HackDig : Dig high-quality web security articles for hacker

Kernel Exploitation-Part 3

Over the last two articles of this series, we have come a long way around kernel exploitation. We started with finding a buffer overflow in driver code to parsing of different structures to steal the token. In the final part of this series, we will combine the whole parts plus provide some finishing touches to complete the exploit.In last part of this
Publish At:2017-09-21 00:25 | Read:227 | Comments:0 | Tags:Hacking exploit

Hackers exploit an undocumented Word feature for user fingerprinting

Kaspersky researchers discovered a new attack technique leveraging an undocumented Word feature to gather information on users. Kaspersky researchers discovered a new attack technique leveraging Microsoft Word documents to gather information on users. The technique is innovative because it doesn’t use active content such as macros or exploits, it exploits an
Publish At:2017-09-19 13:05 | Read:272 | Comments:0 | Tags:Breaking News Hacking undocumented Word Word exploit

Researchers demonstrate how to steal Bitcoin by exploiting SS7 issues

Hackers have exploited security weaknesses in SS7 protocol to break into a GMail account, take control of a bitcoin wallet and steal funds. In June 2016, researchers with Positive Technologies demonstrated that it is possible to hack Facebook accounts by knowing phone numbers by exploiting a flaw in the SS7 protocol. The technique allows bypassing any securi
Publish At:2017-09-19 13:05 | Read:286 | Comments:0 | Tags:Breaking News Hacking Bitcoin mobile SS7 two-factor authenti

Kernel Exploitation: Advanced

In Part 1 of this article series, we had reverse engineered the driver and identified buffer overflow vulnerability in it. In this part, we will cover the next step of developing the exploit, and for that, we will have to go through various structures and offset. Since this a kernel land exploitation, a typical MSFvenom shellcode will not work.The expl
Publish At:2017-09-18 17:00 | Read:188 | Comments:0 | Tags:Exploit Development exploit

Windows Kernel Exploitation- Part 1

In this article series, we will learn about kernel exploitation using a driver HackSysExtremeVulnerableDriver built by Ashfaq Ansari. The driver has many vulnerabilities built into it, and we will try and exploit all of them in this series. In this part, we will work on identifying the buffer overflow vulnerability present in the driver and try to expl
Publish At:2017-09-15 15:10 | Read:284 | Comments:0 | Tags:Hacking exploit

Downward Trend in Publicly Available Exploit Code? Don’t Ease Up on Patch Management Just Yet

The IBM X-Force Vulnerability Database (XFDB), which holds over 100,000 publicly disclosed vulnerabilities, is chock-full of insights concerning the cybersecurity threat landscape. Much of the data is publicly available directly on the IBM X-Force Exchange platform and can be accessed by users anytime. In reviewing the database on an ongoing basis, the IBM
Publish At:2017-09-14 21:10 | Read:344 | Comments:0 | Tags:Advanced Threats Endpoint Threat Intelligence X-Force Resear

Zerodium is offers $1 Million for Tor Browser Exploits

The company ZERODIUM announced it will pay up to $1 million for fully working zero day exploits for Tor Browser on Tails Linux and Windows OSs. The zero-day broker Zerodium offers $1 million for Tor Browser exploits with the intent to unmask Tor users. The controversial firm will then resell the zero-day exploit for Tor browser to law enforcement and governm
Publish At:2017-09-14 03:50 | Read:291 | Comments:0 | Tags:Breaking News Deep Web Hacking Bug Bounty exploits Pierluigi

Apache Foundation rejects allegation Equifax hackers exploited CVE-2017-9805 in Struts

Media and experts speculate Equifax Hack was the result of the exploitation of the recently discovered critical vulnerability CVE-2017-9805 in Apache Struts. Last week Equifax reported a huge data breach, hackers accessed its systems between mid-May and late July. The incident affected roughly 143 million U.S. consumers and some customers in the U.K. and Can
Publish At:2017-09-11 20:30 | Read:307 | Comments:0 | Tags:Breaking News Hacking CVE-2017-9805 Cybercrime Equifax data

