sábado, 9 de mayo de 2015

The new policy adopts for my new tools and PoC's

Because companies, magazines and conferences do not pay attention to security reports that I totally free, as he begins to develop tools without taking into account who hurt them and how many people affected, publishes source as code it becomes for all Have fun with this.

If some companies are beginning to be attacked with my PoC's or tools dont ask why, i try to do good guy, but i get tired ...

I'm not doing anything illegal, if people want to commit crimes with my PoC's or tools, that's their problem not mine, good luck for youre devs and security guys (y)


OldSchoolComeBack

This is a repo about my security bypass report "Old School Come Back"

This is only a Proof Of Concept to demonstrate how is possible massively clone: Credit Cards, FingerPrints, and more ID devices.

I ending a FingerPrintHook, SmartCardHook, PluggedHook, and HumanInterfaceDeviceHook, coming soon i pulish the PoC (Proof of Concept).

Repository: OldSchoolComeBack

VectorAttackScanner

This is a tool to analyze android, linux and windows, to detect points to attack, as intents, receivers, services, processes and libraries.
This tool uses a static analysis methods to do this, the vector attack founded by this tool, can be attacked by fuzzing methods to discover vulnerabilities..

More security researchers, bug hunters, exploit writers, malware developers find a problems as unsecure compilation flags, methods/functions exposes, with this tool is more easy, this tool search by you automatically.

It is well known in the world of IT Security, that have been created countermeasures and memory protections to prevent easily create exploits and prevent programmers to write programs that execute arbitrary code, as RELRO, PAX, ASLR, PIE, NX, SSP, StackCanary and others, this tool search this flags to do the job.

For now this tool only check ELF Binary Format, searching RELRO, PAX, PIE, ASLR, NX, RPATH, RUNPATH, StackCanary and FORTIFY SOURCE protections.


How To Hack 85 Millon Dolars Company

The security facebook team respond me, is not a security flaw, i think more guys on the network loved this ...

For facebook security team, is acceptable security risk that any idiot can hack any database developed with Parse.com SDK.

You have to be a idiot, if is "acceptable security risk", that any attacker can list, update and delete any data on their systems.

The behavior you're describing is not a security/privacy risk ??? WTF ??? what think facebook is an risk ???

Well, The Center for Advanced Security Research Darmstadt (CASED), confirms my discover Security Flaw, check the article published on the Security Scorecard Blog: The Calm Before the Mobile API Data Breach Storm



Dissamble Part 1/2:

ProofOfConcept Part 2/2: