Latest Posts

I'm Back

Hello everyone. I'm finally back to my personal corner on the web. It has been a long time since I updated the website or posted something but things will be …

Aurora Exploit ... Python Style

If you have been watching the news recently, you might have heard about the "Aurora" exploit. The exploit was used to compromise systems at Google, Adobe, and other high-profile companies. …

Unpatched Vulnerability in Adobe Reader and Acrobat

There is an unpatched vulnerability in the latest and earlier versions of Adobe Reader and Acrobat. I've added to the software section a program that generates a PDF …

Adobe Reader Exploit

I've added to the software section an exploit I wrote in the past that targets a vulnerability in Adobe Reader via the web to execute arbitrary code. The code …

Yet Another Unpatched Vulnerability and PoC Exploit

An unpatched vulnerability in an ActiveX control (Microsoft Office Web Components) used by Internet Explorer is being actively exploited. My version of the exploit can be found here. …

Unpatched Vulnerability in Microsoft DirectShow and PoC Exploit

An unpatched vulnerability in an ActiveX control (Microsoft MPEG2TuneRequest) used by Internet Explorer is being actively exploited. I've written my version of the exploit in Python based on code …

Unpatched Vulnerability in Internet Explorer

A critical vulnerability in several versions of Internet Explorer is being actively exploited. The vulnerability has not been patched yet by Microsoft, which means that your computer can get …

Python Wrapper for VMware

I posted a Python wrapper called vmpy that can be used to control a virtual machine directly from Python. The wrapper can be found here.

DLL Injection

I posted a tool called DLLInjector that can inject a DLL of your choosing into a running process. The tool can be found here.

Facebook Phish

Links pointing to a phishing site: www.facebook.com.profile.php.id.371233.cn started to appear on Facebook. The index page of the phishing site looks exactly like the login page on Facebook which can trick …

Storm and Fast Flux in Action

A new variant of the Storm worm is using the following domain name: merrychristmasdude.com to infect unsuspecting users with malware. The link to the web page appears in spam messages …

Social Phishing

Check out this very cool paper. It's about context aware phishing attacks. It shows how the information posted by people on social networking websites like MySpace, Facebook, etc. can …