Archive | Exploits/Vulnerabilities


09 December 2014 | 893 views

InsomniaShell – ASP.NET Reverse Shell Or Bind Shell

InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either an ASP.NET reverse shell or a bind shell. ASP.NET is an open source server-side Web application framework designed for […]

Continue Reading


04 December 2014 | 3,582 views

Sony Pictures Hacked – Employee Details & Movies Leaked

Sony hasn’t always had the best of times when it comes to being hacked, back in 2011 Sony basically had to rebuild the PlayStation Network (PSN) because of a hack which rendered the service off-line for almost a whole week. Plus the fact the PSN hack could have leaked up to 10 million user accounts […]

Continue Reading


02 December 2014 | 1,480 views

Gruyere – Learn Web Application Exploits & Defenses

This codelab is built around Gruyere – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The goal of this codelab is […]

Continue Reading


22 November 2014 | 1,252 views

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

So it’s been a while since we’ve talked about any flaws in WordPress – because usually they are pretty dull and require such an obscure set of circumstances, that they are unlikely to ever occur in the wild. The most recent time was this year actually, but was a DoS attack, which is not THAT […]

Continue Reading


13 November 2014 | 2,659 views

Microsoft Schannel Vulnerabilty – Patch It NOW

So yah, it seems like every implementation of TLS is broken and some may say this Microsoft Schannel vulnerabilty is actually worse than Heartbleed. Why is it worse you ask? Because it allows remote code execution, which honestly – is about as bad as it gets. This is a critical update, a really, really critical […]

Continue Reading


30 October 2014 | 1,784 views

Serious Linux/UNIX FTP Flaw Allows Command Execution

A lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client It’s a fairly unlikely set of circumstances however, and it […]

Continue Reading


25 October 2014 | 1,141 views

Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint

So the latest news is, don’t open any .ppt files if you aren’t entirely sure where they came from as there is a Microsoft Zero Day vulnerability in OLE (Object Linking and Embedding) handling in Microsoft Office that is currently being exploited in the wild by malicious Powerpoint slide decks. Not that anyone reading this […]

Continue Reading


16 October 2014 | 3,778 views

Everything You Need To Know About POODLE SSLv3 Vulnerability

So yah, it’s been quite a year – not long after Heartbleed and then Shellshock we now have POODLE SSLv3 vulnerability. Yes, that’s right – POODLE. It is actually an acronym this time though, yay (Padding Oracle On Downgraded Legacy). Is it a huge risk? Not really as it doesn’t allow any type of remote […]

Continue Reading


02 October 2014 | 2,961 views

OpenVPN Vulnerable To Shellshock Exploit

So last week the big news was about the cross platform exploit in BASH that we covered in our article – Everything You NEED To Know About Shellshock Bug In BASH. As mentioned in the comments, a certain combination of circumstances and configuration options can leave OpenVPN vulnerable to Shellshock. This could be a pretty […]

Continue Reading


26 September 2014 | 4,152 views

Everything You NEED To Know About Shellshock Bug In BASH

Shellshock (CVE-2014-6271) the bug in BASH is causing havoc on the Internet this week, as far as I’m concerned it’s a bit overstated – seriously how many people are still using cgi scripts? None I hope. I do suspect though a lot of shared hosts might get owned by this as most commercial control panel […]

Continue Reading