Inside the CCleaner Backdoor Attack

MADRID—As the investigation continues into the backdoor planted inside CCleaner, two members of parent company Avast’s threat intelligence team said today the desktop and cloud versions of the popular software contained different payloads. The revelation was made during a talk at Virus Bulletin...

How to debug icon cannot be displayed in storefront webpage

This article describes how to debug the issue of icon not be displayed in storefront web page...

Introducing pywintrace: A Python Wrapper for ETW

Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and performance monitoring tool, it was greatly expanded in Windows Vista to create a lightweight debugging mechanism. The...

Introducing pywintrace: A Python Wrapper for ETW

ARCHIVED STORY Introducing pywintrace: A Python Wrapper for ETW By Anthony Berglund, Kevin Boyd · September 19, 2017 Introduction Event tracing for Windows ETW is a lightweight logging facility first introduced with Windows 2000. Originally intended as a software diagnostic, troubleshooting and...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...

Automating Opera browser with Selenium WebDriver and Python

The right way to automate a web application is, certainly, to understand how this application works, by using burp see "Burp Suite Free Edition and NTLM authentication in ASP.net applications" for example, retrieve all necessary requests and learn how to use them. However, this is sometimes so...

LiMEaide - Tool to remotely dump RAM of a Linux client

LiMEaide is a python application designed to remotely dump RAM of a Linux client and create a volatility profile for later analysis on your local host. I hope that this will simplify Linux digital forensics in a remote environment. In order to use LiMEaide all you need to do is feed a remote Linu...

Al-Khaser: A Benign Malware to Test Your Anti Malware

PenTestIT RSS Feed There is a idiom - use a thorn to remove a thorn. Tools like Al-Khaser cement this idiom. It is an open source, benign malware to test how good your anti-malware or local security product is. It allows you to do so by implementing commonly used tactics used by actual malwares a...

Travel to the dark of the door! Debugee in QEMU-vulnerability warning-the black bar safety net

I haven't to secure guest posting, just recently the contact vulnerability discovery, and have been reading some of the classic fuzzer source code, at the same time also began to contact the virtualization escape this piece of content, at this time happened to come across two very classic exploit...

PyREBox - Python scriptable Reverse Engineering Sandbox

PyREBox is a Python scriptable Reverse Engineering sandbox. It is based on QEMU, and its goal is to aid reverse engineering by providing dynamic analysis and debugging capabilities from a different perspective. PyREBox allows to inspect a running QEMU VM, modify its memory or registers, and to...

WinDBG and JavaScript Analysis

This blog was authored by Paul Rascagneres.IntroductionJavaScript is frequently used by malware authors to execute malicious code on Windows systems because it is powerful, natively available and rarely disabled. Our previous article on .NET analysis generated much interest relating to how to use...

GNU Binutils 'read_symbol_stabs_debugging_info' function out-of-bounds heap read vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A security vulnerability exists in the...

UBUNTU-CVE-2017-12456

The readsymbolstabsdebugginginfo function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file...

CVE-2017-12456

The readsymbolstabsdebugginginfo function in rddbg.c in GNU Binutils 2.29 and earlier allows remote attackers to cause an out of bounds heap read via a crafted binary file...

App Layering/Unidesk: Debugging Layer Conflicts

You have identified a problem that occurs when all your layers are present, but does not occur when none of them are there, or only a minimum set are present. Regardless of the actual error, this suggests a conflict between individual layers...

[SECURITY] Fedora 25 Update: php-PHPMailer-5.2.24-1.fc25

Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...

Object injection

SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. Added Tagalog translation, thanks to @StoneArtz Added Malagache translation, thanks to @Hackinet Updated Serbian translation, fixed incorrect language code, thanks to @mmilanovic4 Updated...

SSH Public Key Login Scanner

This module will test ssh logins on a range of machines using a defined private key file, and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access. Key files may be a single...

CVE-2017-0283: Windows Uniscribe remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

The last“patch Tuesday”to fix the one named“USP10! MergeLigRecords in Windows Uniscrible font processing heap broken ring”RCE vulnerability. Many days after the Google Project Zero team of Mateusz Jurczyk released a PoC of the report. In the Windows of the library at the same time the presence of...

LibTIFF - 'tif_dirwrite.c' Denial of Service

Source: http://bugzilla.maptools.org/showbug.cgi?id=2712 Triggered by "./tiffset POC1" $ ./tiffset POC1 TIFFReadDirectory: Warning, Unknown field with tag 302 0x12e encountered. TIFFReadDirectory: Warning, Unknown field with tag 61961 0xf209 encountered. poc3: AdobeDeflate compression support is...