cyber-security-lab-soc-vapt-beginner

Cyber Security Practice Lab — Beginner SOC + VAPT This begin...

CVE-2023-38295

Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL...

CVE-2023-38295

Certain software builds for the TCL 30Z and TCL 10 Android devices contain a vulnerable, pre-installed app that relies on a missing permission that provides no protection at runtime. The missing permission is required as an access permission by components in various pre-installed apps. On the TCL...

New Android Malware 'FluHorse' Targeting East Asian Markets with Deceptive Tactics

Various sectors in East Asian markets have been subjected to a new email phishing campaign that distributes a previously undocumented strain of Android malware called FluHorse that abuses the Flutter software development framework. "The malware features several malicious Android applications that...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is an offensive tool for web application security training. It is a collection of vulnerable web applications, each with its own set of vulnerabilities, designed to help users learn and practice web application security testing. The repository contains a variety of web applications, includin...

Over 4000 Android Apps Expose Users' Data via Misconfigured Firebase Databases

More than 4,000 Android apps that use Google's cloud-hosted Firebase databases are 'unknowingly' leaking sensitive information on their users, including their email addresses, usernames, passwords, phone numbers, full names, chat messages and location data. The investigation, led by Bob Diachenko...

Threat Predictions for Connected Life in 2018

Download the Kaspersky Security Bulletin: Threat Predictions for Connected Life in 2018 Introduction: To be awake is to be online The average home now has around three connected computers and four smart mobile devices. Hardly surprising, considering that 86 per cent of us check the Internet sever...

Authentication flaw

Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens AuthTokens used by the Trusted Execution Environment TEE are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE...

On Vulnerable iOS Apps, macOS Macros Malware, and More

Mike Mimoso and Chris Brook preview RSA 2017 and discuss the previous week’s news including the report on how a handful of iOS apps are vulnerable to interception attacks, macro malware coming to MacOS, a new Uber open source module. Show notes: Popular iOS Apps Vulnerable to TLS Interception...

Serious, Yet Patched Flaw Exposes 6.1 Million IoT, Mobile Devices to Remote Code Execution

As much as you protect your electronics from being hacked, hackers are clever enough at finding new ways to get into your devices. But, you would hope that once a flaw discovered it would at least be fixed in few days or weeks, but that's not always the case. A three-year-old security vulnerabili...

How to Exploit BitTorrent for Large-Scale DoS Attacks

A flaw discovered in several widely used BitTorrent applications, including uTorrent, Vuze and Mainline, could be used to carry out a devastating distributed denial of service DDoS attack that makes it very easy for a single undetectable hacker to bring down large sites. A new research by Florian...

CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java

CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java =================================================================== Smack http://www.igniterealtime.org/projects/smack/ is an Open Source XMPP Jabber client library for instant messaging and presence written in Java. Smack prior ...

Android Fragment Injection vulnerability

Hi, We have recently disclosed a new vulnerability to the Android Security Team. The vulnerability affected many apps, including Settings the one that is found on every Android device, Gmail, Google Now, Dropbox and Evernote. To be more accurate, any App which extended the PreferenceActivity clas...

jetAudio 7.0.5 COWON Media Center MP4 - Local Stack Overflow

!/bin/perl jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow 0-day discovered and exploited by SYS 49152 Tested on win XP SP2 ENG Shell on port 49152 usage: - download the latest 3ivx codec from here: hxxp://www.3ivx.com/codec/3ivxMPEG-4501trialwin.exe - play the AVI file with COWON Media Cent...

jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow Exploit

Exploit for unknown platform in category local exploits ============================================================ jetAudio 7.0.5 COWON Media Center MP4 Stack Overflow Exploit ============================================================ !/bin/perl jetAudio 7.0.5 COWON Media Center MP4 Stack...