Garage4hackers Forum - Home

Menu
G4H Tutorial and Papers

G4H Tools and Scripts

G4H Exploits

CTF & Meet Writeups

Google Vulnerabilities

Teensy

Bug Bounty Listing

Web Application Security
Recent Blog Posts

DEP ASLR bypass without ROP JIT : CanSecWest2013 Slides and Analysis

I have my own talk from CanSecwest to blog about but this one is more interesting and the most...
fb1h2s 03-08-2013 05:03 AM

SQL Injection Vulnerability in ebay

Title: SQL Injection Vulnerability in eBay.com sub domains Author: Yogesh D Jaygadkar Reported:...
Inxroot 01-26-2013 12:06 AM

Reliable PHP Exploitation from Windows XP to Windows 7

Theexploit code for PHP <= 5.4.3 (com_event_sink) Code Execution 82307: PHP com_event_sink Function...
Rashid bhatt 01-11-2013 07:11 PM

Password Reset Vulnerability in etsy.com

Hi Friends & All Big Bros Yesterday i received my first white hat bounty from etsy.com for...
Inxroot 01-08-2013 05:36 PM

Home

DEP ASLR bypass without ROP JIT : CanSecWest2013 Slides and Analysis

by
fb1h2s
Published on 03-08-2013 12:15 PM    Number of Views: 1457

I have my own talk from CanSecwest to blog about but this one is more interesting and the most awaited one. So here are ...

Read More

Fuzzing DTMF Detection Algorithms .

by
fb1h2s
Published on 02-04-2013 01:36 PM    Number of Views: 664

My ekoparty.org [Argentina] and NU[Delhi] talk and also Ruxcon [Australia] and BlackHat [Abhudabi] which I could't make ...

Read More

Beginners Guide to "Use after free Exploits #IE 6 0-day #Exploit Development"

by
fb1h2s
Published on 11-15-2012 02:49 PM    Number of Views: 4963

Yea right!

Last week a friend asked few queries regarding use after free vulnerabilities, . It's been ...

Read More

Twitter Translation Center CSRF (Change Badge and Notification Settings)

by
prakhar
Published on 10-20-2012 03:31 PM    Number of Views: 626

On 28th September 2012, I found a Cross-Site Request Forgery vulnerability on http://translate.twttr.com which is the Twitter ...

Read More

Understanding Padding Oracle Attack - Attack on Encryption in CBC mode

by
sebas_phoenix
Published on 10-10-2012 10:12 AM    Number of Views: 1727

Before we begin , a few terminologies that we should be familiar with. An Oracle is just a theoritical black box in Cryptography ...

Read More 1 Comment

Teensy USB HID for Penetration Testers - Part 5 - Advanced Windows Payloads of Kautil

by
SamratAshok
Published on 09-02-2012 05:08 PM    Number of Views: 1545

This is the fifth post in the series of Teensy USB HID for Penetration Testers. Sorry for the gap between this and the last ...

Read More 1 Comment

Web-App Remote Code Execution Via Scripting Engines Part -1: Local Exploits PHP 0-day

by
fb1h2s
Published on 08-20-2012 07:22 PM    Number of Views: 2756

This would be part-1 one of my C0C0n talk , where I demonstrated few PHP 0-days, Local and Remote . The entire concept ...

Read More 1 Comment

Hacking RFID Acces Door . Personal Diary #Non-Technical.

by
fb1h2s
Published on 08-16-2012 07:08 PM    Number of Views: 2168

I stopped blogging when I realized that the articles I put up here could be turned into papers and I could use that to speak ...

Read More 2 Comments

Internal Attacks via IVR systems [ Security Vulnerabilities in IVR Applications]

by
fb1h2s
Published on 03-28-2012 09:50 AM    Number of Views: 2519

Am putting down Demo videos along with few important slides form my BlackHat 2012 presentation .

My presentation ...

Read More 2 Comments

Binary Analysis of Oracle Java CVE: 2012-0500 and Alternate Exploitation on Win|Linux

by
fb1h2s
Published on 03-09-2012 02:41 AM    Number of Views: 1601

Main():

Java Webstart recently had critical security update in it's Webstart module Oracle Java Critical ...

