Fixed date as per Linksys contact: 7/4/16
Linksys E2500 hardware version 3.0 and firmware version 3.0.01.010 suffer from missing authorization control on parental control page. This allows an attacker to change the parental controls set up by parents to keep kids safe from visiting adult sites and probably compromise a kid’s device.
Initial disclosure date: 04/12/16
Linksys contact: Benjamin Samuels, Calvin Clark (security@linksys.com)
The book delves into specific details and methodology of how to perform secuity assessments against the SCADA and Industrial control systems. The goal of this book is to provide a roadmap to the security assessors such as security analysts, pentesters, security architects, etc. and use the existing techniques that they are aware about and apply them to perform security asessments against the SCADA world. The book shows that the same techniques used to assess IT environments can be used for assessing the efficacy of defenses that protect the ICS/SCADA systems as well.
This course gives intrinsic details of exploiting stack and heap overflows in Windows software applications. It walks the students through all the steps that are necessary for bug hunting from reverse engineering to fuzzing to actually writing exploits in Windows software applications. It also teaches how a student should actually go about exploiting these vulnerabilities and bypassing the various Windows protection mechanisms. Overall, this is a course worth the money. It is one of the best tutorial for beginners as well as people who are inclined to understand the inner details of Windows protection mechanisms and bypass them.
This book focuses on teaching people in bypassing modern controls in Windows 7 especially focusing on exploits that can bypass ASLR, hardware DEP, software DEP, etc. Also focuses on teaching JavaScript vector array technique to bypass ASLR and exploit pointer manipulation.
