Nice read on changing network topology that can make lateral movement in targeted attacks more difficult
...
Type: Posts; User: prashant_uniyal
Nice read on changing network topology that can make lateral movement in targeted attacks more difficult
...
Smart meters widely used in Spain can be hacked to under-report energy use, security researchers have found. Poorly protected credentials inside the devices could let attackers take control over the...
Sharing : python socket.recvfrom_into() remote buffer overflow
#!/usr/bin/env python
'''
# Exploit Title: python socket.recvfrom_into() remote buffer overflow
# Date: 21/02/2014
# Exploit...
May be this new documentation on bypassing EMET help you :)
http://bromiumlabs.files.wordpress.com/2014/02/bypassing-emet-4-1.pdf
Less than a week after uncovering Operation SnowMan, the FireEye Dynamic Threat Intelligence cloud has identified another targeted attack campaign — this one exploiting a zero-day vulnerability in...
SQL injection is a highly coveted type of attack. Plenty of resources exist to take advantage of an injection on common DBMS (MySQL, Oracle, MS SQL, etc). But, I could not find a resource targeting...
Here are some other links:
http://www.malwaredomainlist.com/mdl.php
http://www.malwareblacklist.com/showMDL.php
http://support.clean-mx.de/clean-mx/viruses.php
http://malc0de.com/database/...
A few days ago, we found an Android Trojan using brand new method to modify devices’ boot partition and booting script file to launch system service and extract malicious application during the early...
The Tor network is an anonymising network that allows people to browse the web and access other services without being traced. As part of this network, there is the so called 'darknet', servers only...
Virus analysts of the Russian anti-virus company Doctor Web have discovered the world's largest botnet comprised of Android handhelds. To date, over 200,000 smart phones have been infected with...
Sure. A tutorial from you on this will be helpful.
You can view the page at http://www.garage4hackers.com/content.php?r=155-Google-Chrome-Denial-Of-Service-(DoS)
Here's a nice read on stealing user certificates with meterpreter mimikatz extension
Security and Networking - Blog - Stealing User Certificates with Meterpreter Mimikatz*Extension
OWASP Top Ten for 2013 has been released. Here is the Top Ten list:
A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct...
Yesterday, EC Council was reported to have been compromised by a hacker called “Godzilla”. The site that got hacked was the Academy site of EC Council i.e eccouncilacademy.org
Read complete...
Article by Tavis Ormandy on Introduction to windows kernel security research
Tavis Ormandy: Introduction to Windows Kernel Security Research
Nir goldshlager from Break Security uncovers some stored XSS on Facebook
Stored XSS In Facebook Chat, Check In, Facebook Messenger | Break Security
Using xss-protection and blocking/bypassing javascript code | #XSS #protection #webappsec
Using xss-protection and blocking/bypassing javascript code
Attacks against WordPress sites began last week, when some Web hosts and security experts reported brute-force attacks against administrative credentials using a combination of “admin” as a user...
A nice read on exploitation on Mac OS X. Thought of sharing it while I was searching for some study material on Mac exploitation :)
Evocam Remote Buffer Overflow on OSX
Is the firewall turned on on the other machine?
Though I have seen at scenario where you have most favor against you, you need to carry out SE attacks like browser based etc. This video Series on...
Hello,
Looks you are into a lot of mess. Since I used ADSL router sometime back, I had easy access on VMs in the host machine using bridge option in the VMware. For using RHOST over a remote IP...
A must read for all wardrive fans out there! :)
Wardrive, Raspberry Pi Style! - SpiderLabs Anterior
Security expert Kafeine of Malware Don’t Need Coffee website has identified a new 0 day in Java. The vulnerability affects the latest Java 1.7 and it has been found on a website that allegedly...
Not getting much of your question. Could you please elaborate more. Like are you talking about injecting payloads or exploit packs on the hacked sites and taking advantage of the vulnerability on...