Old VIA C3 chipsets have an undocumented RISC coprocessor that gives you root access from userland if you simply type in four bytes.

firstorder - A traffic analyzer to evade Empire's communication from Anomaly-Based IDS

ExchangeRelayX - An NTLM relay tool to the EWS endpoint for on-premise exchange servers. Provides an OWA for hackers.

HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it. HTTP is the protocol…

This is the first part in a two part series on HTTP security and HTTP basics. In this first part we bring you overview of the HTTP protocol. HTTP is a ubiquitous protocol and is one of the cornerstones of the web. If you are a newcomer to web application…

Demo Labs of Hacking Tools at DEF CON 26

5 votes and 1 comment so far on Reddit

Research By: Slava Makkaveev Recently, our researchers came across a shortcoming in the design of Android’s use of storage resources. Careless use of External Storage by applications may open the door to an attack resulting in any number of undesired outcomes…

Research By: Eyal Itkin and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver a physical message from a sender to a receiver. Technology…

Started in 1992 by the Dark Tangent, DEF CON is the world's longest running and largest underground hacking conference. Hackers, corporate IT professionals, and three letter government agencies all converge on Las Vegas every summer to absorb cutting edge…

thoughts

androidDump - A tool pulls loaded binaries ordered by memory regions

In DEF CON 26, I gave a speech about this topic on Packet Hacking Village, and demonstrated my tool (firstorder) in Demo Labs. I got very good feedbacks for my idea, however some people seem to be confused about all these. So I want to explain everything…

Your target has an Android application and you want to walk through their API to check for server-side vulnerabilities. You configure the…

Machine Learning is definitely not the magic bullet it is...

1 vote and 0 comments so far on Reddit

Machine Learning is definitely not the magic bullet it is...

Cisco, one of the world's largest vendor of networking equipment, released security updates today to patch a vulnerability in the IOS and IOS XE operating syste

Real free high quality stock photos for commercial and private use! From selected professional photographers. Simple download without registration, without obligations. Best quality and 100% Free.