«
Expand/Collapse
847 items tagged "windows"
Related tags:
vulnerability research [+],
security [+],
microsoft windows media [+],
memory corruption [+],
exploits [+],
microsoft [+],
usa [+],
windows versions [+],
truetype font [+],
system privileges [+],
player [+],
oracle [+],
ole [+],
hacking [+],
free error [+],
exploitation techniques [+],
execution [+],
arora [+],
windows security [+],
remote buffer overflow [+],
poc [+],
picture [+],
password [+],
microsoft windows media player [+],
heap [+],
escalate [+],
buffer overflow vulnerability [+],
authentication methods [+],
microsoft windows [+],
xampp [+],
whitepaper [+],
vista [+],
task [+],
service vulnerability [+],
remote buffer overflow vulnerability [+],
readlayoutfile [+],
mapserver [+],
local [+],
integer overflow [+],
ike [+],
dll [+],
cross site scripting [+],
briefcase [+],
authors [+],
code execution [+],
zed attack [+],
zap [+],
windows task scheduler [+],
windows system [+],
windows servers [+],
windows port [+],
windows installation [+],
windows box [+],
vulnerabilities [+],
viper [+],
url [+],
unexpected paths [+],
unexpected behavior [+],
uac [+],
tool [+],
time component [+],
time behaviour [+],
time [+],
testing tool [+],
target machine [+],
system shell [+],
stack buffer [+],
spoof [+],
shellcode [+],
shell [+],
service microsoft [+],
server [+],
security experience [+],
security 2002 [+],
security 2001 [+],
script [+],
scheduler [+],
safari for windows [+],
safari [+],
remote intrusion [+],
remote exploit [+],
proxy [+],
program memory [+],
program [+],
port [+],
paper [+],
ncc group [+],
mysql windows [+],
mof [+],
modules system [+],
memory [+],
kernel function [+],
installer [+],
information stream [+],
hijacking [+],
hijack [+],
hacking windows [+],
felix [+],
exe [+],
example c program [+],
escalation [+],
digital video recording [+],
denial [+],
codebase [+],
clickonce [+],
cesar cerrudo [+],
ccmplayer [+],
buffer [+],
based buffer overflow [+],
assembly [+],
asia [+],
arp spoofing [+],
arbitrary commands [+],
application level [+],
application installer [+],
afd [+],
vulnerability [+],
windows server [+],
windows operation [+],
win32k [+],
walldorf germany [+],
vupen [+],
vulnerability exploitation [+],
udp port [+],
tyler [+],
todd feinman [+],
time comming [+],
tcp [+],
target system [+],
talk [+],
steve riley [+],
social engineering [+],
smep [+],
shatter proofing [+],
security authors [+],
runtracer [+],
rudimentary [+],
rop [+],
removal guide [+],
removal [+],
remote administration [+],
read [+],
provisioning services [+],
provisioning [+],
pro [+],
pool [+],
overflows [+],
newbies [+],
msvcrt [+],
malware [+],
malicious software [+],
malicious java [+],
larry leibrock [+],
kinect [+],
kernel windows [+],
ipsec [+],
internals [+],
intel [+],
hacking microsoft [+],
germany [+],
generic kernel [+],
full [+],
forensics [+],
david litchfield [+],
david goldman [+],
cross [+],
color [+],
citrix [+],
chaos communication congress [+],
bugtraq [+],
barnaby jack tags [+],
advanced [+],
Tools [+],
BackTrack [+],
black hat [+],
zdi [+],
xml [+],
wrq [+],
wouters [+],
world authors [+],
world [+],
wlsi [+],
windows virus [+],
windows version [+],
windows service [+],
windows phone [+],
windows pcs [+],
windows passwords [+],
windows partition manager [+],
windows nt security [+],
windows media player [+],
windows ids [+],
windows explorer [+],
windows common controls [+],
wince [+],
william dixon tags [+],
william dixon [+],
wavesec [+],
virus creation [+],
virus [+],
updates [+],
unleashes [+],
unauthorized access [+],
trusted [+],
trap frame [+],
trace [+],
tony sager [+],
tony harris [+],
todd sabin [+],
tls [+],
three feet [+],
thomas shinder [+],
tftp [+],
technical audit [+],
technical [+],
tcpip [+],
tcp ip stack [+],
tcp ip [+],
task scheduler [+],
symantec [+],
swiss cheese [+],
surface [+],
steve riley timothy bollefer [+],
steve riley tags [+],
stack [+],
sql injection [+],
sql [+],
space [+],
sms [+],
slabs [+],
single computer [+],
signature verification [+],
shmedia [+],
sessions [+],
service [+],
servers [+],
server side software [+],
