Exploit This

Security News, Exploits, and Vulnerabilities.

ShadowPad in corporate networks

In July 2017, during an investigation, suspicious DNS requests were identified in a partner’s network. The source of the queries was a software package produced by NetSarang. Our analysis showed that recent versions of the software had been surreptitiously modified to include an encrypted payload that could be remotely activated by a knowledgeable attacker.

Bitscout – The Free Remote Digital Forensics Tool Builder

Being a malware researcher means you are always busy with the struggle against mountains of malware and cyberattacks around the world. Over the past decade, the number of daily new malware findings raised up to unimaginable heights: with hundreds of thousands of malware samples per day!

Malicious code and the Windows integrity mechanism

My goal wasn’t to review the techniques of elevating system privileges. Here, I wanted to look at the overall picture and talk about the whole range of Windows operating systems in all their diversity dating back to Windows Vista, but without discussing specific versions.

Windows 10: What’s New in the Security System

This review consists of three parts devoted to the most prominent new Windows 10 features that affect security. We use examples to demonstrate how Windows 10 protection technologies work and how they can be complemented by third-party solutions to improve system security.

Freezer Paper around Free Meat

Repackaging Open Source BeEF for Tracking and More

Microsoft Security Updates January 2016

с новым годом! Microsoft rings in the New Year with a new set of ten security bulletins MS16-001 through MS16-010, patching 24 CVE detailed vulnerabilities. These bulletins effect Microsoft web browsers and plugins, Office software, Windows system software, and Exchange mail… Read Full Article

Wake up! You’ve been p0wned

Be careful when selecting apps and when it comes to your much-loved devices.

Microsoft Security Updates November 2015

Microsoft posted four critical bulletins today, along with another eight rated Important and lesser. Microsoft’s summary is at the Technet site. All in all, the software maker is patching a large number of vulnerabilities this month, with 37 CVE listed vulnerabilities being… Read Full Article

The Power of V&V

A secure system – especially a system that is used to provide security – has to be trusted. But what underpins that trust? What proof do we have that the main components of our trusted system are implemented properly and won’t fail at a critical moment?

Microsoft Security Updates October 2015

Microsoft releases six Security Bulletins today, three of them “critical” remote code execution, to fix almost thirty CVE-enumerated vulnerabilities. None of them are known to be publicly exploited, and only a couple are known to be publicly discussed. So, this round… Read Full Article

%d bloggers like this: