HackingTheUniverse

You are browsing the archives of exploit.

A trojan horse backdoor called “Zeus” is being used by a botnet named “Kneber” by researchers. This botnet has been operational for over a year and has compromised many organizations and collected a vast amount of data that was intended to be confidential.
Hackers Mount New Strike - [wsj.com]

Hackers in Europe and China successfully broke [...]

This is a chronology of the development of awareness about a new zer0-day vulnerability in MS IIS WebDAV. (so far…)
Microsoft IIS 6.0 WebDAV Remote Authentication Bypass - [seclists.org]
This is the original disclosure/advisory as discovered by “Kingcope” on May 12, 2009.
Vulnerability Details
This vulnerability allows remote attackers to bypass access restrictions on vulnerable installations of Internet Information [...]

Cyber attack and defense gaming environments are becoming more commonplace as the realization grows that there is a serious need for training and skills development in this area and skills that go beyond abstract “book learning” and need hands-on lab time. Virtual environments makes this easier to accomplish.
What is a Cyber Exercise? - [sans.org]
A [...]

The following link includes a video that demonstrates how it is possible to launch exploit code with the new PDF vulnerability simply by selecting the file icon, switching to thumbnail view, or just hovering over the file icon. Each of these actions triggers a Windows Explorer shell extension which reads information from the PDF [...]

Core Impact is a professional penetration testing framework tool that can operate in both automated and manual modes. It is very expensive, but sets the standard to measure other tools against. It comes with a constantly updated and state of the art collection of exploit code.
Core can either perform its own reconnaissance or can import [...]

Canvas by Immunity Sec is an exploitation framework that allows the user to penetrate target systems using exploit code. It is a complete system for penetration testing and security evalution, including tools for recon, both manual and automatic exploits and many more features.
The MOSDEF agent can inject shell code into a target process that [...]

Perimeter attacks involve using exploit code to take advantage of weaknesses detected in perimeter devices to take control of them or leverage some level of access into greater access. The list of known security holes in windows based systems is quite large and constantly growing. This puts the defenders in a position of needed to [...]