Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

UPS now the third company in a week to disclose data breach

Computerworld.com [Hacking News] - 21 Srpen, 2014 - 01:52
Credit and debit card information belonging to customers who did business at 51 UPS Store Inc. locations in 24 U.S. states this year may have been compromised.
Kategorie: Hacking & Security

The UPS Store says malware found on systems of 51 stores

Computerworld.com [Hacking News] - 21 Srpen, 2014 - 01:32
The UPS Store said Wednesday that malicious software was found on the systems of 51 of its franchises in 24 U.S. states, although no fraud has been detected yet.
Kategorie: Hacking & Security

'Reveton' ransomware adds powerful password-stealer

Computerworld.com [Hacking News] - 20 Srpen, 2014 - 10:22
A type of malware called Reveton, which falsely warns users they've broken the law and demands payment of a fine, has been upgraded with powerful password stealing functions, according to Avast.
Kategorie: Hacking & Security

Kicking the stool out from under the cybercrime economy

Computerworld.com [Hacking News] - 19 Srpen, 2014 - 17:54
Put simply, cybercrime, especially financial malware, has the potential to be quite the lucrative affair. That's only because the bad guys have the tools to make their work quick and easy, though. Cripple the automated processes presented by certain malware platforms, and suddenly the threats -- and the losses --aren't quite so serious.
Kategorie: Hacking & Security

Why would Chinese hackers want US hospital patient data?

Computerworld.com [Hacking News] - 19 Srpen, 2014 - 01:06
The theft of personal data on 4.5 million patients of Community Health Systems by hackers in China highlights the increasing degree to which hospitals are becoming lucrative targets for information theft.
Kategorie: Hacking & Security

About 4.5M face risk of ID theft after hospital network hacked

Computerworld.com [Hacking News] - 18 Srpen, 2014 - 20:07
About 4.5 million people in 28 states face the risk of identity theft due to a massive data breach at Community Health Systems (CHS) a Franklin, Tenn., based health network.
Kategorie: Hacking & Security

Tor – Xác định các exit relay độc hại

VNSECURITY - 18 Srpen, 2014 - 12:00
1. Mở đầu Bài viết này là phần mô tả sơ lược và bình luận bài báo "Spoiled Onions: Exposing Malicious Tor Exit Relays"[1]. Tor exit relay là nút cuối dùng trong hành trình vận chuyển của các gói tin trọng mạng Tor, gói tin từ đây sẽ đi đến địa chỉ ...
Kategorie: Hacking & Security

Lấy lời nhạc nhaccuatui.com

VNSECURITY - 18 Srpen, 2014 - 12:00
Nhaccuatui vừa nâng cấp trình chơi nhạc trên web của mình có thể hiển thị lời nhạc theo thời gian khá tốt. Bài viết này sẽ trình bày các bước để lấy lời nhạc đó và cung cấp một công cụ để thực hiện trong 1 cú enter ;) (*). Lấy ...
Kategorie: Hacking & Security

[defcon 2014 quals] polyglot

VNSECURITY - 18 Srpen, 2014 - 12:00
Challenge was getting 0x1000 bytes from socket, and executing it following these rules (all shellcodes and codes are at the end of this writeup): [code] - all general purpose registers are 0 - stack is at 0x42000000 - pc    is at 0x41000000 [/code] All binaries: x86 : polyglot_9d64fa98df6ee55e1a5baf0a170d3367 armel : polyglot_6a3875ce36a55889427542903cd43893 armeb : polyglot_c0e7a26d7ce539efbecc970c154de844 PowerPC: polyglot_5b78585342a3c116aebb5a9b45e88836 Our shellcode ...
Kategorie: Hacking & Security

Phân tích ứng dụng Btalk trên Android – Phần một: Cơ chế xác thực người dùng

VNSECURITY - 18 Srpen, 2014 - 12:00
Lưu ý: các phân tích trong bài viết này được dựa trên phiên bản Btalk 1.0.6 tải về từ PlayStore. Các vấn đề được nêu trong bài viết này BKAV đã được gửi email thông báo từ trước. (pdah - cb_ - k9) Cơ chế đăng ký và kích hoạt Quá trình xác ...
Kategorie: Hacking & Security

Exploiting nginx chunked overflow bug, the undisclosed attack vector (CVE-2013-2028)

VNSECURITY - 18 Srpen, 2014 - 12:00
In previous post, we analyzed and exploited stack based buffer overflow vulnerability in chunked encoding parsing of nginx-1.3.9 - 1.4.0. We mentioned that there was another attack vector which was more practical, more reliable. I talked about this attack vector at SECUINSIDE 2013 in July (btw, a great conference and ...
Kategorie: Hacking & Security

