Kasif Dekel

CVSS score 8.8

article: https://www.cyberark.com/threat-research-blog/boundhook-exception-based-kernel-controlled-usermode-hooking/

blog: https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/

https://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/

report - http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf

link: http://blog.checkpoint.com/2015/10/01/ios-core-application-design-flaw-may-expose-apple-id-credentials/

The publication received a lot of media attention, for… Show more

The publication received a lot of media attention, for example:

http://www.scmagazineuk.com/users-urged-to-update-whatsapp-web-to-shut-down-vcard-vulnerability/article/437215/

http://thehackernews.com/2015/09/whatsapp-vcard-vulnerability.html

http://www.net-security.org/secworld.php?id=18828

http://www.techweekeurope.co.uk/mobility/mobile-apps/whatsapp-web-security-flaw-176446

http://www.telegraph.co.uk/technology/internet-security/11850817/WhatsApp-security-breach-lets-hackers-target-web-app-users.html

http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-for-web-vulnerability-could-give-hackers-control-over-computers-10491760.html

https://uk.news.yahoo.com/whatsapp-app-flaw-allows-hackers-155624561.html#EAL6FDk

http://www.theinquirer.net/inquirer/news/2425079/web-based-whatsapp-chat-app-trap-is-todays-security-vulnerability

http://www.pcworld.com/article/2981960/whatsapp-fixes-dangerous-flaw-in-web-app.html

http://securityaffairs.co/wordpress/39982/hacking/vcard-flaw-whatsapp-web.html

http://lavasoft.com/mylavasoft/company/blog/whatsapp-hits-900-million-users-experiences-security-breach

http://www.tripwire.com/state-of-security/latest-security-news/whatsapp-issues-update-for-maliciouscard-vulnerabilities-in-web-based-extension/

http://www.securityweek.com/vcard-vulnerability-exposes-whatsapp-users

https://hacked.com/whatsapp-web-vulnerability-puts-200-million-users-risk/

http://www.theregister.co.uk/2015/09/08/whatsapp_security_flap/

http://www.eweek.com/mobile/whatsapp-patches-flaw-that-put-hundreds-of-millions-at-risk.html

http://news.softpedia.com/news/extremely-dangerous-vulnerability-fixed-in-whatsapp-for-web-491237.shtml

http://techxplore.com/news/2015-09-whatsapp-patch-response.html

http://www.infosecurity-magazine.com/news/whatsapp-flaws-could-affect/

http://www.huffingtonpost.co.uk/2015/09/08/whatsapp-web-security-flaw-puts-200-million-at-risk_n_8106506.html

And more.. Show less

* the vulnerability is already patched by cyberark
* further technical details will be disclosed in the future

https://www.youtube.com/watch?v=3AHq1SKcBeM

Presenting a quick & easy way for an application to perform man-in-the-middle attack on a given phone without root privileges.

This piece of code shows how a malicious application can perform mitm attack on your phone without root privileges.

The idea is to change the main DNS server of the device.

And the question is: why should normal applications be able to do this operations?

https://github.com/kasif-dekel/android-mitm-app-no-root

A Cool reversing challenge solution.

link: https://github.com/kasif-dekel/bunny-b00tloader/blob/master/README.md

Major cellular provider launches new television service with NIS 99 (~26 USD) monthly package including unlimited VOD, wide variety of TV shows, movies and children's content.
In this publication i describe how a malicious attacker can change any account's information without any validations.

https://github.com/kasif-dekel/cellcomTV/blob/master/README.md

Rafael Advanced Defense Systems Ltd is an Israeli defense technology company. It was founded as Israel’s National R&D Defense Laboratory for the development of weapons and military technology within the Ministry of Defense. Rafael develops and produces weapons, military, and defense technologies for the Israel Defense Forces and for export abroad.

Rafael are looking to hire reverse engineers and created this series of binary challenges, the winner will be rewarded in a flight ticket… Show more

Rafael Advanced Defense Systems Ltd is an Israeli defense technology company. It was founded as Israel’s National R&D Defense Laboratory for the development of weapons and military technology within the Ministry of Defense. Rafael develops and produces weapons, military, and defense technologies for the Israel Defense Forces and for export abroad.

Rafael are looking to hire reverse engineers and created this series of binary challenges, the winner will be rewarded in a flight ticket (hotel and free entrance) to the BlackHat Conference.

more at: https://github.com/kasif-dekel/rafael-re-level-3 Show less