본문 바로가기

security_downloads

Visualizing a single null-byte heap overflow exploitation When Phantasmal Phantasmagoria wrote The Malloc Malleficarum back in 2005 he exposed several ways of gaining control of an exploitation through corruption of the internal state of the libc memory allocator. Ten years later people are still exploring the possibilities offered by such complex data structures. In this article I will present how I solved a challenge from Plaid CTF 2015 and the tool .. 더보기
Deep dive into QUANTUM INSERT Summary and recommendationsQUANTUMINSERT (QI) is actually a relatively old technique. In order to exploit it, you will need a monitoring capabilities to leak information of observed TCP sessions and a host that can send spoofed packets. Your spoofed packet also needs to arrive faster than the original packet to be able to be successful.Any nation state could perform QUANTUM attacks as long as th.. 더보기
Playing with Content-Type – XXE on JSON Endpoints Many web and mobile applications rely on web services communication for client-server interaction. Most common data formats for web services are XML, whether SOAP or RESTful, and JSON. While a web service may be programmed to use just one of them, the server may accept data formats that the developers did not anticipate. This may result in JSON endpoints being vulnerable to XML External Entity a.. 더보기
Handling Special PDF Compression Methods Maarten Van Horenbeeck posted a diary entry (July 2008) explaining how scripts and data are stored in PDF documents (using streams), and demonstrated a Perl script to decompress streams. A couple of months before, I had started developing my pdf-parser tool, and Maarten's diary entry motivated me to continue adding features to pdf-parser.Extracting and decompressing a stream (for example contain.. 더보기
The email that is watching you Cross-site Scripting (XSS) is probably the most common security vulnerability in web applications. Nevertheless, the impact of XSS is still seriously underestimated by many people and even major companies. The CVE-scores given for Cross-Site Scripting issues are low on average. But an adversary doesn't care about scores if Cross-site Scripting vulnerabilities will make his dreams come true. The .. 더보기
Memory Forensics Of Network Devices 보호되어 있는 글입니다. 더보기
Recreating the AC/DC Thunderstruck Worm with PowerShell and Metasploit About three years ago, computer workstations at two Iranian nuclear facilities allegedly beganplaying AC/DC’s Thunderstruck at random times and at full volume. How cool would it be to use this during your next computer security pentest? Well, you can!In this tutorial we will see how to recreate this cool attack with PowerShell and use it with Metasploit in Kali Linux.But First Some Disclaimers:U.. 더보기
MBR Dump With .NET - Part 1 Greetings. Years ago I was messing around with Windows MBR (VXHeaven thread) and got stuck while trying to write a modified copy back to the disk. I'm calling this "Part 1" because I'm still stuck at this and plan to get back on my research.Anyways, it will be a short post, just to share where I was at that time.using System; using System.Runtime.InteropServices; using Microsoft.Win32.SafeHandle.. 더보기
Exploiting the Superfish certificate As discussed in my previous blogpost, it took about 3 hours to reverse engineer the Lenovo/Superfish certificate and crack the password. In this blog post, I described how I used that certificate in order to pwn victims using a rogue WiFi hotspot. This took me also about three hours. The hardwareYou need a computer to be the WiFi access-point. Notebook computers are good choices, but for giggles.. 더보기
Distributed Denial Of Service (DDoS) for Beginners Distributed Denial Of Service (DDoS) for BeginnersDistributed Denial Of Service, or DDoS, is an attack in which multiple devices send data to a target device (usually a server), with the hope of rendering the network connection or a system application unusable. There are many forms of DDoS attack, but almost all modern attacks are either at Layer 4 (The Transport Layer) or Layer 7 (The Applicati.. 더보기