make shit, break shit, do shit.
CVE-2015-0240 is a security flaw in the smbd file server daemon. It can be exploited by a malicious Samba client, by sending specially-crafted packets to the Samba server. No authenticated is required to exploit this flaw. It can result in remotely controlled execution of arbitrary code as root. more info: https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
Veil Framework recently added a payload delivery tool Veil-Catapult. Works like SMBexec with utilizing Veil-Evasion to generate AV-evading binaries, impacket to upload/host the binaries, and the passing-the-hash toolkit to trigger execution using temporary SMB server. :::Read more here::: & :::here:::
This Recon 2014 talk presents a firmware attack on an off-the-shelf hard drive. The implemented backdoor is capable of exfiltrating any data stored on the hard drive, through a network connection, without any modification of the system’s operating system or software. The talk laid out how the hard drive’s firmware is designed, and how the … Read More “HDD Firmware Backdoor” »
LIFX bulbs connect to a WiFi network in order to allow them to be controlled using a smart phone application. The research presented was performed against version 1.1 of the LIFX firmware. ::: Click Here :::
For Win2k/XP you can use this modified GINA stub. More information about how GINA works can be found in his excellent blog post. For Vista/7 you can use this custom credential provider More information can be found in his blog post.
In April 2013, a piece of malware was found embedded in Freedom Hosting’s darknet server that would exploit a security hole in a particular web browser and execute code on the user’s computer. This code gathered some information about the user and sent it to a server in Virginia and then crashed – it had … Read More “Analysis of the FBI Tor Malware” »
Neat little trick to get internal IP address using HTML5 WebRTC from 2x.io blog. Which also can be used for nasty javascript to do internal attacks, on your router for instance. Check out the :::DEMO:::.
carnal 0wnage blog has an “evil pass filter” .dll example that logs passwords to a textfile or http post every time someone changes their password on a windows box. Works on Windows 2000, XP all the way up to Windows 8 & 2012.
https://www.christophertruncer.com/veil-a-payload-generator-to-bypass-antivirus/
http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html