Archive | Windows Hacking


23 May 2006 | 23,064 views

hackers playground… windows?

Only as I am writing these lines I can imagine some people who will start laughing when reading this article… But my dear friends this may be the real thing… will see who will laugh 10 years from now… I. Introduction This article was ment to be, because, as you will notice, more and more [...]

Continue Reading


23 May 2006 | 3,374 views

Trojan for the Word Vulnerability in the Wild

We all knew it was just a matter of time until the ‘thing’ was out. PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP. Microsoft confirmed today the existence of this vulnerability and [...]

Continue Reading


15 May 2006 | 3,407 views

Microsoft Patching Practises Come Under Fire

Aye…it’s not the first time. The question came up, is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins? Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of ‘misleading’ customers by not [...]

Continue Reading


04 May 2006 | 4,529 views

AV Firms Say Windows Vista Security Claims are Bullsh*t

It seems the faith in Microsoft from the security industry is at an all time low, not surprising really with the amount of flaws that have been coming out in both the OS and the crapware forced upon its users like Internet Explorer Exploder. Anti-virus firms at Infosec say they expect Vista and IE7 to [...]

Continue Reading


02 May 2006 | 4,414 views

Microsoft Shelves Support for RSA SecurID in Vista

Switchback? For the worst? Aww Microsoft would never compromise our security for the sake of convenience or their profit line right? Microsoft has shelved plans to include native support for RSA’s SecurID tokens in Windows Vista, even though the company has been trialling the technology for almost two years. In February 2004, Microsoft chairman Bill [...]

Continue Reading


02 May 2006 | 6,709 views

Proof of Concept for Internet Explorer Modal Dialog Exploit

Pretty interesting and imaginative way to exploit the flaw in IE…yeah I know linked to ActiveX again, all the more reason to use Firefox right? It just shows that the browser really is a point of entry, this could be useful for a penetration test, another way to show how easy it is to get [...]

Continue Reading


13 April 2006 | 4,699 views

New Critical MEGApatch fixes 10 Vulnerabilities in Internet Explorer

Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously. Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks. The Redmond, Wash., software giant sent [...]

Continue Reading


27 March 2006 | 6,888 views

Information about the Internet Explorer Exploit createTextRange Code Execution

Internet Storm Center’s always informative Diary has some good information. At the urging of Handler Extraordinaire Kyle Haugsness, I tested the sploit on a box with software-based DEP and DropMyRights… here are the results: Software-based DEP protecting core Windows programs: sploit worked Software-based DEP protecting all programs: sploit worked DropMyRights, config’ed to allow IE to [...]

Continue Reading


22 March 2006 | 6,050 views

Why Windows Vista ‘might’ Actually be Good

The main thing is the massive kernel overhaul, it’s actually adding some decent functionality and refining the architecture to become more like Linux! While the kernel in Vista is still primarily the same one as in Windows 2000 and XP, there have been some significant changes to tighten up security. Fewer parts of the OS [...]

Continue Reading


21 March 2006 | 19,779 views

pwdump6 version 1.2 BETA Released

Version 1.2 (Beta) of the pwdump6 software has been released. There are three major changes from the previous version: Uses “random” named pipes (GUIDs) to allow concurrent copies of the client to run. This is predominately for the next version of fgdump, which will be multithreaded. Will turn off password histories if the requisite APIs [...]

Continue Reading