-
Nov 17, 2016
A really dumb bug, but with a really simple fix! A vulnerability in Cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems. The security issue… read more »
-
Nov 16, 2016
Overload firewalls from a laptop (but also from a mobile phone!) When it comes to launching successful DDoS attacks, the equation is a simple: more traffic and more devices generating that traffic = more chance of knocking down a server. But recently… read more »
-
Nov 15, 2016
Cracking Wi-Fi passwords, spoofing accounts, and testing networks on the road! Great tutorial by LifeHacker! Five well explained steps for install Kali Linux on a Raspberry Pi, mount a display and some other devices and obtain a fully functional portable hacking… read more »
-
Nov 14, 2016
A small tip by a great master On the eve of a concert or an exam is usual to be engaged in long exercise sessions, which can put a strain on our nails. The fingernails in fact tend to wear out… read more »
-
Nov 11, 2016
Twitter and LinkedIn iOS apps are vulnerable! The security researcher Collin Mulliner has discovered an exploitable vulnerability in Apple’s WebView that could allow phone calls to a number of the attacker’s choosing. iOS WebViews can be used to automatically call… read more »
-
Nov 10, 2016
With a Raspberry Pi and some other stuff A great article by Simone Margaritelli about the building of portable GSM BTS: a DIY version of commercial solutions like Stingray or Wintego CatchApp. In this blog post I’m going to explain… read more »
-
Nov 9, 2016
How to discover if your smartphone is under attack? Five tips by two security experts! In this interesting article by Darkreading Yair Amit (CTO and cofounder of mobile defense company Skycure) and Mike Murray (VP of security research and response for… read more »
-
Nov 8, 2016
Two new approaches to track mobile devices which exploit authentication protocols that operate over WiFi In a presentation at BlackHat Europe, researchers Piers O’Hanlon and Ravishankar Borgaonkar from Oxford University have demonstrated a new type of IMSI catcher attack that… read more »
-
Nov 7, 2016
Create templates to use with VirtualBox to make vm detection harder Malware writers always try to detect if their creation is running on a VM. Malware has one huge advantage when executed on an automated VM analysis system: if the… read more »
-
Nov 4, 2016
These vulnerabilities could be exploited in shared hosting environments to gain access to all databases Some weeks ago i have reported about 2 critical 0Day vulnerabilities of MySQL (and his forks MariaDB e PerconaDB). At that time, the security researcher… read more »
-
Nov 3, 2016
It’s simple, with Stream2Chromecast! Are you searching for an easy way to stream media files from your LinuxBox to a Chromecast? You can use Stream2chromecast, a simple Python script that makes the task of streaming media files to a Chromecast… read more »
-
Nov 2, 2016
Cutting out the manual tasks in the first steps of memory analysis When you study new malware or wish to analyse suspicious executables you need to to extract the binary file and all the different injections and strings decrypted during the… read more »
-
Oct 30, 2016
Roland Dyens, the great composer and guitarist, dies at 61 Yesterday, on my Facebook stream, I see this news: https://www.facebook.com/parisguitarfoundation/photos/a.1430675880537182.1073741830.1429881190616651/1814149778856455/?type=3 “It will certainly be a hoax!”, I thought. But later the news was also confirmed by other sources: From his website:… read more »
-
Oct 28, 2016
Fingernails shape? A useful video lesson Matthew McAllister gives a lesson about the neverending story for classical guitarists: the shaping of fingernails. The video has published on the great YouTube channel of Siccas Guitars. Enjoy! [embed]https://www.youtube.com/watch?v=QT-_2Z3cN2k[/embed] About the teacher From Matthew’s official… read more »
-
Oct 27, 2016
A new attack technique that exploits the Rowhammer hardware vulnerability on Android devices Earlier last year, security researchers from Google’s Project Zero discovers Rowhammer, a hardware bug that allows attackers to manipulate data in memory without accessing it: by reading many… read more »
-
Oct 26, 2016
“ You are being watched!” The Android-IMSI-Catcher-Detector (short: AIMSICD) is an Android open-source based project to detect and avoid fake base stations (IMSI-Catchers) or other base-stations (mobile antennas) with poor/no encryption, born in 2012 on XDA. The project aims to… read more »
-
Oct 25, 2016
Update, now! If you have an Apple device, you should update it to IOS 10.1 as soon as possible: the update addresses a vulnerability that allows you to take control of the device by simply sending a JPEG image specially… read more »
-
Oct 25, 2016
An experimental but useful project ViperMonkey is a toolkit written in Python by Philippe Lagadec, developed to parse VBA macros and emulate their execution. ViperMonkey acts as a VBA Emulation engine, and tries to analyze and deobfuscate malicious VBA Macros contained… read more »
-
Oct 25, 2016
Continuously updated… Last Friday a sizable DDoS attack was launched against Dyn’s “Managed DNS” infrastructure using a Mirai-Fueled IoT Botnet, making unreachable services of some companies such as Twitter, Spotify, Netflix, GitHub, Amazon and Reddit. All sites that deal with… read more »
-
Oct 24, 2016
Using an IMSI-catcher and a Femtocell The security researcher Wanqiao Zhang of Qihoo 360 has published a research about a vulnerability in LTE networks. The attacks work through a series of messages sent between malicious base stations and targeted phones.… read more »