Wordpress plugin Simple Ads Manager#Vendor: https://profiles.wordpress.org/minimus/#Affected version: Simple...
View ArticleClik here to view.
Wordpress plugin Simple Ads Manager - Multiple SQL Injection
#Vulnerability title: Wordpress plugin Simple Ads Manager - Multiple SQLInjection#Product: Wordpress plugin Simple Ads Manager#Vendor: https://profiles.wordpress.org/minimus/#Affected version: Simple...
View Article