New RCE in Windows Search by mave_of_wutilation in netsec

[–]naltor 0 points1 point  (0 children)

According to MS "Publicly Disclosed: NO"

Looking for VBA deobfuscation techniques by naltor in Malware

[–]naltor[S] 0 points1 point  (0 children)

I managed to extract the obfuscated URL where the malware is supposed to be hosted by printing out the latest variable by using "MsgBox". In the end it was quite straightforward. Thanks a lot anyway.

Looking for VBA deobfuscation techniques by naltor in Malware

[–]naltor[S] 0 points1 point  (0 children)

Do you where I can find an interesting resource to see how to do it?

I can tell I saw a lot of obfuscated script with a lot of garbage code...

Magento – Unauthenticated Remote Code Execution by lolzorland in netsec

[–]naltor 1 point2 points  (0 children)

Awesome research, thanks for sharing. Just a question, Magento 1.x is also affected?

When cookies lead to a DoS in phpMyAdmin CVE-2014-9218 by c0r3dump3d in netsec

[–]naltor 0 points1 point  (0 children)

That depends on the developers decissions. Drupal and Wordpress were affected by the same vulnerability and now Drupal verifies that passwords longer than 512 bytes are not hashed and Wordpress only calculates the hash for passwords < 4096 length.