Uninformed is pleased to announce the release of its tenth volume which is composed of 4 articles: Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan), Using dual-mappings to evade automated unpacker, Analyzing local privilege escalations in win32k, and Exploiting Tomorrow's Internet Today: Penetration testing with IPv6.
59903dc059b514cf6bd0e37a30d6eac3Uninformed is pleased to announce the release of its ninth volume. This volume includes 4 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: An Objective Analysis of the Lockdown Protection System for Battle.net. Exploitation Technology: ActiveX - Active Exploitation. Exploitation Technology: Context-keyed Payload Encoding. Exploitation Technology: Improving Software Security Analysis using Exploitation Properties.
c767de0e1c78ea8126020eebdf39c862This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Outlook Express by using the CURSOR style sheet directive to load a malicious .ANI file. This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered, in the wild, by McAfee.
07a517f1fb87b03537a4fddfc3b6be68This Metasploit module exploits a buffer overflow vulnerability in the LoadAniIcon() function of USER32.dll. The flaw is triggered through Internet Explorer (6 and 7) by using the CURSOR style sheet directive to load a malicious .ANI file. Internet Explorer will catch any exceptions that occur while the invalid cursor is loaded, causing the exploit to silently fail when the wrong target has been chosen.
19caa5e95a067243786ca88f30fd6667Uninformed is pleased to announce the release of its sixth volume. This volume includes 3 articles on reverse engineering and exploitation technology. These articles include - Engineering in Reverse: Subverting PatchGuard Version 2, Engineering in Reverse: Locreate: An Anagram for Relocate, Exploitation Technology: Exploiting 802.11 Wireless Driver Vulnerabilities on Windows. PDFs of all articles and related code are included in this tarball.
6387aaa6e7cc43930494506675363d7aThis Metasploit module exploits a stack overflow in the Broadcom Wireless driver that allows remote code execution in kernel mode by sending a 802.11 probe response that contains a long SSID. The target MAC address must be provided to use this exploit. The two cards tested fell into the 00:14:a5:06:XX:XX and 00:14:a4:2a:XX:XX ranges.
8e29a33ce3fa0dea0811bce89496dec2This Metasploit module exploits a stack overflow in the A5AGU.SYS driver provided with the D-Link DWL-G132 USB wireless adapter. This stack overflow allows remote code execution in kernel mode. The stack overflow is triggered when a 802.11 Beacon frame is received that contains a long Rates information element. This exploit was tested with version 1.0.1.41 of the A5AGU.SYS driver and a D-Link DWL-G132 USB adapter (HW: A2, FW: 1.02). Newer versions of the A5AGU.SYS driver are provided with the D-Link WUA-2340 adapter and appear to resolve this flaw, but D-Link does not offer an updated driver for the DWL-G132. Since this vulnerability is exploited via beacon frames, all cards within range of the attack will be affected. The tested adapter used a MAC address in the range of 00:11:95:f2:XX:XX.
a403e8304d2632dbf796bf0e140b69a9Elfcmp compares running processes to the their respective binary image to ensure that the process image in memory has not been tampered with after execution. This is useful for security auditing, as other methods that rely strictly on checking disk image checksums are not reliable if only the process image is being tampered with.
ae293e91272d71698449a807ba109057Denial of service exploit for Core ST's recently discovered Windows SMB vulnerability which works against Windows NT/2k/XP.
55227b050b4c92b696ada37ba58bac50Decimate removes files in an ext2 filesystem so they are not recoverable. Includes some cool examples of how regular rming can be recovered.
b6de6d9a6c53c96e5f427e3ab99da67f
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed