| |
|
Metasploit: The Latest Adobe Exploit and Session Upgrading |
|
|
Topic: Miscellaneous |
12:21 pm EDT, Mar 23, 2010 |
Thursday, March 18, 2010 The Latest Adobe Exploit and Session Upgrading On March 12th and 13th, a researcher named "villy" posted a couple of blogs relating to an exploit for CVE-2010-0188. On the 15th, I ported that exploit (python) over to Metasploit (ruby), which you can find here, in the module browser.
Metasploit: The Latest Adobe Exploit and Session Upgrading |
|
Penetrating Intranets through Adobe Flex Applications - Gotham Digital Science |
|
|
Topic: Miscellaneous |
12:17 pm EDT, Mar 23, 2010 |
In my last post, Pentesting Adobe Flex Applications with a Custom AMF Client, I described how one could write a client using Python and PyAMF to perform manual penetration testing of Flex applications. The example application I focused on utilized RemoteObjects and communicated via binary AMF encoded messages, a common roadblock for security testers.
Penetrating Intranets through Adobe Flex Applications - Gotham Digital Science |
|
Topic: Miscellaneous |
12:08 pm EDT, Mar 23, 2010 |
Herein you will find two things: First, my HTML version of the public domain file intel.doc, which derives from the PC Game Programmer's guide. This HTML version was produced by me alone, Zack Smith. HTML modifications are therefore copyrighted © 2005 and 2009 by Zack Smith, all rights reserved. This information is provided in the hope that it will be useful, but without any warranty; it is provided AS-IS, without even the implied warranty of fitness for a particular purpose.
8086.tk |
|
Google releases web security scanner - The H Security: News and Features |
|
|
Topic: Miscellaneous |
10:02 am EDT, Mar 22, 2010 |
22 March 2010, 10:28 Google releases web security scanner Skipfish runs via a Linux / Unix command line. Vergr��ern Google has released an open source scanner that allows web application developers to test their applications for security holes.
Google releases web security scanner - The H Security: News and Features |
|
Microsoft Virtual PC Flaw Lets Hackers Bypass Windows Defenses | threatpost |
|
|
Topic: Miscellaneous |
10:17 am EDT, Mar 17, 2010 |
An exploit writer at Core Security Technologies has discovered a serious vulnerability that exposes users of Microsoft’s Virtual PC virtualization software to malicious hacker attacks.
Microsoft Virtual PC Flaw Lets Hackers Bypass Windows Defenses | threatpost |
|
Topic: Miscellaneous |
1:51 pm EDT, Mar 16, 2010 |
When tearing off one of the toolbars in IDA 5.5 this morning, my Windows 7 virtual machine locked up, and became unresponsive. Of course, I immediately attached a debugger to see what was going on.
Creating Window Cycles |
|
A gentle introduction to return-oriented programming � blog.zynamics.com |
|
|
Topic: Miscellaneous |
9:50 am EDT, Mar 15, 2010 |
A gentle introduction to return-oriented programming By Tim Kornau Hi, As I have promised in my last post I will start a series about return-oriented programming. I start with a short introduction about the topic.
A gentle introduction to return-oriented programming � blog.zynamics.com |
|
The REIL language – Part I « blog.zynamics.com |
|
|
Topic: Miscellaneous |
10:58 am EST, Mar 11, 2010 |
The REIL language – Part I By Sebastian Porst If you have followed the development of BinNavi over the last two years you might know that we are making heavy use of something called REIL to provide features backed by advanced static code analysis. REIL is short for Reverse Engineering Intermediate Language and at its core it is a platform-independent pseudo-assembly language that can be used to emulate native assembly code.
The REIL language – Part I « blog.zynamics.com |
|