-
Oct 24, 2016
“If you know your enemies and know yourself, you will not be imperiled in a hundred battles” (Yes, it’s a quote by Sun Tzu) The GitHub account of infosecguerrilla is a precious source of information about malware. Into two repositories is… read more »
-
Oct 21, 2016
Any user can become root in less than 5 seconds! The bug has existed since Linux kernel version 2.6.22 and was found by Phil Oester. Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. So… read more »
-
Oct 21, 2016
“Because understanding blockchains should not be a difficult task!” A very interesting Node.js project developed by Lauri Hartikka. Blockchain is a distributed database that maintains a continuously-growing list of records called blocks secured from tampering and revision. The blockchain format… read more »
-
Oct 20, 2016
A priceless resource! By chance I came across this site: [embed]http://maurogiuliani.free.fr/en/[/embed] If you omit to comment the extremely dated graphic, you can find out that it is a priceless resource that contains almost all production for guitar of Mauro Giuliani,… read more »
-
Oct 19, 2016
Yes, only []()!+ JSFuck is an esoteric programming language with a very limited set of characters: (,), [, ], +, !. The name is derived from Brainfuck, but the only similarity to Brainfuck is having a minimalistic alphabet. The challenge in JSFuck… read more »
-
Oct 18, 2016
The tool utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz (the younger brother of Mimikatz?) provides a user-level extraction tool for sensitive data, focusing on running process memory address space: once a… read more »
-
Oct 17, 2016
This technique should improve the efficacy of existing correlation attacks with the monitoring of DNS traffic from Tor exit relays. Researchers at the KTH Royal Institute of Technology in Stockholm and Princeton University in the USA have unveiled a new attack… read more »
-
Oct 14, 2016
Five examples and some suggestions In a brief article on Symantec “Security Response” blog, Shaun Aimoto explains some techniques used by malware creators to evade security apps analysis. Packing Android packers are able to encrypt an original classes.dex file, use… read more »
-
Oct 13, 2016
Malware using obfuscation to avoid detection, and the possibilities are quite endless Obfuscation is a technique that makes binary and textual data unreadable and/or hard to understand. Software developers sometimes employ obfuscation techniques because they don’t want their programs being reverse-engineered… read more »
-
Oct 12, 2016
Simple and well coded Матрёшка is a steganography tool written in Python, useful to hide and encrypt images or text in the least significant bits of pixels in an image using HMAC-SHA256 to authenticate the hidden data. It’s a simple but… read more »
-
Oct 11, 2016
For Linux, Windows, OSX, Android and iOs Cloud storage is very useful, but for really important/private stuff, a best practice could be adding of a further encryption layer, perhaps with a cross-platform solution. http://imgs.xkcd.com/comics/security.png A simply method could be use Truecrypt… read more »
-
Oct 10, 2016
Pretty simple, according to recent researches! A group of the researchers from the Iswatlab team at the University of Sannio demonstrated how is easy to create a mobile malware that eludes antivirus solutions. The research was conducted by Corrado Aaron… read more »
-
Oct 7, 2016
Actually lasted longer than the company itself! An auto repair shop in Gdansk, Poland still uses a Commodore 64 to run its operations: a lesson to learn about consumerism! This image was posted on Commodore USA’s Facebook page, with this comment:… read more »
-
Oct 6, 2016
From HDS to RAW In a previous post i have explained how to convert a VMWare disk image (VMDK) into a RAW format useful for import into a forensics tool like Autopsy. The same method can be used to convert a… read more »
-
Oct 5, 2016
Really useful for penetration testing purposes! If a program has been written in order to keep in memory some credentials in clear text, this can be a security risk. When you make a security assessment, it will be useful a… read more »
-
Oct 4, 2016
Real product or marketing operation? The Israeli surveillance firm Wintego is offering for sale a system that is able to hack WhatsApp encrypted communications from mobile devices within close proximity of a hidden Wi-Fi hacking device in a backpack, intercepting… read more »
-
Oct 3, 2016
JavaScript is an awesome language? Or is horrible? Let’s talk about! An idea for reflection taken from an article published on CodeProject.com. Here a small resume, for the complete list refer to original article written by Dheeraj Kumar Kesri. The Good… read more »
-
Sep 30, 2016
Some are useful, others a little trivial Recently i have read a useful article in MalwareBytes Blog, that shares 10 tips for securing mobile devices. Just last month, vulnerabilities in iOS 9.3.5 were being exploited by the notorious NSO Group, maker… read more »
-
Sep 29, 2016
A great lesson from a great teacher Rasgueado is a guitar finger strumming technique commonly associated with flamenco guitar music but also used in classical pieces. The rasgueado is executed using the fingers of right hand in rhythmically precise and rapid strumming… read more »
-
Sep 28, 2016
Useful for penetration tests BBQSQL is a blind SQL injection framework written in Python, with also a semi-automatic tool, helpful for create customized SQL injection attacks in penetration testing activities. Blind SQL injection can be difficult to exploit. When the… read more »