Key reinstallation attacks: my suggested readings

Release the KRACKen! Security researcher Mathy Vanhoef has discovered several vulnerabilities in the core of WPA2 protocol that could allow an attacker to hack into a Wi-Fi network and eavesdrop on the Internet communications. WPA2 is a authentication scheme widely used to secure WiFi connections: now the standard has been compromised and this flaws impacting almost…

Optionsbleed: a vulnerability? Nope, a ghost!

A bug really difficult to reproduce! Hanno Böck, a freelance journalist, has disclosed a bug in Apache Web Server causes servers to leak pieces of arbitrary memory in a way that could expose passwords or other secrets, like the most known (and dangerous) “Heartbleed”. The vulnerability has been dubbed OptionsBleed (CVE-2017–9798), because the bug is…

Search and download exploits from command line, with getsploit

A python script that search and download exploit from Vulners Database getsploit is a command line search and download tool for Vulners Database. It was inspired by searchsploit, the tool used for search and download from https://www.exploit-db.com. It allows you to search online for the exploits across all the most popular collections: Exploit-DB, Metasploit, Packetstorm and…

A seven-years-old remote code execution vulnerability affect all Samba versions since 3.5.0!

This vulnerability could lead to the next WannaCry? A serious vulnerability in Samba could leave unpatched machines open to an attack similar to WannaCry. The vulnerability has been assigned the CVE-2017–7494 and is described as a remote code execution from a writable share which could allow “malicious clients to upload and cause the smbd server…

Vulnerabilities and Exploits, my own list of OSINT resources

Website and mailing lists: any other suggestions would be very welcome. Today i’m glad to share a list of OSINT sources focused on Exploits and Vulnerabilities search. Enjoy! CVEdetails “The ultimate security vulnerability datasource” CVE.mitre Common Vulnerabilities and Exposures is a dictionary of common names for publicly known cybersecurity vulnerabilities. CVE’s common identifiers make it easier…

The “Crazy Bad” vulnerability has been fixed by Microsoft in a very short time

And ProjectZero releases the details of the vulnerability With an emergency update, Microsoft fixed the vulnerability in the Microsoft Malware Protection Engine discovered by ProjectZero over the weekend, and which the two described as “the worst Windows remote code exec in recent memory” While initially the two Google experts didn’t reveal what Windows feature the…