Bypassing Windows 7 Kernel ASLR

Windows 7 has a nice security about kernel space

Many checks of size, integrity controls and access restrictions are available.For example the “security check” protect our stack if a string is used, many functions like “strcpy()” are deprecated (and some are disallowed) to force developers to have a secure coding.This is why, some attacks were presented as heap overflows in local exploitations (recently Tarjei Mandt)but we don’t see any remote exploitation like we saw in SRV.SYS or other drivers.This lack of remote exploits occurs partially because an ASLR (randomization of memory spaces) is enabled in kernel land. If a hacker doesn’t have any possibilities to jump and execute a payload (ROP, Jmp Eax …) exploitation of the bug isn’t possible. Only a magnificent BSOD could appear in most of the cases.This paper will try to explain how to bypass this protection and improve remote kernel vulnerabilities research!For the use of this document we will consider a remote stack overflow as the main vulnerability

Download PDF

A Code Execution Vulnerability in Google App Engine SDK for Python

Google App Engine is a great technology allowing web developers to develop their own web applications,test them in their internal framework, and deploy them to Google’s appspot.com domain.The Google App Engine framework allows developers to write their web site logic in Python, and offers several frameworks specially created for this. In addition, Google App Engine provides an SDK Console via web that acts as an administration console for the newly written application.This advisory lists 4 different vulnerabilities, one in admin console and three others in the Google python API, which allow a remote attacker to gain full code execution on the developer’s machine. These severe issues have been communicated to Google, and a fix was released last month on Sep 12, 2012 (in version 1.5.4).

Download PDF

WebBackdoors , Attack, Evasion and Detection

This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. Paper explains few techniques that could be used to render undetectable and unnoticed backdoor inside web applications. This paper is mainly an update for an old paper of ours Effectiveness of Antivirus in Detecting Web Application Backdoors, which mainly questioned the effectiveness of AV with respect to web shells and analysis of a couple of web shells. Current paper takes this topic further and explains a couple of methodologies that could be used to make stealth application layer backdoors using web scripting languages .This paper explains various Web Backdoor attacks and evasion techniques that could be used to stay undetected.


Download PDF

All Hacking Tutorials By Mr.Mindfreak

Presents Hacking Tutorial All in one Collection By Mr.Mindfreak

Mr.Mindfreak:"Hello My Fans Or My Hacking Page Followers i Upload My Hacking Tutorials in DVD Fully High Quality And Share Here So Download and Learn Hacking Easily "

Remember Me in Your Prays .!

Download From FileSonic:

Folder Linkhttp://www.filesonic.com/folder/6284231

Download From FileServe:

Folder link:

http://www.fileserve.com/list/qKUBhap

Free Paypal "buy now" [Exploit]

This is a Simple bit of JavaScript that can bypass payments, the site's need to be sites like these:




http://livewebbanners.com/learn.shtml
or
http://www.tallentagency.com/YouTubeClone/index.htm

How to use it:
Copy the code (Below)
Go to the page that you'r doing it on
Paste the link you copied into the URL and it should start.

Code:

javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);

Hope this really help's you and you save a bit off $ $


Another tip:

To find these site's Google - "this order button requires a javascript enabled browser"

Type that in the "quotes" into google.

BT4 Assuring Security by Penetration Testing

If you are working in the “information security” field, you must know the BackTrack distribution (otherwise you must be an alien coming from a far away planet!). If you search for the word “backtrack” on Amazon, you will find lot of references but only one book is fully dedicated to the Linux distribution: “BackTrack 4: Assuring Security by Penetration Testing“. I received a copy directly from the publisher and here is my review.

Just for those who are not familiar with BackTrack, it’s a Linux distribution made by security professionals for security professionals: It contains hundreds of tools to perform security assessments and penetration tests. Some of them are well-known like Metasploit, WebScarab or sqlmap and others are real gems (example: ua-tester which was added recently) and  increase the quality of the toolbox version after version.

Even if BackTrack 5 was released a few weeks ago, it does not reduce the book quality. There are so many tools that a single volume is not enough to cover all of them.The following chapters covered the classic penetration testing schema:

• Target scoping
• Information gathering
• Target discovery
• Enumerating target
• Vulnerability mapping
• Social engineering
• Target exploitation
• Privilege escalation
• Maintaining access
• Documentation and reporting

Each chapter reviews the most interesting tools (according to the authors) to achieve the chapter topic. Tools are briefly explained with examples. Straight to the point!
So, who’s need this book? The author’s goal is certainly not to give recipes on “how to hack a website“. The book must been see as a reference for those who already know the BackTrack distribution or who want to learn it. Don’t forget: this is just a toolbox, it does not prevent you to use your brain!
More information about the book here.