Lucene search
K

162 matches found

seebug.org
seebug.org
added 2016/05/03 12:0 a.m.38 views

Acunetix WVS 10 远程代码执行漏洞 (System)

漏洞复现及分析 AWVS是一款常用的网站漏洞扫描工具,在漏洞扫描器进行扫描时,如果通过服务器提供一段包含恶意代码的页面,首先存在问题的网页会通知AWVS存在一个XSS漏洞,之后AWVS会在扫描任务中输出这个XSS漏洞的告警,之后AWVS会调用view response功能验证这个漏洞,在调用这个的过程中本地会执行一次漏洞的html网页,在执行的过程中,恶意构造的网页会在本地创建一个vb脚本,该脚本会去访问并获取另一段vb script从而执行而恶意代码,下面对此漏洞进行详细分析。 在分析之前,我需要提一点,本来想对wvs.exe进行动态跟踪,没想到wvs对debug有着严格的审查。...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2016/04/09 6:30 p.m.32 views

GEF - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers

GEF is aimed to be used mostly by exploiters and reverse-engineers. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis or exploit development. GEF fully relies on GDB API and other Linux specific source of information such as /proc/pid . A...

7.2AI score
Exploits0References3
Kitploit
Kitploit
added 2016/03/18 10:31 p.m.321 views

CTF-Tools - Some setup scripts for security research tools

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a hard problem, but it's really nice to have them in one place that's easily deployable to new machines and so forth. Installers for the following tools are included: Category | To...

8.5AI score
Exploits0References36
n0where
n0where
added 2016/02/29 6:17 p.m.44 views

Analyzing Linux Malware Sandbox: Limon

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution post-mortem analysis by...

7.6AI score
Exploits0References2
n0where
n0where
added 2016/02/26 4:34 p.m.474 views

Linux Embedded Firmware Dynamic Analysis: FIRMADYNE

FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded firmware. It includes the following components: modified kernels MIPS: v2.6.32 , ARM: v4.1 , v3.10 for instrumentation of firmware execution; a userspace NVRAM library to emulate a...

7.8AI score
Exploits0References17
Kitploit
Kitploit
added 2015/10/24 11:7 p.m.194 views

MobSF (Mobile Security Framework) - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an intelligent, all-in-one open source mobile application Android/iOS automated pen-testing framework capable of performing static and dynamic analysis. We've been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2015/09/24 10:17 p.m.21 views

MALHEUR - Automatic Analysis of Malware Behavior

A novel tool for malware analysis Malheur is a tool for the automatic analysis of malware behavior program behavior recorded from malicious software in a sandbox environment. It has been designed to support the regular analysis of malicious software and the development of detection and defense...

7.2AI score
Exploits0References2
myhack58
myhack58
added 2015/09/21 12:0 a.m.30 views

Takeaway O2O App security analysis: the App vulnerability assessment platform technical details-vulnerability warning-the black bar safety net

In the mobile Internet and O2O tide swept under, the takeaway market is gradually entering the white-collar field, at BAT three giants throwing money to cultivate the market, white-collar workers have to change eating habits. As long as it is imprisoned in the white collar does not substantially ...

7.9AI score
Exploits0
ThreatPost
ThreatPost
added 2015/04/21 8:12 p.m.14 views

Renewed Attention on Android Apps Failing SSL Validation

SAN FRANCISCO – Android developers whose apps fail to validate SSL certificates are on notice; not only are researchers scanning apps making insecure connections, but so is Google. And the hammer may fall soon. Will Dormann, a researcher with CERT at the Software Engineering Institute at Carnegie...

Exploits0References3
ThreatPost
ThreatPost
added 2014/09/29 10:22 a.m.8 views

FBI to Open Up Malware Investigator Portal to External Researchers

SEATTLE–The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and...

0.3AI score
Exploits0
Kitploit
Kitploit
added 2014/06/14 8:43 p.m.26 views

Hooker - Automated Dynamic Analysis of Android Applications

Hooker is an opensource project for dynamic analysis of Android applications. This project provides various tools and applications that can be use to automaticaly intercept and modify any API calls made by a targeted application. It leverages Android Substrate framework to intercept these calls a...

6.8AI score
Exploits0References2
Kitploit
Kitploit
added 2014/05/29 10:25 p.m.92 views

Hook Analyser 3.1 - Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather analyse & co-related threat intelligence related information or data from various open sources on the Internet. Essentially it’s a...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2014/05/13 10:9 p.m.15 views

Dynamic Analysis tools for Android Fail to Detect Malware with Heuristic Evasion Techniques

We are quite aware of the Android malware scanner Google’s Bouncer that tests the apps by running them in a virtualized environment i.e. a simulated phone created in software which automatically scans the apps to watch its real behaviour on users’ devices, before approving them to the Play Store...

7.1AI score
Exploits0
Kitploit
Kitploit
added 2014/04/13 11:54 p.m.18 views

FakeNet - Windows Network Simulation tool for Malware Analysis

FakeNet is a tool that aids in the dynamic analysis of malicious software. The tool simulates a network so that malware interacting with a remote host continues to run allowing the analyst to observe the malware’s network activity from within a safe environment. The goal of the project is to: 1. ...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2014/01/08 5:30 a.m.19 views

[Arachni v0.4.6 - Web User Interface v0.4.3] Open Source Web Application Security Scanner Framework

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2013/12/31 10:26 p.m.10 views

[Malheur v0.5.4] Malware Analyzer

Malheur is a tool for the automatic analysis of malware behavior program behavior recorded from malicious software in a sandbox environment. It has been designed to support the regular analysis of malicious software and the development of detection and defense measures. Malheur allows for...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2013/08/14 2:46 a.m.29 views

[Drozer] The Leading Security Testing Framework for Android.

drozer enables you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. drozer provides tools to help you use and share public Android exploits. It helps you to deploy a droze...

7.4AI score
Exploits0References1
The Hacker News
The Hacker News
added 2012/03/20 2:2 p.m.34 views

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities

Mercury v1.0 - Framework for bug hunters to find Android vulnerabilities A free framework for bug hunters to find vulnerabilities, write proof-of-concept exploits and play in Android. Use dynamic analysis on Android applications and devices for quicker security assessments. Share publicly known...

8.2AI score
Exploits0
myhack58
myhack58
added 2011/11/10 12:0 a.m.15 views

Remember the vulnerability analysis for the first time-the vulnerability warning-the black bar safety net

Just getting started in heroic and wretched kk under the guidance of the analysis of the first vulnerability program, today writing from scratch process. The vulnerability program is in ahttp://www.exploit-db.com/exploits/17854/to download, this site provides not only the vulnerability of the...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2011/05/14 1:47 p.m.12 views

Qualys and Malware Analyser - Online malware scanning engine !

Qualys and Malware Analyser - Online malware scanning engine ! Qualys and Malware Analyser Author : Beenu Arora, recently came into an agreement which will allow Qualys to use Malware Analyser tool on its online malware scanning engine. This would enable the users to perform more comprehensive...

6.9AI score
Exploits0
Rows per page
Query Builder