Article Archive

Description: A bug in Chinese video streaming software leads to mass open proxies on the web. A security blogger has uncoverd a flaw in the Chinese PPLive...

Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF vulnerabilities; you have to step through the app as described above and test against locally installed vulnerable applications and devices unless you have explicit permission to test remote applications per an approved penetration testing engagement.

The final installment of the 3-part series covers the loading the bootkit previously discussed in part 2.

For this second part of the series, we look in more depth at the internals of the malware, starting with the user-mode implementation of the bootkit’s bot functionality.

In the two years since the Win32/Olmarik family of malware programs (also known as TDSS, TDL and Alureon) started to evolve, its authors have implemented a notably sophisticated mechanism for bypassing various protective measures and security mechanisms embedded into the operating system.

In our ongoing series of interviews, this week David Litchfield answered a few questions and pulled back the curtain a bit on the methods, tools and motivation...

This article was part of a talk presented at BSidesChicago. Web servers have become one of the main targets of malicious activity and are often a weak point...

Rel1k (Dave Kennedy) asked for a more detailed explanation as to the wicd disclosure / backtrack “0day” fiasco and we're happy to explain. We slipped up...

Alternate Data Streams are a way to store data on a machine that is not readily accessible to users. Using ADS, files are not easily accessible by Windows operating...

In our ongoing series of interviews, this week Neil Daswani answered a few questions and pulled back the curtain a bit on the methods, tools and motivation...