Read More

Gmail XSS vulnerability through Content Sniffing

by
41.w4r10r
Published on 03-12-2012 07:46 PM    Number of Views: 2782

Hi all,

a few months before i found this vulnerability which was reported to google and patched (Basically ...

Read More 2 Comments

Bloodshed Dev-C++ 4.9.9.2 Compiler Analysis [Reversing Engineering Tips] Part-I

by
nishant
Published on 03-02-2012 01:12 PM    Number of Views: 1926

Okay folks,

This is one idea that came to my mind. Its pretty simple, I'm trying to write some sample programs ...

Read More

Google Email Recovery Vulnerability (Removing Secondary E-mail Address -Self Exploit

by
[s]
Published on 12-22-2011 11:59 AM    Number of Views: 5228

#Title: Google Email Recovery Vulnerability (Removing Secondary E-mail Address -Self Exploitation)
#Author: Sandeep ...

Read More 5 Comments

Enumerating and Breaking VoIP

by
sohil_garg
Published on 11-21-2011 03:03 PM    Number of Views: 2960

Introduction

Voice over Internet Protocol (VoIP) has seen rapid implementation over the past few years. Most ...

Read More 7 Comments

Windows 8 DEP bypass

by
"vinnu"
Published on 11-19-2011 06:58 AM    Number of Views: 2464

This Time we'll colour our hands with the blood of windows 8 Developer's Preview edition. What we need , a target application, ...

Read More 1 Comment

Identifying Load Balancers - How to tell if the target host is behind a load balancer

by
abhaythehero
Published on 10-27-2011 10:09 AM    Number of Views: 2874

Credits to Joe McCray and his Defcon 18 talk

1. Use dig command
Look for multiple addresses ...

Read More 2 Comments

WebBackdoors , Attack, Evasion and Detection:

by
fb1h2s
Published on 09-29-2011 08:02 AM    Number of Views: 4206

Abstract: This paper provides insight on common web back doors and how simple manipulations could make them undetectable ...

Read More

ASLR DEP bypassing techniques

by
"vinnu"
Published on 09-29-2011 10:24 AM    Number of Views: 1601

In defeating DEP you atleast need some information that will evade the ASLR.
There are mainly two ways:
...

Read More

SEH Overflow exploit POC Part 1

by
m0nna
Published on 09-20-2011 07:10 AM    Number of Views: 2004

On 18th Jan 2011, somebody named “h1ch4m” reported a stack based overflow vulnerability in “PDF All to mp3 converter” via ...

Read More

EBay Persistent Cross Site Scripting (Filter Bypass)

by
fb1h2s
Published on 08-18-2011 10:29 AM    Number of Views: 2363

POC Code to Steel Cookies:

Vulnerability Effects:
1) User cookies could be retrieved ...

Read More 1 Comment

G4H Twitter
Latest Posts

Open challenge to Design the logo for Ground Zero Summit

Hello All!

The GroundZero Summit (G0S) is an international platform for Information Security professionals showcasing their research, products and case studies to industry leaders, policy makers,...
GroundZeroS Today, 12:26 PM

Hi rohit nice to meet here!! I have also a keen...

Hi rohit nice to meet here!! I have also a keen interest in this area. So i think i must gain some knowledge from you and you gain some knowledge from me regarding linux server
pragyaware Yesterday, 11:47 AM

Yeh i need your help. I have a code that is...

Yeh i need your help. I have a code that is dynamically generating objects to a browser and carrying all the mutations (dynamically). It takes huge time to crash browser. Tell me how to reduce the...
"vinnu" Yesterday, 10:44 AM

Fixed. Thanks for notifying it Rahul. Text colour...

Fixed. Thanks for notifying it Rahul. Text colour was the issue.
b0nd Yesterday, 10:41 AM

Thanks Mr. GOD. Admins plz. move this post to...

Thanks Mr. GOD. Admins plz. move this post to noobs section.
b0nd Yesterday, 10:37 AM

All times are GMT +5.5. The time now is 05:27 PM.

Powered by vBulletin® Version 4.1.7
Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.
Content Relevant URLs by vBSEO

Copyright 2010 - 2012, Garage4Hackers