Exploits/Vulnerabilities – Page 6

In 2016 Your Wireless Keyboard Security Still SUCKS – KeySniffer

Posted on July 27, 2016 by Darknet

So you’d probably imagine that Wireless Keyboard Security is a 1998 problem and you shouldn’t even have to worry about that any more. And you’d be wrong – two-thirds of wireless keyboards, from MAJOR manufacturers are not even vaguely secure. It turns out, in 2016 when cryptography is mainstream, open-source and fairly easy to implement…

Read the full post at darknet.org.uk

Continue reading In 2016 Your Wireless Keyboard Security Still SUCKS – KeySniffer→

ERTS – Exploit Reliability Testing System

Posted on July 5, 2016 by Darknet

ERTS or Exploit Reliability Testing System is a Python based tool to calculate the reliability of an exploit based on the number of times the exploit is able to control EIP register with the desired address/value. It’s created to help you code reliable exploits and take the manual parts out of running and re-running exploits […]

The post…

Read the full post at darknet.org.uk

Continue reading ERTS – Exploit Reliability Testing System→

shadow – Firefox Heap Exploitation Tool (jemalloc)

Posted on June 21, 2016 by Darknet

shadow is a new, extended (and renamed version) of a Firefox heap exploitation tool, which is quite a swiss army knife for Firefox/jemalloc heap exploitation. If you want to dive in really deep to this tool, and the technicalities behind it check this out – OR’LYEH? The Shadow over Firefox [PDF] Support shadow has been […]

The post shadow…

Read the full post at darknet.org.uk

Continue reading shadow – Firefox Heap Exploitation Tool (jemalloc)→

Intel Hidden Management Engine – x86 Security Risk?

Posted on June 16, 2016 by Darknet

So it seems the latest generation of Intel x86 CPUs have implemented a Intel hidden management engine that cannot be audited or examined. We can also assume at some point it will be compromised and security researchers are labelling this as a Ring -3 level vulnerability. This isn’t a new issue though, people have been […]

The post Intel…

Read the full post at darknet.org.uk

Continue reading Intel Hidden Management Engine – x86 Security Risk?→

TeamViewer Hacked? It Certainly Looks Like It

Posted on June 2, 2016 by Darknet

So is TeamViewer Hacked? There’s no definitive answer for now as they aren’t admitting to anything – but it does look very suspicious. The whole service was down for a few hours, the domains were apparently pointing to Chinese IP addresses (DNS Hijacking?) and no-one could login. A whole bunch of users also turned up […]

The post TeamViewer…

Read the full post at darknet.org.uk

Continue reading TeamViewer Hacked? It Certainly Looks Like It→

Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?

Posted on May 4, 2016 by Darknet

So another vulnerability with a name and a logo – ImageTragick? At least this time it’s pretty dangerous, a bunch of ImageMagick Zero-Day vulnerabilities have been announced including one that can leave you susceptible to remote code execution. It’s pretty widely used software too and very public, if you use an app online that lets […]

The…

Read the full post at darknet.org.uk

Continue reading Serious ImageMagick Zero-Day Vulnerabilities – ImageTragick?→

BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records

Posted on April 28, 2016 by Darknet

So another data breach, and no surprise here, but another dating site. This time the BeautifulPeople.com Leak has exposed 1.1 million customer records, including 15 million private messages sent between users. Not so private now is it. And no surprise … Continue reading BeautifulPeople.com Leak Exposes 1.1M Extremely Private Records→

Apple Will Not Patch Windows QuickTime Vulnerabilities

Posted on April 20, 2016 by Darknet

Much like Adobe Flash, QuickTime from Apple is a bit of a relic some pretty serious, remote code execution type Windows QuickTime Vulnerabilities were recently discovered by Trend Micro. Apple has officially stated that they won’t be fixing them and the official line on this, is to uninstall QuickTime. I guess a lot of people […]

The post…

Read the full post at darknet.org.uk

Continue reading Apple Will Not Patch Windows QuickTime Vulnerabilities→

BADLOCK – Are ‘Branded’ Exploits Going Too Far?

Posted on April 14, 2016 by Darknet

So there’s been hype about this big exploit coming, for over a month, before anything was released. It had a name, a website and a logo – and it was called Badlock. And now it’s out, and it’s more like Sadlock – really a local network DoS against DCE/RPC services on Windows and Linux with […]

The post BADLOCK – Are…

Read the full post at darknet.org.uk

Continue reading BADLOCK – Are ‘Branded’ Exploits Going Too Far?→

DROWN Attack on TLS – Everything You Need To Know

Posted on March 2, 2016 by Darknet

So SSL in general is having a rough time lately, now with the SSLv2 DROWN attack on TLS. And this is not long after Logjam and a while since Heartbleed, POODLE and FREAK. DROWN is a cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date clients and stands for Decrypting RSA with Obsolete […]

The post DROWN…

Read the full post at darknet.org.uk

Continue reading DROWN Attack on TLS – Everything You Need To Know→