Whitepaper called Forgotten World - Corporate Business Application Systems. This paper will describe some basic and advanced threats and attacks on Enterprise Business Applications – the core of many companies. Both the paper and Blackhat DC presentation are included in this archive.
2e70cc9c883bdf948194b3801a4b9fe5f07f8e73912c291bd5c5b643e993e4a6
This Metasploit module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via preg_replace().
3a2382adc10594ee42ff1bd0b49855a630ee0af65a53e90bd2f33b29bcbe9542
This Metasploit module exploits the FTP server component of the Sasser worm. By sending an overly long PORT command the stack can be overwritten.
5d5c22dfbd84d41c7c21a45e5676f648dbcc83cd3302d47b1a95c27ace3b87f0
This Metasploit module exploits two arbitrary PHP code execution flaws in the phpBB forum system. The problem is that the 'highlight' parameter in the 'viewtopic.php' script is not verified properly and will allow an attacker to inject arbitrary code via preg_replace().
1bd480a3c38c3cf0cbb3b509893353c357ec5b1bf7fc0df522daa1890d05161f
Presentation called Further Down the VM Spiral.
c375df19723aa50405c3578260589605b47dac194a812c3bcb3360c7a43ef6bf
Whitepaper called Inside the Malicious World of Blog Comment Spam.
dccb3a2c0c1cdd5b6a2aefb021cd01be7b0b1a7fcca5840483c345b10b991d3b
Presentation called Hacking Malware - Offense is the new Defense.
49a69eea4ecdcbb9fd14a6e4078bbd75a781159d16030e70283919300e0d4dd9
Detecting the Presence of Virtual Machines Using the Local Data Table - This paper describes a method for determining the presence of virtual machine emulation in a non-privileged operating environment. This attack is useful for triggering anti-virtualization attacks and evading analysis.
48ac374b43d646206bf8a59b9cc0aed6ac19a76791acaea176314b493393c68e