MS12-024 / CVE-2012-0151 – Some Exploitation Details
Last time, we talked about MS12-024 (CVE-2012-0151), which states that a vulnerability in the way WinVerifyTrust operates could allow an attacker to modify a signed executable so that it runs arbitrary...
View ArticleJIT Spraying Primer and CVE-2010-3654
Lately, hackers are forced to be more and more creative as defense mechanisms are piling up, making exploitation more difficult. Most notably, data execution prevention (DEP) and address space layout...
View ArticleLinkedIn Hacked – Passwords Revealed
In a recent press release, LinkedIn admitted it is investigating reports that about 6.5 million passwords were stolen from its database. Sources say that about 300,000 of these passwords were already...
View ArticleOwn And You Shall Be Owned
While working on Poison Ivy’s communication, one of my students approached me and asked me if the fact that an infected computer can connect to the C&C server means that the compromised host can...
View ArticleHack-Me Shirts And Cool Gear!
We are proud to present a new, growing collection from IBadishi Digital Art (the sharpest of you might note the family relationship ). The collection features hack-me shirts (try to hack them!), ASCII...
View ArticlePoison Ivy Exploit Metasploit Module
After providing a detailed exploit for Poison Ivy’s C&C server, the natural course of things was to incorporate it into the Metasploit framework. So here is a fully functional Metasploit module...
View ArticleTutorial For The Official Poison Ivy Metasploit Module
The official Poison Ivy Metasploit module has just been released. With the help of Juan Vazquez, the official module is a major upgrade to the original module I published. Here is some important...
View ArticleTweaking Metasploit Modules To Bypass EMET – Part 1
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) is designed to increase the protection of your system against exploitation. It can render current Metasploit modules useless, as they’re...
View ArticleTweaking Metasploit Modules To Bypass EMET – Part 2
We continue our series of tweaking Metasploit modules to bypass EMET, without changing Metasploit’s payloads. Last time, we talked about bypassing EMET’s EAF using SEH. Since this technique may not...
View ArticleESET’s Rule The Code
During Black Hat USA 2012, ESET released a challenge, in which you need to build a key generator that passes 2 stages. Only one person managed to solve the crackme, and he did it in 10 hours. He later...
View Article
More Pages to Explore .....