My presentation about Ransomwares

Ransomware is a malware/malicious software program designed to block or disable access to the data your computer. The program displays a full-screen message on your screen claiming all files/programs have been blocked or encrypted. It demands a ransom, to be paid within a specific time, in order to decrypt/restore access. I try in my presentation […]

Exploit for CVE-2015-1427, ElasticSearch Unauthenticated Remote Code Execution

Description The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. POC code :http://jordan-wright.com/blog/2015/03/08/elasticsearch-rce-vulnerability-cve-2015-1427/ Shodan :   Exploit : Recommandations :https://nvd.nist.gov/vuln/detail/CVE-2015-1427    

Zabbix – SQL Injection

Zabbix is an enterprise-class open source distributed monitoring solution. Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. Vulnerability Overview: Zabbix suffers from a remote SQL injection vulnerability in the jsrpc.php page or api_jsonrpc.php page […]

This Map Shows the UK’s Surveillance Exports

The UK is a worldwide exporter of surveillance technology. From devices that hoover up phone calls and text messages, to hardware for monitoring internet traffic. “The transfer of these technologies cannot be divorced from human rights concerns,” Matthew Rice, advocacy officer at UK activist group Privacy International, told Motherboard in an email. “The use of […]

MongoDB And ransomware attacks

Learning that tens of thousands of MongoDB database have been compromised and held hostage by ransomware is both startling and worrisome. Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them.The number of affected databases has risen from hundreds to more than 10,000. […]

Your Smart TV Can Be Hacked

According to Shodan, the search engine for internet-connected devices, there are at least 18160 Samsung smart TVs connected to the internet.   let’s starts with an exemple .I use shodan to found a NEC LCD Monitor the next step is to connect to one of adresses IP and we can see no authentication   we […]

The “CVE 2014-0160:heartbleed” vulnerability three year later

Description The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual […]