5 matches found
PoolParty - A Set Of Fully-Undetectable Process Injection Techniques Abusing Windows Thread Pools
A collection of fully-undetectable process injection techniques abusing Windows Thread Pools. Presented at Black Hat EU 2023 Briefings under the title - injection-techniques-using-windows-thread-pools-35446"The Pool Party You Will Never Forget: New Process Injection Techniques UsingWindows Thread...
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
WebKitGTK 2.1.2 Ubuntu 14.04 - Heap based Buffer Overflow CVE-2014-1303 PoC for Linux CVE-2014-1303 WebKit Heap based BOF proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability CVE-2014-1303 on Linux. NOTE: Original exploit is written for Mac ...
OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking
Third-party applications that allow single sign-on via Facebook and Google and support the OAuth 2.0 protocol, are exposed to account hijacking. Three Chinese University of Hong Kong researchers presented at Black Hat EU last week a paper called “Signing into One Billion Mobile LApp Accounts...
Flaw Leaves EA Origin Platform Users Open to Attack
Five years ago, a pair of security researchers write a book called Exploiting Online Games in which they described a number of ways in which attackers could take advantage of weaknesses in the protection systems for various gaming platforms. Now, with online gaming having emerged as a massive...
Microsoft to Fix IE 8 XSS Filter Security Problems
On the heels of a Black Hat EU presentation that exposed security problems with the cross-site scripting XSS filter in Internet Explorer 8, Microsoft plans to ship an update to the filter to fix what is hopefully the last remaining attack scenario. During the conference presentation, a pair of...