asteroza + vulnerability   80

Intel® Management Engine Critical Firmware Update (Intel SA-00086)
Security Advisory (Intel-SA-00086), a critical firmware vulnerability in systems. AKA the DOOM ME HOLE detection tool. Also , only detects, still need a separate ME firmware patch from your motherboard manufacturer...
linux  windows  intel  management  engine  ME  firmware  exploit  vulnerability  hole  detection  sysadmin  tools  utilities  software  security  version  check  test  checker  tester 
november 2017 by asteroza
cve-search/cve-search: cve-search - a tool to perform local searches for known vulnerabilities
basically a setup to copy CVE databases locally for local search so specific queries don't leak to the outside world
local  search  engine  CVE  CPE  mongoDB  exploit  security  reference  information  vulnerability  database 
november 2017 by asteroza
Telnetd Vulnerability
old school telnetd vulnerability, similar to recent CVE-2017-7494 Samba vulnerabiltiy
telnetd  telnet  daemon  exploit  vulnerability  shared  path  loader  environment  variable 
june 2017 by asteroza
WooYun is a famous chinese vulnerability research site.
software  windows  vulnerability  research  esearch  hacking  pentesting  news  aggregator  Delicious 
may 2016 by asteroza
KALE: A High-Degree Algebraic-Resistant Variant of The Advanced Encryption Standard
Whoa, AES S-box weakness found. This might be a major vulnerability... except we've been punked by the author. Appendix B notes the KALE transform looks equivalent to AES, so could be substituted into an AES S-box lookup table but actually causing a massive vulnerability.
AES  S-box  vulnerability  security  cryptography  encryption  research  software  KALE  humor  serpessence  snake  oil  Delicious 
january 2015 by asteroza
Internet scanning obvious big vulnerabilities so you don't have to. Sorta like SHODAN. Also, naming and shaming sites too. Wonder if they use Masscan?
internet  vulnerability  scan  scanning  service  security  shame  list  unpatched  system  search  engine  Delicious 
june 2014 by asteroza
OSVDB: Open Sourced Vulnerability Database
At first glance appears to be non-commercial, but it looks more a for-profit hiding behind a non-profit
infosec  opensource  vulnerability  database  security  hacking  exploit  archive  information  virus  antivirus  malware  Delicious 
may 2014 by asteroza
Inception | Break & Enter
Inception, formerly winlockpwn, is a firewire DMA attack that can overwrite login software on target computers such that you can login as the administrator/root without the correct password.
mac  OSX  linux  windows  imaging  memory  software  security  opensource  attack  DMA  escalation  privilege  login  logon  firewire  winlockpwn  inception  thunderbolt  ExpressCard  PCMCIA  vulnerability  rooting  Delicious 
october 2012 by asteroza
X-Ray for Android
I suppose this also doubles as a easy way to locate an appropriate rooting app...
DARPA  X-Ray  android  app  software  security  OS  vulnerability  scanner  privilege  escalation  Delicious 
september 2012 by asteroza
Power grid is found susceptible to cyberattack | ITworld
Smart meters as part of a smart grid network are equally vulnerable to security attacks as other classes of computers. Unfortunately, in the metering and SCADA industry, security is usually an afterthought due to assumed closed network design. In this particular example, some of the compromised smart meters were using Windows XPembedded, which likely was never patched since it left the factory.
remote  network  security  pentesting  monitoring  control  attack  grid  SMART  utility  SCADA  meter  vulnerability  DDoS  AMI  Delicious 
march 2009 by asteroza
Security Vulnerability Research & Defense
microsoft research security blog vulnerability announcement defense mitigation measures countermeasures infosec hacking triage
microsoft  research  security  blog  vulnerability  announcement  defense  mitigation  measures  countermeasures  infosec  hacking  triage  Delicious 
december 2007 by asteroza

related tags

Acidus  active  Acunetix  AD  admin  advisories  advisory  AES  agentless  aggregator  AMI  analysis  android  announcement  anonOps  anonymous  antisec  antivirus  apk  aplication  app  appliance  application  architecture  archive  assessment  asset  ATK  attack  audit  auditing  automated  automation  backdoor  behaviour  BFF  blog  BlueBorne  bluetooth  bounty  brute  bug  card  catalog  CDC  CERT  CGI  champion  check  checker  checking  chipset  cipher  cnada  computer  console  contact  control  correlation  countermeasures  cow  CPE  cracking  crawler  crowdfunding  cryptography  cult  curl  CVE  CVE-2018-9119  CVSS  daemon  damn  DARPA  data  database  dataset  day  DDoS  dead  defense  deleted  Delicious  dependcy  dependency  detection  Diffie-Hellman  directed  directory  disclosure  distribution  DMA  DoS  downgrade  download  DSL  DVL  EAP  eb  eEye  emerging  EnCase  encryption  engine  environment  equities  escalation  esearch  eternal  event  executable  exploit  exploitation  export  ExpressCard  file  filename  firewire  firmware  flag  flowchart  forece  forensic  foreverday  framework  freak  FUZE  fuzzer  fuzzing  generator  GFI  go  google  goolag  government  grade  grid  guyide  hacking  hardphone  hardware  header  heuristic  hide  hole  howto  HSM  HTTP  humor  IDS  imaging  inception  IndieGoGo  Infineon  information  infosec  injection  intel  internal  internet  intranet  intrusion  inventory  IP  IPS  ISO  ISO29147  japan  javascript  KALE  key  keygen  Kit  labs  languard  learning  library  linux  list  liveCD  loader  local  localhost  log  logging  login  logjam  logon  loop  lulzsec  mac  machine  malware  management  marketplace  master  ME  measures  memory  meter  methodology  microsoft  mitigation  module  mongoDB  monitoring  name  named  national  NBA  negative  network  networking  news  Nikto  Nmap  Node.js  NPM  NTP  NVD  oil  online  open  opensource  OpenVAS  OS  OSX  PA1688  parameter  patch  path  PCMCIA  penetration  pentest  pentesting  phone  PIP  PKCS#11  PKCS11  portal  practice  prioritization  privilege  profile  profiling  program.exe  protocol  provider  python  Q1  reference  RefRef  registry  remediation  remote  report  reporting  research  responsible  ring  risk  root  rooting  RSA  ruby  rubygems  ruleset  S-box  SaaS  SafeNet  SCADA  scan  scanner  scanning  Scrawlr  script  search  security  SEM  serpessence  server  service  shame  shared  SHODAN  SIEM  SIM  SMART  SMB  SMBv1  snake  SNMP  snort  software  sophos  sourcefire  SQL  SSL  standard  state  suite  sysadmin  system  table  telephone  telnet  telnetd  test  tester  testing  threat  thunderbolt  tips  TLS  tool  toolkit  tools  top  TPM  tracker  training  triage  tricks  unpatched  user  usermode  userspace  utilities  utility  variable  vendor  version  virus  VM  VoIP  vul  vulnerabilities  vulnerability  vulnerable  weak  web  webapp  webdev  website  wifi  windows  winlockpwn  WINS  WPA3  X-Ray  x86  yahoo  zero  zoo 

Copy this bookmark: