View RSS Feed

Most Popular Blogs

  1. First Nullcon Experience

    i was a part of infosec community for over a year. And many times i came across the people who told me about this amazing tech convention which was held in Goa march every year. This got me really excited for the NULLCON.

    So i did little research about nullcon and how to get entry in this event. So i got to know that there ware passes available to get in the event. But at that time i was not able to afford the passes so i dropped the idea to go in nullcon. But later on i heard about ...

    Updated 03-16-2017 at 09:00 PM by 41.w4r10r

    Categories
    Uncategorized
  2. CVE-2015-2652 Unauthenticated File Upload in Oracle E-business Suite.

    Quote Originally Posted by [s] View Post
    During my regular job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability remotely.

    Oracle released Critical Patch Update containing security fixes for the Oracle E-Business Suite. This vulnerability is remotely
    ...
    Tags: zap Add / Edit Tags
    Categories
    Uncategorized
  3. Heap Spray --- Slipping CPU to our pocket--by "vinnu"

    Heap Spray --- Slipping CPU to our pocket

    Author : "vinnu"
    Team : "Legion Of Xtremers" (LOXians)
    Greetz : Prashant Uniyal, b0nd, D4rk357, skylined

    Rootkit Information:

    IDE: any text editor
    Language : Javascript
    Targets: Web browsers


    As the name defines itself Heap Spray technique uses the spraying of heap memory
    with injection vector.
    Injection Vector: Nop sled + Shellcode ...
    Categories
    Uncategorized
  4. Demystifying The Ashi virus--"vinnu" PART II

    This is a google's free page uploading facility (http://sites.google.com/site). I loaded the .js file as an attatchment. But it contained nothing initially.It was meant for controlling the Botnet and commanding it later in forming the XSS tunnels. It was the second stage of two staged botnet formation.Note: The third party free sites are also useful to connect to a botnet if you do not have any dedicated server. In ur script file at free site like google,you can place a script that can redirect ...
    Categories
    Uncategorized
  5. Sql injection attacks compiled

    hii their this is ma first post on sql injection attacks hope its useful im $k2$ -A.K.A d@rK @nGel

    __________________________________________________ __________________________________________________ __________________________________________________ _________________
    ################################################## ###########################
    ################################################## ########################### ...
    Categories
    Uncategorized
  6. XSS threats on leading Indian mobile operators websites

    While passing by common websites, we had came across various security issues in them in the past. Be it a bug on Facebook, Flipkart or Indian Shopping sites, we have brought up many issues in the past and have responsibly disclosed them. This time while passing by few mobile operators website, we noticed Cross-site scripting a.k.a XSS, 2nd top on the OWASP top 10 list. These vulnerabilities can be noticed very easily and can be used by cyber crooks to execute malicious scripts on the website, and ...
    Categories
    Uncategorized
  7. Software Defined Radio - RTL-SDR with SDR# Setup on Windows

    When I was reluctant to post such basic post my friend forced me to write this article saying "people love basics articles also. Which you think would be known to all." So here goes nothing

    1) What is RTL-SDR

    If you know about RTL-SDR Skip to 3rd point directly.

    RTL - Realtek
    SDR - Software Defined Radio


    2) History and Discovery of RTLSDR (Source)

    It turns out that Antti Palosaari is perhaps not entirely ...
  8. 7 things about embedded/electronics projects that you might have mistaken

    Well I have not invested lots of years into embedded electronics. I was electronic enthusiastic but never done much into microcontroller and embedded stuff before 2011. By the end of 2011, I had ordered my Teensy (atmega based circuit with built in USB programmer interface). I had ordered Teensy basically to try USB based attack vectors by programming teensy as USB keyboard and trying to create a batch file on the victim computer and run it etc. Some good tools and frameworks have been written about ...
Page 11 of 11 FirstFirst ... 91011