Back when I had dial-up internet, I used to host stuff on my computers and give my public IP to friends so that they could enjoy or make use of, what I had to share. Back then there wasn’t any Facebook, hi5, orkut, or any chat mobile apps. The only…
Antivirus Evasion
A few weekends back i was wondering how do malware evade antivirus solutions, is it really that easy ? With that in mind i started looking at some known malware piece and randomly pick a anti malware solutions to my surprise AVs can still be tricked with old technique such…
Oracle Web Center XSS
Oracle Web Center XSS Details ======================================================================================== Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Security-Risk: High Remote-Exploit: yes Vendor-URL: https://www.oracle.com/ CVE-ID: CVE-2017-10075 CVSS: 8.2 Credits ======================================================================================== Discovered by: Owais Mehtab & Tayeeb Rana Affected Products: ======================================================================================== Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Description ======================================================================================== Two Cross site scripting (XSS)…
Downside of keeping everything public – ICWATCH
I have been writing and preaching about Social network information harvesting and why it is a bad thing (Check out the post here). I recently stumbled upon something, which is, publicly known though, but still worth mentioning. The mentioned “something” is a very good example of why too much information…
Sitecore CMS v 8.2, cross site scripting & arbitrary file access
Hi folks, Multiple vulnerabilities were found in the Sitecore version 8.2. Which were reported to Sitecore CMS on the 5th of May,2017. A patch was released on the 27th of June, 2017. It is recommended to update the Sitecore CMS installation. The exploit is being made public after the patch…
VMWare Horizon View Client <= 5.4 DLL Hijacking
During one of the pentest assignment i had to perform security assessment for VMWare Horizon View Client, since it’s native windows application the attack vectors are different than normal web apps. I started looking at the memory then traffic then registries found nothing, i was at a total loss…. Fortunately…
Unquoted Service Path Privilege Escalation
During pentest engagement we often manage to get a shell (usually it’s enough to prove your point) but what if one can truly get a complete hold of system ? So there are tons of privilege escalation techniques out there which includes exploiting kernel level bug, mis-configurations so on and…
Social Network Information Harvesting (SNIH)
Social Networks ! For those people who do not know about the social network , what it is and what this blog post is all about, well, here is a quick introduction. Social Network is People share their personal or business information freely on these websites. Though the privacy policy…
The blog is back
Xc0re blog is back, finally. More updates soon!
Psychological Warfare
Human Beings are stupid by default ! Human Stupidity never fails to amaze any one. We do very very stupid things, unknowingly of-course. This article is about how hackers or any one can tap into the human mind and take advantage of it in every way possible, usually called exploitation….