The data, tools, and procedures which, when applied to a specific vulnerability, predictably violate the security design of a system.
2
votes
3answers
35 views
Can malware on my computer infect my phone?
Suppose my computer is compromised or has malware. Can the malware spread to my phone? If so, how? Has any malware been observed in the wild to do this?
Relevance: Some banks use two-factor ...
4
votes
2answers
188 views
How to get this to buffer overflow?
I'm trying to understand buffer overflow, and am working with a simple piece of code, as below.
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
int bof(char *str)
{
...
3
votes
0answers
139 views
Need help on understanding obfuscated code in CVE-2012-4969 exploit
As you may know this vulnerability was found a while ago in the wild and the exploit is available too, btw I'm having problem on understanding the obfuscated code.
Is it necessary to use obfuscation ...
1
vote
2answers
52 views
DVWA vulnerability list or guide?
Is there a list of vulnerabilities for DVWA, I cannot seem to find a vulnerability list or guide.
By guide I mean an exhaustive list of vulnerabilities to work through.
0
votes
1answer
84 views
Windows exploits that still work? [closed]
I was reading how exploits usually work and how they have been used in the past etc etc.
I wanted to know, if there are still some exploits that can work with minimal user allowed access?
For ...
7
votes
2answers
90 views
How a malware executes remote payload
Let's assume a malware was installed (on a UNIX-based platform) with some social engineering tricks. The original installed code itself may be benign, but the only malicious activity is that the ...
3
votes
1answer
149 views
In the light of recent information about RarVM, can we still trust RAR files?
See:
http://blog.cmpxchg8b.com/2012/09/fun-with-constrained-programming.html
https://github.com/taviso/rarvmtools
It would seem according to these two sources that rar files can contain custom ...
2
votes
1answer
39 views
Is it safe to invoke PHP GD functions if you don't know whether file is a valid image?
There is image upload function in web application. After image is uploaded, it's resized using functions from PHP GD like imagecopyresampled and others. Before invocation of PHP GD's functions there ...
4
votes
2answers
107 views
How does BeEF work? (working understanding)
I have recently come across the BeEF- a browser exploitation tool. In most of the articles, it is said time and again that it is developed for research and pen test purposes! Has anyone worked with ...
1
vote
2answers
64 views
What's the right way to prevent shell bounce back?
When an exploit was successfully executed, is there a way to block the user from bouncing back a shell?
I would like to know about this on both Windows and Linux machines.
0
votes
1answer
71 views
NGINX / HTTP TRACE
I have a http server Nginx with HTTP TRACE Enabled.
A single nmap --script=http-methods.nse host.name give this result :
Not shown: 988 closed ports
PORT STATE SERVICE VERSION
[...]
...
4
votes
2answers
163 views
Does anyone know about how LinkedIn was compromised?
I know some super basic stuff about website security (e.g. using HTTPS, escaping user input), but hearing about high profile sites getting compromised makes me wonder in what way they were broken ...
3
votes
2answers
72 views
Taking action for exploit attempts
Just recently I see I have had about 40 hits in one second for the following Snort rule- signature id 1:16008, which corresponds to the CVE-2007-6239: "... allows remote attackers to cause a denial of ...
2
votes
1answer
63 views
How to achieve interactive shell attack?
Usually when a person gets a shell by attacking some vulnerabilities, what a person gets is non-interactive shell.
So when I call FTP interactive client, shell fails.
Is there any way I can do ...
1
vote
3answers
68 views
Java class type parameter vulnerability
In a Java programming book there is a section that details the JVM and memory addresses and location as it pertains to parameters of a class type. As you can see from the console output the initial ...
