Breaking Hearts and Systems

An SSL Enabled Basic Auth Credential Harvester with a Word Document Template URL Injector

Leaked Mirai Source Code for Research/IoC Development Purposes

Local Privilege Escalation from Windows Service Accounts to SYSTEM.

A number of advanced deanonymization attacks. These do not just apply to Whonix, but any anonymity system. Some are also general security issues. Rather than exploiting bugs in the hypervisor to break out, some of these attacks rely on the…

Earlier this summer, the team at Inversoft published a comprehensive and sophisticated guide to user data security. The guide spans from hardening servers from provisioning, up through the IP and SSH layers, and all the way to application-level techniques for password hashing, SQL injection protection, and intrusion detection. As proof that they stood behind their advice, the Inversoft team provisioned a pair of Linode hosts, a web server and database server, and gave them the hardening treatment. Inversoft offered up a fully-loaded MacBook to anyone who could break in, taunting all comers by naming the hardened web server hackthis.inversoft.com.

Instagram leaves its users open to a simple phishing attack.

Apple's Macintosh is less commonly a target of hacking attacks and exploits than is Windows, but delinquents and professional criminals are increasingly taking an interest in the Mac and OS/X. What follows is a list of tips that I have devised to explain how you might make your Mac more secure. This is not a complete list and I cannot provide any guarantee or warranty on this advise. Use it at your own risk. In the end, protecting your computer is your own responsibility.

Human identification plays an important role in human-computer interaction. There have been numerous methods proposed for human identification (e.g., face recognition, gait recognition, fingerprint identification, etc.). While these methods could be very useful under different conditions, they also suffer from certain shortcomings (e.g., user privacy, sensing coverage range). In this paper, we propose a novel approach for human identification, which leverages WIFI signals to enable non-intrusive human identification in domestic environments. It is based on the observation that each person has specific influence patterns to the surrounding WIFI signal while moving indoors, regarding their body shape characteristics and motion patterns. The influence can be captured by the Channel State Information (CSI) time series of WIFI. Specifically, a combination of Principal Component Analysis (PCA), Discrete Wavelet Transform (DWT) and Dynamic Time Warping (DTW) techniques is used for CSI waveform-based human identification. We implemented the system in a 6m*5m smart home environment and recruited 9 users for data collection and evaluation. Experimental results indicate that the identification accuracy is about 88.9% to 94.5% when the candidate user set changes from 6 to 2, showing that the proposed human identification method is effective in domestic environments.

A list of security blogs.

Hack can be carried out by operators of Wi-Fi hotspots, where HTTPs is needed most.

This report describes a malware operation against the Syrian Opposition. We name the operator Group5, and suspect they have not been previously-reported. Group5 used "just enough" technical sophistication, combined with social engineering, to target computers and mobile phones with malware.

Persistent, enterprise-class spyware is an underestimated problem on mobile devices. However, targeted attack scenarios against high-value mobile users...

A small webhosting provider with servers in the Netherlands and Romania has been a hotbed of targeted attacks and advanced persistent threats (APT) since early 2015. Starting from May 2015 till today we counted over 100 serious APT incidents that originated from servers of this small provider. Pawn Storm used the servers for at least 80 high profile attacks against various governments in the US, Europe, Asia, and the Middle East. Formally the Virtual Private Server (VPS) hosting company is registered in Dubai, United Arab Emirates (UAE). But from public postings on the Internet, it is apparent that the owner doesn’t really care about laws in UAE. In fact, Pawn Storm and another APT group, attacked the government of UAE using servers of the VPS provider through highly targeted credential phishing. Other threat actors like DustySky (also known as the Gaza hackers) are also regularly using the VPS provider to host their Command and Control (C&C) servers and to send spear phishing e-mails.

First of all, I want to clarify something. If anyone on the web tells you they've "indexed absolutely everything" in a particular region of the web, they are most likely lying* - this includes Tor hidden services. It's a hard problem, and there's always a little art mixed in with the science.

The malware is different & unique from typical ransomware as it does not encrypts file. Instead it encrypts the MFT (Master File Table) on NTFS volumes. In short, on NTFS the MFT is a table which contains information about each and every file on the partition. For small files, the file content may be stored entirely within the MFT. For larger files, it contains a pointer to the actual data.