Archive | Windows Hacking


20 November 2014 | 1,101 views

Sparty – MS Sharepoint and Frontpage Auditing Tool

Sparty is an open source Sharepoint and Frontpage auditing tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web […]

Continue Reading


13 November 2014 | 2,660 views

Microsoft Schannel Vulnerabilty – Patch It NOW

So yah, it seems like every implementation of TLS is broken and some may say this Microsoft Schannel vulnerabilty is actually worse than Heartbleed. Why is it worse you ask? Because it allows remote code execution, which honestly – is about as bad as it gets. This is a critical update, a really, really critical […]

Continue Reading


25 October 2014 | 1,141 views

Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint

So the latest news is, don’t open any .ppt files if you aren’t entirely sure where they came from as there is a Microsoft Zero Day vulnerability in OLE (Object Linking and Embedding) handling in Microsoft Office that is currently being exploited in the wild by malicious Powerpoint slide decks. Not that anyone reading this […]

Continue Reading


04 August 2014 | 3,673 views

Windows Registry Infecting Malware Has NO Files

This is a pretty interesting use of the Windows Registry and reminds me a little of the transient drive-by malware used last year against Internet Explorer that left no files either – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. The main difference being, that wasn’t persistent and as it lived […]

Continue Reading


01 May 2014 | 775 views

Microsoft Confirms Internet Explorer 0-Day

So during the past weekend, Microsoft confirmed an Internet Explorer 0-day that is actually being used in targeted online attacks. Vulnerability in Internet Explorer Could Allow Remote Code Execution It will be interesting to see if they push an out of band patch for this one or just wait for the next Patch Tuesday. It’s […]

Continue Reading


19 February 2014 | 1,265 views

2 Different Hacker Groups Exploit The Same IE 0-Day

It hasn’t been too long since the last serious Internet Explorer 0-day, back in November it was used in drive-by attacks – Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks. And earlier last year there was an emergency patch issued – Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit. […]

Continue Reading


12 November 2013 | 1,557 views

Another IE 0-Day Hole Found & Used By In-Memory Drive By Attacks

So another IE 0-Day has been uncovered, and is in use in the wild for drive-by attacks on unwitting web users. I have to say, technically speaking, this attack is rather impressive – in terms of the exploit, the delivery method and the way that it runs. It retrieves the PE headers from a DLL […]

Continue Reading


10 September 2013 | 1,906 views

Google’s Chrome Apps – Are They Worth The Risk?

So there’s been a bit of debate lately about Google’s Chrome apps after the launch, most of you have probably heard of Chrome OS a while back with a few Chromebooks popping up here and there. Chrome Apps are the next generation of browser apps that can be run offline and eventually will be cross […]

Continue Reading


03 January 2013 | 1,066 views

Microsoft Rushes Out ‘Fix It’ For Internet Explorer 0-day Exploit

Pretty unusual for Microsoft but they’ve rushed out a fast fix for a 0-day Internet Explorer vulnerability which allows remote code execution and malware dropping. It doesn’t effect the latest version of Internet Explorer (9) but it effects all the common previous versions (6, 7 & 8) – which still accounts for the majority of […]

Continue Reading


17 August 2012 | 1,074 views

Microsoft Patches Critical Security Vulnerabilities In Windows, Office, IE, Exchange & SQL Server

Another huge raft of critical fixes has been pushed out by Microsoft across almost their entire range of products, including client and server side software and the Windows OS itself. It’s been a while since I’ve seen such a huge variety of security issues in one update including 5 critical vulnerabilities. If you are running […]

Continue Reading