Ettercap - A Comprehensive Suite For Man In The Middle Attacks

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis. ETTERCAP...

GhostTunnel - A Covert Backdoor Transmission Method That Can Be Used In An Isolated Environment

GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and...

Mirai Variant Cross-Compiles Attack Code with Aboriginal Linux

Criminals behind a Mirai botnet have been spotted using an unusual technique: Leveraging an open-source project called Aboriginal Linux to create a compiled binary, with versions of the malware tailored to each targeted platform. The malware authors are leveraging Aboriginal – a legitimate tool f...

Google Chrome < 68.0.3440.75 Multiple Vulnerabilities

Binary data 700361.pasl...

Security update for webkit2gtk3 (moderate)

This update for webkit2gtk3 to version 2.20.3 fixes the following issues: These security issues were fixed: - CVE-2018-4190: An unspecified issue allowed remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch bsc1097693. - CVE-2018-4199: An...

Hcxdumptool - Small Tool To Capture Packets From Wlan Devices

Small tool to capture packets from wlan devices. After capturing, upload the "uncleaned" cap here https://wpa-sec.stanev.org/?submit to see if your ap or the client is vulnerable by using common wordlists. Convert the cap to hccapx and/or to WPA-PMKID-PBKDF2 hashline 16800 with hcxpcaptool hcxtoo...

Block.one: [FG-VD-18-125] Buffer Overflow Vulnerability in Latest EOS's EOSIO.WASMSDK Repository

Hello Block.One / EOS Product Security Team, Good Afternoon. There exists a Memory Corruption vulnerability in the latest EOS WASMSDK Library. The PoC.wasm file is attached along with this report. Reproduction Steps: - 1 Fetch latest EOS WASMSDK repsository from...

Important: Red Hat Security Advisory: rh-ror42-rubygem-sprockets security update

An update for rh-ror42-rubygem-sprockets is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Fedora 27 : libtomcrypt (2018-39e0872379)

Fix Side Channel Based ECDSA Key Extraction CVE-2018-12437 PR 408 - Fix potential stack overflow when DER flexi-decoding CVE-2018-0739 PR 373 - Fix two-key 3DES PR 390 - Fix accelerated CTR mode PR 359 - Fix Fortuna PRNG PR 363 - Fix compilation on platforms where cc doesn't point to gcc PR 382 -...

Idisagree - Control Remote Computers Using Discord Bot

Control remote computers using discord bot and python 3. ! If your target is a windows system, you may want to compile your payload. Do this with py2exe or pyinstaller. MAINTAINERS Alisson Moretto | Twitter: @A1S0N Github: @A1S0N PREREQUISITES Python 3.x pip3 subprocess from python3 Discord from...

Airba.sh - A POSIX-compliant, Fully Automated WPA PSK Handshake Capture Script Aimed At Penetration Testing

Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing. It is compatible with Bash and Android Shell tested on Kali Linux and Cyanogenmod 10.2 and uses aircrack-ng to scan for clients that are currently connected to access points AP. Those...

WebKit - WebAssembly Compilation Info Leak Exploit

Exploit for multiple platform in category dos / poc arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, th...

Out-of-bounds

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...

CVE-2018-4222

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...

CVE-2018-4222

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...

WebKit: Info leak in WebAssembly Compilation(CVE-2018-4222)

There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. When a source buffer is compiled, it is first copied into a read-only buffer by the functuion getWasmBufferFromValue. This function returns the code buffer as follows: return arrayBufferView ?...

WebKit - WebAssembly Compilation Info Leak

WebKit - WebAssembly Compilation Info Leak arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the functio...

WebKit - WebAssembly Compilation Info Leak

arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the function createSourceBufferFromValue copies the...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass

/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...

Bypassing Mitigations by Attacking JIT Server in Microsoft Edge

Posted by Ivan Fratric, Project Zero With Windows 10 Creators Update, Microsoft introduced a new security mitigation in Microsoft Edge: Arbitrary Code Guard ACG. When ACG is applied to a Microsoft Edge Content Process, it makes it impossible to allocate new executable memory within a process or...