Research by: Eyal Itkin   Introduction “Karta” (Russian for “map”) is a source code assisted binary matching plugin for IDA. The plugin was developed to match symbols for an open source library in a very large binary, usually a firmware file. For those who…

Cross-Site Search on Google Books by abusing the XSS Auditor

Unlike encryption, hashing isn’t reversible. The only way to “recover” the password from the hash is to make a guess as to what the password is, run it through the hashing algorithm, and see if the result matches the hash you have. At the end of the day though…

Next-Generation Linux Kernel Exploit Suggester. Contribute to jondonas/linux-exploit-suggester-2 development by creating an account on GitHub.

Chinese Edition: Ruby on Rails 路径穿越与任意文件读取漏洞分析 - 【CVE-2019-5418】

This research report explores how JSOs can be vulnerable to unsafe deserialization vulnerabilities, how Metasploit Framework can help validate, and more.

Last month, Microsoft released patches to address two remote code execution (RCE) vulnerabilities in SharePoint. In both Critical-rated cases, an attacker could send a specially crafted request to execute their code in the context of the SharePoint application…

1. EXECUTIVE SUMMARYCVSS v9.3 ATTENTION: Exploitable with adjacent access/low skill level to exploitVendor: MedtronicEquipment: MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, specific Medtronic implanted cardiac devices listed belowVulnerabilities:…

A consumer spyware vendor left a lot of incredibly sensitive and private data, including intimate pictures and private call recordings, for all to see on a server freely accessible over the internet. And it still hasn’t taken the data down.

In the last part , I covered the basics of the UDP protocol used by the camera, as well as some of the quirks and potential problems. In thi...

0 votes and 1 comment so far on Reddit

0 votes and 0 comments so far on Reddit

Quick Summary Hey guys today frolic retired and here is my write-up about it. This box was more of a CTF challenge than a real world scenario , especially the user part , But it was nice because for root we will exploit a buffer overflow vulnerability. It’s…

A universal memory dumper using Frida for Python 3 - rootbsd/fridump3

Sophisticated surveillance, once the domain of world powers, is increasingly available on the private market. Smaller countries are seizing on the tools — sometimes for darker purposes.

Beagle is an incident response and digital forensics tool which transforms security logs and data into graphs. - yampelo/beagle

Turn data collection into an experience with Typeform. Create beautiful online forms, surveys, quizzes, and so much more. Try it for FREE.

Ever wondered where the origin server for the popular zero day exploit platform 0day-today is? PayLoadArtist found out.

This is another write up of my recent talk where I share what tools and techniques I use to protect myself from being hacked.

In this white paper, we explore the complementary and interdependent uses of SIEM, SOAR, and EDR technologies. By using these tools in conjunction with clearly defined roles, security operations teams can reduce costs, improve security, and assist human intelligence…