Saturday, January 30th, 2010
Here's a quick example of grabbing a screenshot of a compromised system using meterpreter's espia module. Start with a basic exploit to gain a meterpreter session. You'll need to make sure you migrate to a process that has access to Active Desktop or else you will get nothing but blank ...
Posted in Internet, Networking, Privacy, Security | 1 Comment
Saturday, January 30th, 2010
I just wanted to show a quick example of using Incognito to impersonate user tokens on a compromised system. You can think of tokens as a web "cookie" which is just an object that holds your security information for the entire login process so that you don't have to re-authenticate ...
Posted in Internet, Networking, Privacy, Security, Windows | 2 Comments
Friday, January 29th, 2010
Google has recently launched an "experimental new incentive" that could reward security researchers for their bugs in the Chrome browser (all versions - stable, beta, and dev) or in the open source Chromium project itself. Their base reward is identical to Mozilla's at $500, but they are offering a higher ...
Posted in Internet, Security, Software | No Comments
Monday, January 25th, 2010
Named Win32.Worm.Zimuse.A, this new nasty claims to be an IQ Test but is really a worm that will create about 7-11 copies of itself and store them in critical areas of your Windows system and then destroy the first 50KB of the Master Boot Record (MBR) after X number of ...
Posted in Internet, Security, Windows | No Comments
Sunday, January 17th, 2010
While I was updating my VMs today with the final version of BackTrack 4 I decided to jump in and take a look at the new IE 0day exploit that was added to MetaSploit a couple of days ago. It works surprisingly well. I had 100% success rate with IE6. ...
Posted in Coding, Internet, Security, Software, Windows | 1 Comment
