-
Apr 24, 2017
A script for dumping Linux memory and creating Volatility profiles I have already written something about dump of volatile memory on Linux systems.Recently i have discovered this useful script developed by Hal Pomeranz, that automate all steps required to perform… read more »
-
Apr 21, 2017
A really useful free training course ENISA (European Union Agency for Network and Information Security) is a centre of expertise for cyber security in Europe, with main mission of contribute to securing Europe’s information society by raising “awareness of network and… read more »
-
Apr 20, 2017
Useful to extract files from inside disk and memory images File carving is the process of reassembling computer files from fragments in the absence of filesystem metadata. This is done by analyzing the raw data and identifying what it is… read more »
-
Apr 19, 2017
In the last months, Apache Struts was afflicted by some serious 0-Day vulnerabilities, that allows remote code execution on unpatched hosts Every security expert trembles with fear when he reads “RCE” (Remote Code Execution) on a disclosure document, and read… read more »
-
Apr 18, 2017
The vulnerability affects Chrome, Firefox and Opera The security researcher Xudong Zheng has discovered a new technique for phishing attacks: using an homograph attack, Zheng discovers that is possible to display a fake domain names as the websites of legitimate services,… read more »
-
Apr 17, 2017
Just for fun!
Do you need a simple portscanner? Make it with a single line of Perl!
[embed]https://gist.github.com/andreafortuna/ab386f11d12d5305c069193f6680b25a[/embed]
Thats it! :-)
… read more »
-
Apr 14, 2017
…turn off your Windows computers for the weekend and go enjoy the nice weather! UPDATE: Microsoft response that exploits were patched in the last month update: Most of the exploits that were disclosed fall into vulnerabilities that are already patched in… read more »
-
Apr 14, 2017
Using the “Nmap Scripting Engine” I don’t think I need to explain what is Nmap: probably the most famous and used portscanner in the known universe. Nmap has a lot of feature, and one of them is a built-in… read more »
-
Apr 12, 2017
However, Microsoft has pached the vulnerability, so…update! On unpatched systems, the vulnerability is triggered by opening a document that opens a download warning, followed by a download from a malicious server that sends a dangerous document: The document is a… read more »
-
Apr 11, 2017
The attack might be trying to kill devices before they can join a botnet The security firm Radware has isolated, on their honeypots, two variants of a new bot attack targeting Internet of Things devices. Named BrickerBot, the bot gains access… read more »
-
Apr 10, 2017
Penetration tests on a very big network? APT2 can help you! A penetration test usually begins with a perimetral scan (es. using NMAP), after continues with a testing for services (and their default passwords).Finally performs testing of known exploits and if… read more »
-
Apr 7, 2017
Also in user-land Like Mimikittens, PowerMemory uses PowerShell to access Windows memory in user-land and extracts the credentials stored in ram: The method is totally new. It proves that it can be extremely easy to get credentials or any other… read more »
-
Apr 6, 2017
Security patch available only for Nexus & iOS A stack buffer overflow issue that affects all devices using Broadcom’s Wi-Fi stack was discovered by Google’s Project Zero researcher Gal Beniamini. The flaw affects Apple devices and also all android devices using… read more »
-
Apr 5, 2017
Some graphical tools and two command line tips I’ve had to search the occurrency of a string within some very large text files, as result of a “file carving” made with Autopsy. Usually on Windows I use Notepad ++, that provides… read more »
-
Apr 3, 2017
My own list Another (brief) list of OSINT sources, this time focused on fact checking services. Fact-Check Investigate (an issue) in order to verify the facts. ‘I didn’t fact-check the assertions in the editorial’ ‘reporters can’t be expected to fact-check every quotation’… read more »
-
Mar 30, 2017
You are insane! TrendMicro on its blog has published an article about a new 0-Day vulnerability that affects the WebDAV component of Microsoft Internet Information Services 6.0. The vulnerability ( CVE-2017–7269) is a bufferoverflow located into the webdav components of IIS:… read more »
-
Mar 29, 2017
But the remediation is really simple! Andrew Blaich, Jeremy Richards and Kristy Edwards, security researchers at Lookout, have published a research that expose a new technique used by ransomware scammers to spread malware on iOs devices. The attackers have been exploiting… read more »
-
Mar 28, 2017
Kaspersky Lab published an analysis on the cost of a DDoS attack and services available in the black markets Kaspersky Lab has published an analysis on the cost of DDoS attacks that estimated that a managed attack service typically goes for $25… read more »
-
Mar 27, 2017
How many times have you heard this question? Often friends and colleagues ask me “my computer was hacked/infected, what can i do right now?” There are different type of response, often based on the other party’s technical knowledge. However, broadly… read more »
-
Mar 24, 2017
A very talented italian guitarist Today I want to offer a documentary dedicated to Emanuele Segre, one of my favorite performers.The documentary is produced by SKY TV Classica, I found it on youtube divided into three parts. For non italian… read more »