4li3n’s after midnight useless news and links – 2010.12.01

[INFO] How to create a shellcode on ARM architecture -> http://goo.gl/ErmM3
[EXPLOIT] NIBE Heat Pumps exploit code for RCE & LFI with root rights -> http://goo.gl/FrOwf
[EXPLOIT] Advanced analysis of the 2010-11-24 local Windows kernel exploit -> http://goo.gl/itAlD
[INFO] Is iPhone identifiable on WiFi network? -> http://goo.gl/6Hrzw
[DISCLOSURE] Twitter – Security bug in user profiles (HTML, JS, Malware) -> http://goo.gl/tEw7Y
[TOOL] aadp4olly v0.2 -> http://goo.gl/bAQNk
[INFO] Avoiding AV Detection: A follow-up to the USB Stick O’Death -> http://goo.gl/Rjzb2
[TOOL] Online tool helps you to configure Juniper, Nortel and Cisco switches -> http://goo.gl/8FhrE
[VIDEO] XerXes DoS Attack (I & II @vimeo) -> http://goo.gl/yCWRo , http://goo.gl/uCDjW
[VIDEO] Brucon 2010 videos released -> http://goo.gl/x8AaE
[ADVISORY] VMWare Security Advisory -> http://goo.gl/BbRVB
[POST] Sparse iPhone, iPad Screen Space Aids Phishers -> http://goo.gl/gS4M6
[EXPLOIT] XSRF (CSRF) in BEdita -> http://goo.gl/OpFcP
[EXPLOIT] Stored Cross Site Scripting vulnerability in BEdita -> http://goo.gl/fb/HeLUA
[EXPLOIT] XSS vulnerability in BEdita -> http://goo.gl/fb/OGucG
[EXPLOIT] Cross site scripting vulnerability in BLOG:CMS -> http://goo.gl/fb/jHitm
[EXPLOIT] XSRF (CSRF) in BLOG:CMS -> http://goo.gl/fb/HwGZp
[EXPLOIT] XSS vulnerability in BLOG:CMS -> http://goo.gl/fb/ze8MQ
[EXPLOIT] XSS vulnerability in BLOG:CMS -> http://goo.gl/fb/PHJmB
[METASPLOIT] Rev 11178 add REST version of axis2 deployer (& usage) -> http://goo.gl/yCWHE , http://goo.gl/Ci0FC

ESET’s Crackme Contest (via confidence.org.pl)

The contest has begun!

Your task is to retrieve data from a special application. Executable file can be found here!

Answer has to be sent to contest@eset.sk. Prize and glory awaits so test your self and collect the prize!

ESET Crackme” Contest Rules

  1. Contest Participants All participants of CONFidence conference held November 29 – 30, 2010 in Prague can enter the contest. No ESET employees will be admitted to participate.

  • Contest Organizers ESET, spol. s r.o. has the right to organize the contest as part of CONFidence conference, held November 29. – 30, 2010 in Prague based on agreement between the foundation Fundacja Wspierania Edukacji Informatycznej PROIDEA and ESET, spol. s r.o..
  • Contest Objective “ESET crackme” is a program that tests the ability and skills in reverse engineering. The objective of the contest is to arrive at the name and registration code embedded in the file.
  • Contest Prize The contest winner will receive hardware and software provided by ESET.
  • Contest Start The contest begins November 29th, 2010 at 14:00.
  • Contest End The contest will come to a close after the first submission of the correct solution, and will run no later than November 30th 2010, 17:00.
  • Contest Winner The winner will be the first entrant to send the correct name and registration code to contest@eset.sk
  • ‘Crack me’ Solution The contest results will be announced after the correct answer is sent to contest@eset.sk. The prize will be awarded after the announcement of results.
  • Original post: http://201002.confidence.org.pl/crack-me

    4li3n’s after midnight useless news and links – 2010.11.30

    [UPDATE] Snorby 2.0.0.pre Released -> http://goo.gl/T4LV5
    [INFO] SQL injection with raw MD5 hashes -> http://goo.gl/xpzaH
    [INFO] JavaScript Perlin flames in 1k -> http://goo.gl/fLX9h
    [ARCHIVE] Password lists -> http://goo.gl/b5CBy
    [TOOL] Audit tools for the ICMP attacks against TCP -> http://goo.gl/0Rzzj
    [INFO] Hidden Rootkit Services Detection -> http://goo.gl/5N1rs
    [UPDATE] Fiddler v2.3.1.0, web debugging proxy -> http://goo.gl/7OdVH
    [TOOL] T50 Sukhoi PAK FA: A Multipacket Injector -> http://goo.gl/iE1sN
    [EXPLOIT] Linux Kernel CAN SLUB Overflow -> http://goo.gl/1pJSc
    [EXPLOIT] Exploiting Stack Overflows in the Linux Kernel -> http://goo.gl/XbjGv
    [HOW-TO] Make a RFID key spoofer -> http://goo.gl/Q6OPT
    [POST] From 0x90 to 0x4c454554, a journey into exploitation -> http://goo.gl/f0717
    [SCRIPT] Validate rescan data from Nessus -> http://goo.gl/WYKLa
    [VIDEO] NoScript 2.0.5.1 Bypass – “Reflective XSS” through Union SQL Poisoning Trick -> http://goo.gl/FH2So
    [INFO] Using Nikto with Metasploit -> http://goo.gl/iAH4q
    [TOOL] CarniWWWhore: a web interface for the dionaea honeypots postgres db -> http://goo.gl/H3UHz
    [NEWS] 7-Zip 9.2 now unpacks some .EXE and Flash Files -> http://goo.gl/ihPGV
    [POST] Packet Payloads, Encryption and Bacon -> http://goo.gl/k91Dz
    [INFO] Finding iPhones/iPods using Google/Shodan (translated with Google translate) -> http://goo.gl/jbBxB
    [INFO] UI Spoofing Safari on the iPhone -> http://goo.gl/viKJu
    [INFO] Breaking it Down: How to start deploying Microsoft Desktop Virtualization technologies (+videos) -> http://goo.gl/dfsNf
    [INFO] Armitage Metasploit GUI in BackTrack 4 r2 -> http://goo.gl/rMlJB

    4li3n’s after midnight useless news and links – 2010.11.29

    [EXPLOIT] CA Internet Security Suite 2010 KmxSbx.sys Kernel Pool Overflow 0day -> http://goo.gl/ltRvA
    [UPDATE] Agnitio: the manual security code reviews User Guide released -> http://goo.gl/Nz90b
    [UPDATE] Arachni: Web Application Security Scanner Framework v0.2.1 released (tar.gz) -> http://goo.gl/v8oiU
    [UPDATE] SoftPerfect Network Scanner v5.0.4 released -> http://goo.gl/b4yPK
    [UPDATE] L0phCrack v6.0.10a released -> http://goo.gl/yilvS
    [UPDATE] CVEchecker Dev Release v1.20101127.0 available -> http://goo.gl/FP0f1
    [TOOL] NmapSi4: A complete Qt4-based Nmap GUI -> http://goo.gl/dRVKO
    [NEWS] Two new NTLM tables from RainbowCrack -> http://goo.gl/vck8t
    [TOOL] Stresslinux v0.6.105 released (monitoring the health of your system) -> http://goo.gl/paYLk
    [UPDATE] Skipfish v1.80 beta in the wild -> http://goo.gl/5GLgc
    [INFO] Quering webcams with Shodan (default access to SQ-WEBCAM is admin/admin) -> http://goo.gl/ogVMT