Posts

Showing posts from January, 2015

BlackPwn: BlackPhone SilentText Type Confusion Vulnerability

EFF’s Game Plan for Ending Global Mass Surveillance

Qualys Security Advisory CVE-2015-0235
GHOST: glibc gethostbyname buffer overflow

#include #include #include #include #include #define CANARY "in_the_coal_mine" struct { char buffer[1024]; char canary[sizeof(CANARY)]; } temp = { "buffer", CANARY }; int main(void) { struct hostent resbuf; struct hostent *result; int herrno; int retval; /*** strlen (name) = size_needed - sizeof (*host_addr) \ - sizeof (*h_addr_ptrs) - 1; ***/ size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) \ - 2*sizeof(char *) - 1; char name[sizeof(temp.buffer)]; memset(name, '0', len); name[len] = '\0'; retval = gethostbyname_r(name, &resbuf, temp.buffer, \ sizeof(temp.buffer), &result, &herrno); if (strcmp(temp.canary, CANARY) != 0) { puts("vulnerable"); exit(EXIT_SUCCESS); } if (retval == ERANGE) { puts("not vulnerable"); exit(EXIT_SUCCESS); } puts("should not happen"); exit(EXIT_FAILURE); }
[1]

IPv6 Security Myth #2
IPv6 Has Security Designed In

Carnal0wnage & Attack Research
Shmoocon Notes: Userland persistence on OS X

Securosis
Defining Threat Intelligence

Matthew Green
On the Practical Exploitability of Dual EC in TLS Implementations

Subject: [Fwd: RE: Minding our Ps and Qs in Dual_EC] Date: Wednesday, October 27, 2004 at 12:09:25 PM Eastern Daylight Time From: John Kelsey To: larry.basham@nist.gov ---------------------------- Original Message ---------------------------- Subject: RE: Minding our Ps and Qs in Dual_EC From: "Don Johnson" Date: Wed, October 27, 2004 11:42 am To: "John Kelsey" -------------------------------------------------------------------------- John, P = G. Q is (in essence) the public key for some random private key. It could also be generated like a(nother) canonical G, but NSA kyboshed this idea, and I was not allowed to publicly discuss it, just in case you may think of going there. Don B. Johnson -----Original Message----- From: John Kelsey [mailto:john.kelsey@nist.gov] Sent: Wednesday, October 27, 2004 11:17 AM To: Don Johnson Subject: Minding our Ps and Qs in Dual_EC Do you know where Q comes from in Dual_EC_DRBG? Thanks, -John
[1][2][3]

Powershell Popups + Capture - Room362.com

Powershell Popups Capture - Room362.com...the cool thing about this is you can leave it to execute on a system without any other code on disk and get creds constantly as any level of user. No admin, no UAC bypass needed. Just a bunch of creds for free.. over SSL. ;–)