[FD] [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability

2016-01-15 Thread Egidio Romano
--- CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability --- [-] Software Link: http://cakephp.org [-] Affected Versions: Version 3.2.0 RC1 and prior 3.x

[FD] [TOOL] The Metabrik Platform

2016-01-15 Thread GomoR
Hi list, I would like to introduce you to The Metabrik Platform, please find a complete description below. For the impatient, you can see it in action at the following link: http://www.metabrik.org/blog/2016/01/09/malware-analysis-with-vm-instrumentation-wmi-winexe-volatility-and-metabrik/

[FD] [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...

2016-01-15 Thread Stefan Kanthak
Hi @ll, IExpress () creates executable installers [°] or self-extracting archives for Windows by embedding a .CAB archive and some strings as resources into a copy of the program %SystemRoot%\System32\WExtract.exe. These self-extracting

Re: [FD] Combining DLL hijacking with USB keyboard emulation

2016-01-15 Thread Rodrigo Menezes
While I agree that there is a lot you can do if you can plug a malicious USB device into a computer and that you might not need to take advantage of the DLL problem in order to successfully complete the attack, my point is that it could help. Consider that the attack could be carried out either

[FD] CCA on CoreProc/crypto-guard and an Appeal to PHP Programmers

2016-01-15 Thread Scott Arciszewski
Hi Full Disclosure Readers, Let's jump right into the vulnerability: In May of last year, I reported to CryptoGuard that their cryptography wasn't guarding against chosen-ciphertext attacks, which is the sort of oversight that would allow me to intercept a ciphertext message then keep feeding it

Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege

2016-01-15 Thread Stefan Kanthak
"Michel Arboi" wrote: > On 11 January 2016 at 15:37, Stefan Kanthak wrote: >> Which but does not mean/imply that everybody abandons TrueCrypt. > > The project has been abruptly killed by the developers without any > clear explanation. There's

[FD] Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?

2016-01-15 Thread Stefan Kanthak
Hi @ll, in 2009/2010, after beeing hit by "carpet bombing" and "binary planting" alias "DLL hijacking/spoofing/preloading" (see and

Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege

2016-01-15 Thread Michel Arboi
On 11 January 2016 at 15:37, Stefan Kanthak wrote: > Which but does not mean/imply that everybody abandons TrueCrypt. The project has been abruptly killed by the developers without any clear explanation. There's something fishy and it cannot be trusted anymore. Spend