All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.
Research By: Eyal Itkin, Yannay Livneh and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver a physical message from a sender to a receiver. Technology wise, however, that was a long time ago. Today we are light years away from those dark days. In its place we have email, chat mess
Home / BIND / Denial of Service / Framework / GNU / Linux / Mac / Meterpreter / PHP / Ruby / Testing / Win32 / Windows / WordPress / WordPress Exploit Framework / Wordpress Exploit Framework v1.9.2 - Framework For Developing And Using Modules Which Aid In The Penetration Testing Of WordPress Powered Websites And Systems Wordpress Exploit Framework v1.9.2 - Framework For Developing And Using Module
Too Long; Didn't ReadWhile browsing Twitter I’ve noticed <a href="https://electronjs.org/blog/protocol-handler-fix" target="_blank">ElectronJS remote code execution vulnerability</a> in protocol handler. That sounds severe. As stated in official description, for application to be vulnerable is enough to register itself as default handler for some protocol. I had one application based on Electron i
As all of our research is now in Metasploit master repository, there was no reason to confuse everyone by keeping this repository open as there were two versions of everything and due to overwhelming popularity support became a nightmare as this is merely a side project. Please do not make support issues here, as they will not be answered. Those searching for the scanners: Metasploit: https://www.
一つ前のエントリではformat string attackによるメモリ読み出しをやってみたが、format string attackでは任意の位置のメモリ内容を書き換えることもできる。 ここでは、実際にGOT (Global Offset Table) と呼ばれるセクションに置かれるライブラリ関数のアドレスをシェルコードのアドレスに置き換え、シェルを起動させてみる。 環境 Ubuntu 12.04 LTS 32bit版 $ uname -a Linux vm-ubuntu32 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:42:40 UTC 2014 i686 i686 i386 GNU/Linux $ lsb_release -a No LSB modules are available. Distributor ID
DEPが有効な状況では、スタックバッファオーバーフローなどから命令を実行させるためにROPと呼ばれる手法が使われる。 さらに、ROPを使って任意の処理を実行させる方法として、実行可能なメモリ領域(stage)を動的に確保し、そこに通常のシェルコードをコピーし実行させるという方法が知られている。 この際使われるROPシーケンスはROP stagerと呼ばれる。 ここでは、DEPが有効な状況下で、mmapを使ったROP stagerによるシェルコード実行をやってみる。 環境 Ubuntu 12.04 LTS 32bit版 $ uname -a Linux vm-ubuntu32 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:42:40 UTC 2014 i686 i686 i386 GNU/Linux $ lsb_release
AppSecCali 2015: Marshalling Pickles how deserializing objects will ruin your day by @frohoff and @gebl Note: see the more recent presentation on Java Deserialization: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate Java Object Deserialization Talk Video Slides Event Object serialization technologies allow programs to easily convert in-memory objects to and from various binary a
The Latest on Stagefright: CVE-2015-1538 Exploit is Now Available for Testing Purposes More than a month has passed since Zimperium first broke the news of zLabs’ VP of Platform Research and Exploitation Joshua J. Drake’s discovery of multiple critical vulnerabilities in Android’s media library – libstagefright. In that time frame, the number and importance of the events that have unfolded is noth
Sifting through the world of Information Security, one bit at a time Sift: to examine (something) thoroughly so as to isolate that which is most important -- Oxford Dictionary Overview Welcome to Part 1 of a series of posts on Windows Exploit Development. In this first installment I’ll cover just the basics necessary to understand the content of future posts, including some Assembly syntax, Window
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack FireEye Labs recently detected a limited APT campaign exploiting zero-day vulnerabilities in Adobe Flash and a brand-new one in Microsoft Windows. Using the Dynamic Threat Intelligence Cloud (DTI), FireEye researchers detected a pattern of attacks beginning on April 13th, 2015. Ado
Status: Fixed (as of Jan 13, 2016) Recently a Universal Cross-Site Scripting(UXSS) vulnerability (CVE-2015-0072) was disclosed on the Full Disclosure mailing list. This unpatched 0day vulnerability discovered by David Leo results in a full bypass of the Same-Origin Policy(SOP) on the latest version of Internet Explorer. This article will briefly explain the technical details behind the vulnerabili
This website uses cookies to analyze our traffic and only share that information with our analytics partners. Accept Projects for Good We are a community of developers, technologists and evangelists improving the security of software. The OWASP Foundation gives aspiring open source projects a platform to improve the security of software with: Visibility: Our website gets more than six million visi
The Exploit Database is maintained by OffSec, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. The Exploit Database is a non-profit project that is provided as a public service by OffSec. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, develo
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く