Xcon 2005: New thoughts in ring3 nt rootkit
d0dc6ba9e5e2a145d29838a6a02926fda4ac8adb83af61bd3c4f840f4af2a2f0
PhoenixContact Programmable Logic Controllers are built upon a variant of ProConOS. Communicating using a proprietary protocol over ports TCP/1962 and TCP/41100 or TCP/20547. It allows a remote user to read out the PLC Type, Firmware and Build number on port TCP/1962. And also to read out the CPU State (Running or Stopped) AND start or stop the CPU on port TCP/41100 (confirmed ILC 15x and 17x series) or on port TCP/20547 (confirmed ILC 39x series).
121da6ea0c1ed5792460a8fc75979c956e19cb91d2f862453bd1833c0c4711f2
This is a proof of concept of an OS X / iOS kernel use-after-free racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient.
79081df20f058ae04524d60bd64ede2274ad0427278d2da4608b9c9253bfcd1f
There is an OS X exploitable kernel NULL pointer dereference in AppleMuxControl.kext.
882ed3c4cf58751cbf4938eb0d1c050d9a0e55f797c654e4b25181c2edfb6e6a
iOS / OS X kernels suffer from a use-after-free / double free vulnerability due to lack of locking in IOHDIXControllUserClient:clientClose.
adb1b7847f70f13cf0c6ea874eee96b6c0668190e0c8da0a1d59183341cb8770
Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x10 0 byte structure input from which it reads a userspace pointer and a size which it passes to IOHDIXController::convertClientBuffer. This wraps the memory pointed to by the userspace pointer in an IOMemoryDescriptor then takes the user-provided size, casts it to a 32-bit type and adds one. It passes that value to IOMalloc. By passing a size of 0xffffffff we can cause an integer overflow and IOMalloc will be passed a size of 0. IOMalloc falls through to kalloc which will quite happily make a 0-sized allocation for us and return a valid, writable kernel heap pointer.
7c1b4d44f576a45333e8a5f38a438bc7780560237ca558e684660c3e2a87a9cb
The AjaxControlToolkit prior to version 15.1 has a file upload directory traversal vulnerability which on a poorly configured web server can lead to remote code execution.
3ecb8a9a5021d70b1e7c79052e7ca74b09b23fe34ddae56eae4bc7ed860ab73e
The Breakpoint 2015 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia October 22nd through the 23rd, 2015. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organized by the Ruxcon team and offers a specialized security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research.
19e84712fa0b6cf1b29e7e5db80167952c55e550bfbbec88311c75a7622feec2
Ruxcon 2015 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of the 24th and 25th of October at the CQ Function Centre, Melbourne, Australia.
a676d8b05a3036e8fccbea4e229d65d193e4eda232e50c32e895a58a3920e2d9
The Breakpoint 2014 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia October 8th through the 9th, 2014. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organized by the Ruxcon team and offers a specialized security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research.
51295251d034007a82e1fcd395c19ee9d0d2a864ef12982d4645554778062163
Ruxcon 2014 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of the 11th and 12th of October at the CQ Function Centre, Melbourne, Australia.
9926fc8ff7b928e9ca8836613b897aed5bdebc0a2ed3dd14bbd749357e065645
Ruxcon 2013 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of 26th and 27th of October at the CQ Function Centre, Melbourne, Australia.
8ebb6efde087b84a046399571288fbdbd808cd206ebf4276c0ed862e153e9a24
The Breakpoint 2013 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia October 24th through the 25th, 2013. Breakpoint showcases the work of expert security researchers from around the world on a wide range of topics. This conference is organized by the Ruxcon team and offers a specialized security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint caters towards security researchers and industry professionals alike, with a focus on cutting edge security research.
08009c8fd4e78f803da53c08c7dd02afd1898a3a6d3b8189d616f027359c0912
The Breakpoint 2012 Call For Papers has been announced. It will take place at the Intercontinental Rialto in Melbourne, Australia on October 17th through the 18th, 2012. Breakpoint is organized by the Ruxcon conference team and will offer a specialized and more professional security conference to complement and lead into the larger and more casual Ruxcon weekend conference. Breakpoint will cater towards security researchers and industry professionals alike, with a focus on cutting edge security research.
a25e1d3ca8e692e5a312cab2b84061b369bb7f4085db5d4e48d3205efe73846c
Ruxcon 2012 Call For Papers - Ruxcon is the premier technical computer security conference in the Australia. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations. This year the conference will take place over the weekend of 20th and 21st of October at the CQ Function Centre, Melbourne, Australia.
967b14c2cc86eb829ac73a7d5559ae16ecaeaee7a00dda16841f0629ce75679a
Call For Papers for XCon 2012. This conference will take place from August 14th through the 16th, 2012 in Beijing, China.
45bdc46d0347c62dd83cbbf9a35e84518e9aa61dc4dc344a96efe7beaa3e0161
The AvidPhoneticIndexer.exe network daemon that ships with Avid Media Composer version 5.5 suffers from a remote stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory and a Metasploit module.
a6100e77da08ab7504d889909384925c152f4a923056b91aef442070ec7d5eeb
StoryBoard Quick version 6 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
a58071791bae0e9b02ab74ae8bc27fb0a782edd806f7f95a6330d6c8d53fb41c
Muster Render Farm Management System version 6.1.6 suffer from an arbitrary file download issue due to a directory traversal vulnerability. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. The advisory in this archive includes exploitation details.
4c7c5caf872d4ace08b11d687019c73a366d5da96d3cb3fa5d8590c61b7d691a
Final Draft version 8 suffers from a file format stack buffer overflow. This was demonstrated at Ruxcon 2011 in the Hacking Hollywood talk. Included in this archive are the advisory, a proof of concept and a Metasploit module.
ac3e47d5874fd1d4daad7534970506cf6afc9f213d1d90f20086b45e813dcbbd
These are the slides from the Hacking Hollywood presentation given at Ruxcon 2011. It documents vulnerabilities that the researcher discovered in various pieces of software in use by large Hollywood studios. Be sure to check out the related files for this presentation as there are multiple proof of concept exploits and advisories.
011cfd9dd1552c8137cc5620c4e38a3b1986aa931e278523ef781e70dd75adf5
Ruxcon 2011 Call For Papers - Ruxcon is the premiere technical computer security conference within Australia. Ruxcon aspires to bring together the individual talents of the best and the brightest security folk within the Aus-Pacific region, through live presentations, activities, and demonstrations. It will take place from November 19th through the 20th, 2011.
0fa8e6e3b447e482a1a6aa7ba89b5b0dd2059090c363dc7db440306ec35c9a1c
Call For Papers for XCon 2011. This conference will take place from September 1st through the 2nd in Beijing, China.
ef905cc7821d521902c734ae6670a767ab29b3c3f4cc47215148db7d37119b6a
Call For Papers for XCon 2010. This conference will take place from August 4th through the 5th in Beijing, China.
96021905328d68d4a9eb7e14504674a9f97acc476e51170f314e166b4db3c075
RuxCon 2010 Call For Papers - Ruxcon is the premiere technical computer security conference within Australia. Ruxcon aspires to bring together the individual talents of the best and the brightest security folk within the Aus-Pacific region, through live presentations, activities, and demonstrations. It will take place from December 4th through the 5th, 2010.
9d7f05b6d2811522e41478d287282f2a113e9554be09018c9212af013bc8542b
Call For Papers for XCon 2009. This conference will take place from August 18th through the 19th in Beijing, China.
b5ac5f58a11d24a589f17cfd4dd72f66ff41f0d80406fca7540b2a3f4ba622f9