-
Nov 4, 2016
These vulnerabilities could be exploited in shared hosting environments to gain access to all databases Some weeks ago i have reported about 2 critical 0Day vulnerabilities of MySQL (and his forks MariaDB e PerconaDB). At that time, the security researcher… read more »
-
Nov 3, 2016
It’s simple, with Stream2Chromecast! Are you searching for an easy way to stream media files from your LinuxBox to a Chromecast? You can use Stream2chromecast, a simple Python script that makes the task of streaming media files to a Chromecast… read more »
-
Nov 2, 2016
Cutting out the manual tasks in the first steps of memory analysis When you study new malware or wish to analyse suspicious executables you need to to extract the binary file and all the different injections and strings decrypted during the… read more »
-
Oct 30, 2016
Roland Dyens, the great composer and guitarist, dies at 61 Yesterday, on my Facebook stream, I see this news: https://www.facebook.com/parisguitarfoundation/photos/a.1430675880537182.1073741830.1429881190616651/1814149778856455/?type=3 “It will certainly be a hoax!”, I thought. But later the news was also confirmed by other sources: From his website:… read more »
-
Oct 28, 2016
Fingernails shape? A useful video lesson Matthew McAllister gives a lesson about the neverending story for classical guitarists: the shaping of fingernails. The video has published on the great YouTube channel of Siccas Guitars. Enjoy! [embed]https://www.youtube.com/watch?v=QT-_2Z3cN2k[/embed] About the teacher From Matthew’s official… read more »
-
Oct 27, 2016
A new attack technique that exploits the Rowhammer hardware vulnerability on Android devices Earlier last year, security researchers from Google’s Project Zero discovers Rowhammer, a hardware bug that allows attackers to manipulate data in memory without accessing it: by reading many… read more »
-
Oct 26, 2016
“ You are being watched!” The Android-IMSI-Catcher-Detector (short: AIMSICD) is an Android open-source based project to detect and avoid fake base stations (IMSI-Catchers) or other base-stations (mobile antennas) with poor/no encryption, born in 2012 on XDA. The project aims to… read more »
-
Oct 25, 2016
Update, now! If you have an Apple device, you should update it to IOS 10.1 as soon as possible: the update addresses a vulnerability that allows you to take control of the device by simply sending a JPEG image specially… read more »
-
Oct 25, 2016
An experimental but useful project ViperMonkey is a toolkit written in Python by Philippe Lagadec, developed to parse VBA macros and emulate their execution. ViperMonkey acts as a VBA Emulation engine, and tries to analyze and deobfuscate malicious VBA Macros contained… read more »
-
Oct 25, 2016
Continuously updated… Last Friday a sizable DDoS attack was launched against Dyn’s “Managed DNS” infrastructure using a Mirai-Fueled IoT Botnet, making unreachable services of some companies such as Twitter, Spotify, Netflix, GitHub, Amazon and Reddit. All sites that deal with… read more »
-
Oct 24, 2016
Using an IMSI-catcher and a Femtocell The security researcher Wanqiao Zhang of Qihoo 360 has published a research about a vulnerability in LTE networks. The attacks work through a series of messages sent between malicious base stations and targeted phones.… read more »
-
Oct 24, 2016
“If you know your enemies and know yourself, you will not be imperiled in a hundred battles” (Yes, it’s a quote by Sun Tzu) The GitHub account of infosecguerrilla is a precious source of information about malware. Into two repositories is… read more »
-
Oct 21, 2016
Any user can become root in less than 5 seconds! The bug has existed since Linux kernel version 2.6.22 and was found by Phil Oester. Exploitation of this bug does not leave any trace of anything abnormal happening to the logs. So… read more »
-
Oct 21, 2016
“Because understanding blockchains should not be a difficult task!” A very interesting Node.js project developed by Lauri Hartikka. Blockchain is a distributed database that maintains a continuously-growing list of records called blocks secured from tampering and revision. The blockchain format… read more »
-
Oct 20, 2016
A priceless resource! By chance I came across this site: [embed]http://maurogiuliani.free.fr/en/[/embed] If you omit to comment the extremely dated graphic, you can find out that it is a priceless resource that contains almost all production for guitar of Mauro Giuliani,… read more »
-
Oct 19, 2016
Yes, only []()!+ JSFuck is an esoteric programming language with a very limited set of characters: (,), [, ], +, !. The name is derived from Brainfuck, but the only similarity to Brainfuck is having a minimalistic alphabet. The challenge in JSFuck… read more »
-
Oct 18, 2016
The tool utilizes the Windows function ReadProcessMemory() in order to extract plain-text passwords from various target processes mimikittenz (the younger brother of Mimikatz?) provides a user-level extraction tool for sensitive data, focusing on running process memory address space: once a… read more »
-
Oct 17, 2016
This technique should improve the efficacy of existing correlation attacks with the monitoring of DNS traffic from Tor exit relays. Researchers at the KTH Royal Institute of Technology in Stockholm and Princeton University in the USA have unveiled a new attack… read more »
-
Oct 14, 2016
Five examples and some suggestions In a brief article on Symantec “Security Response” blog, Shaun Aimoto explains some techniques used by malware creators to evade security apps analysis. Packing Android packers are able to encrypt an original classes.dex file, use… read more »
-
Oct 13, 2016
Malware using obfuscation to avoid detection, and the possibilities are quite endless Obfuscation is a technique that makes binary and textual data unreadable and/or hard to understand. Software developers sometimes employ obfuscation techniques because they don’t want their programs being reverse-engineered… read more »