From A Minor Bug To Zero Day - Exploit Development


While searching on Youtube related to buffer overflow vulnerabilities, I came across an excellent presentation by Math Ahroni on Defcon which explains the complete life cycle of the exploit development, from a simple bug  to a Zero day, The presentation explains the whole process of exploit development from the process of fuzzing, location a bug, use of egg hunters etc.

War Texting Allows Hackers To Unlock Car Doors Via SMS



Senior iSec researcher Don Bailey has developed an exploit which can allow the attacker to unlock car doors, hack car alarm system and even start their car, this method has been named as "War Texting", it took a time span of less than two hours for Don Bailey to hijack into Car's Alaram system and remotely start the car.

How To Learn Batch Programming Fast And Easy

Batch Programming is extremely helpful if you want to automate small tasks, Batch programming is though only restricted to windows platform but it has lots of other uses and the best part is that it's very easy as compared to other programming languages, While browsing on google for batch programming related e-books I came across a fantastic book which teaches batch programming from the very beginning to advanced level, The book is named as "Batch file programming" and is one of the very comprehensive books on batch programming i ever read.

How To Use A Keylogger Inside Metasploit Using Meterpreter?

Well, I have made lots of posts on keylogging indeed I have dedicated a whole book to this topic "An Introduction To keyloggers, RATS And Malware" which is available as a free download, Now If you are a regular reader of this blog the chances are very less that you might not know about keyloggers as I have written about it over and over agai. However in this post I will guide you simple ways to use a keylogger inside Meteasploit once you have opened up a meterpreter session with victims computer.  For those of you who don't know what metasploit is kindly refer the post "Metasploit For Beginners Explained"

Securing The Wp-Config File To Prevent Your Wordpress Blog From Getting Hacked

If your blog has been hosted on wordpress then your blog is more vulnerable than other blogging platgorms, The reason is that by default the wordpress security is very low and can be compromised easily, Before writing this post I made a little search on the web related to "Wordpress Security" and really found some foolish tips out there which would really not help you in any means. So I decided to write a post own my own, There are lots of wordpress admins who use plugins such as login lockdown along with many other plugins to prevent brute force attacks on wordpress, The problem is that now a days a hacker will not use a bruteforce attack or dictionary attack for hacking a wordpress blog, because now a days almost every one atleast has a password of more than 8 characters, and even if some one has a weaker password too, the brute force attacks and Dictionary attacks will be automatically blocked by your webserver, As they have iDS and IPS configured to these kinds of requests automatically.

Facebook Cookie Stealing And Session Hijacking


Three days ago I finished the series on Gmail Session Hijacking and Cookie Stealing , due to a tremendous response of readers I planned to write a post on Facebook cookie stealing and Session hijacking. Facebook session hijacking can also be accomplished via a very popular tool called Firesheep(On a Wifi Network Only), which I won't be explaining here because I have already written it before in my post Facebook Hacking Made Easy With Firesheep

Wordpress 3.2 Released - Much More Secure

Wordpress has just released wordpress 3.2 a couple of hours ago, Wordpress 3.2 comes with lots of major and minor bug fixes. Wordpress 3.2 is much more secure than previous versions as it comes with lots of security patches and fixes. WordPress 3.2 requires a minimum of MySql 5.0.15 and PHP 5.2.4. If you are facing some errors kindly contact your hosting immediately.



Gmail Cookie Stealing And Session Hijacking Part 3


So friends, This is the third part of my Gmail Session Hijacking and Cookie Stealing series on RHA, In the first part I introduced you to the basics and fundamentals of a Session Hijacking attack, In the second part I introduced you to the variety of methods used to capture session cookies. In this part I will tell you how to carry out a session hijacking attack once you have the session cookies.

 
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.