View RSS Feed

Most Popular Blogs

  1. Garage4Hackers CTF Web Level 1 challenge result

    Quote Originally Posted by [s] View Post
    The Garage4Hackers CTF level 1 challenge came to life on 25th December, 2013 at 10:30 PM IST. It saw nice participation from across the globe with some really creative attempts to crack the challenge. It took us some serious judging to filter out the top attempts. Finally we are done with it. And now we are pleased to announce the results of our Level 1 challenge !!

    The Challenge was 54.197.234.66/index.php?wish=hohohoSanta :

    To try to execute simple PHP code or pwn
    ...
  2. Low hanging Web Application bugs in Digital Cable :Hacking Cable TV Networks Part 1

    Hacking your cable TV Networks: Low Hanging Web Application bugs in Digital Cable TV.


    Check out previous blog :http://www.garage4hackers.com/entry.php?b=2830
    Hacking Your Cable TV Networks : HITB Security Conference Part 0.


    We did two presentations on the security issues in Digital Cable TV network back in February at Nullcon[Goa] and another at HITB [Amsterdam ] . We disclosed few of the many security issues we reported to a large cable network ...
    Categories
    Uncategorized
  3. Fuzzing DTMF Detection Algorithms .

    My ekoparty.org [Argentina] and NU[Delhi] talk and also Ruxcon [Australia] and BlackHat [Abhudabi] which I could't make it .
    Name:  mqdefault.jpg
Views: 4336
Size:  6.0 KB


    What is this paper about:

    Input validation attacks and memory corruption attacks are common, and the
    criticality of finding a DOS attack on a service like HTTP is consider a lot critical
    considering the attack surface and easiness of attack. Even if we could trigger an
    exception in an ...
    Attached Thumbnails Attached Images   
  4. Beginners Guide to "Use after free Exploits #IE 6 0-day #Exploit Development"


    Yea right!

    Last week a friend asked few queries regarding use after free vulnerabilities, . It's been a while I wrote a tutorial so taught of cooking a beginners guide this week end. I wanted a live target for the tutorial so my plans were to run my fuzzer on an old version of IE 6, since it is easy to find a bug in and it's not worth to blog out any new versions 0-day . Any way I picked up the first test case IE crashed on and ...
    Categories
    Uncategorized
  5. Penetration Testing Biometric System: Part II:- Remotel Attacks


    Continued from


    Biometrics: The Technical part:

    Remote Attack: The attack vectors.



    This would be the basic architecture of an IP based remote management protocol of these systems.

    So here the attack points would be as follows,
    1) IP implementation for data transfer
    2) Biometric Management Servers
    3) Biometric Admin/Interface
    ...
    Categories
    Uncategorized
  6. Web-App Remote Code Execution Via Scripting Engines Part -1: Local Exploits PHP 0-day


    This would be part-1 one of my C0C0n talk , where I demonstrated few PHP 0-days, Local and Remote . The entire concept of the talk was demonstrating attacks on WebApplications via scripting engines.

    In a common Webapp test we manipulates Input , that a common end user controls and check for responses from the app. But since these data passed are processed by the PHP,ASP engines that are used to build these apps. We ...
  7. Pentesting a DVB-C network .Hacking your cable TV Network Part 1

    Here is my ekoparty video on hacking cable tv networks .




    DVB-C stands for "Digital Video Broadcasting - Cable" and it is the DVB European consortium standard for the broadcast transmission of digital television over cable. This system transmits an MPEG-2 or MPEG-4 family digital audio/digital video stream, using a QAM modulation with channel coding. The standard was first published by the ETSI in 1994, and subsequently became ...
    Categories
    Uncategorized
  8. Cracking a Captcha . Nullcon| EMC2 CTF 2015

    Last week EMC2/nullcon CTF got over . Even though I really wanted to I did not have enough time to play the ctf. I was/am busy working on my "hacking Drones" research for Nullcon .
    http://nullcon.net/website/goa-15/sp...rahul-sasi.php


    Last year I was one among the top 30 finilist of EMC2 defenders league and stood 5th in the final ranking.
    https://www.facebook.com/photo.php?f...type=1&theater ...
    Categories
    Uncategorized
  9. Maldrone the First Backdoor for drones.

    Hi Guys,

    Introduction:

    You read it right. I am going to give a quick demo for the first ever drone backdoor aka Maldrone [Malware Drone] .

    There are over 70 nations building remotely controllable drones. Most of these drones are capable of making autonomous decisions. Countries buy drones from there neighbors. What are the possibilities that there could be a backdoor in the drone you brought. What are the possible ways you can backdoor a drone. What ...
    Categories
    Uncategorized
  10. How the Internet Bug bounty Killed an Exploit Kit.

    Name:  BUGCROWD.jpg
Views: 5684
Size:  10.5 KB
    It is been 4 years since the Internet [Web] bug bounty programs kicked in. It would be great to see what changes it has brought to the Security community. From what I understood is the most no of reported bugs to bug-bounty programs are XSS . Yes Cross Site scripting. We are writing about an Infamous Phishing/Exploit kit named Chillyfisher that was used by few APT groups that utilized xss and phishing emails to hack their targets.

    Name:  exploit-kits.jpg
Views: 7802
Size:  49.3 KB ...
    Categories
    Uncategorized
    Attached Thumbnails Attached Images  
Page 2 of 11 FirstFirst 1234 ... LastLast