View RSS Feed

All Blog Entries

  1. CVE-2015-0235 How to secure against Glibc Ghost Vulnerability

    CVE-2015-0235 Ghost (glibc gethostbyname buffer overflow) Vulnerability is serious cause for all Linux servers. This vulnerability leveraged to execute remote and code execution on the victim Linux server. The vulnerability found By Qualys Researcher and patched in GNU.

    What is the cause ?

    The bug is in __nss_hostname_digits_dots() function of function of the GNU C Library (glibc), and location of the path is file for non-reentrant version is nss/getXXbyYY.c , which ...
  2. Maldrone the First Backdoor for drones.

    Hi Guys,


    You read it right. I am going to give a quick demo for the first ever drone backdoor aka Maldrone [Malware Drone] .

    There are over 70 nations building remotely controllable drones. Most of these drones are capable of making autonomous decisions. Countries buy drones from there neighbors. What are the possibilities that there could be a backdoor in the drone you brought. What are the possible ways you can backdoor a drone. What ...
  3. Cracking a Captcha . Nullcon| EMC2 CTF 2015

    Last week EMC2/nullcon CTF got over . Even though I really wanted to I did not have enough time to play the ctf. I was/am busy working on my "hacking Drones" research for Nullcon .

    Last year I was one among the top 30 finilist of EMC2 defenders league and stood 5th in the final ranking. ...
  4. Garage4Hackers Year 2014 Timeline Presentation

  5. Pentesting a DVB-C network .Hacking your cable TV Network Part 1

    Here is my ekoparty video on hacking cable tv networks .

    DVB-C stands for "Digital Video Broadcasting - Cable" and it is the DVB European consortium standard for the broadcast transmission of digital television over cable. This system transmits an MPEG-2 or MPEG-4 family digital audio/digital video stream, using a QAM modulation with channel coding. The standard was first published by the ETSI in 1994, and subsequently became ...
  6. Software Defined Radio - RTL-SDR with SDR# Setup on Windows

    When I was reluctant to post such basic post my friend forced me to write this article saying "people love basics articles also. Which you think would be known to all." So here goes nothing

    1) What is RTL-SDR

    If you know about RTL-SDR Skip to 3rd point directly.

    RTL - Realtek
    SDR - Software Defined Radio

    2) History and Discovery of RTLSDR (Source)

    It turns out that Antti Palosaari is perhaps not entirely ...
  7. Writeup on Garage4Hackers Xmas / Dec Web Challenge 2014

    Quote Originally Posted by [s] View Post
    Ho Ho Ho, Xmas challenge ended. This challenge was all about of bypassing login authentication. Obviously, it was funny challenge!! And the obvious reason was password md5 hash. A footnote was there in source code.

        We are so generous, see we provided you password hash to login :) 0e100132199235687421930375421091
        if(0e100132199235687421930375421091 == md5($_GET['pass']))
          // Simple PHP CODE Logic 
  8. Hesperbot DGA : Everything is Dynamically generated using GA

    Hesperbot DGA : Everything is Dynamically generated using GA
    Our next contender for DGA series is Hesperbot. It generates all strings/object-names dynamically using various "Generation Algorithms"
    similar to DGA. Though its DGA differs from NGA (Name generation algorithm) used for name generation for objects like filenames, foldernames,
    mutexes etc.

    But both DGA & NGA utilises same seed generator. Hesperbot's DGA is free from date/time and generates ...
Page 3 of 14 FirstFirst 1234513 ... LastLast