Analysis and demo written by @0x710DDDD http://www.secniu.com/cve-2014-1767-afd-sys-double-free-vulnerability-analysis-and-exploit/
Category: Uncategorized
Quick and dirty Metasploit module based off of @yuange ‘s code from 2009. This vulnerability affects Windows 95 IE 3.0 until Windows 10 IE 11. https://forsec.nl/2014/11/cve-2014-6332-internet-explorer-msf-module/ Module here: ms14_064_ie_olerce.rb
This module exploits a vulnerability found in Windows Object Linking and Embedding (OLE) allowing arbitrary code execution, publicly exploited in the wild as MS14-060 patch bypass. The Microsoft update tried to fix the vulnerability publicly known as “Sandworm”. Platforms such as Windows Vista SP2 all the way to Windows 8, Windows Server 2008 and 2012 … Read More “MS14-064 OLE Package Manager Code Execution – Metasploit” »
Using a remote stack overflow in libupnp Fred was able to take control of his TV using the serial port in the back of the TV http://www.fredericb.info/2014/11/exploitation-of-philips-smart-tv.html
DPAPIck is a forensic tool to deal, in an offline way, with Microsoft Windows® protected data, using the DPAPI (Data Protection API). The tool was updated to support Windows versions all the way to 8.1. list of recoverable secrets are : EFS certificates MSN Messenger credentials Internet Explorer form passwords Outlook passwords Google Talk credentials Google … Read More “DPAPIck updated” »
http://rcrypt.0xrage.com/ Upload your executable file to encrypt and pack it. So far supports rcrypt,fsg,upx,mew,upolyx,petite, & afx pecrypt.
Quickly find and explore shares our current user has access to: https://www.veil-framework.com/hunting-sensitive-data-veil-framework/
Kali’s new image is a EFI Bootable ISO Hybrid image that supports Live USB Encrypted Persistence with LUKS Nuke support, out of the box. More Info @ http://www.kali.org/news/kali-1-0-8-released-uefi-boot-support/
NSA’s XKeyscore http://pastebin.com/EivN2C7G Also see: Jamming XKeyScore
A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs). Essentially, that means a … Read More “Heart Bleed SSL Bug” »