HackDig : Dig high-quality web security articles for hacker

Schubser and his cookie dealing friend

I actually forgot to post this in February, so I’m a little late but the topic is as current as it was back then. One week in February my colleague, Jan Girlich and me took some time to review our tools and make three of them available on github. Jan wrote a Proof of Concept (PoC) Android app that allows exploiting Java object deserialization vulnerabi
Publish At:2019-09-19 18:20 | Read:223 | Comments:0 | Tags:Coding Android deserialisation Firesheep Java MITM mod0cooki

Java Bugs with and without Fuzzing – AFL-based Java fuzzers and the Java Security Manager

In the last half a year I have been doing some fuzzing with AFL-based Java fuzzers, namely Kelinci and JQF. I didn’t really work with java-afl. The contents of this post are: Various AFL-based Java fuzzers are available that can be used to find more or less severe security issues. By combining these with sanitizers provided by the Java Security Manager
Publish At:2019-09-19 18:20 | Read:212 | Comments:0 | Tags:Fuzzing AFL Apache fuzzing Java Java security manager JQF Ke

[SANS ISC] Simple Analysis of an Obfuscated JAR File

I published the following diary on isc.sans.org: “Simple Analysis of an Obfuscated JAR File“. Yesterday, I found in my spam trap a file named ‘0.19238000 1509447305.zip’ (SHA256: 7bddf3bf47293b4ad8ae64b8b770e0805402b487a4d025e31ef586e9a52add91). The ZIP archive contained a Java archive named ‘0.19238000 1509447305.jar’ (SHA256: b161c7
Publish At:2017-11-03 16:40 | Read:4585 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Java JRAT SANS I

Java Key Store (JKS) format is weak and insecure

While preparing my talk for the marvelous BSides Zurich I noticed again how nearly nobody on the Internet warns you that Java’s JKS file format is weak and insecure. While users only need to use very strong passwords and keep the Key Store file secret to be on the safe side (for now!), I think it is important to tell people when a technology is weak. P
Publish At:2017-09-19 16:25 | Read:3053 | Comments:0 | Tags:Password cracking encryption Java Java Key Store JKS

Cracking Java’s weak encryption – Nail in the JKS coffin

POC||GTFO journal edition 0x15 came out a while ago and I’m happy to have contributed the article “Nail in the JKS coffin”. You should really read the article, I’m not going to repeat myself here. I’ve also made the code available on my “JKS private key cracker hashcat” github repository. For those who really need a
Publish At:2017-07-07 05:55 | Read:2993 | Comments:0 | Tags:Password cracking Android encryption hashcat Hashes Java JKS

FTP Injection flaws in Java and Python allows firewall bypass

The two programming languages, Java and Python, are affected by serious FTP Injection flaws that can be exploited by hackers to bypass any firewall. Attackers can trick Java and Python applications to execute rogue FTP commands that would open ports in firewalls The unpatched flaws reside in the way the two programming languages handle File Transfer Protocol
Publish At:2017-02-22 21:30 | Read:4643 | Comments:0 | Tags:Breaking News Hacking firewall FTP Injection Java Python sec

Keeping Adobe Flash Player

Years ago, Java exploits were a primary attack vector for many attackers looking to infect systems, but more recently, Adobe Flash Player took that mantle. After accounting for almost half of object detections during some quarters in 2014, Java applets on malicious pages decreased to negligible levels by the end of 2015, owing to a number of changes that hav
Publish At:2016-10-03 20:40 | Read:4842 | Comments:0 | Tags:Cybersecurity Adobe Adobe Flash Player Java Security

Enterprise NPM users to get help with security, licensing

NPM Inc, which oversees the popular NPM registry of JavaScript modules is enlisting outside help to provide guidance on security, code analysis, and licensing issues.Under an expansion of NPM Enterprise to be detailed today, NPM Inc. will partner with third parties to take care of auditing of modules via its NPM Enterprise add-ons service. The cu
Publish At:2016-07-05 09:20 | Read:2904 | Comments:0 | Tags:Application Development Development Tools Security Java Ente

Jenkins Remoting RCE II – The return of the ysoserial

Jenkins is a continuous integration server, widely used in Java environments for building automation and deployment. The project recently disclosed an unauthenticated remote code execution vulnerability discovered by Moritz Bechler. Depending on the development environment, a Jenkins server can be a critical part of the infrastructure: It often creates the
Publish At:2016-07-01 21:50 | Read:5512 | Comments:0 | Tags:Security Java jenkins serialization vulnerabilities

Patch Java immediately or attackers can hack you

The CVE-2016-0636 flaw affects Java SE running in web browsers on desktops, attackers can trigger it remotely to takeover your PC. Once again a serious security vulnerability affects the Java Oracle software, the new flaw coded as CVE-2016-0636 scored a 9.3 on the Common Vulnerability Scoring System bug severity rating. The CVE-2016-0636 vulnerability affect
Publish At:2016-03-24 13:55 | Read:4078 | Comments:0 | Tags:Breaking News Security CVE-2016-0636 Hacking Java Oracle Pie

Two-year-old Java flaw re-emerges due to broken patch

A patch for a critical Java flaw released by Oracle in 2013 is ineffective and can be easily bypassed, security researchers warn. This makes the vulnerability exploitable again, paving the way for attacks against PCs and servers running the latest versions of Java.The flaw, tracked as CVE-2013-5838 in the Common Vulnerabilities and Exposures (CVE) databa
Publish At:2016-03-11 10:35 | Read:4078 | Comments:0 | Tags:Security Patches Java

The return of HackingTeam with new implants for OS X

Last week, Patrick Wardle published a nice analysis of a new Backdoor and Dropper used by HackingTeam, which is apparently alive and well. Since HackingTeam implants are built on-demand for each target, and it appears that the samples mentioned in the blog were found in-the-wild, we wanted to take a closer look: to see how it works and what its functionality
Publish At:2016-03-02 14:55 | Read:4444 | Comments:0 | Tags:Blog Featured Research Apple Backdoor Banloader Cyber espion

Adwind: FAQ

Download full report PDF We have become aware of unusual malware that was found in some banks in Singapore. This malware has many names – it is known as Adwind RAT (Remote Access Tool), AlienSpy, Frutas, Unrecom, Sockrat, JSocket, and jRat. It is a backdoor available for purchase, and is written entirely in Java which makes it cross-platform. According to th
Publish At:2016-02-09 00:20 | Read:3749 | Comments:0 | Tags:Blog Featured Research Backdoor Cross-platform malware Cyber

Java “RAT-as-a-Service” backdoor openly sold through website to scammers

A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a "commercial" backdoor-as-a-service. It was recently detected in an attack on a Singapore bank employee. Previously known as AlienSpy or Adawind, the malware was all but shut down in 2015 afte
Publish At:2016-02-08 21:50 | Read:3503 | Comments:0 | Tags:Risk Assessment Technology Lab Java malware RAT remote acces

Java installer flaw shows why you should clear your Downloads folder

On most computers, the default download folder quickly becomes a repository of old and unorganized files that were opened once and then forgotten about. A recently fixed flaw in the Java installer highlights why keeping this folder clean is important.On Friday, Oracle published a security advisory recommending that users delete all the Java installers th
Publish At:2016-02-08 19:00 | Read:3331 | Comments:0 | Tags:Security Java

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud