[Full-disclosure] Hal Turner exposé no. 2 (c ourtesy of GAPP & goudatr0n)

2007-12-31 Thread Roll Offle
+---+ | _|_|_| _|_| _|_|_| _|_|_| | | _| _|_| _|_| _|_| | | _| _|_| _|_|_|_| _|_|_| _|_|_| | | _|_| _|_| _|

Re: [Full-disclosure] [Professional IT Security Providers - Exposed]QuietMove ( D - )

2007-12-31 Thread Randal T. Rioux
> > QuiteMove > http://www.quitemove.com > QuietMove > A tad more attention to details would be nice. Good thing you're not graded on spelling here. C-. Happy New Year, Randy ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk

Re: [Full-disclosure] [Professional IT Security Providers - Exposed] QuietMove ( D - )

2007-12-31 Thread Bob Bruen
Well, I guess this settles how you should be judged. Spelling is hard, especially when complaining about somebody else. Is it quitemove.com or quietmove.com? Not quite, eh? -- bob On Mon, 31 Dec 2007, secreview wrote: QuiteMove, located at http://www.quitemove.com is a small Profe

[Full-disclosure] [Professional IT Security Providers - Exposed] QuietMove ( D - )

2007-12-31 Thread secreview
QuiteMove, located at http://www.quitemove.com is a small Professional IT Security Services Provider that offers Training services, Incident Response Services, Web Application Security Services and Penetration Testing Services. QuiteMove was started by Adam Munter in 2006 along with Jeffrey Rassas,

Re: [Full-disclosure] Blog Entry of Interest

2007-12-31 Thread James Matthews
Very nice article! On Dec 31, 2007 10:07 AM, Ben <[EMAIL PROTECTED]> wrote: > I just updated my blog with an analysis of a level on a wargame I was > playing (pulltheplug). It gives a technical overview (hopefully without > ruining the level) of a successfull attack on a PAX secured system (non-

Re: [Full-disclosure] IBM Domino Web Access Upload Module inotes6w.dll SEH Overwrite Exploit

2007-12-31 Thread reepex
seh overwrites are the new alert(document.cookie) ? On Dec 31, 2007 8:55 AM, <[EMAIL PROTECTED]> wrote: > This one is the same offset as dwa7w and the same class id as > inotes6. Basically inotes6 and inotes6w share the same class id, > except that inotes6w is unicode. dwa7w is unicode and has a

[Full-disclosure] IBM Domino Web Access Upload Module inotes6w.dll SEH Overwrite Exploit

2007-12-31 Thread elazar
This one is the same offset as dwa7w and the same class id as inotes6. Basically inotes6 and inotes6w share the same class id, except that inotes6w is unicode. dwa7w is unicode and has a different class id. Code is inline, I would attach it except for the fact that I set off way to many av scan

[Full-disclosure] Blog Entry of Interest

2007-12-31 Thread Ben
I just updated my blog with an analysis of a level on a wargame I was playing (pulltheplug). It gives a technical overview (hopefully without ruining the level) of a successfull attack on a PAX secured system (non-exec stack) exploiting a stack buffer overflow on a statically linked multi threa