Skip to content
/dev/random

/dev/random

"If the enemy leaves a door open, you must rush in." – Sun Tzu

  • About Me
    • About Me
    • Online Presentations
    • PGP Public Key
  • Disclaimer
  • Tools
    • alerts2afterglow
    • hoover
    • inotes.py
    • known_hosts_bruteforcer
    • pastemon
    • oplb
    • ossec_dashboard
    • ossec2dshield
    • twittermon
    • rrhunter
    • syslog2loggly

Tag: MacOS

SANS ISC

[SANS ISC] More obfuscated shell scripts: Fake MacOS Flash update

November 28, 2018 Malware, SANS Internet Storm Center, Security Leave a comment

I published the following diary on isc.sans.edu: “More obfuscated shell scripts: Fake MacOS Flash update”: Yesterday, I wrote a diary about a nice obfuscated shell script. Today, I found another example of a malicious shell script embedded in an Apple .dmg file (an Apple Disk Image). The file was delivered through

Continue reading »

Scanning Malicious URLs in One Mouse Click

February 8, 2013 Apple, Malware, Websites 8 comments

Since it’s already Friday, just before leaving for the weekend, here is a quick hack for all MacOS X infosec guys… and the others! I’m not afraid to admit it: I’m lazy! We are using computers all day long and they have been created (usually 😉 to automate tasks. Let

Continue reading »

Stay in Touch

RSS Twitter LinkedIn

Upcoming Events

Here is a list of events that I will attend and cover via Twitter and wrap-ups. Ping me if you want to meet! The list is regularly updated.

SANS Brussels February 2019
OSSEC Conference 2019
BruCON Spring Training

Recent Articles

  • Detecting Mobile Phones Close to Your Location
  • [SANS ISC] Old H-Worm Delivered Through GitHub
  • [SANS ISC] Suspicious PDF Connecting to a Remote SMB Share
  • [SANS ISC] Phishing Kit with JavaScript Keylogger
  • [SANS ISC] Tracking Unexpected DNS Changes

Popular Articles

  • Show me your SSID’s, I’ll Tell Who You Are! 32,622 views
  • Keep an Eye on SSH Forwarding! 29,176 views
  • Sending Windows Event Logs to Logstash 26,141 views
  • Check Point Firewall Logs and Logstash (ELK) Integration 21,456 views
  • Socat, Another Network Swiss Army Knife 19,241 views
  • Forensics: Reconstructing Data from Pcap Files 17,790 views
  • Vulnerability Scanner within Nmap 17,579 views
  • dns2tcp: How to bypass firewalls or captive portals? 17,168 views
  • Post-BruCON Experience – Running a Wall of Sheep in the Wild 15,191 views
  • Bash: History to Syslog 11,785 views

Recent Tweets

  • [/dev/random] Detecting Mobile Phones Close to Your Location blog.rootshell.be/2019/02/19/d…

    Yesterday at 22:07

  • I’ll be there! :-) twitter.com/PhilHagen/status/1…

    Yesterday at 15:29

  • "When #Splunk meets #ATT&CK": Threat Hunting with MITRE’s ATT&CK using Splunk securityaffairs.co/wordpress/8…

    Yesterday at 07:21

  • This HTML page is more than 20y old!? #PreviousTweet #JurassicWeb pic.twitter.com/pgl8P0BPvl

    February 18, 2019 23:47

  • I’m trying to understand the purpose of this output… bug? /Cc @certbe pic.twitter.com/0BUAUij3lP

    February 18, 2019 23:42

Time Machine

RSS NVD Vulnerabilities Feed

  • CVE-2019-0256 (business_one) February 15, 2019
    Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted.
  • CVE-2019-6974 (linux_kernel) February 15, 2019
    In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
  • CVE-2019-8347 (beescms) February 15, 2019
    BEESCMS 4.0 has a CSRF vulnerability to add arbitrary VIP accounts via the admin/admin_member.php?action=add&nav=add_web_user&admin_p_nav=user URI.
  • CVE-2019-8345 (es_file_explorer_file_manager) February 15, 2019
    The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL.
  • CVE-2019-8341 (jinja2) February 15, 2019
    An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI.
  • CVE-2019-8343 (netwide_assembler) February 15, 2019
    In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
  • CVE-2019-6589 (big-ip_access_policy_manager, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_edge_gateway, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager, big-ip_webaccelerator) February 14, 2019
    On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7, and 11.6.0-11.6.3.2, a reflected Cross Site Scripting (XSS) vulnerability is present in an undisclosed page of the BIG-IP TMUI (Traffic Management User Interface) also known as the BIG-IP configuration utility.
  • CVE-2018-6271 (android) February 13, 2019
    NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.
Copyright Xavier Mertens © 2003-2018 | Powered by Xavier Mertens Consulting.
This website uses cookies to improve your experience. By using our services, you agree to our use of cookies. Accept Learn more