p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
563c62f63acfbef79e79659c3f483813816c7d032ef73e96e462a3b4f9a2fc7f
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
fc6827f3792a325e79c300d9d45e526eb2da3a8c759cfe3695710b5016f3cfd3
2c2 implements a deniable (and thus subpoena-proof) encryption by creating a file that can be decrypted into several variants, depending on the key, and for which the presence of any of the variants cannot be detected without knowing the key. Please don't use it for an evil conspiracy to take over the world, mmmkay? Also check out James's 4c, a successor to this tool.
8ab2ccdd6ad01164a0ac0b9ec08123e7500a906c94df03689121a249a3d691d5
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
e2d58c71a5e014e8391789f48f787c493b1c81901001c55d5ce888aba5b84a41
Snowdrop adds invisible watermarks to text or source code documents. Similar to steganography, watermarking adds invisible information to the document which allows you to track which copy of the document leaked, for example. Separate logical channels are used to carry a highly redundant watermark to ensure it is extremely difficult to remove this information by accident, simple reformatting, etc. Tested on Linux and FreeBSD.
0956fa7b69fc405cc4c00ff224e5435d4165a1298ffd1ba107c7cb07d1891573
Memfetch dumps the memory of a program without disrupting its operation, either immediately or on the nearest fault condition (such as SIGSEGV). It can be used to examine suspicious or misbehaving processes on your system, verify that processes are what they claim to be, and examine faulty applications using your favorite data viewer so that you are not tied to the inferior data inspection capabilities in your debugger.
923fe5dc11e4bcd611853c42d637da11941ea83c7f53d5c16f741be116573140
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
9db900b88bac67205c493bfdf4780d55020f71d6cf69ea0fd2a01fa148619d7e
Juggling with packets: floating data storage - White paper discussing the use of network traffic as a storage medium for data and how this could be utilized to not leave an audit trail.
7729c506c6789c1f397e325fee04b369ccf9758ca045af5579673f7a9b1017c1
p0f performs passive OS detection by watching SYN packets with tcpdump. Additionally, it is able to determine distance to remote host, and can be used to determine the structure of a foreign or local network. When running on the gateway of a network it is able to gather huge amounts of data and provide useful statistics. On a user-end computer it could be used to track which operating systems are making each connection. p0f supports full tcpdump-style filtering expressions, and has an easily modified fingerprinting database. Tested on Linux, FreeBSD, OpenBSD, NetBSD, SunOS, and Solaris.
57b018734a1da31984bc73e7a7590a507e27914441e24a65bb17e879a0078742
There is a remotely exploitable vulnerability in Sendmail versions 8.12.9 and below that allows an attacker to overwrite heap and stack structures.
28c280e02042929b8acc8cdcb07a215783ebdfe53633e6f8410bce341f4bbb14
Postfix versions 1.1.12 and below suffers from a remote denial of service attack due to a vulnerability in the address parser code.
e8e28a863997588aef90fb4e62ff99a22c91cdc08e3b2cd835651486388fcd55
Various configurations of CPU/BIOS/OS can lead to a denial of service on a server by a local user due to certain BIOSes not zeroing out MSRs on reboot. Patch included.
ca31052b05fc2352ad297512130b304003132d25354bf262fd89aa8fc1a9205a
There is a vulnerability in Sendmail versions 8.12.8 and prior. The address parser performs insufficient bounds checking in certain conditions due to a char to int conversion, making it possible for an attacker to take control of the application. This problem is not related to the recent ISS vulnerability announcement.
e56c207e41ff83acb9da15ebf18f6f1fbeb72d0a5ba1c4f489470c49b23fc690
Common use of 'tmpwatch' utility and its counterparts triggers race conditions in many applications, sometimes allowing privilege escalation. Includes information on races, file removal, fixes, and more.
b15d4299f68a0564b2dbf1976f2695381bb7cba4b78e5f66221c135ce941492e
Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later. Includes cool 3D pictures of the sequence number distribution for several OS's and analyzes the predictability of each. Many OS's have very predictable sequence numbers, allowing non encrypted connections to be spoofed and enabling protocol attacks against encrypted connections.
8386fe49e309794b7189962fc049c48f76491712ae797906588405f871f5b1dc
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
3a78f90ba3e009725dd21c6697b5a180836d3047bf155818439009389e28658f
Razor Advisory - A locally exploitable vulnerability is present in the util-linux package shipped with Red Hat Linux and numerous other Linux distributions. Chfn and chsh are affected. Tested against Red Hat Linux 7.3 and below.
f33c78e000c95226dc9e980eef83fefd8f6895c01bda0b30a85f012ad3ca7906
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
447932c5e732d97ca339be5ddc5f94b42a695561b36cbd93615154bb8cd4e733
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
0505286f46a92eb98b135d52dc93d6949ecd18418ec1911d8d5d74825a2b4099
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
e14cf365038e3721d3bd54233921777299724de0333f64d9953c009fe8fe0887
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
f3e73051c8780f7ebb6d3106fec7d584c33baff1a3a3aa5e831467983b03a4a6
Fenris is a multipurpose tracer, stateful analyzer and partial decompiler intended to simplify bug tracking, security audits, code, algorithm, protocol analysis and computer forensics by providing a structural program trace, general information about internal constructions, execution path, memory operations, I/O, conditional expression info, and much more. A small demonstration how this tool works can be found here.
918de9718405630e09b3b3c2dfc3fea4d577479adfc90c8f21b79790fc3cf58d
RAZOR Advisory: Multiple Local Sendmail Vulnerabilities. Sendmail v8.12.0 and below contains multiple local root vulnerabilities. This is fixed in v8.12.1.
33a10f0706c2b3d321f18b41f224a271bb8c7eb422d8bad8f87b3a52f6c7a860
Bindview Advisory - A remotely exploitable IP masquerading vulnerability in the Linux kernel can be used to penetrate protected private networks which have loaded the IRC masquerading module. There was a discussion last year that detailed exploiting NAT packet inspection mechanisms on Linux and other operating systems by forcing a client's browser or MUA software to send specific data patterns without the user's knowledge (see http://www.securityfocus.com/archive/82/50226) in order to open an inbound TCP port on the firewall. Appropriate but not sufficient workarounds were incorporated in Linux kernels released after the original advisory. Unfortunately, protocols other than those mentioned in the original discussions seem to be vulnerable as well. We found that IRC DCC helper (the Linux 2.2 ip_masq_irc module, and modules shipped with some other operating systems / firewalling software) can be exploited.
bcaf95982e917edd271016e86d6d77bc40fd5dd9c9b427da27e25b0f3c3b78f8
Bindview Advisory - SMBD remote file creation vulnerability. Insufficient parameter validation and unsafe default configuration on popular Linux platforms make systems running samba SMB file sharing daemon vulnerable to remote attacks. Tested on SMBD 2.0.7 and 2.0.8. Samba daemon allows remote attackers to create SMB session log files (*.log) with highly attacker-dependent contents outside outside logs directory. This vulnerability itself can be used to perform DoS attacks, or, if combined with unprivileged local access, can be used to gain superuser privileges.
cd04a10ae9f3510f12059b264b6521eb10a3a3ea5a56ac1c4ae8a772b263273c