Tags » Exploit

Project Zero Finds A Graphic Zero Day

After finding the infamous Heartbleed vulnerability along with a variety of other zero days, Google decided to form a full-time team dedicated to finding similar vulnerabilities. 200 more words

Software Hacks

Pokémon TCG: Sun & Moon card packs appear to be mapped

With the recent release of Pokémon TCG: Sun & Moon, card packs as part of the latest expansion appear to be mapped. This means that every consecutive third pack in the box apparently consists of a good pack with either a rare hologram or ultra-rare card. 42 more words


A Hacker Is Allegedly Flooding Counter-Strike Lobbies With Bots

(Source: compete.kotaku.com)

Counter-Strike players are currently coping with an exploit that allows bots to spam text and partake in games without being kicked.

The attack allegedly comes from one person who claims to be organizing the hack and bots in a somewhat concentrated effort. 168 more words


Exploit Development 5: Reflective DLL Injection


Reflective DLL injection is being used to inject a DLL into a process without reading it from the storage. A stager is executed from the exploited buffer, which in turn retrieves the DLL from a server. 971 more words

Buffer Overflow

ASLR^CACHE Attack Defeats Address Space Layout Randomization

Researchers from VUSec found a way to break ASLR via an MMU sidechannel attack that even works in JavaScript. Does this matter? Yes, it matters. A lot.  381 more words


Exploit Development 4: Egg Hunting


The rather small shellcode that was used so far, always neatly fitted into the exploited buffer on the stack. Unfortunately this might not always be the case. 1,230 more words

Buffer Overflow

"Ticketbleed" Flaw Exposes F5 Appliances to Remote Attacks (CVE-2016-9244)


A vulnerability, colloquially referred to as Ticketbleed vulnerability has been discovered in the TLS/SSL stack used by F5 Networks Inc. in their BIG-IP products. This vulnerability affects BIG-IP SSL virtual servers with the non-default session tickets option enabled. 220 more words