[Secuinside CTF 2013] movie talk

VNSECURITY - 18 Srpen, 2014 - 12:00
Challenge itself is very interesting, as we have typical use-after-free problem. It's running on Ubuntu 13.04 with NX + ASLR. When we run challenge it gives us message as : [code] ###################################### #                                    # #   Welcome to the movie talk show   # #                                    # ###################################### 1. movie addition 2. movie deletion 3. my movie list 4. quit : [/code] movie addition is very straight ...
Kategorie: Hacking & Security

[Secuinside CTF 2013] Reader Writeup

VNSECURITY - 18 Srpen, 2014 - 12:00
Description: http://war.secuinside.com/files/reader ip : 59.9.131.155 port : 8282 (SSH) account : guest / guest We have obtained a program designed for giving orders to criminals. Our investigators haven't yet analyzed the file format this program reads. Please help us analyze the file format this program uses, find a vulnerability, and take a shell. From the description we can ...
Kategorie: Hacking & Security

[Secuinside CTF 2013] pwnme writeup

VNSECURITY - 18 Srpen, 2014 - 12:00
Challenge summary: Binary : http://war.secuinside.com/files/pwnme Source : http://war.secuinside.com/files/pwnme.c =================================== OS : Ubuntu 13.04 with PIE+ASLR+NX md5 of libc-2.17.so : 45be45152ad28841ddabc5c875f8e6e4 IP : 54.214.248.68 PORT : 8181,8282,8383 This is the only exploit challenge comes with source. The bug is simple: buffer overflow with only 16-bytes at pwnme.c:67, just enough to control EIP. The goal is to bypass PIE+ASLR+NX. We ...
Kategorie: Hacking & Security

[Secuinside CTF 2013]Trace Him Writeup

VNSECURITY - 18 Srpen, 2014 - 12:00
Description: IP : 59.9.131.155 port : 18562 (SSH) account :  control  / control porsche binary : http://war.secuinside.com/files/firmware data : http://war.secuinside.com/files/car.bin (To prevent meaningless waste of time on certain analysis, car.bin is open to public.) hint : root@ubuntu:~# uname -a Linux ubuntu 3.8.0-19-generic #29-Ubuntu SMP Wed Apr 17 18:19:42 UTC 2013 i686 i686 i686 GNU/Linux The evil group is running ...
Kategorie: Hacking & Security

Analysis of nginx 1.3.9/1.4.0 stack buffer overflow and x64 exploitation (CVE-2013-2028)

VNSECURITY - 18 Srpen, 2014 - 12:00
A few days after the release of nginx advisory (CVE-2013-2028), we managed to successfully exploit the vulnerability with a full control over the program flow. However, in order to make it more reliable and useful in real world environment, we still explored several program paths and found some other ...
Kategorie: Hacking & Security

CMarkup Use After Free Vulnerability – CVE-2012-4782

VNSECURITY - 18 Srpen, 2014 - 12:00
Latest M$ tuesday patch kill one of my 0day in Microsoft Internet Explorer 9/10. So I decided release Proof Of Concept code and writeup some analyze about this bug. Hope it helpful. Here is the PoC: [sourcecode language="html"] ...
Kategorie: Hacking & Security

Snatching The H@t

VNSECURITY - 18 Srpen, 2014 - 12:00
Nhận lời mời từ IDG, VNSecurity đồng ý đứng ra phối hợp tổ chức cuộc thi "Snatching the h@t" như một sự kiện trong khuôn khổ hội thảo CSO Asean năm 2012 với mong muốn giới thiệu và phát triển CTF như một hình thức học tập và thể hiện ...
Kategorie: Hacking & Security

[writeup] Hacklu 2012 – Challenge #12 – Donn Beach – (500)

VNSECURITY - 18 Srpen, 2014 - 12:00
The famous zombie researcher “Donn Beach” almost created an immunization against the dipsomanie virus. This severe disease leads to the inability to defend against Zombies, later causes a complete loss of memory and finally turns you into one of them. Inexplicably Donn forgot where he put the license key for his centrifuge. Provide him ...
Kategorie: Hacking & Security

[writeup] Hacklu 2012 – Challenge #6 – BrainGathering – (500)

VNSECURITY - 18 Srpen, 2014 - 12:00
I did not solve this during CTF and my mistake is not using IDA to decompile since it has some obfuscate. After CTF end, i use gdb to dump running process to binary file and analyze it again, try to finish it. gdb --pid [PID] gdb>info proc process 4660 gdb>shell cat /proc/4660/maps 08048000-0804a000 rwxp 00000000 08:03 7213513 gdb>dump ...
Kategorie: Hacking & Security
Syndikovat obsah