image n/a

Security Literature

image n/a Hacker Challenge Report (pdf)
image n/a ANI 0-day Analysis (pdf)
image n/a Firepass Security Advisory (pdf)
image n/a eDir Remote Code Exec (pdf)
image n/a ZERT & MS VML Patch (pdf)
image n/a Python To Extract Malware (pdf)
image n/a Torpig VMM/IDT Signatures (pdf)
image n/a Vmware Shellcode Injection (pdf)
image n/a Unpacking FSG (pdf)
image n/a Hacking the Packer (pdf)
image n/a Life and Times of Ddabx (pdf)
image n/a W0rd 0-day Dissassembly
image n/a Cryptography of SSH2
image n/a Upload Scripts & Toolkits
image n/a Red-Headed Browsers & WMF
image n/a Classic Trimode Exploit
image n/a ISC Malware Quiz 5 (pdf)
image n/a Access Log Analytics 2006
image n/a Assorted Incidentals 2005
image n/a Scan of the Month 34
image n/a MS JVMs ByteVerify Trojan
image n/a Awstats Linux Rootkit
image n/a Tri-Mode Browser Exploits
image n/a Namibian TIBS Infection
image n/a Bestfriends and Sdbot Rootkit
image n/a Gwee Exploits Webmail
image n/a XSS, Triple-encoded Exploit
image n/a telnet:// used in IE Exploit
image n/a Investigating CHM Exploits
image n/a Investigating Netwin Malware
image n/a Short Security Discussions
image n/a Short Proof of Concepts
image n/a Attack Signatures and Analysis
image n/a First Trojan Tracking Journey

Vulnerabilities

This page contains a list of vulnerabilities that I have identified and/or researched since March of 2006. All bugs were reported responsibly and fixed prior to disclosure on this web site. The target institution or product is confidential in some reports and available in others. The icons on this page are taken from the MINIMALIZM v1.0 icon set by (Razor99).

Binaries

Novell eDirectory Remote Code Exec Stack Overflow
Novell eDirectory/iMonitor URI Stack Overflow Analysis (soon)
Injecting Shellcode Into Running Vmware Guests
Tumbleweed MailGate Remote Code Exec Stack Overflow
PE Analyzer Local DoS Condition

Browser / Web Based

Multiple Vulnerabilities in F5 FirePass SSL VPN
Cross Site Scripting - Bank Contact Page
SQL Injection - Bank Maintenance Login Form
Cross Site Scripting - University Online Bookstore
SQL Injection - Bank Job Application Pages
Art of Memory Forensics

Malware Analyst's Cookbook

Site design and layout with umm...a bash shell. Graphic by (Aaron Bieber)
Unless otherwise noted, this work is licensed with (Creative Commons Attribution License).