China catches a lot of flack in the infosec World, mostly for being suspected of cyber-terrorism and for propagating nasty malware. Lately things have been getting more political especially during their tussle with Google over the whole ‘search freedom’ issue and censorship. The latest is that they are starting to check for compliance on a […]
WinAppDbg – Python Instrumentation Scripting/Debugging Tool For Windows
The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in […]
Windows Binary Planting DLL Preloading/Hijacking Bug
The big news that is turning the infosec world inside out this week is about a new DLL pre-loading/hijacking bug which effects more than 200 Windows applications including some produced by Microsoft itself. The basis of this exploit is the way in which Windows works and how it loads DLL files used by many applications, […]
DotDotPwn v1.0 – Directory Traversal Checker/Scanning Tool
A simple PERL tool which detects several Directory Traversal Vulnerabilities on HTTP/FTP Servers. This AttackDB version currently has 871 traversal payloads. This tool was tested against various Kolibri+ WebServer v2.0 and Gefest WebServer v1.0 (HTTP servers) giving good results identifying the right vulnerability strings. Those HTTP servers were vulnerable, and somebody reported those vulns on […]
Intel Acquires Security Specialist McAfee For $7.68bn
We’ve seen a trend in recent years, especially in the technology sector of acquisitions and consolidations. It’s been something Microsoft has been doing for a long time, acquiring smaller niche companies to improve/supplement their existing product lines. In recent years the trends has shifted towards web services and of course security, many smaller security companies […]