CSRF in Oculus-Facebook

https://www.josipfranjkovic.com/blog/hacking-facebook-oculus-integration-csrf

Linux kernel ioctls race condition -> use after free

Upstream : https://github.com/torvalds/linux/commit/b3defb791b26ea0683a93a4f49c77ec45ec96f10

call stack:

thread a:
-> snd_seq_write
   -> snd_seq_client_enqueue_event 
      -> snd_seq_event_dup
         -> snd_seq_cell_alloc
            -> schedule -> thread b

thread b:
-> snd_seq_ioctl_set_client_pool
   -> snd_seq_pool_mark_closing    (set closeing to 1)
   -> snd_seq_queue_client_leave_cells  (release cell)
      -> wake_up -> thread a

thread a:
-> snd_seq_ioctl_set_client_pool
   -> snd_seq_pool_mark_closing    (set closeing to 1 again)
   -> snd_seq_queue_client_leave_cells  (already release cell by thread b)
   -> snd_seq_pool_done    (release pool and allocate new pool, 2cd pool;
                set closeing to 0)
-> snd_seq_write
   -> snd_seq_client_enqueue_event 
      -> snd_seq_event_dup
         -> snd_seq_cell_alloc
            -> schedule -> thread b

thread b:
   back to snd_seq_queue_client_leave_cells, after func wake_up
   -> snd_seq_queue_client_leave_cells
   -> snd_seq_pool_done    (release pool and allocate new pool, 3rd pool;
             set closeing to 0)
      (leave 2cd pool's cell unhandled)
      -> wake_up -> thread a:

thread a:
-> snd_seq_cell_alloc:
   while (pool->free == NULL && ! nonblock && ! pool->closing)
   meet dead loop, now pool in thread a is the 2cd pool, has been released,
   now is a wild pointer.

[Digikala] Infinity loop client side bug,

Just for fun!

#Google #XSS by Coltuneac Alexandru

https://github.com/fireeye/flare-vm

flare-vm is a fully customizable, Windows-based security distribution for malware analysis, incident response, penetration testing, etc.

Exobot Author Calls It Quits and Sells Off Banking Trojan Source Code
https://www.bleepingcomputer.com/news/security/exobot-author-calls-it-quits-and-sells-off-banking-trojan-source-code/

Things are about to get a lot worse for Android users after the source code of a highly advanced Android banking trojan has been sold to different parties on a well-known hacking forum. [...]

Linux Kernels 4.14.14, 4.9.77, 4.4.112, and 3.18.92 Released with Security Fixes [Meltdown and Spectre patches in the Linux kernel]


http://news.softpedia.com/news/linux-kernels-4-14-14-4-9-77-4-4-112-and-3-18-92-released-with-security-fixes-519427.shtml

Pivot, Exploit, Death by Firewall |
https://warroom.securestate.com/portfowarding-pivoting/

Source code test shellcode by Jems forshow of google project zero

https://github.com/raminfp/shellcode

Microsoft Resumes Meltdown & Spectre Updates for AMD Devices
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-meltdown-and-spectre-updates-for-amd-devices/

Microsoft has resumed the rollout of security updates for AMD devices. The updates patch the Meltdown and Spectre vulnerabilities. [...]

A quick demonstration of a PyKD noscript used to sniff RPC requests VMware

https://youtu.be/ArE35aphCHQ

[webapps] PEAR XML_RPC < 1.3.0 - Remote Code Execution
https://www.exploit-db.com/exploits/43828/?rss

PEAR XML_RPC

#Vulnerability #Programming #Article

Programmer's Guide to Meltdown

http://funwithbits.net/blog/programmers-guide-to-meltdown/

https://github.com/raphaelsc/Am-I-affected-by-Meltdown

https://github.com/IAIK/meltdown/

Free PDF about Programming from Stack Overflow
http://books.goalkicker.com/

XSStrike is a program which can crawl, fuzz and bruteforce parameters for XSS. It can also detect and bypass WAFs.
https://github.com/UltimateHackers/XSStrike

Google Forms (WordPress plugin) SSRF vulnerability
https://klikki.fi/adv/wpgform.html

C Essential Training Course
https://mega.nz/#F!wf4SkB5Y!MInUKHM9Q4HcVE4579BzlA