2Cents about Cyber Security

Exploit Title: [CRYPTSHARE – Stored XSS] Date: [13-May-2016] Exploit Author: [Luigi Vezzoso] Vendor Homepage: [https://www.cryptshare.com] Version: [3.10.1.2] Tested on: [OPENSUSE 13.2] CVE : [CVE-2016-XXXX]   OVERVIEW Is possible to inject arbitrary code into the logs simply from the authentication form of the administrative appliance interface. In particular we found the is possible ...

Exploit Title: [CRYPTSHARE – Stored XSS] Date: [13-May-2016] Exploit Author: [Luigi Vezzoso] Vendor Homepage: [https://www.cryptshare.com] Version: [3.10.1.2] Tested on: [OPENSUSE 13.2] CVE : [CVE-2016-XXXX]   OVERVIEW Is possible to inject arbitrary code into the logs simply from the au...

An other Ramsonware is spreading into the wild targeting ANDROID devices!!! Be carefu opening links from your mobile phone because those evil link will try to install a custom APK with the ramsonware. There is a list of bad link (tks to Lukas Stefanko – bad sites apk list ) Active Android Ransomware http://kavssporn.ru/xx/down.php http://poornkz.ru/xx/down.php http://superovoeporevo.ru/xx...

An other Ramsonware is spreading into the wild targeting ANDROID devices!!! Be carefu opening links from your mobile phone because those evil link will try to install a custom APK with the ramsonware. There is a list of bad link (tks to Lukas Stefanko – bad sites apk list ) Active Android Rans...

In these days I’m testing some tools used to evade antivirus (both client AV and gateway AV). The result is very impressive: the basic tools can evade most of antivirus. One of the tool is shellter. Shellter is a dynamic code injector inside PE windows file From the shellter project website: Shellter takes advantage of the original structure of the PE file and doesn’t apply any modification...

In these days I’m testing some tools used to evade antivirus (both client AV and gateway AV). The result is very impressive: the basic tools can evade most of antivirus. One of the tool is shellter. Shellter is a dynamic code injector inside PE windows file From the shellter project website: ...

Date: [22-Jan-2014] Exploit Author: [Luigi Vezzoso] Vendor Homepage: [http://www.skyboxsecurity.com] Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57] Tested on: [Centos 6.4 kernel 2.6.32] CVE : [CVE-2014-2084] #OVERVIEW A vulnerability has been found in some Skybox View Appliances’ Admin interfaces which would allow a po...

Date: [22-Jan-2014] Exploit Author: [Luigi Vezzoso] Vendor Homepage: [http://www.skyboxsecurity.com] Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57] Tested on: [Centos 6.4 kernel 2.6.32] CVE : [CVE-2014-2084] #OVERVIEW A ...

Exploit Title: [SKYBOX Security - DDOS] Date: [22-Jan-2014] Exploit Author: [Luigi Vezzoso] Vendor Homepage: [http://www.skyboxsecurity.com] Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57] Tested on: [Centos 6.4 kernel 2.6.32] CVE : [CVE-2014-2085] #OVERVIEW A vulnerability has been found in some Skybox View Appliances...

Exploit Title: [SKYBOX Security - DDOS] Date: [22-Jan-2014] Exploit Author: [Luigi Vezzoso] Vendor Homepage: [http://www.skyboxsecurity.com] Version: [Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57] Tested on: [Centos 6.4 kernel 2.6....