seki tags [+],
security windows [+],
security updates [+],
security tags [+],
security patches [+],
security patch [+],
security engineering [+],
security configuration guide [+],
secure [+],
safeguarding [+],
rpc [+],
ring 0 [+],
retired [+],
resiliency [+],
researcher [+],
recommendations [+],
rdp [+],
professional authors [+],
preview [+],
poison [+],
plugin [+],
phone [+],
pda [+],
paul wouters [+],
patrick chambet [+],
patches [+],
passwords [+],
partition [+],
ozone [+],
overflow vulnerability [+],
overflow [+],
openhack [+],
null sessions [+],
null [+],
novell client for windows [+],
novell [+],
nist [+],
network provider [+],
naked as a jaybird [+],
naked [+],
msrpc [+],
msi [+],
milroy [+],
microsoft windows common controls [+],
microsoft posts [+],
microsoft patches [+],
media frenzy [+],
media framework [+],
mark dowd [+],
mark burnett [+],
marinescu [+],
make [+],
mail [+],
live [+],
lindner [+],
like [+],
lessons [+],
learned [+],
larcher [+],
keyboard layout [+],
keyboard [+],
kernel dos [+],
k security [+],
k auditing [+],
john mcdonald [+],
john lambert tags [+],
john lambert [+],
joe nocera [+],
jim harrison thomas shinder [+],
jaybird [+],
james c. foster mark burnett [+],
james c foster [+],
intrusion detection [+],
intrusion [+],
internet security and acceleration server [+],
internet security and acceleration [+],
information disclosure vulnerability [+],
improving [+],
host [+],
hips [+],
heap management [+],
hassle [+],
hardening windows [+],
hardening [+],
hacks [+],
hacker [+],
griffin [+],
glancey [+],
frenzy [+],
forensic [+],
fix [+],
firewall [+],
fingerprinting [+],
explorer [+],
exploitation [+],
exec [+],
eugene [+],
erik birkholz [+],
eric larcher [+],
environment [+],
dns [+],
digital certificates [+],
digital [+],
developer preview [+],
developer [+],
design error [+],
derek milroy [+],
deployment [+],
deploying [+],
dependencies [+],
denies [+],
deep [+],
day [+],
dan kurc [+],
dan kaminsky [+],
dan griffin tags [+],
cybercriminals [+],
cve [+],
csrss [+],
critical security vulnerabilities [+],
critical security [+],
crimps [+],
corruption [+],
core services [+],
core [+],
configuration [+],
client [+],
claims [+],
cisco guys [+],
cisco event [+],
cbc mode [+],
capturing [+],
cain [+],
business assets [+],
business [+],
buffer overflow [+],
bryan glancey [+],
broken [+],
black [+],
birkholz [+],
based intrusion detection [+],
backup exec [+],
authenticode [+],
audio windows [+],
audio [+],
asx [+],
arp [+],
applied [+],
apple quicktime plugin [+],
apple quicktime [+],
ancillary [+],
alwaysinstallelevated [+],
aims [+],
adrian marinescu [+],
Hardware [+],
Fixes [+],
ExploitsVulnerabilities [+],
Countermeasures [+],
3d scanner [+],
privilege escalation vulnerability [+],
kernel [+],
windows kernel [+],
denial of service [+],
remote [+],
proof of concept [+],
local privilege escalation [+],
win [+],
code [+],
slides [+],
media [+],
internet explorer [+],
mysql [+],
arbitrary code execution [+],
zipx,
zip file,
zip,
zeus bot,
zeros,
zero day,
youtube,
yoshiaki,
xxxrealdrawmenuitem,
xp x64,
xp related,
xbox,
x player,
wscript,
wmitracemessageva,
wlm dll hijack,
wins,
wing commander,
wing,
windowsmobile,
windows xp support,
windows xp sp3,
windows xp sp2,
windows xp service pack,
windows xp home edition,
windows xp exploits,
windows xp,
windows works,
windows vulnerability,
windows systems,
windows systeme,
windows shell,
windows secrets,
windows script,
windows registry,
windows program,
windows picture and fax viewer,
windows operations,
windows operating systems,
windows nt user,
windows movie maker,
windows mobile,
windows messenger,
windows media unicast service,
windows media services,
windows media service,
windows media player network sharing service,
windows media player codec,
windows media player avi,
windows media encoder 9 series,
windows live messenger,
windows internet name service,
windows internet,
windows help,
windows fax,
windows exploits,
windows drivers,
windows desktop security,
windows common control,
windows com object,
windows client,
windows boot,
windows address book,
