Collaborate Disseminate
I’m currently dealing with a SQL injection problem that involves an input being taken and put through a function that replaces all ‘ with \’ and all \ with \\. I’ve tried a lot of things but I don’t seem to be able to escape from the strin… Continue reading How to bypass this silly SQL injection protection?
Where can I get MyDoom virus source code?
https://crn.com/news/security/18831436/why-is-mydoom-author-spreading-source-code.htm
Is this it: https://github.com/yorickdewid/MyDoom
Continue reading Where can I get the original MyDoom source code released by the author?
Where can I get MyDoom virus source code?
https://crn.com/news/security/18831436/why-is-mydoom-author-spreading-source-code.htm
Is this it: https://github.com/yorickdewid/MyDoom
Continue reading Where can I get the origonal MyDoom source code released by the author?
Let’s take a very simple defense goal. I’m a UEFI DXE Driver and my only goal is to prevent a 100GB file located at C:\sacred
from being deleted or overwritten by the system under any circumnstances. My opponent (also a UEFI DXE Driver, so… Continue reading If two UEFI rootkits battle to perform / prevent an action, what determines which side can succeed? [closed]
A piece of malware detects signatures of the sandbox an AV solution tries to use to fingerprint malicious behavior and pretends to be innocent. Once in the real OS environment, it then downloads executable data encoded as image data and de… Continue reading Why don’t computers enforce immutable address spaces for execution?
I’m designing a system where admins can invite users to edit certain resources.
Currently, I’m using this approach:
User Model
email: required,
pw: required,
role: ‘admin’ | ‘non-admin’
activated: boolean
resourceId: string
Admin invites… Continue reading Security Concerns User Invitation system
On the windows command line (preferably powershell), how can I see the process that a service spawns? using the powershell cmdlet get-service | select *, none of the properties for the service objects have anything to do with a spawned pro… Continue reading Get Spawned .exe of windows service via command line [migrated]
I’ve found an application that allows arbitrary file upload (client side validation on file extensions), however those files are not stored in a folder which is accessible by the webserver, so a web shell is not possible.
However, due to … Continue reading WebApp Windows Command Injection without "||"
I am a person that is constantly on the move. Therefore, I usually carry USB sticks with operating systems that I can easily run without leaving any trace on the host system. Usually, I just run Linux from these USBs, which is great becaus… Continue reading Portable Windows / Running Windows from a USB [migrated]
I notice on various documents involving the Trickbot malware, they all state that trickbot determines the infected host’s external IP address by communicating with the following hosts:
hxxp://myexternalip.com/raw
hxxp://api.ipify.org
hxxp:… Continue reading Any data on how often trickbot communicates with certain IPs