Domain: recon.cx
Stories and comments across the archive that link to recon.cx.
Comments · 10
-
Slick tools like this
Intel Management Engine . Direct download document
-
Re:Decode the protocol?
The code is heavily obfuscated to prevent reverse engineering (encrypted code, checksums, debugger detection, all kinds of fun).
-
Re:Decode the protocol?
The code is heavily obfuscated to prevent reverse engineering (encrypted code, checksums, debugger detection, all kinds of fun).
-
Re:Pwned
Nominees
- Best Server-Side Bug
- Best Client-Side Bug
- Mass 0wnage
- Most Innovative Research
- Lamest Vendor Response
- Most Overhyped Bug
- Best Song
- Most Epic FAIL
- Lifetime Achievement Award
We received 134 submissions for the Pwnie Awards, of which we've selected 37 nominees. Please select an award category from the list above to see the nominees.
The winners of the Pwnie Awards will be anounced on August 6, 2008 at a ceremony at the BlackHat USA conference in Las Vegas.
Pwnie for Best Server-Side Bug
Awarded to the person who discovered the most technically sophisticated and interesting server-side bug. This includes any software that is accessible remotely without using user interaction.
-
Windows IGMP kernel vulnerability (CVE-2007-0069)
Discovered by: Alex Wheeler and Ryan Smith
Not only did Alex Wheeler and Ryan Smith lay claim to a lucky CVE number, they also laid down the law with a remote kernel code execution vulnerability that was exploitable in the default firewall configuration on Windows XP, 2003 and Vista. Despite the SWI team's claim that its exploitation is "unlikely in real-world conditions", Kostya Kortchinsky was able to develop a highly reliable exploit for this vulnerability.
-
NetWare kernel DCERPC stack buffer overflow
Discovered by: Nicolas Pouvesle
At REcon 2008, Nicolas Pouvesle demonstrated some amazing NetWare-Fu with his kernel exploitation techniques and staged payloads for a stack overflow in the DCERPC stack in the NetWare kernel. Besides impressing everyone at the conference (not to mention all of the Quebecois women around Montreal), he also struck fear into the hearts of NetWare administrators everywhere. All three of them.
This vulnerability also shows how there can often be similar vulnerabilities in different implementations of the same functionality. And when a vulnerability in one implementation is found and fixed, similar bugs in other implementations may go unnoticed for a while. What does it take to make a vendor like Novell audit their DCERPC code for simple vulnerabilities? A widespread worm exploiting a stack overflow in the Microsoft DCERPC stack, crippling large portions of the Internet, and supposedly causing a blackout of the entire East Coast of the USA? Apparently not.
-
ClamAV Remote Command Execution (CVE-2007-4560)
Discovered by: Nikolaos Rangos
This vulnerability was a remote command injection in the recipient e-mail address of an e-mail message examined by the ClamAV open-source AntiVirus scanner. In a nod to 1993, ClamAV called sendmail with popen(), placing the recipient e-mail address right there in the command. With open source anti-virus products, Linus's Law clearly does hold: "Given enough eyeballs, all bugs shallow", even the ones that we knew about fifteen years ago.
-
SQL Server 200
-
Re:What about Macs ?
From http://www.recon.cx/en/f/vskype-part2.pdf:
When skype client has a good score (bandwidth + no firewall + good cpu he
can be promoted to supernode
Do we have an answer? -
Re:What about Macs ?Skype contains encrypted code, self-modifying code, timing loops to detect whether it's running inside a debugger, and any number of other tricks to prevent reverse engineering. Which hasn't stopped people trying:
http://www.recon.cx/en/f/vskype-part1.pdf
http://www.recon.cx/en/f/vskype-part2.pdf -
Re:What about Macs ?Skype contains encrypted code, self-modifying code, timing loops to detect whether it's running inside a debugger, and any number of other tricks to prevent reverse engineering. Which hasn't stopped people trying:
http://www.recon.cx/en/f/vskype-part1.pdf
http://www.recon.cx/en/f/vskype-part2.pdf -
Re:Umm, batteries?
RFID don't need battery and can be "secure" but there is no indication that this one is.
http://2005.recon.cx/recon2005/papers/Jonathan_Wes thues/jwesthues.pdf -
Upcoming Presentation on a Similar Topic
I'm giving a talk on a similar concept at the upcoming RECON. I call this concept 'honeyclients'. As part of the talk, a BSD-licensed honeyclient prototype will be released. Another person who is doing work in this area is Thorsten Holz, of the German Honeynet Project. His whitepaper is here.
-
hax0r cons... in Canada?
Recon 2005 , a "reverse engineering and exploit development" con, takes place this June in Montreal, Quebec. It looks quite interesting, but conflicts with my attendance at the upcoming deviantART summit in Santa Monica, California.
-r