Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Metasploit Web UI Diagnostic Console Command Execution', 'Description' = %q This module exploits the "diagnostic console" featu...

Android Security Virtual Machine: Androl4b

Android Security Virtual Machine AndroL4b is an android security virtual machine based on ubuntu-mate includes the collection of latest framework, tutorials and labs from different security geeks and researchers for reverse engineering and malware analysis. The tools directory contains tools and...

Announcing the Third Annual Flare-On Challenge

Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering FLARE team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring rever...

Announcing the Third Annual Flare-On Challenge

Let fall be the season for reverse engineering! On Sept. 23, 2016, the FireEye Labs Advanced Reverse Engineering FLARE team will be hosting its third annual Flare-On reverse engineering contest with a designated start time of 8pm ET. This is a CTF-style challenge for all active and aspiring rever...

FLV To MP3 Converter 3.0.5 - Reverse Engineering Issue

Document Title: =============== FLV To MP3 Converter 3.0.5 - Reverse Engineering Issue References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1938 Release Date: ============= 2016-09-13 Vulnerability Laboratory ID VL-ID: ==================================== 19...

FLV To MP3 Converter 3.0.5 - Reverse Engineering Issue

Document Title: =============== FLV To MP3 Converter 3.0.5 - Reverse Engineering Issue References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1938 Release Date: ============= 2016-09-12 Vulnerability Laboratory ID VL-ID: ==================================== 19...

Raptor Web Application Firewall

Raptor Web Application Firewall Raptor Web Application Firewall is a simple web application firewall made in C, using KISS principle , to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path...

Metasploit Web UI Diagnostic Console Command Execution

This module exploits the "diagnostic console" feature in the Metasploit Web UI to obtain a reverse shell. The diagnostic console is able to be enabled or disabled by an administrator on Metasploit Pro and by an authenticated user on Metasploit Express and Metasploit Community. When enabled, the...

Windows/x86 - Persistent Reverse Shell TCP (494 Bytes)

/ Title : Windows x86 persistent reverse shell tcp Author : Roziul Hasan Khan Shifat Date : 04-09-2016 Tested on : Windows 7 x86 / / Note : This program must be run as adminstrator for 1st time . otherwise it won't be persistent / / section .text global start start: xor ecx,ecx mov eax,fs:ecx+0x3...

Windows x86 - Persistent Reverse Shell TCP (494 Bytes)

Windows x86 - Persistent Reverse Shell TCP 494 Bytes. Shellcode exploit for Winx86 platform / Title : Windows x86 persistent reverse shell tcp Author : Roziul Hasan Khan Shifat Date : 04-09-2016 Tested on : Windows 7 x86 / / Note : This program must be run as adminstrator for 1st time . otherwise...

Special Customizable Payload Generator: Hercules

Special Customizable Payload Generator HERCULES is a special customizable payload generator that can bypass all antivirus software. Installation Supported Platforms: Operative system | Version ---|--- Ubuntu | 16.04 / 15.10 Kali linux | Rolling / Sana Manjaro | Arch Linux | Black Arch | Parrot OS...

Kali Linux 2016.2 — Download Latest Release Of Best Operating System For Hackers

As promised at the Black Hat and Def Con security and hacking conferences, Offensive Security – the creators of Swiss army knife for researchers, penetration testers, and hackers – has finally released the much awaited Kali Linux 2016.2. Kali Linux is an open-source Debian-based Linux distributio...

libenom - Make Fast and Easy Payloads with MSFvenom

Libenom is a tool created for make more easy and fast the creation of payloads with MSFvenom and get all the data generated ordered. Requirements A linux distribution for pentesting or Ubuntu, Debian, Mint Recommended Kali Linux 2.0 sana or 2016.1 rolling, Parrot OS, Blackarch, Dracos ,Lionsec...

Mailbox fishing those things: the Chrome address reverse vulnerability use cases-vulnerability warning-the black bar safety net

First talk about the recently seen one of the more interesting vulnerability, the Google browser chrome address inversion, later we'll said. One day, your mailbox has received an incredible message that may come from your boss or your best friend, do not feel strange, it is likely that you are...

Embedded Hardware Hacking 101 – The Belkin WeMo Link

Why Embedded Hacking? Devices that are connected to the Internet or run a full operating system are becoming more and more prevalent in today’s society. From devices for locomotives to wireless light switches, the Internet of Things IoT trend is on the rise and here to stay. This has the potentia...

Actiontec T2200H Remote Reverse Root Shell

Device Details Vendor: Actiontec Telus Branded, but may work on others Model: T2200H but likely affecting other similar models of theirs Affected Firmware: T2200H-31.128L.03 Device Manual: http://static.telus.com/common/cms/files/internet/telust2200husermanual.pdf Reported: November 2015 Status:...

Panopticon - A Libre Cross-Platform Disassembler

Panopticon is a cross platform disassembler for reverse engineering written in Rust. Panopticon has functions for disassembling, analysing decompiling and patching binaries for various platforms and instruction sets. Panopticon comes with GUI for browsing control flow graphs, displaying analysis...

Analyzing the Malware Analysts – Inside FireEye’s FLARE Team

At the Black Hat USA 2016 conference in Las Vegas last week, I was fortunate to sit down with Michael Sikorski, Director, FireEye Labs Advanced Reverse Engineering FLARE Team. During our conversation we discussed the origin of the FLARE team, what it takes to analyze malware, Michael’s book...

Raptor WAF v0.2 - Web Application Firewall using DFA

Raptor WAF is a simple web application firewall made in C, using KISS principle, to make poll use select function, is not better than epoll or kqueue from BSD but is portable, the core of match engine using DFA to detect XSS, SQLi and path traversal. No more words, look at the following : WAF...

CVE-2016-6597

Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability...