Hotspot Security - This presentation covers the basic approach behind Wi-Fi hotspot security design and architecture. During the presentation, vulnerabilities and methods for exploiting Wi-Fi hotspots were shown.
0a7dede863446f901b020b5e8cb5a16104df67c26c0d8e604dfe1df366228110Virginity Verifier - The presentation aims towards defining a detailed list of vital operating system parts as well as a methodology for malware detection. The list will start on such basic levels as actions needed for file system and registry integrity verification, go through user-mode memory validating (detecting additional processes, hooked DLLs, injected threads, etc) and finally end on such advanced topics as defining vital kernel parts which can be altered by modern rootkit-based malware (with techniques like Raw IRP hooking, various DKOM based manipulations or VMM cheating)
94500b175b88ce140678c699be8b75984a5ac8857c25de8ad095cfbd32078b6fAnalysing All That Data - This presentation will introduce you to a number of techniques for making sense of large collections of data, including sorting and clustering techniques, fuzzy matching, and trend analysis. These techniques have applicability in numerous applications, such as mail filtering and network event analysis.
78f674bd1b1fa124c6336b7c2bbbb4422f9e8541e79202822c6a8a18f5329d3eSecure Java Programming - The talk is about the causes and effects of coding errors and the techniques to detect them, demonstrated with findings in the current Sun JDK.
bfb10720627d3dc700ef445feae88f44314c35a60fde542354635e8898180b8cAnalyzing Code for Security Defects - Reviewing code to find vulnerabilities is becoming more and more common. Reviewing code is not only useful from a developers point of view but also from an attacker's point of view. The talk covers the basics of threat analysis, how to assess threats and what are some of the vulnerabilities that could exists in code when performing code reviews for large code bases.
577816544352b93086ef9e99da313f9fee376f881ae388b2695b3cf5b1bae2f1Web Hacking Kung-Fu and Art of Defense - Web attacks are on the rise and new methods of hacking are evolving. This presentation covers the new methodologies for web application footprinting, discovery and information gathering with a new range of tools.
4f5e29a13a9a3f08a42d17d1c4729596c7602ec6f82c8722ba9f630ca7c3ecffVoIPhreaking: How to make free phone calls and influence people This talk explores the technologies behind VoIP infrastructures, focusing on their weaknesses and faults. LIVE DEMOS were conducted to help illustrate that attacks which violate VoIP system security are not only practical, but are already here. The era of VoIPhreaking has begun.
3271305c18faa6bd40a617ee26d17e9ace2ab4a191e3050d6395587c1d2c796aSocial Engineering Fundamentals - In today's world confidence scams present quite possibly the highest threat to security with in the business world. Control of information, withholding and leaking, can lead to massive failures and losses depending on how skilled the attacker may be. In combination with disinformation and propaganda, social engineering can as fatal as or even lead to loss of customer and shareholder confidence.
c7eb0d6f8e3d9604128b9b70ac462c22bd11e438eae445c188a7350db6cc9058Hacking Internet Banking Applications - This presentation highlights the solutions to some of the challenges the banks will face online to ensure that their data handling practices are compliant with their country's privacy regulations and banking regulations among others.
facb6cdfb8969d787b7bc3da4d2632a5a0ded6a4605b14a9726466d683898afbx.25 Security - The presentation focuses on X.25 security issues, positioned in present day context and problems. The main intention is to bring personal and professional know-how, background and X.25 penetration testing experiences to the auditorium, with real-life case studies.
ec36363f681e82827601b5b958109ffc30d24db525a0ec00e087594e31603878Corp vs Corp - An impressionistic overview of what makes the difference today and in the future (in the digital playground) in the balance of power between economic and military powers. The presentation covers a description of the business behind espionage worldwide as well as the asymmetric organizations that are the real master of puppets.
99b4e4d92119b97b7001ec31f44f161bbeef564f7f9dfa6041c211df58379614Project Blinkenlights - A presentation covering the Blinkenlights light installation in Berlin, Germany and the Arcade project in Paris, France.
128f1accabc534ab089b49d061eec977eb753a6811e67370006815eafee8f7bbTor Tray is a simple GUI application (C++) which enables you to load TOR in the tray, see messages, and start / stop it easily. Both binary and source code are packaged.
40d6edcaf47a55937992c960826642c79c86aa206dcfeffac48995385a8049e5Proof of concept SQL injection / board takeover exploit for versatileBulletinBoard version 1.0.0 RC.
65cfb775433b5fc5d6bc772afd06b572cd6bc14f9f9d0b0ea9523cb22900d8b1versatileBulletinBoard version 1.0.0 RC2 is susceptible to multiple SQL injection, login bypass, cross site scripting, and information disclosure flaws.
1dd61781206f11b5dbda20ccba56456f83d791f730f046b9fd306fd687b077ediDEFENSE Security Advisory 10.10.05-2 - Remote exploitation of a buffer overflow vulnerability in Kaspersky Labs' Anti-Virus Engine allows remote attackers to execute arbitrary code. Kaspersky Anti-Virus Engine is used by multiple vendors in Linux virus scanner products and exploitation requires minimal interaction by a targeted user.
687cfe35f56b41da5bef27898fef324bfb17e6910d56678af39622a53cf3acf8iDEFENSE Security Advisory 10.10.05-1 - Local exploitation of a design error vulnerability in the runpriv command included in multiple versions of Silicon Graphics Inc.'s IRIX could allow for arbitrary code execution as the root user. iDEFENSE has confirmed the existence of this vulnerability in SGI IRIX version 6.5.22 (maintenance). It is suspected that previous and later versions of both the feature and maintenance revisions of IRIX 6.5 are also vulnerable.
1c012fe38982c56bc23fed6348942a17603277d23ed1b3e06be34b0c10278c98Debian Security Advisory DSA 859-1 - Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code.
6483e1a565b7283f82a983e867a8858315481daed70fb7f122df299b35814afcDebian Security Advisory DSA 858-1 - Ariel Berkman discovered several buffer overflows in xloadimage, a graphics file viewer for X11, that can be exploited via large image titles and cause the execution of arbitrary code.
86dd12d810a5c9d31de266e6913b7ee74cb399ed562c39faaa027eafffd2a188Ubuntu Security Notice USN-199-1 - Multiple vulnerabilities exist in both linux-source-2.6.10 and linux-source-2.6.8. These include race conditions and denial of service flaws.
cb1f37696ee3c0e425312af1edc21a290e6d17a6b94cc69b3b52cac0e52ae13fvlbook guestbook version 1.0 is susceptible to a remote file inclusion vulnerability.
4dc0e691d445ccd48ee7105f49de1ab2b22f1db170ebdc3af3ddc7cb3cfec1fephpMyAdmin 2.6.4-pl1 is susceptible to a local file inclusion vulnerability.
7e9e234acd7dc588242bf4e36dd317e113de0f0f7dcc551856ae9eaa3ebac46bPullThePlug Contest Call For Papers - The contest starts on October 10th 2005 and will end on February 10th 2006. Winners are announced by March 1st 2006.
9406a8a9b31a87f17502b58b5fac1516654a899b590e78f99fa0660926e34b87Ubuntu Security Notice USN-198-1 - Javier Fernandez-Sanguino Pena discovered that several tools in the cfengine package (vicf, cfmailfilter, and cfcron) create and use temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running the cfengine program.
2aa4c31f341783a73f1f184ee2e9b2e22f4f7f91814b7ffa56d84a645b4597e3Ubuntu Security Notice USN-196-1 - Ulf Harnhammar discovered a format string vulnerability in the CDDB module's cache file handling in the Xine library, which is used by packages such as xine-ui, totem-xine, and gxine. By tricking an user into playing a particular audio CD which has a specially-crafted CDDB entry, a remote attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user running the application. Since CDDB servers usually allow anybody to add and modify information, this exploit does not even require a particular CDDB server to be selected.
796d7145bfb2f5d85734f127e1dcefba1fcf7fad3158a7de2f75578a29187bd9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed