-
Apr 11, 2017
The attack might be trying to kill devices before they can join a botnet The security firm Radware has isolated, on their honeypots, two variants of a new bot attack targeting Internet of Things devices. Named BrickerBot, the bot gains access… read more »
-
Apr 10, 2017
Penetration tests on a very big network? APT2 can help you! A penetration test usually begins with a perimetral scan (es. using NMAP), after continues with a testing for services (and their default passwords).Finally performs testing of known exploits and if… read more »
-
Apr 7, 2017
Also in user-land Like Mimikittens, PowerMemory uses PowerShell to access Windows memory in user-land and extracts the credentials stored in ram: The method is totally new. It proves that it can be extremely easy to get credentials or any other… read more »
-
Apr 6, 2017
Security patch available only for Nexus & iOS A stack buffer overflow issue that affects all devices using Broadcom’s Wi-Fi stack was discovered by Google’s Project Zero researcher Gal Beniamini. The flaw affects Apple devices and also all android devices using… read more »
-
Apr 5, 2017
Some graphical tools and two command line tips I’ve had to search the occurrency of a string within some very large text files, as result of a “file carving” made with Autopsy. Usually on Windows I use Notepad ++, that provides… read more »
-
Apr 3, 2017
My own list Another (brief) list of OSINT sources, this time focused on fact checking services. Fact-Check Investigate (an issue) in order to verify the facts. ‘I didn’t fact-check the assertions in the editorial’ ‘reporters can’t be expected to fact-check every quotation’… read more »
-
Mar 30, 2017
You are insane! TrendMicro on its blog has published an article about a new 0-Day vulnerability that affects the WebDAV component of Microsoft Internet Information Services 6.0. The vulnerability ( CVE-2017–7269) is a bufferoverflow located into the webdav components of IIS:… read more »
-
Mar 29, 2017
But the remediation is really simple! Andrew Blaich, Jeremy Richards and Kristy Edwards, security researchers at Lookout, have published a research that expose a new technique used by ransomware scammers to spread malware on iOs devices. The attackers have been exploiting… read more »
-
Mar 28, 2017
Kaspersky Lab published an analysis on the cost of a DDoS attack and services available in the black markets Kaspersky Lab has published an analysis on the cost of DDoS attacks that estimated that a managed attack service typically goes for $25… read more »
-
Mar 27, 2017
How many times have you heard this question? Often friends and colleagues ask me “my computer was hacked/infected, what can i do right now?” There are different type of response, often based on the other party’s technical knowledge. However, broadly… read more »
-
Mar 24, 2017
A very talented italian guitarist Today I want to offer a documentary dedicated to Emanuele Segre, one of my favorite performers.The documentary is produced by SKY TV Classica, I found it on youtube divided into three parts. For non italian… read more »
-
Mar 23, 2017
Yep, even in antivirus! Security researchers from Cybellum, an Israeli security firm, has discovered a vulnerability that could allow code injection code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release… read more »
-
Mar 22, 2017
Yep, it’s called BrainDamage BrainDamage is a fully featured python based backdoor that uses Telegram as C&C server. It is a hypothetical evolution of backdoor (very unlikely, from my point of view), so it’s a good idea to analyze its… read more »
-
Mar 21, 2017
Using just Task manager and the command line! The security researcher Alexander Korznikov has recently published an article that explain how a local privileged user can hijack the session of any logged-in Windows user who has higher privileges without knowing that… read more »
-
Mar 20, 2017
The vulnerability is still unpatched Cisco has published an advisory concerning a vulnerability in its product, discovered while analyzing the “Vault 7” documentation published by Wikileaks last week. The vulnerability affects the Cluster Management Protocol in Cisco IOS and Cisco… read more »
-
Mar 20, 2017
A constantly updated list of OSINT Sources I continue the publication of my lists of OSINT sources, this time with a list focused on social networks public data. Twitter AllMyTweets View all tweets from any Twitter user on one page.… read more »
-
Mar 17, 2017
One of the most important guitarists of the 19th century A very interesting article of Daniel Nistico on Classical Guitar N Stuff, that made me discover Sidney Pratten and her method book: “Guitar School”. Catharina Josepha Pratten (1821–1895) was one of… read more »
-
Mar 16, 2017
All the informations are online, you just need to know how to find them In a previous post, we discovered the real power of OSINT sources, now let’s start to see some helpful links from my personal list. Today the focus… read more »
-
Mar 15, 2017
“A good rule of the Internet is to never tell 4chan something is impossible.” What happened between Shia LaBeouf and some users of 4chan? The news now is fairly well known, but I try to summarize the main points of… read more »
-
Mar 14, 2017
Validate compiler/linker settings and other security-relevant binary characteristics BinSkim is one of the tools released by Microsoft with Open Source license. Is a binary static analysis tool that scans Windows Portable Executable (PE) files in order to validate compiler/linker settings… read more »