Security Vulnerabilities

/Security Vulnerabilities

Week 5 In Review – 2016


Hot or Not? The Benefits and Risks of IoS Remote Hot Patching –
In this series of articles, FireEye mobile security researchers examine the security risks of iOS apps that employ these alternate solutions for hot patching, and seek to prevent unintended security compromises in the iOS app ecosystem.

Moving to a Plugin-Free Web –
By […]

Week 4 In Review – 2016

Events Related

ShmooCon: LastPass design elements create perfect Phishing opportunity –
Cassidy’s presentation at ShmooCon on Saturday morning outlined a clever Phishing attack against LastPass users, which is made possible due to design elements within the password manager’s core functions.

BSides Conference

BSides Columbus 2016 Videos –
BSidesNYC2016 –


dnstwist –
Domain name permutation engine for detecting typo […]

Week 3 In Review – 2016

Events Related


ShmooCon Firetalks 2016 –
ShmooCon Pres –


TrendMicro node.js HTTP server listening on localhost can execute commands –
Trend Micro™ Password Manager software manages all your website login IDs (user names and passwords) in one secure location, so you only need to remember one password.


SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 – […]

Week 2 In Review – 2016

Events Related

32C3 Recap – Part1 –
Every year a group of us are happy to use the holidays to travel to Hamburg to meet other people and learn something new at the 32C3.


Kali NetHunter 3.0 Released –
NetHunter has been actively developed for over a year now, and  has undergone nothing short of a complete transformation since […]

Week 52 In Review – 2015


pentestpackage –
A package of Pentest scripts


JexBoss – Jboss Verify And Exploitation Tool –
JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.

Damn Vulnerable Node Application (DVNA) is a Node.js web application that is damn vulnerable. Its intended purpose is to teach secure coding concepts to web developers who […]

Week 51 In Review – 2015


Unofficial Guide to Mimikatz & Command Reference –
This page details as best as possible what each command is, how it works, the rights required to run it, the parameters (required & optional), as well as screenshots and additional context (where possible).

Index of /docs/Slides/2015 –

CVE-2015-8446 (Flash up to And Exploit Kits –

juniper-cve-2015-7755 […]

Week 50 In Review – 2015

Events Related

DEFCONConference –

DefCamp 2015 –


Zero Nights –

CheatSheets –
Cheat sheets for various projects I contribute to (PowerView, PowerUp, and Empire).


Introduction to Modbus TCP traffic –
Modbus is a serial communication protocol. It is the most widespread used protocol within ICS. It works in a Master / Slave mode. This means the Master has the pull […]

Week 49 In Review – 2015

Events Related

2015 – Talks –

Botconf 2015
The first keynote slot was assigned to Margarita Louca from Europol: “Successful botnets takedowns: The good-cooperation part”. More precisely, it’s the EC3 (“European Cyber Crime Center“). This talk was flagged as “restricted” and not all information will be reported here.

Botconf 2015 Wrap-Up Day #1 –
Botconf 2015 Wrap-Up Day #2 – […]

Week 48 In Review – 2015

Events Related

My SecTor Story: Root Shell on the Belkin WeMo Switch –
Researchers from Tripwire were on hand to help attendees explore the world of IoT hacking. They brought with them a table full of devices ranging from routers to smart televisions. They also had a video demonstration of the exploitation of vulnerabilities in a home […]

Week 47 In Review – 2015


Kaspersky Antivirus Certificate handling path traversal –
When Kaspersky https inspection is enabled, temporary certificates are created in %PROGRAMDATA% for validation. I observed that the naming pattern is {CN}.cer.

Breaking into and Reverse Engineering iOS Photo Vaults –
For whatever reason, a lot of people store risqué pictures on their devices. Why they feel the need […]