Archive | Exploits/Vulnerabilities

Advertisements


20 October 2015 | 2,110 views

OWASP WebGoat – Deliberately Insecure Web Application

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques. In each lesson, users must demonstrate their understanding of a […]

Continue Reading


01 October 2015 | 5,979 views

WinRAR Vulnerability Is Complete Bullshit

So Twitter exploded earlier with calls of a remote code execution WinRAR vulnerability leaving half a BILLION users open for some hardcore exploitation. I got interested (obviously..as that’s what I do here) and went to read about it, I have to call pretty sketchy, non-technical reporting from the The Register for once, it seems like […]

Continue Reading


24 September 2015 | 1,318 views

XcodeGhost iOS Trojan Infected Over 4000 Apps

So the recent XcodeGhost iOS Trojan Infection has escalated quickly, an initial estimate of 39 infected apps has rapidly increased to over 4000! You can see the FireEye announcement here: Protecting Our Customers from XcodeGhost XCodeGhost is the first instance of the iOS App Store distributing a large number of trojanized apps, the malicious/infected apps […]

Continue Reading


10 September 2015 | 1,637 views

WhatsApp Web vCard Vulnerability Exposed 200M Users

So it seems there was a lot of noise about the WhatsApp Web vCard Vulnerability with over 200 Million people using the desktop version of WhatsApp – it’s a fairly large cache of users to go after. Disclosed by Check Point security, the vulnerability is exploited by sending a vCard contact containing malicious code to […]

Continue Reading


28 July 2015 | 6,243 views

Mimikatz – Gather Windows Credentials

Mimikatz is a tool to gather Windows credentials, basically a swiss-army knife of Windows credential gathering that bundles together many of the most useful tasks that you would perform on a Windows machine you have SYSTEM privileges on. It supports both Windows 32-bit and 64-bit and allows you to gather various credential types. Techniques such […]

Continue Reading


23 July 2015 | 2,526 views

The Jeep HACK – What You Need To Know

So yah, the big news this week everyone is shouting about is about the Fiat Chrysler Automobiles (FCA) owned Jeep Hack involving the new Cherokee which has remote control software which allows access to the engine, aircon, audio system and brakes – basically the whole car can be controlled remotely as long as you know […]

Continue Reading


21 July 2015 | 1,119 views

Dharma – Generation-based Context-free Grammar Fuzzing Tool

Dharma is a tool used to create test cases for fuzzing of structured text inputs, such as markup and script. It takes a custom high-level grammar format as input, and produces random well-formed test cases as output – it can be used as a grammar fuzzing tool. API programming is complex and subtle programming mistakes […]

Continue Reading


09 July 2015 | 7,186 views

Hacking Team Hacked – What You Need To Know

So the Internet has been blowing up for the last few days about an Italian information security company called Hacking Team getting pwned – they were already pretty famous for their software RCS (Remote Control Software) also known as Galileo. In modern digital communications, encryption is widely employed to protect users from eavesdropping. Unfortunately, encryption […]

Continue Reading


04 July 2015 | 1,463 views

AddressSanitizer – A Fast Memory Error Detector

AddressSanitizer (aka ASan) is a very fast memory error detector for C/C++, Tthe average slowdown of the instrumented program is ~2x. The tool works on x86 Linux and Mac, and ARM Android. AddressSanitizer is based on compiler instrumentation and directly-mapped shadow memory. The tool consists of a compiler instrumentation module (currently, an LLVM pass) and […]

Continue Reading


18 June 2015 | 4,807 views

Apple’s Password Storing Keychain Cracked on iOS & OS X

And another password shocker, a few days after ‘cloud’ password service LastPass was pretty seriously hacked (yah if you’re using it, change your master password) critical 0-day flaws in Apple’s password storing keychain have been exposed. Which is kinda funny, as after the LastPass hack I saw some people espousing the usage of Apple’s keychain […]

Continue Reading


Advertisements