Archive | Exploits/Vulnerabilities

Advertisements


12 March 2015 | 2,694 views

Rowhammer – DDR3 Exploit – What You Need To Know

So the big news this week was the release of details of a very clever hardware attack posted by Google’s Project Zero security initiative called Rowhammer. The impressive part is this is a hardware/manufacturing bug that has elevated to a software based attack. In simple terms Rowhammer is an attack that exploits physical weaknesses in […]

Continue Reading


07 March 2015 | 4,305 views

Santoku Linux – Mobile Forensics, Malware Analysis, and App Security Testing LiveCD

The word santoku loosely translates as ‘three virtues’ or ‘three uses’. Santoku Linux has been crafted with a plethora of open source tools to support you in three endeavours, mobile forensics, malware analysis and security testing. Boot into Santoku and get to work, with the latest security tools and utilities focused on mobile platforms such […]

Continue Reading


26 February 2015 | 855 views

Google Expands Pwnium Year Round With Infinite Bounty

There are various bug bounty programs, with Google being one of the forerunners in the field – Twitter was late to the party just joining in September 2014. The latest development is that Google is stopping the annual Pwnium hack fest aimed at the Chromium project to stop bug hoarding, which makes Pwnium essentially a […]

Continue Reading


30 January 2015 | 2,605 views

GHOST Vulnerability In glibc – Everything You Need To Know

So the big panic in the past week or so has been about this GHOST vulnerability in glibc which under certain circumstances can allow remote code execution (serious business!). So we’ve had Heartbleed, POODLE and Shellshock and now we have awfully cute GHOST. What is it? The CVE for GHOST is – CVE-2015-0235, the technical […]

Continue Reading


22 January 2015 | 2,034 views

Flash Zero Day Being Exploited In The Wild

This is not the first Flash Zero Day and it certainly won’t be the last, thanks to the Sandbox implemented in Chrome since 2011 – users of the browser are fairly safe. Those using IE are in danger (as usual) and certain versions of Firefox. It has been rolled into the popular Angler Exploit Kit, […]

Continue Reading


17 January 2015 | 4,615 views

OpenVAS 7 Released – Open Source Vulnerability Scanner

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 35,000 in total (as of April 2014). The OpenVAS Manager is the central […]

Continue Reading


15 January 2015 | 1,806 views

Google Leaves Android Users Vulnerable To WebView Exploit

So it seems the Google corporate motto/slogan “Don’t be evil” is falling down again, Google is adopting a very Microsoft-esque approach and orphaning users of older version of Android (basically anything before the current production version 4.4 AKA Kit Kat). Which is the majority of Android users right now, especially those using lower end devices […]

Continue Reading


13 January 2015 | 2,818 views

pwntools – CTF Framework & Exploit Development Library

pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. Command-line frontends for some of the functionality are available: asm/disasm: Small wrapper for various assemblers. constgrep: Tool for finding constants defined in header files. cyclic: […]

Continue Reading


08 January 2015 | 5,727 views

ATM Hacked Using Samsung Galaxy S4 & USB Port

A pretty interesting black box daughter board attack on ATM via USB, the crowd cry ATM Hacked! Yah it was, and it was triggered using a mobile phone to actually activate the attack, showing it’s fairly complex and also abstracting the actual attacker from being physically there. The guy carrying the black box can’t actually […]

Continue Reading


09 December 2014 | 2,431 views

InsomniaShell – ASP.NET Reverse Shell Or Bind Shell

InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either an ASP.NET reverse shell or a bind shell. ASP.NET is an open source server-side Web application framework designed for […]

Continue Reading


Advertisements