Phishing – Appearances are often deceiving
I have created some phishers to showcase the threats of WWW. There are number of technologies like Javascript, Online Logging, On Load etc. which have been used. These are a few examples which can be used (POC ONLY) by either using the direct link or by changing the DNS server( almost real experiance). Direct link – http://174.136.10.34/www/yahoo/config/login_verify.htm DNS Servers [...]
Crash Email Client with Hyperlink
Here is a code that will force user to reboot the machine by crashing the email client (outlook etc.) it is based on simple HTML paramaters and cannot be protected by any anti virus, malicious attacker has to only mast the attack url with nice name and send it to victim. CODE <IFRAME SRC=”mailto:bigolbush@whitehouse.com?subject=Free laughs&body=Go check it out!!! [...]
Adding SSL Lock to Phishing Pages
Insert the below code and copy the icon file in the same directory. <link rel=”Shortcut Icon” href=”ssl-lock.ico”> This will show the SSL Lock Icon in the address bar for Firefox
PDF exploit for Adobe Acrobat
I have been researching a lot on the PDF vulnerabilities for sometime now. In year 2007, a poc was published which still is not fixed, rather i can say that it cannot be fixed because they are additional features that Adobe introduced to make PDF documents more useful. URL – http://security.fedora-hosting.com/0day/pdf/pdf_poc.txt Zero day PDF exploit for Adobe Acrobat Link [...]
Security Alert : Hackers Show It’s Easy to Snoop on a GSM Call
02 January 2010
Security researcher have finally cracked the GSM encryption and the 2 TB of tables are available over torrents. Please read the below article. The code and table are available in public domain and with equipment less than 1500 usd anyone can sniff the GSM calls. Computer security researchers say that the GSM phones used [...]
Posted in IS NewsComments (0)
Windows Vista /Windows 7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D.
09 October 2009
============================================= - Release date: September 7th, 2009 - Discovered by: Laurent Gaffié - Severity: High ============================================= I. VULNERABILITY ————————- Windows Vista, Server 2008 < R2, 7 RC : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. II. BACKGROUND ————————- Windows vista and newer Windows comes with a new SMB version named SMB2. See: http://en.wikipedia.org/wiki/Windows_Vista_networking_technologies#Server_Message_Block_2.0 for more details. III. DESCRIPTION ————————- [Edit]Unfortunatly this SMB2 security issue is specificaly due to a MS patch, [...]
Posted in HackingComments (1)
Dual Processor vs Dual Core
29 September 2009
Introduction It has always been a frequent question — “Will I benefit from multiple processors?” With the growing popularity of dual core processors, the topic is more important than ever! Will multiple processors or a dual core processor be beneficial to you, and what are the differences between them? These are the questions this article will [...]
Posted in ResourcesComments (0)
Establishing an Internal Audit Shop
12 September 2009
Have you ever been asked to set up a new internal audit shop? The following suggestions and resources can help you get started. Step 1: Establish the authority of the internal audit activity and review the definition of internal auditing and the International Standards for the Professional Practice of Internal Auditing (Standards) to become familiar [...]
Posted in IS AuditingComments (0)
Ultimate U3 USB Hack – USB Stealer
07 September 2009
or those who not know, U3 smart drive is a kind of USB memory stick. http://www.u3.com/smart/default.aspx The reason this doesn’t work with usual USB sticks is that the U3 smart drive got an virtual CD drive that allows the payload to start automatic and silence. USB Switchblade goal is to silently recover information from computers running [...]
Posted in HackingComments (0)
Cookie Stealing Script in PHP
07 September 2009
It’s simple to use all you need is a php based website to host this from and it will steal the cookie of a site that the script is opened on. For example you would put it up on a site and then you could use a iframe to allow it to open on a [...]
Posted in HackingComments (0)
- Popular
- Latest
- Comments
- Tags
- Subscribe
Stay up to date
- Subscribe to the RSS Feed
- Subscribe to the feed via email