All Posts Tagged Tag: ‘exploit’

  • NDProxy

    NDPROXY Local SYSTEM exploit CVE-2013-5065

    In the past few days there has been some online chatter about a new Windows XP/2k3 privilege escalation, well documented by FireEye. Googling around, we came across a Twitter message which contained a link to a Chinese vulnerability analysis and PoC.

    Read More →
  • Yahoo Owned Xss 0day

    Yahoo DOM XSS 0day – Not fixed yet!

    After discussing the recent Yahoo DOM XSS with Shahin from Abysssec.com, it was discovered that Yahoo’s fix is not effective as one would hope. According to Yahoo, this issue was fixed at 6:20 PM EST, Jan 7th, 2013. With little modification to the original proof of concept code written by Abysssec, it is still possible to exploit the original Yahoo vulnerability, allowing an attacker to completely take over a victim’s account. The victim has to be lured to click a link which contains malicious XSS code for the attack to succeed. This can demonstrated by the video we have created just this morning (Jan 8th, 2013) after Shahin kindly shared proof of concept code with us.

    Read More →
  • Screen Shot 2012 03 23 At 1.48.07 AM

    FreePBX Exploit Phone Home

    During a routine scan of new vulnerability reports for the Exploit Database, we came across a single post in full disclosure by Martin Tschirsich, about a Remote Code Execution vulnerability in FreePBX. This vulnerability sounded intriguing, and as usual, required verification in the EDB. At …

    Read More →
  • Ms11080 Shell

    MS11-080 Exploit – A Voyage into Ring Zero

    Every patch Tuesday, we, like many in the security industry, love to analyze the released patches and see if any of them can lead to the development of a working exploit. Recently, the MS11-080 advisory caught our attention as it afforded us the opportunity to play in the kernel and try to get a working privilege escalation exploit out of it.

    Read More →
  • Php7

    Return Oriented Exploitation (ROP)

    For all those who registered to AWE in BlackHat Vegas 2010 – we have special surprise for you… We’ve updated our “Bypassing NX” module with the buzzing ROP exploitation method.

    Read More →
  • Free Online Information Security Training By Offensive Security

    We are finally ready to present the free information security training – Metasploit Unleashed – Mastering the Framework. This resource will be a living, breathing Metasploit documentation entity. We will keep on updating and adding new modules and chapters as the MSF evolves. For a …

    Read More →