Re: [FD] Combining DLL hijacking with USB keyboard emulation

While I agree that there is a lot you can do if you can plug a malicious USB device into a computer and that you might not need to take advantage of the DLL problem in order to successfully complete the attack, my point is that it could help. Consider that the attack could be carried out either by

Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege

On 11 January 2016 at 15:37, Stefan Kanthak wrote: > Which but does not mean/imply that everybody abandons TrueCrypt. The project has been abruptly killed by the developers without any clear explanation. There's something fishy and it cannot be trusted anymore. Spend your time and energy on forks

[FD] Defense in depth -- the Microsoft way (part 38): does Microsoft follow their own security guidance/advisories?

Hi @ll, in 2009/2010, after beeing hit by "carpet bombing" and "binary planting" alias "DLL hijacking/spoofing/preloading" (see and

[FD] Executable installers are vulnerable^WEVIL (case 22): python.org's executable installers allow arbitrary (remote) code execution

Hi @ll, the executable installers python-3.5.1-webinstall.exe and python-3.5.1.exe available on load and execute multiple DLLs from their "application directory". For software downloaded with a web browser the application directory is typically the use

[FD] [CVE-2016-0014] Executable installers are vulnerable^WEVIL (case 1): Microsoft's IExpress resp. WExtract, SFXCab, BoxStub, ...

Hi @ll, IExpress () creates executable installers [°] or self-extracting archives for Windows by embedding a .CAB archive and some strings as resources into a copy of the program %SystemRoot%\System32\WExtract.exe. These self-extracting arch

Re: [FD] Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege

"Michel Arboi" wrote: > On 11 January 2016 at 15:37, Stefan Kanthak wrote: >> Which but does not mean/imply that everybody abandons TrueCrypt. > > The project has been abruptly killed by the developers without any > clear explanation. There's something fishy and it cannot be trusted > anymore.

[FD] CCA on CoreProc/crypto-guard and an Appeal to PHP Programmers

Hi Full Disclosure Readers, Let's jump right into the vulnerability: In May of last year, I reported to CryptoGuard that their cryptography wasn't guarding against chosen-ciphertext attacks, which is the sort of oversight that would allow me to intercept a ciphertext message then keep feeding it

[FD] FreeBSD bsnmpd information disclosure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ## Advisory Information Title: FreeBSD bsnmpd information disclosure Advisory URL: https://pierrekim.github.io/advisories/CVE-2015-5677-freebsd-bsnmpd.txt Blog URL: https://pierrekim.github.io/blog/2016-01-15-cve-2015-5677-freebsd-bsnmpd.html Date

[FD] Whatever happened with CVE-2015-0072?

It seems that this issue was originally disclosed here: http://seclists.org/fulldisclosure/2015/Feb/0. Eventually a CVE was assigned: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0072 and then MSFT released a patch: https://technet.microsoft.com/en-us/library/security/ms15-018.aspx. B

[FD] Qualys Security Advisory - Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778

Qualys Security Advisory Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 Contents Summary Information Leak (CVE-2016-0777) - Ana

[FD] [TOOL] The Metabrik Platform

Hi list, I would like to introduce you to The Metabrik Platform, please find a complete description below. For the impatient, you can see it in action at the following link: http://www.metabrik.org/blog/2016/01/09/malware-analysis-with-vm-instrumentation-wmi-winexe-volatility-and-metabrik/ Th

[FD] [KIS-2016-01] CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability

--- CakePHP <= 3.2.0 "_method" CSRF Protection Bypass Vulnerability --- [-] Software Link: http://cakephp.org [-] Affected Versions: Version 3.2.0 RC1 and prior 3.x versions