11 matches found
Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework
Hakuin is a Blind SQL Injection BSQLI optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases DB from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of optimizati...
TAU Threat Intelligence Notification – WindTail (OSX)
Summary Dark Matter researcher Taha Karim recently presented his research on the APT group WindShift at Hack in the Box Singapore. This group primarily focuses on highly targeted campaigns directed toward Middle Eastern government and commercial entities. One of the custom macOS backdoors employe...
Wallarm goes to Singapore
By Leonid iaitskyi. — Own work., CC BY-SA 3.0, What: Hack In The Box GSEC SINGAPORE 2017 When: August 21st — 25th 2017 Where: InterContinental Singapore Why go: REASON 1: Meet Wallam and find out how to extend your security team with AI REASON 2: Go to the talk by Ivan Novikov and find what the...
Trend Micro Threat Discovery Appliance - Session Generation Authentication Bypass (CVE-2016-8584)
In the last few months, I have been testing several Trend Micro products with Steven Seeley @steventseeley. Together, we have found more than 200+ RCE Remote Code Execution vulnerabilities and for the first time we presented the outcome of our research at Hack In The Box 2017 Amsterdam in April...
Safari JS JITed shellcode - exec calc (ASLR/DEP bypass)
No description provided by source. !-- JIT-SPRAY for Safari 4.0.5 - 5.0.0 JavaScript JIT SHELLCODE and spray for ASLR / DEP bypass Win x32 By Alexey Sintsov from Digital Security Research Group Special for Hack In The Box 2010 Amsterdam PAYLOAD - exec calc Tested on Windows7 and Windows XP. Sorry...
PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box
For the second time this year, an anonymous teenage security researcher has succeeded in producing a full exploit, including a sandbox escape, against Google Chrome. The researcher, who uses the pseudonym PinkiePie, submitted his exploit Wednesday during the Pwnium contest run by Google at the Ha...
Google to Hold Pwnium 2 Contest, Offers $2M in Rewards
Google has been handing out rewards to researchers who discover vulnerabilities in the company’s products and Web properties for several years now, both through its Chrome bug bounty program and its Pwnium contest at this year’s CanSecWest conference. Company officials say that the programs have...
The use of the overflow extension to SQL injection-vulnerability warning-the black bar safety net
Transfer from: spring brother Looking at the hack in the box magazine, see an article on the combination of overflow way to expand theSQL injectionattack tactics article, so in the blog mark, a record. I had previously mentioned in conjunction with overflow toXSSthe methodand the idea is somewhat...
HITB Quartal Magazine - eZine Issue 007
Document Title: =============== HITB Quartal Magazine - eZine Issue 007 References: =========== Original: https://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-007.pdf Article: https://magazine.hitb.org/ Mirror: https://www.vulnerability-lab.com/resources/documents/297.pdf Article:...
Sparkasse Bank – Tricky Card Bug on ATM [ATM Adventure]
Document Title: =============== Sparkasse Bank – Tricky Card Bug on ATM ATM Adventure References: =========== Document: http://www.vulnerability-lab.com/resources/documents/295.pdf Article: http://www.vulnerability-lab.com/dev/?p=247 Release Date: ============= 2011-10-15 Vulnerability Laboratory...
Hack in the Box (HITB)
Kuala Lumpur, Malaysia Booked as “Asia’s Premier Deep Knowledge Security Conference,” HITB is in its 8th year and has since expanded into other countries in the Middle East and Europe. Modeled on shows like Black Hat, HITB offers both training sessions and a multi track security conference and...