POWERFORENSICS V1.0.1 RELEASED – IS A POWERSHELL DIGITAL FORENSICS FRAMEWORK with Cmdlets Function: – Boot Sector 1 2 3 4 Get–MBR – parses the first sector of the hard drive and returns a MasterBootRecord object Get–GPT – parses the first sector of the hard drive and returns a GuidPartitionTable object Get–BootSector – parses the first […]

Yet another attack against the iKettle wireless kettle. Rumpy pumpy and fire alarms?: Whilst playing around with moosekettle.py, the python client from @iamamoose for driving ones kettle from a desktop, it struck me that there’s a related attack against unconfigured iKettles. When turned on, before configuring with the mobile app, it runs in Access Point […]

Samy Kamkar: MagSpoof: MagSpoof – “wireless” credit card/magstripe spoofer Allows you to store all of your credit cards and magstripes in one device Works on traditional magstripe readers wirelessly (no NFC/RFID required) Can disable Chip-and-PIN (code not included) Correctly predicts Amex credit card numbers + expirations from previous card number (code not included) Supports all […]

Hacker predicts AMEX card numbers, bypasses chip and PIN: Brainiac hacker Samy Kamkar has developed a US$10 gadget that can predict and store hundreds of American Express credit cards and use them for wireless transactions, even at non-wireless payment terminals. The mind-blowing feat is the result of Kamkar cracking how the card issuer picks replacement […]

Paris Terrorists Used Double ROT-13: The reports note that Abdelhamid Abaaoud, the “mastermind” of both the Paris attacks and a thwarted Belgium attack ten months ago, failed to use encryption whatsoever (read: existing capabilities stopped the Belgium attacks and could have stopped the Paris attacks, but didn’t). That’s of course not to say batshit religious […]

NARKOZ/hacker: xxx: OK, so, our build engineer has left for another company. The dude was literally living inside the terminal. You know, that type of a guy who loves Vim, creates diagrams in Dot and writes wiki-posts in Markdown… If something – anything – requires more than 90 seconds of his time, he writes a […]

PHP static code analysis vs ~1000 top wordpress plugins = 103 vulnerable plugins found: I’ve been making php static code analysis tool for a while and few months ago I ran it against ~1000 (more or less) top wordpress plugins. Scanning results were manually verified in my spare time and delivered to official plugins@wordpress.org from […]

Remote Command Execution in Proliant iLO Intelligent Provisioning: iLO is an embedded operating system available within HP Proliant and Integrity servers. IP is a feature within iLO that provides local and remote access for provisioning purposes. It was discovered that hidden requests were being made to server during a normal client session. Exploring this obfuscated […]

Even the LastPass Will be Stolen Deal with It!: Because there was a breach in LastPass servers back in June, and also because LastPass claims that they have no access to your data, we wanted to investigate what could be done if we have the same data as LastPass. Specifically, we wanted to know if […]

Ransomware Strain Targets Websites Powered by Linux OS: A security firm has uncovered a new strain of ransomware that is seeking to extort money from websites powered by the Linux operating system. On Thursday, Russian antivirus company Dr. Web added the malware, known as “Linux.Encoder.1,” to its virus database. A description of the ransomware was […]