windows 2000,
window creation,
window,
win32,
web habits,
web context,
weak,
wce,
warns,
war game,
wab,
vulnerable,
vulnerabilidad,
vpn client,
voila,
vnc server,
vmware tools,
vmware,
vm player,
virtualization,
virtual windows,
viral threats,
vipin kumar,
video windows,
video pointers,
video case study,
video,
vibrant,
versions of microsoft windows,
version 6,
vbootkit,
vboot,
validation code,
uses,
userland,
user access control,
user,
use,
usb host,
usb cable,
usb,
unpatched,
und,
ultimate,
udf user,
ubuntu,
txt,
trust model,
trojan,
traversal,
trap,
tracing,
toolkit,
tomcat windows,
tomcat,
token,
timer,
time windows,
tim elrod,
thumbnail view,
thumbnail,
threaten,
third,
test environment,
technical underpinnings,
technical detail,
technical cyber security alert,
teamspeak 2,
teamspeak,
tavis ormandy,
task scheduler service,
target host,
target address,
target,
tablet,
t ipad,
system distribution,
sys driver,
sys,
stuxnet,
study,
standing on the shoulders,
stack overflow error,
stack overflow,
spoofing,
source,
sophos,
software architects,
smtp,
smb,
smart tool,
small,
slk,
slaac,
simon inns,
sid,
shutdown windows,
shutdown,
shortcut files,
shortcut,
ship,
shikata ga nai,
shellexecute,
sfnlogonnotify,
sfninstring,
seven,
service windows,
service pack 3,
server virtualization,
server bugs,
seobjectcreatesaclaccessbits,
seki yoshiaki,
security woes,
security vulnerability,
security vulnerabilities,
security problem,
security mechanisms,
security hole,
security features,
security experts,
security bugs,
security accounts manager,
secunia,
sebastian fernandez,
scripts,
script shell,
script host,
script code,
screen,
schannel,
scammers,
sans,
samsung,
sam,
safer use,
safeguard,
rosa,
robert,
rle,
riley hassell,
resistive touch screen,
research,
reliable,
release candidates,
registry keys,
registry entries,
registry,
reg hack,
recycle,
recovery,
recent windows,
rand,
race,
r00t,
quot,
qos,
pwn,
puerto 445,
pub,
protocol,
protection tool,
progresive,
program group,
probleme avec windows,
problem scenarios,
prl,
privileges,
privilege,
print,
prevention mechanism,
presentation,
predictability,
powershell,
power plant,
postgresql,
popular operating systems,
pool overflow,
pointers,
pointer,
poetry authors,
pif files,
pic chips,
phone call,
per,
penetration,
pcs,
payloads,
patrick becker,
path name,
patch,
passive network,
party developers,
party,
own,
overflow error,
outlook express microsoft,
outlook express,
outlook,
otf format,
os installations,
original,
orchestration,
operations system,
operations manager,
operations,
opentype font,
opentype,
openoffice,
open source drivers,
open ports,
onto,
ollie whitehouse,
ogg file,
ogg,
offline,
office,
object,
null pointer,
ntusercheckaccessforintegritylevel,
ntlm,
ntcreatethread,
not,
nonce,
nmb,
nitin kumar vipin kumar tags,
new hardware,
new article,
networkminer,
network traffic,
network sniffer,
network security course,
network,
negotiate,
ndistapi,
nathan keltner,
nat,
nasty attack,
mx record,
multitouch,
multiple,
msn,
msgbox c,
msgbox,
ms10,
ms windows,
mpeg,
movie,
moore tags,
monster,
model demonstrations,
mode program,
mode,
mobile versions,
mobile version,
mobile,
missed,
misc,
mircosoft,
midi mapping,
midi,
microsoft windows xp home edition,
microsoft windows windows,
microsoft windows vista,
microsoft windows versions,
microsoft windows server,
microsoft windows movie maker,
microsoft windows media player 11,
microsoft windows help and support,
microsoft windows defender,
microsoft windows client,
microsoft windows 2000,
microsoft team,
microsoft producer,
microsoft powerpoint,
microsoft outlook express,
microsoft office,
microsoft issues,
microsoft crash,
microsft power point,
michael weiss,
michael muckin,
mhtml,
meterpreter,
metasploit framework,
metasploit,
messenger version,
messenger,
messageboxa,
messagebox,
message templates,
memory allocation,
media player version,
media player avi,
max msp,
max,
math,
mateusz jurczyk,
mateusz,
materiel,
master browser,
mancunian,
manager. this,
manager. during,
manager,
malformed url,
maker,
mail messages,
magnifier,
magic number,
