View RSS Feed


Entries with no category

  1. Sms to Shell fuzzing USB internet modems

    Attachment 639

    Offensively focused research is of high importance mainly because of the increase in no of targeted attacks. This blog focus on an innovative new attacks surface [USB Data Modems] that could possibly be a potential target to attacks in the future.

    We would not be releasing the POC exploit we have found on various modem devices for another 3 months, mainly because there is no autoupdate mechanism available on ...
  2. A weekend with Cisco Meraki Bug Bounty, a tale of few web bugs .

    I was not much interested in bug bounties but the fact that I was interested in learning about Cloud Based products, and going through meraki made me a lot interested in there service. Meraki is a "cloud-managed network infrastructure company," whose products are designed to provide large-scale, distributed wired and wireless networks. An application to manage networks from cloud is big and cool to experiment for a hacker.

    So I decided to spent a week end of mine [ May ...
  3. DEP ASLR bypass without ROP JIT : CanSecWest2013 Slides and Analysis

    I have my own talk from CanSecwest to blog about but this one is more interesting and the most awaited one. So here are the slides, I will add my own analysis and test cases to this blog entry later. Interesting thing is we had this technique discussed on garage in november .

    Yu Yang @tombkeeper did a demo of the technique on Ms013-08 and it does not ever need a heap spray for his ASLR/DEP bypass ...
  4. Beginners Guide to "Use after free Exploits #IE 6 0-day #Exploit Development"

    Yea right!

    Last week a friend asked few queries regarding use after free vulnerabilities, . It's been a while I wrote a tutorial so taught of cooking a beginners guide this week end. I wanted a live target for the tutorial so my plans were to run my fuzzer on an old version of IE 6, since it is easy to find a bug in and it's not worth to blog out any new versions 0-day . Any way I picked up the first test case IE crashed on and ...
  5. Max OSX 64 bit ROP Payloads.

    6 Months back I did a presentation on Mac OSX 64 bit ROP shellcodes at Null Monthly meet, where I took two different session explaining 64 bit architecture in detail and Mac OSX 64 Rop Shellcode. Today I was browsing through some old stuffs and came across the PPT I used back then. The slides only contains the first day's presentation and I can't find the second days PPT .

    Am sharing it over here. There is nothing new. ...
  6. Fuzzing DTMF Detection Algorithms .

    My [Argentina] and NU[Delhi] talk and also Ruxcon [Australia] and BlackHat [Abhudabi] which I could't make it .
    Name:  mqdefault.jpg
Views: 5960
Size:  6.0 KB

    What is this paper about:

    Input validation attacks and memory corruption attacks are common, and the
    criticality of finding a DOS attack on a service like HTTP is consider a lot critical
    considering the attack surface and easiness of attack. Even if we could trigger an
    exception in an ...
    Attached Thumbnails Attached Images   
  7. Web-App Remote Code Execution Via Scripting Engines Part -1: Local Exploits PHP 0-day

    This would be part-1 one of my C0C0n talk , where I demonstrated few PHP 0-days, Local and Remote . The entire concept of the talk was demonstrating attacks on WebApplications via scripting engines.

    In a common Webapp test we manipulates Input , that a common end user controls and check for responses from the app. But since these data passed are processed by the PHP,ASP engines that are used to build these apps. We ...
  8. Hacking RFID Acces Door . Personal Diary #Non-Technical.

    I stopped blogging when I realized that the articles I put up here could be turned into papers and I could use that to speak at conferences[#travel-the-world #meet-people ] . And therefore frequency of my blogging came down. Anyways this a real incident that happened to me yesterday, not much of technical content but a good read if you'r interested in physical security devices.

    I Was trapped between two RFID doors for 5 long hrs without my access cards yesterday and I finally broke ...
  9. My Euro Trip 2: HITB [Hack In The Box Amsterdam]

    Here goes my second part the HITB ventures , could read the BLackhat diary form here.

    I was in Europe twice this year , in March for BlackHat Presenting on IVR Security. And in May for HITB presenting on "CXML VXML Auditing" . So now many months since these conferences have ended and I finally got some time, I have managed to write up my thoughts on them.
  10. My Euro Trip 1: BlackHat Europe Experiences.

    I was pretty caught up with few office, personal stuffs that I could not find time to blog on my BlackHat ventures .

    I was in Europe twice this year , in March for BlackHat Presenting on IVR Security: Internal Network Attack via Phone Lines. And in May for HITB presenting on "CXML VXML Auditing" . Both the events were fun and met lot of Hacker Ninjas, and that ...
Page 2 of 4 FirstFirst 1234 LastLast