admin
October 1, 2017
BitCracker is the first open source password cracking tool for memory units encrypted with BitLocker. Check it out @ https://github.com/e-ago/bitcracker or use as a plugin for John The Ripper Jumbo version @ http://openwall.info/wiki/john/OpenCL-BitLocker
admin
October 1, 2017
Francisco Donoso gave a good talk @Derbycon on Equation Group’s leaked Danderspritz tool
Check out his site danderspritz.com and more docs ::here::
admin
September 19, 2017
Have fun scanning before DigitialOcean releases their public notice:
1-Click users potentially remotely exploitable unless they have changed the debian-sys-maint password {MySQL, PHPMyAdmin,LAMP, LEMP, WordPress, OwnCloud}
In the MySQL Debian/Ubuntu packaging, there is an additional MySQL user being created: debian-sys-maint.
Any Droplet created fr...
admin
June 25, 2017
Awesome write-up from @zerosum0x0 & @JennaMagius on how the EternalBlue exploit works and porting the exploit to Win10 https://zerosum0x0.blogspot.com/2017/06/eternalblue-exploit-analysis-and-port.html
admin
June 20, 2017
Along with the write up about MS17-010/EternalBlue last month on how the exploit works, worawit has posted new details, analysis, POCs, exploits (new one works against win2016). Check out the analysis first.
admin
June 17, 2017
I’m calling out questionable “facts” on at this presentation titled: “Hacks, Lies, & Nation States” @ AnyCon from today, only because it involves someone from my home state, Mario Dinatale, who claims to be “the State of Connecticut’s #1 Cybersecurity expert”
That unprovable claim, along with a bunch of buzzwords and random tech stories he seems t...
admin
May 15, 2017
A few weeks ago ShadowBrokers released a dump of NSA/EquationGroup tools used to exploit various machines that they previously tried to auction off unsuccessfully...
admin
April 20, 2017
It’s been a fun 15 years, nothing’s changed since our inception , the industry still sucks and is full of greedy fucks selling bullshit, 0days still dropping because of shitty code, celebrities still getting exposed, and the government treats still treats hackers like terrorists with obscenely high sentences...
admin
November 9, 2016
A memory corruption in the Microsoft Windows Animation Manager which allows a malicious user to remotely execute arbitrary code on a vulnerable user’s machine, in the context of the current user. JavaScript POC ::HERE::
admin
November 8, 2016
Bidirectional Unicode spoofing is not a new concept, malware has been using the technique for the last decade, but I was toying around with unicode earlier today for a phishing engagement, by default Win7 doesn’t allow you to create filenames with unicode chars unless you:
