Home Archive for Hacking
Blog Archives

Vulnerabilities in Evoko products

Posted on 2017-04-27 by Emil Kvarnhammar Leave a comment

Update (20190213): Since the beginning of last year, TrueSec has worked closely together with the development team to improve security in both Evoko Liso and Evoko Home. All the vulnerabilities described in this post, with the exception of booting from

Read more ›

Posted in Hacking, Security

Denial of service – Evil is an art form

Posted on 2016-11-09 by Truesec Syd Leave a comment

Introduction This article was originally planned to be a part of a larger project where a presentation at the developer conference Öredev was the second part. However, the presentation at Öredev got cancelled (I have stage fright so I don’t

Read more ›

Tagged with: , , , , , , ,
Posted in Hacking, Security

Local file inclusion with tmp files

Posted on 2016-11-09 by Truesec Syd Leave a comment

A thing I noticed while writing the Hera tool and doing all the tests, is that some server setups did not have very good randomness in their temporary files. This opens up for some interesting opportunities if you happen to

Read more ›

Tagged with: , , , ,
Posted in Hacking, Security

Embedding EXE files into PowerShell scripts

Posted on 2016-03-15 by Fabio Viggiani 4 Comments

As sometimes happens, when you solve a particular problem, you realize that the solution can be generalized to cover more scenarios than the one you had in mind. This is one of those stories. I was trying to resolve an

Read more ›

Posted in Hacking

JellyShelly 1.7, progress has been made

Posted on 2016-01-27 by Truesec Syd Leave a comment

So I decided it was time to update this script to make it easier to handle. I realized a little while ago that it was quite hard to use since this little trick doesn’t work on all images. Therefore if

Read more ›

Tagged with: , , ,
Posted in Hacking

Speaking at Security Summit in Stockholm

Posted on 2015-10-28 by Emil Kvarnhammar Leave a comment

My colleagues at TrueSec and I, are inviting you to a dedicated Security Summit the 24th of November 2015 at Hotel Rival in Stockholm. A conference day full of practical and eye-opening demos. We will teach you all about the

Read more ›

Tagged with: ,
Posted in Hacking

Pawn storm – Oldest tricks in the book and we’re still falling for them

Posted on 2015-06-30 by Truesec Syd Leave a comment

Unless you are well-versed in the world of IT-security you might not know what Pawn Storm refers to, or you might think it is a chess tactic. Pawn Storm is an espionage operation started by an unknown group of individuals

Read more ›

Tagged with: , ,
Posted in General, Hacking

Keep your Windows servers patched

Posted on 2015-04-21 by Truesec Syd Leave a comment

Unlike Heartbleed and Shellshock, this vulnerability hasn’t gotten much attention. And so far it “only” results in a denial of service by crashing unpatched servers. The new vulnerability found (and patched) in HTTP.sys in Windows is super simple to exploit

Read more ›

Tagged with: , , , ,
Posted in Hacking

OS X 10.10.3 still vulnerable

Posted on 2015-04-21 by Emil Kvarnhammar 1 Comment

I just wanted to notify our readers interested in OS X security about a new finding that Patrick Wardle has made. He stated in his blog that he’s able to exploit rootpipe on a fully patched OS X 10.10.3! If

Read more ›

Tagged with: , , ,
Posted in Hacking

Hidden backdoor API to root privileges in Apple OS X

Posted on 2015-04-09 by Emil Kvarnhammar 140 Comments

TL;DR The Admin framework in Apple OS X contains a hidden backdoor API to root privileges. It’s been there for several years (at least since 2011), I found it in October 2014 and it can be exploited to escalate privileges

Read more ›

Tagged with: , ,
Posted in Hacking
Categories