Archive | Exploits/Vulnerabilities




All You Need To Know About Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery is a term you’ve properly heard in the context of web security or web hacking, but do you really know what it means? The OWASP definition is as follows: Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re […]

Tags: , , , , , , , ,

Posted in: Advertorial, Exploits/Vulnerabilities, Web Hacking | Add a Comment

Another Week Another Mass Domain Hijacking

Following shortly after the .io domain cock-up that left thousands vulnerable to domain hijacking, this week more than 750 domains were jacked via registrar Gandi. Seems like some pretty sloppy administration going on, but that’s how business goes sadly security is still a very much reactive trade. People don’t enable strict controls and audit unless […]

Tags: , , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Web Hacking | Add a Comment

DJI Firmware Hacking Removes Drone Flight Restrictions

Drones have been taking over the world, everyone with a passing interest in making videos has one and DJI firmware hacking gives you the ability to remove all restrictions (no-fly zones, height and distance) which under most jurisdictions is illegal (mostly EU and FAA for the US). It’s an interesting subject, and also a controversial […]

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hardware Hacking, Legal Issues | Add a Comment

GnuPG Crypto Library libgcrypt Cracked Via Side-Channel

Some clever boffins including Internet software pioneer djb have gotten libgcrypt cracked via a Side-Channel attack which has to do with the direction of a sliding window carried out in the library. Patches have already been released so update your Linux servers ASAP, even though honestly it seems like a fairly theoretical attack (this side-channel […]

Tags: , , , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities | Add a Comment

NotPetya Ransomeware Wreaking Havoc

The latest splash has been made by the Petya or NotPetya Ransomware that exploded in Ukraine and is infecting companies all over the World. It’s getting some people in deep trouble as there’s no way to recover the files once encrypted. The malware seems to be trying to hide its intent as it doesn’t really […]

Tags: , , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Malware | Add a Comment

Winpayloads – Undetectable Windows Payload Generation

Winpayloads is a tool to provide undetectable Windows payload generation with some extras running on Python 2.7. It provides persistence, privilege escalation, shellcode invocation and much more. The tool uses metasploits meterpreter shellcode, injects the users IP and port into the shellcode and writes a python file that executes the shellcode using ctypes. This is […]

Tags: , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Windows Hacking | Add a Comment

TheFatRat – Massive Exploitation Tool

TheFatRat is an easy-to-use Exploitation Tool that can help you to generate backdoors and post exploitation attacks like browser attack DLL files. This tool compiles malware with popular payloads and then the compiled malware can be executed on Windows, Linux, Mac OS X and Android. The malware that is created with this tool also has […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools | Add a Comment

South Korean Webhost Nayana Pays USD1 Million Ransom

So far this Nayana payout is the biggest ransomware payment I’ve seen reported, there’s probably some bigger ones been paid but kept undercover. Certainly a good deal for the bad actors in this play, and well using an outdated Kernel along with PHP and Apache versions from 2006 you can’t feel too sorry for Nayana. […]

Tags: , , , , , , , ,

Posted in: Exploits/Vulnerabilities, Malware | Add a Comment

pyrasite – Inject Code Into Running Python Processes

pyrasite is a Python-based toolkit to inject code into running Python processes. pyrasite works with Python 2.4 and newer. Injection works between versions as well, so you can run Pyrasite under Python 3 and inject into 2, and vice versa. Usage

You can download pyrasite here: pyrasite-2.0.zip Or read more here.

Tags: , , , , , ,

Posted in: Exploits/Vulnerabilities, Hacking Tools, Programming | Add a Comment

OneLogin Hack – Encrypted Data Compromised

The OneLogin hack is blowing up now it seems like whoever got access can also decrypt encrypted customer data which is just about AS BAD as it can get for a password/identity management service. Now I’m a HUGE supporter of password management tools as I’ve mentioned many times here, so anyone who signed up for […]

Tags: , , , , , , ,

Posted in: Cryptography, Exploits/Vulnerabilities, Privacy, Web Hacking | Add a Comment

Popular Tags

computer-security · darknet · Database Hacking · exploits · fuzzing · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · pen-testing · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · XSS ·