machine,
mac trojan,
mac os,
mac,
m office,
lpksetup,
lotus domino server,
lotus,
logon sessions,
logiciel,
log,
location data,
local area network,
lnk,
linux partition,
linux,
limited,
lexsi,
leaked,
layer 3,
launches,
latitude,
latches,
laptops,
lan,
lab,
ktm,
krakow,
kostya kortchinsky,
komppa,
khobe,
kernel threads,
kernel stack,
kerberos,
k lite codec pack,
k lite codec,
jpeg,
joshua kelley tags,
josh daymont,
joojoo,
jonathan lindsay,
jonathan,
johnny chung lee,
jetaudio,
jean michel picod,
jason kendall,
jari komppa,
jai,
iphone 4,
ipad,
invalid,
internet name service,
internet communication,
internet,
integer overflow vulnerability,
installer windows,
install,
insomnia,
insight,
inline,
infosec world,
info2,
info,
indo,
impersonation,
iis,
icmpv,
icmpsendecho,
human readable format,
httpconsole,
http,
howtos,
hosts,
host os,
host ip,
hooking,
hobbiest,
hibernation,
hero,
help centre,
help,
heap memory,
header,
hat europe,
hashes,
handling,
handles,
handler,
hackers,
hack in the box,
guitar hero,
guitar,
grokevt,
grestretchbltinternal,
gotchas,
google,
georg wicherski,
gdi library,
gdi,
garda station,
gain,
full disclosure,
ftpsvc,
free tool,
free memory,
free audit,
free anti virus software,
free anti virus,
free,
framework 4,
fragmentation,
found,
formatted request,
font format,
flaw,
firefox,
file permissions,
file deletion,
file,
fil,
fax services,
fax cover page,
fax,
failover,
f pic,
extension header,
explorer 6 0,
exploiting,
exploited,
exploit,
exhaustion,
event,
even internet,
europe,
entire system,
enterprise,
english windows,
emmanuel bouillon,
editor,
ecran,
earthquake,
e mail,
dwarfs,
dvd x player,
dubai,
driver stack,
dpapi,
dos windows,
dos,
domino web server,
domino version,
domino server,
domino current,
domino base,
domino,
domain authentication,
domain admin,
domain,
docume 1,
dns servers,
dns query,
dllhijackauditor,
dll windows,
dll loading,
ditching,
distro,
display driver,
directory traversal,
directory,
desktop security software,
desktop connections,
desktop,
design mistakes,
dereference,
depth,
dep wpm,
dep,
demonstration code,
dell models,
dell d series,
defender,
default network configuration,
decompression,
debutant,
dead authors,
dcom,
daymont,
david kennedy,
data validation,
data execution prevention,
data access component,
data,
darknet,
dangling pointer,
dan crowley,
damit lassen sich,
d remote,
cyber security alert,
custom os,
cryptographic algorithms,
critical vulnerability,
credential,
createwindow,
createsizeddibsection,
createprocessa,
crash,
crack,
cpp,
could allow remote code execution,
conversion tool,
conventional wisdom,
controller,
construction glass,
connexion,
conjunction,
confidence,
compromise,
compatibility,
communication settings,
common control library,
common,
commander,
command line interface,
com,
code windows,
cmd,
client response,
classic sandbox,
class,
cl,
cisco vpn,
cisco,
circumventing,
cinepak,
certificate request,
cert,
centre,
cellphones,
case,
canonical,
calc,
busting,
built,
building,
bug,
buffer overflow exploit,
browser,
brandon baker,
boston,
boot sectors,
boot,
bmp images,
bluetooth,
blacklisting,
bit,
betta splendens,
beep,
based,
backup utility,
backdoor,
avi preview,
avi file,
avi,
automation component,
authentication protocols,
authentication mechanisms,
authentication mechanism,
authentication,
audit tool,
attacking,
attackers,
attacker,
aspr,
aslr,
apple safari for windows,
apple safari,
apple itunes,
apple,
api,
apache tomcat,
apache 2,
apache,
alternative os,
alternative,
alex ionescu,
alec waters,
ajax,
aime,
agustin azubel,
adresse mail,
admits,
admin,
activex,
active accessibility,
acros,
ace,
accessibility,
access control mechanisms,
Videos,
Tutorials,
Technologies,
Support,
Software,
Pentesting,
Newbie,
Issues,
General,
Espace,
Discussion,
Bugs,
Area,
500gb hard drive,
2008 r1,
17 years,
mysql
-
-
22:59
»
Darknet
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
This will convert any binary file (*.exe) to a BAT file, the resulting BAT file contains only echo commands followed by a PowerShell command to re-create the original binary file.
This kind of tool can be useful during a pen-test when you want to trigger a shell without any upload feature.
Read the rest of exe2powershell – Convert EXE to BAT Files now! Only available at Darknet.
-
-
16:00
»
SecuriTeam
Microsoft Windows is prone to a remote code-execution vulnerability.
-
-
16:00
»
SecuriTeam
Microsoft Windows is prone to a remote code-execution vulnerability.
-
-
21:20
»
Packet Storm Security Exploits
This Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
-
21:20
»
Packet Storm Security Recent Files
This Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
-
21:20
»
Packet Storm Security Misc. Files
This Metasploit modules takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers (due to the use of a .mof file). This may result in arbitrary code execution under the context of SYSTEM. However, please note in order to use this module, you must have a valid MySQL account on the target machine.
-
-
16:00
»
SecuriTeam
Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability.
-
-
16:00
»
SecuriTeam
Microsoft Windows Briefcase is prone to a a remote code-execution vulnerability.
-
16:00
»
SecuriTeam
Microsoft Windows is prone to a remote code-execution vulnerability that affects the kernel.
-
17:00
»
SecuriTeam
Microsoft Windows is prone to a local privilege-escalation vulnerability.
-
-
17:00
»
SecuriTeam
Microsoft Windows is prone to a remote denial-of-service vulnerability.
-
-
17:00
»
SecuriTeam
A vulnerability in Microsoft Windows IKE and AuthIP IPsec Keying Modules which could be exploited to escalate privileges under certain conditions.
-
-
21:56
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Windows exploiting Event:
Chaos Communication Congress 20th (20C3) 2003 Abstract: The talk could also be called "Lessons learned when the Cisco guys went to Windows land", because there are a number of things quite different in Windows land compared to other environments. One of these things is the frequent use of wide characters and the annoying difficulties that arise from that, including return addresses of 0x00410041. Technically, the speech covers stack based buffer overflows in Win32 applications and services where the buffer content consists of wide characters. Techniques for finding return addresses as well as practical wide character shellcodes (so-called venetian shell code) will be discussed. There will also be some side notes on ASCII based overflows and format string vulnerabilities. This talk is to provide the intermediate hacker with a few more usefull tricks for her/his sleeve, so don't expect any TESO-like magic. Of course, Phenoelit would not dare to show up without some entertaining examples of software engineering, this time comming from Walldorf/Germany.
-
10:40
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Windows exploiting Event:
Chaos Communication Congress 20th (20C3) 2003 Abstract: The talk could also be called "Lessons learned when the Cisco guys went to Windows land", because there are a number of things quite different in Windows land compared to other environments. One of these things is the frequent use of wide characters and the annoying difficulties that arise from that, including return addresses of 0x00410041. Technically, the speech covers stack based buffer overflows in Win32 applications and services where the buffer content consists of wide characters. Techniques for finding return addresses as well as practical wide character shellcodes (so-called venetian shell code) will be discussed. There will also be some side notes on ASCII based overflows and format string vulnerabilities. This talk is to provide the intermediate hacker with a few more usefull tricks for her/his sleeve, so don't expect any TESO-like magic. Of course, Phenoelit would not dare to show up without some entertaining examples of software engineering, this time comming from Walldorf/Germany.
