Exploit Development with AFL, PEDA and PwnTools
In this tutorial, we expand on our previous article on AFL by developping a simple exploit using PEDA and Pwntools.
The Solfa Cipher (NSEC17 Write-Up)
The Solfa Cipher Between May 19th and 21st, 2017, I’ve participated in the NSEC 17 Capture-the-Flag (CtF) event held annually in Montreal, QC. As usual, the team and I had a blast spending days and nights solving challenges and drinking free beer. Among the challenges was a two-part cryptographic puzzle printed on the first and last […]
Software Exploit Development – Fuzzing with AFL
It’s quite impressive to look back in the past to the early days of software vulnerabilities and observe the ongoing dance between new mitigation and new exploitation techniques. Powerful fuzzing tools are now commonplace and operated on a daily basis by IT corporations and security labs; either to find crashes in their software or others’ […]
The Past, Present and Future of Chinese Cyber Operations
China, as one of many alleged actors on the frontier of cyber espionage, is best understood by briefly examining the past century, how it influences contemporary cyber operations attributed to Chinese-based actors, and how they could be used against the Canadian Armed Forces in a potential Southeast Asian conflict.
Firefox Javascript Vulnerability
Once again, Javascript is the source of a new exploit that has been recently discovered on Firefox1. The vulnerability can be exploited by crafting malicious Javascript code on a Firefox 3.5 browser and leads to the execution of arbitrary code on the user’s machine. This is due to a vulnerability in the JIT engine of […]
A small and quick introduction to ARP poisoning
This article won’t be about something new nor something extraordinary for any experienced computer security or even the average hacker, but since I’ve been ask this question quite often by some of my friends, I decided to explain how to sniff passwords from a network. Moreover, I’m well aware I haven’t been writing anything for […]
Both U.S Presidential Campaigns Hacked
Newsweek reports that the computer systems of M. Obama and M. McCain were both hacked by unknown attackers during their campaigns[1]. Very little information is available, but according to Newsweek, the FBI and the Secret Services claimed that several files from the Obama servers had been compromised by a “foreign entity” in midsummer. The same […]
Microsoft: Malware Up 38% in United States in 2008
According to the latest Security Intelligence Report from Microsoft, malicious software installations on computers increased 38% in the U.S for 2008.[1] Also, the number of “High Severity” vulnerabilities detected increased by 13% in the second half of 2007, putting the total of “High Severity” vulnerabilities to 48%. Downloaders and droppers, accounting for 30% of all […]
Chinese Cyber Warfare to Gain Military Superiority
Since the 70s, when Deng Xiaoping was the head of China, the People’s Liberation Army tried to modernize itself and cut its size in order to become more efficient. Still, China is still behind when it comes to military even if its defense budget is the second largest after the United States on the planet, […]
Bank Account Stealing Trojan Rampaging the Internet
BBC News reports that a trojan, labeled Sinowal, has been crawling across the Internet. The Trojan is notorious for stealing bank account details. Sean Brady of RSA‘s security division reports that “more than 270,000 banking accounts and 240,000 credit and debit cards have been compromised from financial institutions in countries including the US, UK, Australia […]