Operating Systems
How to get into your house through SmartTV
December 14, 2012 Added by:Pierluigi Paganini
Security experts posted a video that demonstrates how it is possible to attack a Samsung Smart TV exploiting a 0-day vulnerability to gain root access on it. The hacker could remotely wipe data from attached storage devices, monitoring and controlling the victim TV...
Comments (0)
Sophos Security Threat Report 2013, today... tomorrow
December 07, 2012 Added by:Pierluigi Paganini
Sophos was one of the first security firms that has published a report on the security landscape the upcoming year. The document provides an interesting overview on most common and dangerous cyber threats to determine the level of penetration in different countries...
Comments (0)
Weaponizing the Nokia N900 – Part 4.0 – A Three Year Anniversary!
November 25, 2012 Added by:Kyle Young
I still believe the best phone for hackers is the Nokia N900 and it is a shame that Nokia decided to go the way of Microsoft. I personally believe that Nokia should have gone the route of an Android/Linux hybrid mobile operating system, but that’s just my opinion...
Comments (1)
Getting System the Lazy Way
October 31, 2012 Added by:f8lerror
We know all that many users are local administrators. We also know we can send or drop binaries to these users and they will run whatever we want them to. The problem lies in when they run the binary if they don’t run it as admin we may not be able to get system level access. To be honest that is the level I want...
Comments (0)
Optimism... or Special Interests?
October 31, 2012 Added by:Jayson Wylie
There seems to be some political purpose to the current interests around Kaspersky. They are becoming involved in investigating malware of a cyber weapon nature instead of the constant pursuit of Trojan variants and financial fraud that is more damaging to the masses originating around their home office...
Comments (0)
Sidestepping Microsoft SQL Server Authentication
October 21, 2012 Added by:Brandon Knight
Penetration testers love compromising systems during assessments, and the most important portion of a penetration test is getting access to critical data and systems. So, post exploitation I generally head for the database servers. Depending on the permissions of the target there may be another hurdle to bypass...
Comments (2)
How to PWN Systems Through Group Policy Preferences
September 20, 2012 Added by:Jeff McCutchan
All users have read access to the SYSVOL share of the domain controller. Forget about password cracking or passing the hash, you just get the cleartext password. A simple search for “*.xml” in the SYSVOL share on the domain controller will show if your organization is vulnerable...
Comments (0)
Detecting Window Stations and Clipboard Monitoring Malware with Volatility
September 19, 2012 Added by:Michael Ligh
Explore undocumented windows kernel data structures related to window station objects and the clipboard. Detect clipboard-snooping malware using Volatility - an advanced memory forensics framework...
Comments (0)
Recovering Login Sessions, Loaded Drivers, and Command History with Volatility
September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
Comments (0)
How to Add a Local Administrator with the Arduino Leonardo
July 08, 2012 Added by:f8lerror
Security researchers have been using the Teensy for HID attacks. Which really is the way to go if that’s all you want to do. However, if you are like me you want to do other things as well you need something bigger. Enter the Arduino Leonardo board which supports emulating a Human Interface Device out of the box...
Comments (0)
Apple's Crystal Prison and the Future of Open Platforms
June 06, 2012 Added by:Electronic Frontier Foundation
Apps that require administrative privileges are impossible to install on an iOS device without jailbreaking it. This includes apps that let you firewall your device and secure your internet traffic with OpenVPN. Jailbreaking also helps security and privacy researchers to see if apps are leaking data...
Comments (3)
Security Automation by Hand - Batch/Bash/FOR
May 15, 2012 Added by:Damion Waltermeyer
This series of articles will be entry points and ideas on how to manage your environment quickly, easily, and cheaply. We’ll also tackle some scripting languages: Batch, Bash, VBScript, Python and Powershell being the most likely for simplicity and compatibility with environments...
Comments (0)
Apple Releases OS X and Safari Security Updates
May 11, 2012 Added by:Headlines
Apple has released critical security updates for OS X and Safari to address several vulnerabilities which could allow an attacker to obtain sensitive information, execute arbitrary code, escalate privileges, conduct a cross-site scripting attack, or cause a denial-of-service...
Comments (0)
A Field Guide to Post-UDID Unique IDs on iOS
May 10, 2012 Added by:Fergal Glynn
Ongoing developments in the device-wide ID space focus on two dueling schemes and codebases: OpenUDID and SecureUDID. If you’re an iOS developer, this will serve as an introduction to the details of these systems, including their limitations and potential for data leakage...
Comments (0)
Apple: Critical Update for Java for OS X Lion and Mac OS X
April 04, 2012 Added by:Headlines
"Vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution..."
Comments (0)
Ubuntu 12.04 Will Bring OS-Level Security Options
March 14, 2012 Added by:Electronic Frontier Foundation
In the upcoming release on April 26, Ubuntu 12.04 is introducing operating system-wide settings that let you delete portions of your activity log, disable logging for specific types of files and applications, or disable activity logging altogether...
Comments (0)
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor