17 matches found
Microsoft Hyper-V 远程代码执行漏洞(CVE-2021-28476)
CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys. This is a proof of concept for CVE-2021-28476 "Hyper-V Remote Code Execution Vulnerability", an arbitrary memory read in vmswitch.sys Network virtualization service provider patched by Microso...
Exploit for CVE-2021-28476
CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code...
A Cyber 'Vigilante' is Sabotaging Emotet's Return
The banking trojan Emotet has returned after a five-month hiatus. But, in an amusing twist, one cyber vigilante is thwarting the malware’s comeback. Researchers say a mysterious vigilante is fighting the threat actors behind the malware’s comeback by replacing malicious Emotet payloads with...
UPDATE: Tsurugi Linux 2019.1
Tsurugi Linux 2019.1 has now been released. I briefly mentioned it in my older post titled List of Operating Systems for OSINT. This post discusses the updates made to the latest version of Tsurugi Linux, that was released at BlackHat USA. This release includes a lot of bug fixes, updates, additi...
U.S. Dept Of Defense: Command Injection (via CVE-2019-11510 and CVE-2019-11539)
Summary: The Navy has a Pulse Secure SSL VPN https://████████/dana-na/auth/urldefault/welcome.cgi that is vulnerable to: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11539 - Post-auth Command Injection vulnerable hostname from ssl certificate: ██████████.navy.mil The pre-auth arbitra...
Millions of Android Smartphones Vulnerable to Trio of Qualcomm Bugs
UPDATE Security researchers from Tencent’s Blade Team are warning Android smartphone and tablet users of flaws in Qualcomm chipsets, called QualPwn. The bugs collectively allow hackers to compromise Android devices remotely simply by sending malicious packets over-the-air – no user interaction...
Time to Transfer Risk: Why Security Complexity & VPNs Are No Longer Sustainable
We all heed the gospel of patching, but as recent incidents made clear, even cutting-edge disruptors struggle to patch everything, everywhere, and all the time. Maybe this is associated with the growing volume of common vulnerabilities and exposures CVEs. As they say, there is only one way and...
What is Phar Deserialization
Summary The security researcher Sam Thomas from Secarma found a new exploitation technique that can lead to critical PHP object injection vulnerabilities - without using the PHP function unserialize. The new technique was announced at the BlackHat USA conference in his talk Its a PHP...
Meet with Wallarm at BlackHat USA 2017
Meet Wallarm team at BlackHat USA 2017 Start your day with a good cup of coffee and a hearty breakfast at PRESS lounge. Join Wallarm team for breakfast on the last day of BlackHat conference. Meet and network with like-minded white hat security professionals while fueling up for another day of...
Exploiting XXE In File Upload Functionality
Just wanted to post some details from my BH USA 2015 briefing "Exploiting XXE In File Upload Functionality". The youtube video is up: I also gave an updated version of the presentation in November for the Blackhat Webcast Series. It included more file types; PDF, JPG, and GIF. The link is here:...
ROPInjector - Convert any Shellcode in ROP and patch it into a given Portable Executable (PE)
A tool written in C Win32 to convert any shellcode in ROP and patch it into a given portable executable PE. It supports only 32-bit target PEs and the x86 instruction set. Published in Blackhat USA 2015, "ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion" More...
[ARPwner] ARP and DNS Poisoning Attack Tool
ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs. This tool was released by...
[pdf] A crushing blow at the heart of SAP J2EE Engine
Доклад А.Полякова на конференции BlackHat USA 2011. Презентация интересна для тех, кто знает что такое SAP, и в чём принцип уязвимостей SMB Relay и Verb tampering. http://erpscan.ru/wp-content/uploads...2EEEngine.pdf З.Ы. Слушал эту презентацию в реале не на blackhat, к сожалению видео нигде не...
On 4th August SAP systems will be hacked on internet in BlackHat USA 2011
On 4th August SAP systems will be hacked on internet in BlackHat USA 2011 On the 4th of august at the world largest technical security conference - BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker...
On 4th August SAP systems will be hacked on internet in BlackHat USA 2011
On 4th August SAP systems will be hacked on internet in BlackHat USA 2011 On the 4th of august at the world largest technical security conference - BlackHat USA 2011, which will take place in Las Vegas, SAP security expert and CTO of ERPScan Alexander Polyakov will show how any malicious attacker...
MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability
MOPS-2010-006: PHP addcslashes Interruption Information Leak Vulnerability May 3rd, 2010 PHP’s addcslashes function can be abused for information leak attacks, because of the call time pass by reference feature. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP 5.3 = 5.3.2 Credits Th...
MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability
MOPS-2010-014: PHP ZENDBWXOR Opcode Interruption Address Information Leak Vulnerability May 8th, 2010 PHP’s ZENDBWXOR opcode can be abused for address information leak attacks by an userspace error handler interruption attack. Affected versions Affected is PHP 5.2 = 5.2.13 Affected is PHP 5.3 =...