Cody Pierce on the Future of Exploit Development

Mike Mimoso talks to Cody Pierce, director of vulnerability research and prevention with Endgame, at RSA Conference 2017 about how attackers are changing their techniques in the face of mitigations and continuing to base exploits around legitimate APIs and functions to thwart detection. Download:...

132 Google Play Apps Booted For Having Malicious IFrames

Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...

[SECURITY] Fedora 25 Update: cxf-3.1.6-5.fc25

Apache CXF is an open-source services framework that aids in the development of services using front-end programming APIs, like JAX-WS and JAX-RS...

Windows Exploit development tutorial series--stack injection a-vulnerability warning-the black bar safety net

! Foreword Welcome to the heap spray tutorial the first part. This Part I will introduce the IE under typical heap spray technique, the second part will introduce the precise injection and IE8 under UAF vulnerabilities. It is worth mentioning that, the stack injection is just a payload Delivery...

Critical: Red Hat Security Advisory: java-1.7.0-ibm security update

An update for java-1.7.0-ibm is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

70+ Cyber Security Micro-Courses and Certifications To Boost Your IT Career

With the evolving hacking events around us, cyber-security skills are in high demand across all organizations and industries, because a shortage of skilled cyber security practitioners could leave an organization vulnerable to cyber attacks. But knowledge alone is not sufficient, 'certification a...

IBM Development Package for Apache Spark Denial of Service Vulnerability

IBM Development Package for Apache Spark is a software development kit. A denial of service vulnerability exists in IBM Development Package for Apache Spark, which can be exploited to launch a denial of service attack. In addition, the Apache Development Package for Apache Spark is vulnerable to ...

Hashview - A Web Front-End For Password Cracking And Analytics

Hashview is a tool for security professionals to help organize and automate the repetitious tasks related to password cracking. Hashview is a web application that manages hashcat https://hashcat.net commands. Hashview strives to bring constiency in your hashcat tasks while delivering analytics wi...

Autodesk FBX-SDK Security Bypass Vulnerability

Autodesk FBX-SDK is a free software development platform and API toolkit for C++ from Autodesk. A security vulnerability exists in Autodesk FBX-SDK 2017.0 and earlier versions. An attacker can exploit the vulnerability to gain access to uninitialized pointers...

Autodesk FBX-SDK Buffer Overflow Vulnerability

Autodesk FBX-SDK is a free software development platform and API toolkit for C++ from Autodesk. A buffer overflow vulnerability exists in Autodesk FBX-SDK 2017.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code or cause a denial of service infinite loop...

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...

The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code

The vulnerability in the development tools of the Primetime software platform, Flash Player, arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memory corruption remotely...

EGESPLOIT - A Golang Library For Malware Development

EGESPLOIT is a golang library for malware development, it has few unique functions for meterpreter integration. DOCUMENTATION CalculateChecksumx : Function calculates x digit 8 bit checksum for reverse HTTP/HTTPS meterpreter connections, returns the calculated checksum as string...

sustainabledevelopment.un.org XSS vulnerability

Vulnerable URL: https://sustainabledevelopment.un.org/index.php?menu=1629=" autofocus onfocus=alert/XSSPOSED/// Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

OWASP Security Knowledge Framework - An expert system application that uses OWASP Application Security Verification Standard

Security Knowledge Framework is an expert system application that uses OWASP Application Security Verification Standard, code examples, helps developers in pre-development and post-development. Introduction Our experience taught us that the current level of security the current web-applications...

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers: GEF

Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers GEF is a kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploiters and reverse-engineers, to provides additional features to GDB usi...

Buffer overflow

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware subcomponent: Outside In Filters. Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2016-9305

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers...

[SECURITY] Fedora 25 Update: xemacs-packages-extra-20170114-1.fc25

XEmacs is a highly customizable open source text editor and application development system. It is protected under the GNU General Public License and related to other versions of Emacs, in particular GNU Emacs. Its emphasis is on modern graphical user interface support and an open software...

SUSE SLED12 / SLES12 Security Update : gstreamer-0_10-plugins-base (SUSE-SU-2017:0263-1)

gstreamer-010-plugins-base was updated to fix one issue. This security issue was fixed : - CVE-2016-9811: Out of bounds memory read in windowsicontypefind bsc1013669. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable...