Abusing SUDO Advance for Linux Privilege Escalation If you have a limited shell that has access to some programs using thesudocommand you might be able to escalate your privileges. here I show some of the binary which helps you to escalate privilege using the sudo command. If you already read my previous article(Abusing Sudo) then you can skip […]
News
Stay tuned with SecureLayer7 Announcements
Fileless malware- the ninja technique to spread malwares using default os tools
What are fileless malwares? Fileless malware are not typical malwares that probe directly or indirectly to install software on a victim’s machine and then execute. Instead, tools that are built-in to Windows are hijacked and used to carry out attacks. Why is it more dangerous? Due to the usage of only default windows tools, no […]
Cryptocurrency Mining Scripts Harnessing your cpu memory via Browsers
Hidden MiningWebsites are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies. Scenario then vs now: Websites using crypto-miner services could mine cryptocurrencies with your browser memory when you visit their site. Feasibility: Once you close the browser window, they lost access […]
Gain Root without Password- macOS Sierra
A critical vulnerability has been discovered in macOS High Sierra allowing any user to get root access on a mac system without any passwords. In order to perform this, you just need to type “root” into the username field, leave the password blank, and hit the Enter a few times ( two or more) and […]
BlueBorne- the lethal attack to take over your devices
The latest attack Blueborne is taking over by storm , lets read about it in concise, the attack method and the details of this bug. A series of vulnerabilities have been unearthed in the implementation of Bluetooth which allows hackers to take over your computers/ tablets/ smartphones whenever Bluetooth is on. A total of eight […]
Pacemakers prone to getting hacked
Recently the The FDA and Homeland Security have issued alerts about vulnerabilities in 4,65,000 pacemakers. The devices can be remotely “hacked” to increase activity or reduce battery life, potentially endangering patients. Feasible vulnerabilities: Absence of memory and encryption: In such embedded devices there is a lack to support proper cryptographic encryption. Conventional cryptography suites are […]
How are work, life and things at SecureLayer7
What we do at SL7? Look at SecureLayer7 Review In this blog post, we will see how are work, life and things at SecureLayer7. We are an enthusiastic pack of security consultants and developers. Our work profile involves: Working at the customer site or remotely and pen testing web, mobile and infrastructure. Finding and making […]
SecureLayer7 Gratis PenTest Summer 2017
Overview Under the Gratis Pentest 2016, we have evaluated security postures of two open source applications i.e. Refinery CMS, PageKit CMS. We perform the penetration testing for the deserving Open Source Application as SecureLayer7’s contribution to Open Source Community. We shall allocate two or three days full time from our working hours to yield a […]
Password Reset OTP Bypass Critical Vulnerability in YesBank Banking Application
I am a customer of YesBank and I hold my savings account with them. I also use the YesBank’s online banking application and I strongly feel that they need to look into security of the application of the bank. So, as a responsible client, I disclosed the vulnerability to YesBank which I recently found in their […]
Firefox 47.0 Memory Access violation Crash – FIXED
We were working on Firefox browser automation for opening some of the URL for the malware analysis. We used the combination of python and selenium to perform automation and the After few mins, we stumble upon a Firefox crash, which was causing the memory access violation crash as shown in the following image. After few […]