Today another “Hack Note” on my blog to point you out to a great analysis of ZeuS evolutions. I definitely suggest the reading titled “ZeuS-P2P” by Cert Polska because, in my personal opinion, it describes one of the most important evolutions of a “bot kit” happened so far: the distribution of the Command aNd Control […]Read more "ZeuS Evolution: it’s time for P2P and RSA."
Dear folks, as you probably have noticed my blog-post frequence went down a little bit during the past 4 to 6 months, since I am super busy… I am still alive though :). Today I want to share an interesting IDA Pro plugin that I ‘ve been testing for awhile called idapathfinder. Once you installed […]Read more "Finding path to known functions through IDA-Pro"
During the past few days I had the opportunity to talk about security for entire days with amazing and passionate guys. I had a great feeling about the group in which I was, and a great feeling about every single person belonging to that group. During our discussions some folks asked to me very complex […]Read more "Vulnerability Classification"
Hi folks, yes even on my notes the new Internet Explorer (on windows 7) 0Day. It’s a nice piece of work. Internet Explorer CSS 0day on Windows 7 What let me astonished is the exploit release which came before the Microsoft patch. Here the exploit is: #!/usr/bin/env ruby # Source: http://www.breakingpointsystems.com/community/blog/ie-vulnerability/# Author: Nephi Johnson (d0c_s4vage) […]Read more "Internet Explorer CSS 0Day. Exploit released."
Another good idea come up from Elcomsoft . Their password crack software uses GPU accelerator instead CPU in order to increase the cracking velocity.To know more about this fast method read advertising this paper . This topic arrives at the same time of a passwords security brief that I’m summarizing for a note Italian Magazine for this reason I […]Read more "Password Cracking: Speed Increased."
HTTPBee is a swiss-army-knife tool for web application hacking testing. Multi-threaded high-performance tool with a scripting engine and agent-like behavior support. The way httpbee’s scripting engine is implemented is relevant to httpbee architecture itself. Httpbee maintains a pool of threads that it uses for parallel task execution. Therefore execution of httpbee scripts is not linear. […]Read more "HttpBee. An interesting project."