C99.php Shell has a Authentication Bypass Vulnerability, a backdoor, due to the use of the extract() comm, To bypass authentication add “?c99shcook[login]=0” to the URL. More info is ::HERE:: You can also go find ya some
This Recon 2014 talk presents a firmware attack on an off-the-shelf hard drive. The implemented backdoor is capable of exfiltrating any data stored on the hard drive, through a network connection, without any modification of the system’s operating system or software. The talk laid out how the hard drive’s firmware is designed, and how the … Read More “HDD Firmware Backdoor” »
LIFX bulbs connect to a WiFi network in order to allow them to be controlled using a smart phone application. The research presented was performed against version 1.1 of the LIFX firmware. ::: Click Here :::
NSA’s XKeyscore http://pastebin.com/EivN2C7G Also see: Jamming XKeyScore
rcrypt is a Windows PE binary crypter (a type of packer) written by Rage that has a bunch of features and makes use of timelock techniques to cause a delay in execution. This delay can cause analysis to fail on time constrained systems such as on disk scanners. rcrypt can pack exes and dll files. … Read More “rcrypt” »
One of my friends released a modded version of Samiux’s original heartbleed script to run over Tor and also tweaked it a bit to improve speed and stability. Check it out. https://github.com/mb1689/tortbleed/ Should be added to Samiux’s repo soon
A massive vulnerability has been found in OpenSSL, the open-source software package broadly used to encrypt Web communications. The flaw allows attackers to steal the information that is normally protected by SSL/TLS encryption, which is used to protect Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs). Essentially, that means a … Read More “Heart Bleed SSL Bug” »
Symantec analyzed the ransomware called CryptoDefense. Apparently, CryptoDefense uses Microsoft’s infrastructure and Windows API to generate the RSA 2048 encryption and decryption keys. The author only hands over the private key to decrypt the data when a $500 ransom is paid in Bitcoin within four days. Unfortunately the author failed to remove the private key, … Read More “CryptoDefense Flaw” »
One of my favorite tools, Offline NT Password & Registry Editor, finally got an update last month after a 4 yr hiatus. The new version includes support for Win8.1 and a working promote user to admin feature among other fixes. Download it from ::HERE::
Rapid 7 released the “exploit/android/browser/webview_addjavascriptinterface” module which allows attackers to remotely access on most Android devices prior to version 4.2. More Info