admin
February 23, 2015
CVE-2015-0240 is a security flaw in the smbd file server daemon. It can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authenticated is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root.
more info: https://securityblog.redhat...
admin
July 13, 2014
Veil Framework recently added a payload delivery tool Veil-Catapult. Works like SMBexec with utilizing Veil-Evasion to generate AV-evading binaries, impacket to upload/host the binaries, and the passing-the-hash toolkit to trigger execution using temporary SMB server. :::Read more here::: & :::here:::
admin
July 4, 2014
This Recon 2014 talk presents a firmware attack on an off-the-shelf hard drive. The implemented backdoor is capable of exfiltrating any data stored on the hard drive, through a network connection, without any modification of the system’s operating system or software...
admin
July 4, 2014
LIFX bulbs connect to a WiFi network in order to allow them to be controlled using a smart phone application. The research presented was performed against version 1.1 of the LIFX firmware.
::: Click Here :::
admin
November 3, 2013
For Win2k/XP you can use this modified GINA stub. More information about how GINA works can be found in his excellent blog post.
For Vista/7 you can use this custom credential provider More information can be found in his blog post.
admin
September 24, 2013
In April 2013, a piece of malware was found embedded in Freedom Hosting’s darknet server that would exploit a security hole in a particular web browser and execute code on the user’s computer...
admin
September 13, 2013
Neat little trick to get internal IP address using HTML5 WebRTC from 2x.io blog. Which also can be used for nasty javascript to do internal attacks, on your router for instance. Check out the :::DEMO:::.
admin
September 13, 2013
carnal 0wnage blog has an “evil pass filter” .dll example that logs passwords to a textfile or http post every time someone changes their password on a windows box. Works on Windows 2000, XP all the way up to Windows 8 & 2012.
admin
May 30, 2013
admin
February 2, 2013
