seeing is believing
Showing 1 - 4 of 4 RSS Feed

Files from Gjoko Krstic

Email addressgjoko at zeroscience.mk
First Active2012-12-30
Last Active2013-10-30
CloudFlare Versus Incapsula: Round 2
Posted Oct 30, 2013
Authored by Gjoko Krstic, Humberto Cabrera, Stefan Petrushevski | Site zeroscience.mk

This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web Application Firewall (WAF) solutions: Incapsula and Cloudflare. This test was designed to bypass security controls in place, in any possible way, circumventing whatever filters they have. Given the rise in application-level attacks, the goal of the test was to provide IT managers of online businesses with a comparison of these WAFs against real-world threats in simulated real-world conditions.

tags | paper, web
MD5 | e34c141844b6ea5bac3471427cb3e902
CloudFlare Versus Incapsula Versus ModSecurity
Posted Feb 20, 2013
Authored by Gjoko Krstic, Humberto Cabrera, Stefan Petrushevski | Site zeroscience.mk

This document contains the results of a comparative penetration test conducted by a team of security specialists at Zero Science Lab against three 'leading' web application firewall solutions. The goal of the authors was to bypass security controls in place, in any way we can, circumventing whatever filters they have. This report also outlines the setup and configuration process, as well as a detailed security assessment.

tags | paper, web
MD5 | 0951da9cc9a65e9928db32f9d9ec3346
OpenEMR PHP File Upload
Posted Feb 20, 2013
Authored by juan vazquez, Gjoko Krstic | Site metasploit.com

This Metasploit module exploits a vulnerability found in OpenEMR 4.1.1. By abusing the ofc_upload_image.php file from the openflashchart library, a malicious user can upload a file to the tmp-upload-images directory without any authentication, which results in arbitrary code execution. The module has been tested successfully on OpenEMR 4.1.1 over Ubuntu 10.04.

tags | exploit, arbitrary, php, code execution
systems | linux, ubuntu
advisories | OSVDB-90222
MD5 | c7b131604319426cce134fab1a42a85f
BlazeDVD 6.1 PLF Exploit DEP/ASLR Bypass
Posted Dec 30, 2012
Authored by Craig Freyman, Gjoko Krstic | Site metasploit.com

This Metasploit module updates an existing MSF module originally written for BlazeDVD 5.1. The new module will bypass DEP and ASLR on version 6. The original vulnerability is due to the handling of specially crafted PLF files. Exploiting this allows us to execute arbitrary code running under the context of the user.

tags | exploit, arbitrary, bypass
advisories | CVE-2006-6199, OSVDB-30770
MD5 | f0b95f422498c5d76cc375b1bf3de16b
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close