-
-
4:51
»
SecDocs
Authors:
Tarjei Mandt Tags:
kernel Windows 7 Event:
Black Hat DC 2011 Abstract: In Windows 7, Microsoft introduced safe unlinking to the kernel pool to address the growing number of vulnerabilities affecting the Windows kernel. Prior to removing an entry from a doubly-linked list, safe unlinking aims to detect memory corruption by validating the pointers to adjacent list entries. Hence, an attacker cannot easily leverage generic "write 4" techniques in exploiting pool overflows or other pool corruption vulnerabilities. In this talk, we show that in spite of the efforts made to remove generic exploit vectors, Windows 7 is still susceptible to generic kernel pool attacks. In particular, we show that the pool allocator may under certain conditions fail to safely unlink free list entries, thus allowing an attacker to corrupt arbitrary memory. In order to thwart the presented attacks, we conclusively propose ways to further harden and enhance the security of the kernel pool.
-
4:51
»
SecDocs
Authors:
Tarjei Mandt Tags:
kernel Windows 7 Event:
Black Hat DC 2011 Abstract: In Windows 7, Microsoft introduced safe unlinking to the kernel pool to address the growing number of vulnerabilities affecting the Windows kernel. Prior to removing an entry from a doubly-linked list, safe unlinking aims to detect memory corruption by validating the pointers to adjacent list entries. Hence, an attacker cannot easily leverage generic "write 4" techniques in exploiting pool overflows or other pool corruption vulnerabilities. In this talk, we show that in spite of the efforts made to remove generic exploit vectors, Windows 7 is still susceptible to generic kernel pool attacks. In particular, we show that the pool allocator may under certain conditions fail to safely unlink free list entries, thus allowing an attacker to corrupt arbitrary memory. In order to thwart the presented attacks, we conclusively propose ways to further harden and enhance the security of the kernel pool.
-
-
23:39
»
Packet Storm Security Advisories
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
23:39
»
Packet Storm Security Advisories
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
23:39
»
Packet Storm Security Recent Files
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
23:39
»
Packet Storm Security Misc. Files
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
23:39
»
Packet Storm Security Misc. Files
Passcape Software has discovered a serious problem with the Picture password and PIN authentication methods in the upcoming release of Windows 8.
-
-
18:52
»
Packet Storm Security Exploits
High-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the "IKE and AuthIP IPsec Keying Modules" system service, which tries to load the wlbsctrl.dll DLL that is missing after default Windows installation. Proof of concept included.
-
18:52
»
Packet Storm Security Recent Files
High-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the "IKE and AuthIP IPsec Keying Modules" system service, which tries to load the wlbsctrl.dll DLL that is missing after default Windows installation. Proof of concept included.
-
18:52
»
Packet Storm Security Misc. Files
High-Tech Bridge Security Research Lab has discovered a vulnerability in Microsoft Windows which could be exploited to escalate privileges under certain conditions. The vulnerability exists due to the "IKE and AuthIP IPsec Keying Modules" system service, which tries to load the wlbsctrl.dll DLL that is missing after default Windows installation. Proof of concept included.
-
-
18:04
»
Packet Storm Security Exploits
This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off.
-
18:04
»
Packet Storm Security Recent Files
This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off.
-
18:04
»
Packet Storm Security Misc. Files
This Metasploit module will bypass Windows UAC by utilizing the trusted publisher certificate through process injection. It will spawn a second shell that has the UAC flag turned off.
-
-
12:33
»
Packet Storm Security Recent Files
This paper provides an overview of a new hardware security feature introduced by Intel and covers its support on Windows 8. Among the other common features it complicates vulnerability exploitation on a target system. But if these features are not properly configured all of them may become useless. This paper demonstrates a security flaw on x86 version of Windows 8 leading to a bypass of the SMEP security feature.
-
12:33
»
Packet Storm Security Misc. Files
This paper provides an overview of a new hardware security feature introduced by Intel and covers its support on Windows 8. Among the other common features it complicates vulnerability exploitation on a target system. But if these features are not properly configured all of them may become useless. This paper demonstrates a security flaw on x86 version of Windows 8 leading to a bypass of the SMEP security feature.
-
-
20:22
»
Packet Storm Security Advisories
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
20:22
»
Packet Storm Security Recent Files
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
20:22
»
Packet Storm Security Misc. Files
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
-
11:14
»
Packet Storm Security Exploits
This is proof of concept code that demonstrates the Microsoft Windows kernel (Intel/x64) SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application or already running process.
-
11:14
»
Packet Storm Security Recent Files
This is proof of concept code that demonstrates the Microsoft Windows kernel (Intel/x64) SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application or already running process.
-
11:14
»
Packet Storm Security Misc. Files
This is proof of concept code that demonstrates the Microsoft Windows kernel (Intel/x64) SYSRET vulnerability as described in MS12-042. The shellcode disables code signing and will grant NT SYSTEM privileges to a specified application or already running process.
