C99.php Shell has a Authentication Bypass Vulnerability, a backdoor, due to the use of the extract() comm, To bypass authentication add “?c99shcook[login]=0” to the URL. More info is ::HERE::
You can also go find ya some
This Recon 2014 talk presents a firmware attack on an off-the-shelf hard drive. The implemented backdoor is capable of exfiltrating any data stored on the hard drive, through a network connection, without any modification of the system’s operating system or software. The talk laid out how the hard drive’s firmware is designed, and how the backdoor can interact with the firmware, and then explain how the backdoor can be remote-controlled, p. ex., through an installed web server.
LIFX bulbs connect to a WiFi network in order to allow them to be controlled using a smart phone application. The research presented was performed against version 1.1 of the LIFX firmware.
::: Click Here :::
NSA’s XKeyscore http://pastebin.com/EivN2C7G
Also see: Jamming XKeyScore
rcrypt is a Windows PE binary crypter (a type of packer) written by Rage that has a bunch of features and makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. It bypasses KAV and many other Avs.
Writeup
Release
One of my friends released a modded version of Samiux’s original heartbleed script to run over Tor and also tweaked it a bit to improve speed and stability. Check it out. https://github.com/mb1689/tortbleed/ Should be added to Samiux’s repo soon
A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs).
Essentially, that means a lot of Internet users are affected. And potentially, passwords, private communications and even credit card information could be available to hackers courtesy of this newly-discovered bug.
A few people have been checking major websites to check if they’re vulnerable
Symantec analyzed the ransomware called CryptoDefense. Apparently, CryptoDefense uses Microsoft’s infrastructure and Windows API to generate the RSA 2048 encryption and decryption keys. The author only hands over the private key to decrypt the data when a $500 ransom is paid in Bitcoin within four days. Unfortunately the author failed to remove the private key, and it can be found in %UserProfile%\Application Data\Microsoft\Crypto\RSA . The author received more than $34,000 worth of bitcoin in just a month, showing the effectiveness of their scam.
One of my favorite tools, Offline NT Password & Registry Editor, finally got an update last month after a 4 yr hiatus. The new version includes support for Win8.1 and a working promote user to admin feature among other fixes. Download it from ::HERE::
Rapid 7 released the “exploit/android/browser/webview_addjavascriptinterface” module which allows attackers to remotely access on most Android devices prior to version 4.2.
You are from the area.
We love our country, but fear our government.