Profile cover photo
Profile photo
Dragos Ruiu
Stop, Think, Pwn.
Stop, Think, Pwn.
About
Communities and Collections
View all
Posts

Post has attachment
If you have/use any of these Western Digital MyCloud drives, recommend disconnecting them immediately and transitioning the data on them to another product as soon as possible. Hardwired network backdoor (u: mydlinkBRionyg p: abc12345cba) no vendor response for six months.

http://goo.gl/9hyREs
Add a comment...

Post has attachment
Add a comment...

Post has attachment
A compendium of Windows one liners to download and execute arbitrary remote code. http://goo.gl/bWth1V
Add a comment...

Post has attachment
‪<yoda>

underestimate the power of this code signing certificate cloning attack by @mattifestation and CA chain installation, you should not

</yoda>
http://goo.gl/7HEPoH
Add a comment...

remote ldpreload rce cgi vuln in popular embedded small web server GoAhead (Motorola, D-link, HP...) http://goo.gl/6JC9JD
Add a comment...

Post has attachment
‪Kismet development has been proceeding impressively.
Now decodes DJI DroneID on WiFi as well as a new capture architecture
http://goo.gl/zkVPYf
Add a comment...

Post has attachment
tl;dr All HP laptops have a trivially enablable keylogger built in via “debugging code” in the SynTp.sys Synaptics touchpad driver. Setting one registry setting starts saving all keycodea in WPP “performance profiling” traces.
http://goo.gl/gFx7G6

Updates are available at HP http://goo.gl/CnEcCX or Windows Update. Do update.

Oh also apply the Windows emergency hotfix for a remote code execution on Defender, that was released yeaterday that is also being actively exploited. Also do update, ASAP.
http://goo.gl/VKe67H

Add a comment...

Post has attachment
All ur mem r belongs 2 us:

Thunderbolt / native pcie dma attacks.

The little kid in me loves that the Spartan-6 Xilinx FPGA Eval Kit tag line on the box festooned with a wistful engineer looking at arrow shaped diagrams shooting towards racks of electornics and arrays of antennas is “THE PROGRAMMABLE FOUNDATION FOR TARGETED DESIGN PLATFORMS“ and whichever marketing person fumbling for a pseudo-militariatic jargon phrase to use as a suitably nebulous and non-specific slogan probably had no clue how close to the mark he/she/they was/were going to hit with this particular bit of marketing mumbo-jumbo. Heh....

https://github.com/Cr4sh/s6_pcie_microblaze

or use the SP605 with an FTDI UMFT601X-B and use ufrisk/pcileech

Breaks past the 4G boundary. Slowly but surely.
Add a comment...

Post has attachment
‪How to use an inexpensive RTL-SDR DVB-USB tuner dongle on Windows to do Tempest snooping on nearby screens and monitor RF emissions. http://goo.gl/dGzPZy
Add a comment...

Post has attachment
Once again. How many people patch their BIOS to disable ME (or at least try to disable it in sw) and pull their WiFi and Bluetooth card(s) on their secured laptops?

The answer is certain to be “Not Enough.”

http://goo.gl/gU4Ea2
Add a comment...
Wait while more posts are being loaded