-
-
15:30
»
Packet Storm Security Advisories
The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.
-
15:30
»
Packet Storm Security Recent Files
The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.
-
15:30
»
Packet Storm Security Misc. Files
The NCC Group has discovered a remote code execution vulnerability in Microsoft Windows Remote Desktop. Unfortunately, as usual, they are withholding any details for three months.
-
15:22
»
Packet Storm Security Advisories
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
15:22
»
Packet Storm Security Recent Files
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
15:22
»
Packet Storm Security Misc. Files
The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.
-
8:14
»
Packet Storm Security Exploits
This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
-
8:14
»
Packet Storm Security Recent Files
This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
-
8:14
»
Packet Storm Security Misc. Files
This Metasploit module exploits a logic flaw due to how the lpApplicationName parameter is handled. When the lpApplicationName contains a space, the file name is ambiguous. Take this file path as example: C:\program files\hello.exe; The Windows API will try to interpret this as two possible paths: C:\program.exe, and C:\program files\hello.exe, and then execute all of them. To some software developers, this is an unexpected behavior, which becomes a security problem if an attacker is able to place a malicious executable in one of these unexpected paths, sometimes escalate privileges if run as SYSTEM. Some softwares such as OpenVPN 2.1.1, or OpenSSH Server 5, etc... all have the same problem.
-
-
17:00
»
SecuriTeam
Microsoft Windows is prone to an information disclosure vulnerability that occurs because of a design error in the TLS protocol when the cipher-block chaining (CBC) mode of operation is used.
-
6:55
»
Packet Storm Security Recent Files
This is a brief whitepaper discussing how to BackTrack 5 and the Social Engineering Toolkit (SET) to generate a malicious java applet in order to gain a reverse shell on Windows 7.
-
6:55
»
Packet Storm Security Misc. Files
This is a brief whitepaper discussing how to BackTrack 5 and the Social Engineering Toolkit (SET) to generate a malicious java applet in order to gain a reverse shell on Windows 7.
-
-
17:44
»
Packet Storm Security Exploits
This Metasploit module exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet. When processing task files, the Windows Task Scheduler only uses a CRC32 checksum to validate that the file has not been tampered with. Also, In a default configuration, normal users can read and write the task files that they have created. By modifying the task file and creating a CRC32 collision, an attacker can execute arbitrary commands with SYSTEM privileges.
-
17:44
»
Packet Storm Security Recent Files
This Metasploit module exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet. When processing task files, the Windows Task Scheduler only uses a CRC32 checksum to validate that the file has not been tampered with. Also, In a default configuration, normal users can read and write the task files that they have created. By modifying the task file and creating a CRC32 collision, an attacker can execute arbitrary commands with SYSTEM privileges.
-
17:44
»
Packet Storm Security Misc. Files
This Metasploit module exploits the Task Scheduler 2.0 XML 0day exploited by Stuxnet. When processing task files, the Windows Task Scheduler only uses a CRC32 checksum to validate that the file has not been tampered with. Also, In a default configuration, normal users can read and write the task files that they have created. By modifying the task file and creating a CRC32 collision, an attacker can execute arbitrary commands with SYSTEM privileges.
-
-
8:01
»
SecuriTeam
'Microsoft Windows shmedia.dll Division By Zero, Explore.exe DOS Exploit'
-
-
10:38
»
Packet Storm Security Exploits
This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.
-
10:38
»
Packet Storm Security Recent Files
This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.
-
10:38
»
Packet Storm Security Misc. Files
This Metasploit module exploits a type confusion vulnerability in the OLE32 component of Windows XP SP3. The vulnerability exists in the CPropertyStorage::ReadMultiple function. A Visio document with a specially crafted Summary Information Stream embedded allows to get remote code execution through Internet Explorer, on systems with Visio Viewer installed.
-
-
17:00
»
SecuriTeam
Microsoft Windows is prone to a security-bypass vulnerability that affects the TCP/IP stack ('tcpip.sys') component.
-
-
19:45
»
Packet Storm Security Exploits
This proof of concept code demonstrates a Microsoft Windows XP keyboard layouts pool corruption vulnerability, post MS12-034. The vulnerability exists in the function win32k!ReadLayoutFile() that parses keyboard layout file data.
-
-
21:13
»
Packet Storm Security Advisories
Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.
-
21:13
»
Packet Storm Security Recent Files
Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.
-
21:13
»
Packet Storm Security Misc. Files
Core Security Technologies Advisory - There is a bug in the ReadLayoutFile Windows Kernel function that can be leveraged into a local privilege escalation exploit, potentially usable in a client-side attack scenario or after a remote intrusion by other means.
-
20:30
»
Packet Storm Security Recent Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer.
-
20:30
»
Packet Storm Security Tools
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer.
-
20:30
»
Packet Storm Security Misc. Files
The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing. ZAP provides automated scanners as well as a set of tools that allow you to find security vulnerabilities manually. Windows installer.
-
-
14:33
»
Packet Storm Security Exploits
This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
-
14:33
»
Packet Storm Security Recent Files
This Metasploit module exploits a remote buffer overflow in the Citrix Provisioning Services 5.6 SP1 (without Hotfix CPVS56SP1E043) by sending a malformed packet to the 6905/UDP port. The module has been successfully tested on Windows Server 2003 SP2, Windows 7, and Windows XP SP3.
-
-
14:12
»
Packet Storm Security Recent Files
This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.
-
14:12
»
Packet Storm Security Tools
This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.
-
14:12
»
Packet Storm Security Misc. Files
This is a simple script to spawn dns spoofing, arp spoofing, a fake update page for Windows and a backdoored executable on a webserver to cause the Windows box to connect back. Requires Metasploit.
-
-
8:14
»
Hack a Day
Even though we’ve seen dozens of Kinect hacks over the years, there are a few problems with the Kinect hardware itself. The range of the Kinect sensor starts at three feet, a fact not conducive to 3D scanner builds. Also, it’s not possible to connect more than one Kinect to a single computer – something that would lead [...]
-
-
15:50
»
Packet Storm Security Recent Files
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
-
15:50
»
Packet Storm Security Tools
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
-
15:50
»
Packet Storm Security Misc. Files
P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP).
-
-
5:22
»
Packet Storm Security Exploits
Proof of concept malicious .docm file that exploits the Microsoft Windows Assembly Execution vulnerability as described in MS12-005.
-
-
14:22
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the "mshtml.dll" module when handling a specific Time behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
14:22
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the "mshtml.dll" module when handling a specific Time behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
14:22
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the "mshtml.dll" module when handling a specific Time behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
14:21
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the TIME (datime.dll) module when loaded via a specific behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
14:21
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the TIME (datime.dll) module when loaded via a specific behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
14:21
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows. The vulnerability is caused by a use-after-free error in the TIME (datime.dll) module when loaded via a specific behavior, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page.
-
14:20
»
Packet Storm Security Advisories
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows Media Player. The vulnerability is caused by a buffer overflow error in the XDSCodec & Encypter/Decrypter Tagger Filters "ENCDEC.DLL" within Windows Media Player when processing certain fields within a DVR-MS (Digital Video Recording) file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page or a malicious ".dvr-ms" media file.
-
14:20
»
Packet Storm Security Recent Files
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows Media Player. The vulnerability is caused by a buffer overflow error in the XDSCodec & Encypter/Decrypter Tagger Filters "ENCDEC.DLL" within Windows Media Player when processing certain fields within a DVR-MS (Digital Video Recording) file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page or a malicious ".dvr-ms" media file.
-
14:20
»
Packet Storm Security Misc. Files
VUPEN Vulnerability Research Team discovered a vulnerability in Microsoft Windows Media Player. The vulnerability is caused by a buffer overflow error in the XDSCodec & Encypter/Decrypter Tagger Filters "ENCDEC.DLL" within Windows Media Player when processing certain fields within a DVR-MS (Digital Video Recording) file, which could be exploited by remote attackers to compromise a vulnerable system via a specially crafted web page or a malicious ".dvr-ms" media file.
-
-
10:32
»
Packet Storm Security Exploits
This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
-
10:32
»
Packet Storm Security Recent Files
This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
-
10:32
»
Packet Storm Security Misc. Files
This Metasploit module exploits a stack based buffer overflow in CCMPlayer 1.5. Opening a m3u playlist with a long track name, a SEH exception record can be overwritten with parts of the controllable buffer. SEH execution is triggered after an invalid read of an injectable address, thus allowing arbitrary code execution. This Metasploit module works on multiple Windows platforms including: Windows XP SP3, Windows Vista, and Windows 7.
