The big news recently is that someone has finally managed to pop the formidable Chrome browser, as we know from following Pwn2Own – it’s been safe for 3 years in a row. It has a sandbox, ASLR and DEP and that’s a pretty heavy combination to keep users safe from malicious software coming in via […]
Exploits/Vulnerabilities
sslsnoop v0.6 – Dump Live Session Keys From SSH & Decrypt Traffic On The Fly
sslsnoop dumps live session keys from openssh and can also decrypt the traffic on the fly. Works if scapy doesn’t drop packets. using pcap instead of SOCK_RAW helps a lot now. Works better on interactive traffic with no traffic at the time of the ptrace. It follows the flow, after that. Dumps one file by […]
Sony PlayStation Network Hack Resulted In Stolen User Data & Lawsuit
So after our report on Monday – Sony Rebuilding PlayStation Network (PSN) – Down 4 Days So Far – news had been spilling out about this whole thing pretty much non-stop. It appears the network is still down and there was some serious data loss including user data for millions of users being stolen. All […]
BodgeIt Store – Vulnerable Web Application For Penetration Testing
There are various vulnerable web applications such as Jarlsberg, WackoPicko, Damn Vulnerable Web Application (DVWA), Vicnum, etc. Now we have another application that is vulnerable and ready to be exploited! The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to penetration testing. Features Easy to install – […]
Adobe Patches Latest Flash Zero Day Vulnerability
There’s been a lot of news about this Adobe Flash Player vulnerability as apparently it has been exploited in the wild and Adobe were willing to push out an out-of-band patch for it – which means in their eyes it is really serious. They don’t have a great reputation for testing their software before releasing […]