Design/Logic Flaw

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I...

Avast AV Memory Dumping Utility

This module leverages an Avast Anti-Virus memory dump utility that is shipped by default with Avast Anti-Virus Home software suite. Module Options msf use post/windows/gather/avastmemorydump msf postavastmemorydump show actions ...actions... msf postavastmemorydump set ACTION msf...

KsDumper - Dumping Processes Using The Power Of Kernel Space

I always had an interest in reverse engineering. A few days ago I wanted to look at some game internals for fun, but it was packed & protected by EAC EasyAntiCheat. This means its handle were stripped and I was unable to dump the process from Ring3. I decided to try to make a custom driver that...

CVE-2018-14656

A missing address check in the callers of the showopcodes in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log...

Malware monitor - leveraging PyREBox for malware analysis

This post was authored by Xabier Ugarte Pedrero In July 2017 we released PyREBox, a Python Scriptable Reverse Engineering Sandbox as an open source tool. This project is part of our continuous effort to create new tools to improve our workflows. PyREBox is a versatile instrumentation framework...

Exploit for Observable Discrepancy in Intel Atom_C

Spectre attack Spectre breaks the isolatio...

CryKeX - Linux Memory Cryptographic Keys Extractor

CryKeX - Linux Memory Cryptographic Keys Extractor Properties: Cross-platform Minimalism Simplicity Interactivity Compatibility/Portability Application Independable Process Wrapping Process Injection Dependencies: Unix - should work on any Unix-based OS BASH - the whole script root privileges...

BSA-2017-440

Security Advisory ID : BSA-2017-440 Component : Samba Revision : 2.0: Interim An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the...

Information Disclosure

commons-net is vulnerable to information disclosure. The vulnerability is possible because newStringUtf8 in Base64.java does not prevent the storage of sensitive data in a String object which would not be deleted until the JVM performs garbage collection. There is a chance for an attacker to...

Android 6.0.0 MDA89E / 6.0.1 MMB29V OEM Panic

Vulnerable versions: ================ Android 6.0.0 MDA89E through 6.0.1 MMB29V bootloaders bhz10i/k Non-vulnerable versions: ==================== Android 6.0.1 MHC19J bootloader bhz10m and above. Details: ====== The attacker reboots the phone into the 'fastboot' mode. A physical attacker can do...

OpenSSL Heartbeat (Heartbleed) Information Leak

This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning,...

Nmap NSE net: wdb-version

Detects vulnerabilities and gathers information such as version numbers and hardware support from VxWorks Wind DeBug agents. Wind DeBug is a SunRPC-type service that is enabled by default on many devices that use the popular VxWorks real-time embedded operating system. H.D. Moore of Metasploit ha...

wdb-version NSE Script

Detects vulnerabilities and gathers information such as version numbers and hardware support from VxWorks Wind DeBug agents. Wind DeBug is a SunRPC-type service that is enabled by default on many devices that use the popular VxWorks real-time embedded operating system. H.D. Moore of Metasploit ha...

windowsMem.txt

Desc : Windows Dos emulation allows dumping of first 1 Mo of RAM with no particular privilege. Tested under : Win 2000, XP SP2, 2003 Code : ;---------------- dumper.asm ----------------------------------------- ; Dump first 1 Mo of memory under any MS product ; 1 Mo is the maximum quantity of...