Anti-Virus and Intrusion Detection Systems could become really nasty during a penetration test. They are often responsible for unstable or ineffective exploit payloads, system lock-downs or even angry penetration testers . […]
City of Cons: 31C3 Meets BSidesHH
While the year 2014 comes to an end, two very interesting conferences have taken place in Hamburg. The annual Chaos Communication Congress 31C3 occupied the Congress Center of Hamburg (CCH) for 4 days and the first […]
Google Bug Bounty: Nice Catch on Google Cloud Platform Live
It’s been a while since I’ve published my last article, this is mainly because I’m currently working on a nice project overseas in Asia and enjoying this relaxed life here […]
SLAE: Egg Hunters (Linux/x86)
Happy Easter everyone! Have you already found all your hidden eggs? No? Then I’ve got the ultimate solution for everyone who’s still missing some eggs ! This assignment in my SecurityTube […]
SLAE: Shell Reverse TCP Shellcode (Linux/x86)
Now Mario meets Luigi….or what’s a bind without a reverse shellcode? I’ve spend some extra time again to reduce the shellcode size and make it fully register aware, so that […]
SLAE: Shell Bind TCP Shellcode (Linux/x86)
Do you like uncommon challenges? At least I do, and that’s the reason why I’ve signed up for the SecurityTube Linux Assembly Expert training. But what’s this all about ? […]
Easy File Management Web Server v5.3 Exploit-Kung Fu
During the last few days a lot of nice Remote Exploits have been released over at Exploit-DB by one of my followers Harold aka superkojiman targeting applications by EFS Software Inc. First of […]
Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)
The German Magix Software GmbH rewarded me with a Hall of Fame listing and a free Magix Music Maker 2014 Premium license for my reports of several serious security issues in the online infrastructures of magix.com […]
CVE-2014-2087: Free Download Manager CDownloads_Deleted:: UpdateDownload() Remote Code Execution
I’ve discovered another 0day Remote Code Execution flaw in a CNET.com Top10 software of its category, which has been downloaded more than 6 million times right now. Affected Versions and […]
CVE-2014-2206: GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution
I’ve published another security advisory about a remote code execution vulnerability with a CVSS score of 10,0 today. Affected are all available versions of the GetGo Download Manager, so if […]