Experts observed the active exploitation of the CVE-2017-9805 Struts vulnerability

Hackers are exploiting in the wild a critical remote code execution vulnerability in Apache Struts 2, tracked as CVE-2017-9805, that was patched a few days ago. The vulnerability tracked as CVE-2017-9805 is related to the way Struts deserializes untrusted data, it affects all versions of Apache Struts since 2008, from Struts 2.5 to Struts 2.5.12. The experts
Publish At:2017-09-09 05:30 | Read:337 | Comments:0 | Tags:Breaking News Hacking CVE-2017-9805 RCE flaw REST Struts Vul

Microsoft confirmed it won’t fix kernel issue that could be exploited to evade antivirus

A design flaw within the Windows kernel could be exploited by attackers to evade antivirus and stop them from recognizing malware. A design flaw within the Windows kernel is the root cause for antivirus stopping from recognizing malware, and the bad news is that Microsoft won’t fix it because the tech giant doesn’t consider it as a security issue
Publish At:2017-09-09 05:30 | Read:286 | Comments:0 | Tags:Breaking News Hacking kernel Microsoft PsSetLoadImageNotifyR

Struts CVE-2017-9805 RCE flaw could be exploited to take over vulnerable servers

Critical vulnerability CVE-2017-9805 in Apache Struts could be exploited by attackers to take over affected web servers. Security researchers at LGTM (lgtm.com) have discovered a critical remote code execution vulnerability in the Apache Struts that could be exploited by a remote attacker to run malicious code on the vulnerable servers. “Security rese
Publish At:2017-09-06 05:15 | Read:329 | Comments:0 | Tags:Breaking News Hacking CVE-2017-9805 RCE flaw REST Struts exp

Pacemakers prone to getting hacked

Recently the The FDA and Homeland Security have issued alerts about vulnerabilities in 4,65,000 pacemakers. The devices can be remotely “hacked” to increase activity or reduce battery life, potentially endangering patients. Feasible vulnerabilities: Absence of memory and encryption: In such embedded devices there is a lack to support proper cryptographic e
Publish At:2017-09-05 12:30 | Read:361 | Comments:0 | Tags:News cryptography Exploit hacking IOT news pacemaker

Hackers exploited an Instagram flaw access celebrity profile data

An Instagram flaw allowed hackers to access profile information for high-profile users, the incident was confirmed by the company. Instagram has recently suffered a possibly serious data breach with hackers gaining access to the phone numbers and email addresses for many “high-profile” users. Hackers recently accessed personal information of R
Publish At:2017-08-31 16:20 | Read:447 | Comments:0 | Tags:Breaking News Hacking Apple brute force celebrities iCloud i

Zimperium researcher released an iOS Kernel Exploit PoC

Zimperium Researcher Adam Donenfeld released an iOS Kernel Exploit PoC that can be used to gain full control of iOS mobile devices. Researcher Adam Donenfeld of mobile security firm Zimperium published a Proof-of-concept (PoC) for recently patched iOS vulnerabilities that can be chained to gain full control of iOS mobile devices. The expert called the PoC ex
Publish At:2017-08-28 14:00 | Read:473 | Comments:0 | Tags:Breaking News Hacking Mobile Apple iOS Kernel Exploit kernel

Zerodium payouts for Messaging, Email App Exploits are $500,000

Zerodium payouts include up to $500,000 for RCE and privilege escalation vulnerabilities affecting popular instant messaging and email applications. The zero-day and exploit broker Zerodium, founded by former VUPEN co-founder Chaouki Bekrar, offers $500,000 for a zero-day exploit in secure messaging Messaging (i.e. such as WhatsApp, Signal, Facebook Messenge
Publish At:2017-08-25 12:20 | Read:363 | Comments:0 | Tags:Breaking News Hacking zero-Day Zerodium payouts exploit

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud