Resources

Tools

  • Linux Exploit Suggester – penturalabs.wordpress.com
    This is a Linux Exploit Suggester, with no frills and no fancy features; just a simple script to keep track of vulnerabilities and suggest possible exploits to use to gain ‘root‘ on a legitimate penetration test, or governing examining body.
  • Analyzing Keychain Contents with iOSKeychain Analyzer – blog.opensecurityresearch.com
    iOSKeychain Analyzer extracts and exports the contents of the keychain (on the iOS simulator) along with the associated attributes/properties. Additionally, the tool also analyzes the iOS simulator keychain contents from a security standpoint.
  • oclHashcat-plus v0.15 – hashcat.net
    This version is the result of over 6 months of work, having modified 618,473 total lines of source code.And last but not least, lots of bugs have been fixed.

Technique

  • The Powerloader 64-bit update based on leaked exploits – welivesecurity.com
    The Win64/Vabushky dropper uses an interesting modification to the PowerLoader code. However the PowerLoader modifications are based on leaked LPE exploits for 64-bit operating systems from Carberp code.

Vulnerabilities

  • Tesla Model S REST API Authentication Flaws – programming.oreilly.com
    The authentication protocol in the Tesla REST API is flawed. Worse, it’s flawed in a way that makes no sense and this model suffers from the following flaws.
  • Researchers reverse-engineer the Dropbox client: What it means – techrepublic.com
    There were doubts about being able to reverse engineer heavily-obfuscated applications written in Python. Two researchers have removed all doubt by reverse engineering the immensely popular Dropbox client.

Other News