Archive | Windows Hacking


24 September 2010 | 28,475 views

Microsoft Warns Of ASP.Net Vulnerability In The Wild – Cryptographic Padding Attack

There seems to be a fairly serious attack being exploited in the wild that targets vulnerable ASP.Net web applications, so far there is a temporary fix but no official announcement on when a patch will be issued. The next scheduled patches should be pushed out on October 12th. If you had set up your server [...]

Continue Reading


08 September 2010 | 6,655 views

Microsoft Investigates IE CSS Cross-Origin Theft Vulnerability

There’s a lot of circumstantial evidence surround this as Microsoft themselves haven’t clarified or publicly announced anything related to the CSS Cross-Origin Theft bug – but it seems fairly clear. Some media sources are quoting it as a ‘new bug‘ – which it isn’t, according to other sources it has been known about for at [...]

Continue Reading


25 August 2010 | 10,586 views

Windows Binary Planting DLL Preloading/Hijacking Bug

The big news that is turning the infosec world inside out this week is about a new DLL pre-loading/hijacking bug which effects more than 200 Windows applications including some produced by Microsoft itself. The basis of this exploit is the way in which Windows works and how it loads DLL files used by many applications, [...]

Continue Reading


11 August 2010 | 5,927 views

Microsoft Fixes SSL Spoofing Renegotiation Bug

Well this flaw was first publicized in November last year, it was successfully used against Twitter in the same month. IETF completed the SSL vulnerability fix in January this year and now in August – 10 months after the original release of the flaw – Microsoft has stepped up and fixed it. The fix is [...]

Continue Reading


23 July 2010 | 8,750 views

Microsoft Confirms Windows Zero Day Bug In Shortcut Files

This is a pretty nasty attack and for once Microsoft have actually acknowledged and confirmed this is a critical unpatched vulnerability. Incidentally Microsoft also recently retired Windows XP SP2 from the support cycle, and this vulnerability effects that system and they have stated they will not be patching it. It’s a pretty serious bug and [...]

Continue Reading


16 July 2010 | 11,829 views

Metasploit Framework 3.4.1 Released – 16 New Exploits, 22 Modules & 11 Meterpreter Scripts

The Metasploit Project is proud to announce the release of the Metasploit Framework version 3.4.1. This release sees the first official non-Windows Meterpreter payload, in PHP as discussed last month here. Rest assured that more is in store for Meterpreter on other platforms. A new extension called Railgun is now integrated into Meterpreter courtesy of [...]

Continue Reading


18 June 2010 | 10,560 views

Windows Help Vulnerability Exploited In The Wild

So the other big news this week apart from the AT&T iPad/iPhone 4 screw-up is that a recently announced critical vulnerability in Windows XP is being exploited in the wild. It was disclosed fairly recently and is a vulnerability in the Windows XP help system disclosed by Tavis Ormandy, a Google researcher who has appeared [...]

Continue Reading


14 June 2010 | 17,883 views

Microsoft Installs Firefox Add-on Without Asking During Recent Patch Tuesday

It’s not the first time Microsoft has had some issues with Firefox and add-ons they installed on users machines through Windows Update. Back in October of last year, Mozilla forcefully disabled a .NET add-on as it was causing ‘instability’ rather a security/vulnerability issue. I did notice the issue with my own Firefox and also noticed [...]

Continue Reading


09 June 2010 | 9,665 views

Microsoft Patches At Least 34 Bugs Including Pwn2Own Vulnerability

What a massive mother-load of patches Microsoft has unleashed on this month patching more than 34 security vulnerabilities including the fairly high profile vulnerability exploited at the Pwn2Own contest earlier this year in April. Good news as long as all the average Internet users actually use Windows Update and install the latest patches, which somehow [...]

Continue Reading


26 May 2010 | 14,214 views

Bruter v1.0 Final Released – Parallel Network Login Brute Forcing Tool

We wrote about Bruter v1.0 ALPHA version back in 2008, recently they announced the release of v1.0 Final! Bruter is a parallel network login brute-forcer on Win32. This tool is intended to demonstrate the importance of choosing strong passwords. The goal of Bruter is to support a variety of services that allow remote authentication. It [...]

Continue Reading