Tuesday, March 2nd, 2010 Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, ...
Posted in Internet, Security, Windows | No Comments
Saturday, January 30th, 2010 Here's a quick example of grabbing a screenshot of a compromised system using meterpreter's espia module. Start with a basic exploit to gain a meterpreter session. You'll need to make sure you migrate to a process that has access to Active Desktop or else you will get nothing but blank ...
Posted in Internet, Networking, Privacy, Security | No Comments
Saturday, January 30th, 2010 I just wanted to show a quick example of using Incognito to impersonate user tokens on a compromised system. You can think of tokens as a web "cookie" which is just an object that holds your security information for the entire login process so that you don't have to re-authenticate ...
Posted in Internet, Networking, Privacy, Security, Windows | No Comments
Sunday, January 17th, 2010 While I was updating my VMs today with the final version of BackTrack 4 I decided to jump in and take a look at the new IE 0day exploit that was added to MetaSploit a couple of days ago. It works surprisingly well. I had 100% success rate with IE6. ...
Posted in Coding, Internet, Security, Software, Windows | 1 Comment
Tuesday, December 29th, 2009 Websense Security Labs ThreatSeeker Network has detected that the Fox Sports site has been compromised and injected with malicious code. Fox Sports is a division of the Fox Broadcasting Company. It specializes in the latest sports news and world sports updates. Fox Sports has an Alexa ranking of 330.Our research ...
Posted in Internet, Security | No Comments
