Showing Posts From
September 2013
- 24 Sep 2013
WebView addJavascriptInterface Remote Code Execution
A critical remote code execution vulnerability was discovered in Android WebViews using JavaScript interfaces. The vulnerability allows attackers to execute arbitrary system commands by injecting malicious JavaScript into applications using advertising network SDKs. Analysis revealed that a significant number of Android applications could potentially be compromised through this security flaw.
-
John Fitzpatrick Luke Jennings - 18 Sep 2013
Hack the Gibson - 44CON
A presentation at 44CON revealed significant security vulnerabilities in top supercomputers. The talk demonstrated novel attack techniques for compromising large-scale computing infrastructure. Penetration testing exposed lower security standards in high-performance computing systems compared to typical enterprise environments.
- Nils Jon Butler
- 6 Sep 2013
MWR Labs Pwn2Own 2013 Write-up - Kernel Exploit
A kernel pool overflow vulnerability in Windows 7's Win32k system was demonstrated at Pwn2Own 2013. The exploit involved manipulating message buffer allocations to corrupt kernel memory structures. By carefully controlling message handling and window object properties, kernel-mode code execution was achieved, enabling a sandbox escape in Google Chrome.
- Jon Butler Nils
- 6 Sep 2013
Polishing Chrome for Fun and Profit (NSC)
A presentation at the Nordic Security Conference detailed a full sandbox escape vulnerability in Google Chrome. The vulnerability was successfully exploited at the Pwn2Own 2013 hacking competition. Technical details of compromising Chrome's security mechanisms were demonstrated by MWR's Nils and Jon.
- 5 Sep 2013
Conference Review: Nordic Sec Conf (NSC2013)
The Nordic Security Conference (NSC2013) was held in Reykjavik, Iceland, featuring notable cybersecurity talks on bug bounties, defensive strategies, and cyber conflicts. The conference included high-quality technical presentations, a competitive CTF event, and networking opportunities. Attendees enjoyed the conference's unique venue and the stunning Icelandic landscape.
- 1 Sep 2013
Introducing drozer
Drozer is an open-source mobile security tool for Android exploit development. It enables advanced payload deployment and post-exploitation through multiple "weasel" techniques for gaining device access. The tool allows security researchers to build exploits, create reverse TCP shells, and escalate privileges on target Android devices.