Feb 17 03

passwdMicrosoft Windows contains a memory corruption bug in the handling of SMB traffic. In particular, Windows fails to properly handle a specially-crafted server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure. By connecting to a malicious SMB server, a vulnerable Windows client system may crash (BSOD) in mrxsmb20.sys.

written by d45id

Sep 16 08

passwdSecurity researcher Robert Fuller discovered an attack method with which Windows and Mac user credentials can be stolen from a locked machine.
This attack is affected against actual Windows and Mac OS computers on which the user has already logged in.

The researcher used USB-based Ethernet dongles like USB Armory or Hak5 Turtle , for which he modified the firmware code to run special software that sets the plug-and-play USB device as the network gateway, DNS, and WPAD servers on the computer it’s connected to.
Find out more:

written by d45id \\ tags: , , , , , ,

Apr 16 26

Avec ce petit script que vous pouvez voir quel type de fichiers serait chiffré en cas d’infection par le LOCKY virus.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
@echo off
setlocal enabledelayedexpansion
echo 
set total=0
cls
for %%i in (a b c d e f g h i j k l m n o p q r s t u v w x y z) do (
  set DRIVE=%%i:\
  if exist !DRIVE! (
    call :lookup !DRIVE!
  )
)
echo Nombre de fichiers potentiellement affectés : %total%
pause
goto :eof
 
:lookup
set drive=%1
set subtotal=0
echo Examiner %drive%
for /r %drive% %%i in (*.mid *.wma *.flv *.mkv *.mov *.avi *.asf *.mpeg *.vob *.mpg *.wmv *.fla *.swf *.wav *.qcow2 *.vdi *.vmdk *.vmx *.gpg *.aes *.ARC *.PAQ *.tar*.bz2 *.tbk *.bak *.tar *.tgz *.rar *.zip *.djv *.djvu *.svg *.bmp *.png *.gif *.raw *.cgm *.jpeg *.jpg *.tif *.tiff *.NEF *.psd *.cmd *.bat *.class *.jar *.java *.asp *.brd *.sch *.dch *.dip *.vbs *.asm *.pas *.cpp *.php *.ldf *.mdf *.ibd *.MYI *.MYD *.frm *.odb *.dbf *.mdb *.sql *.SQLITEDB *.SQLITE3 *.asc *.lay6 *.lay *.ms11 *.sldm *.sldx *.ppsm *.ppsx *.ppam *.docb *.mml *.sxm *.otg *.odg *.uop *.potx *.potm *.pptx *.pptm *.std *.sxd *.pot *.pps *.sti *.sxi *.otp *.odp *.wks *.xltx *.xltm *.xlsx *.xlsm *.xlsb *.slk *.xlw *.xlt *.xlm *.xlc *.dif *.stc *.sxc *.ots *.ods *.hwp *.dotm *.dotx *.docm *.docx *.DOT *.max *.xml *.txt *.CSV *.uot *.RTF *.pdf *.XLS *.PPT *.stw *.sxw *.ott *.odt *.DOC *.pem *.csr *.crt *.key wallet*.dat) do (
  echo %%i
  set /a subtotal=subtotal + 1
  set /a total=total + 1
)
echo fichiers trouvés: %subtotal%
pause
goto :eof

written by d45id \\ tags: , , , , ,

Sep 15 25

After a successfull exploit on ESET’s antivirus scanner NOD32 and Kaspersky’s engine now googles security expert taviso has found a new critical bug in avast! antivirus scanner with which a system call could be done.
AvastUI-load-calc

 

Now everybody wonders who will be the next, Trend Micro, Intel (formerly known as McAfee) or somebody else ?

written by d45id \\ tags: , , , , , , ,

Mai 15 04

Today, fifteen years ago ILOVEYOU computer worm saw the light of day and infected tens of millions of Windows personal computers in just a few hours. What fun ;-)

written by d45id \\ tags: , , , , ,

Apr 15 21

It’s amazing how easily modern network systems can be breached, making exhaustive vulnerability management programs more critical than ever. Please join us for a demonstration of how easy it is for attackers to compromise your network during a webinar with Marcus Murray, Cyber Security Manager at TrueSec.

In this awareness session, Marcus Murray will demonstrate a live hack where he uses a specially crafted JPEG picture to circumvent the security mechanisms of a modern Microsoft Windows server 2012R2 Webserver. He will also use this foothold to expand influence over the entire network and compromise a Windows Server 2012 R2 Domain Controller.

During the presentation, Marcus will also discuss countermeasures you can take to increase security in your environment. This is a must-see session for anyone responsible for vulnerability management.

written by d45id \\ tags: , , , , ,

Apr 15 02

written by d45id \\ tags: , , ,

Feb 15 11

alertDie IT-Sicherheitsfirma iSIGHT Partners und invincea veröffentlichten in den vergangenen Tagen einen Bericht über einen von ihnen untersuchten kombinierten Angriff – indem 0-days gegen Flash und den IE zum Einsatz gekommen sind (CVE-2015-0071 bzw. MS15-009) – auf Forbes.com.

Weiterführende Informationen:

written by d45id