Hey list,
If you're interested in a short analysis of Microsoft's new EAF
pseudo-mitigation
and how to bypass it, have a look here:
http://skypher.com/index.php/2010/11/17/bypassing-eaf/
Cheers,
SkyLined
Berend-Jan Wever
Delft, The Netherlands
http://skypher.co
Goedemiddag,
Oracle has released a patch for a vulnerability in Java 6 that I reported to
them. If you like to know more, you can read about it here:
http://skypher.com/index.php/2010/10/13/issue-18-oracle-java-applet-childre/
Cheers,
SkyLined
Berend-Jan Wever
Delft, The Netherlands
http
com/index.php/2010/10/12/issue-21-wmp-memory-corruption-using-popups/>
Berend-Jan Wever
Delft, The Netherlands
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Host
nevermind the fact that a "good" program in your list may contain as yet
unknown vulnerabilities which mean it's actually bad.
On Sep 19, 2010 7:08 PM, "Georgi Guninski" wrote:
> On Sun, Sep 19, 2010 at 06:21:35PM +0200, Pavel Kankovsky wrote:
>> On the other hand, It is possible to "detect all ba
: http://code.google.com/p/skylined/issues/detail?id=17
Cheers,
SkyLined
<http://skypher.com/>
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsore
exploit it, why don't you encode your shellcode to
lowercase alphanumeric using ALPHA3?
http://code.google.com/p/alpha3/
Berend-Jan Wever
http://skypher.com/SkyLined
On Wed, Mar 17, 2010 at 3:20 PM, sachin shinde wrote:
> hi,
>
>
> There is classic buffer/Stack overflow in wo
ndings, so if you read this, send me an email and I'll get you up
to speed.
Cheers and thanks,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.
t being a native English
speaker, I may inadvertently have said things completely wrong again. I look
forward to correcting my mistakes as they show up on other news sites in the
future.
Cheers,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
On Mon, Mar 1, 2010 at 4:51 PM, Berend-Jan Wever
-exploiter-2-dep/
Cheers,
SkyLined
<http://skypher.com/index.php/2010/03/01/internet-exploiter-2-dep/>
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
High
and Critical impact
bugs*<http://dev.chromium.org/developers/severity-guidelines>
*, but any clever vulnerability at any severity might get a reward.
Obviously, your bug won't be eligible if you worked on the code or review in
the area in question."*
Cheers,
SkyL
How about rebranding to ZID, as in Zero Information Disclosures?
Berend-Jan Wever
http://skypher.com/SkyLined
On Thu, Jan 21, 2010 at 9:07 PM, ZDI Disclosures <
zdi-disclosu...@tippingpoint.com> wrote:
> ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update
>
hes/>
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
For those interested in shellcode: download and LoadLibrary shellcode has
some benefits over download & execute shellcode. Read more about it here:
http://skypher.com/index.php/2010/01/11/download-and-loadlibrary-shellcode-released/
Cheers,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyL
<http://code.google.com/p/alpha3/> for
automatically testing if all the en-/decoders work.
Testival requires SkyBuild <http://code.google.com/p/skybuild/> to
automatically build all files.
Cheers,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
__
ode.com/files/ALPHA3.zip
Cheers,
SkyLined
<http://skypher.com/index.php/2010/01/10/alpha3-released/>
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
code into releasable shape.
Cheers,
SkyLined
<http://skypher.com/index.php/2010/01/02/countslide-alphanumeric-getpc/>
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-d
tp://www.milw0rm.com/exploits/656>
.
http://skypher.com/index.php/2010/01/02/beta3-released/
Cheers,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
Microsoft bulletin:
http://www.microsoft.com/technet/security/bulletin/MS09-054.mspx
Short description and repro information:
http://skypher.com/index.php/2009/10/13/ms09-054cve-2009-1547-data-stream-header-corruption-vulnerability/
Cheers,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
/13/memory-corruption-when-loadingunloading-adobe-objects-through-embed-tag-in-firefox/>
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponso
FYI: ASLR & DEP can be bypassed on x86, there's just nothing public at the
moment.
Cheers,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
On Thu, Oct 1, 2009 at 6:44 PM, Freddie Vicious wrote:
> Yes, I am aware of the JVM and the Flash AVM heap spray techniques, no
>
):
V34djPXP4Hd30V3v034dYV34014dZX4vP4v4PHPfh11DX5PRRRV34dNj334d3D241D24XXfX3D28f1D28jAXLX3Dqh3Tpl1Tpl96
Quick intro to GetPC code:
http://skypher.com/wiki/index.php/Hacking/Shellcode/GetPC
Thanks,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter
Some details + repro:
http://skypher.com/index.php/2009/04/19/ms09-014-embed-element-memory-corruption/
Cheers,
SkyLined
Berend-Jan Wever
http://skypher.com/SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full
lightly modified) to milw0rm as his code
as well (http://milw0rm.com/exploits/8219).
Some say plagiarism is the sincerest form of flattery, so I guess I'll start
obfuscating my repros into ASCII art that says "SkyLined" to prevent any
more people from flattering me.
Cheers,
Sky
B
title=Shellcode/w32_SEH_omelet_shellcode
http://code.google.com/p/w32-seh-omelet-shellcode/
I have not had a chance to test this newer version in a live exploit, so do
let me know if you have a chance to use it.
Cheers,
SkyLined
B
Berend-Jan Wever http://skypher.com
On Wed, Jan 7, 2009 at 6:04 PM, Berend-Jan Wever
wrote:
> This bug was reported by me to Mozilla in September. It is DoS
> only.<https://bugzilla.mozilla.org/show_bug.cgi?id=456727>
> https://bugzilla.mozilla.org/show_bu
..@xul!jvm_maybeshutdownliveconnect+0xdbe0/repro.html
How about giving some credit where it's due?
Cheers,
SkyLined
--------
Berend-Jan Wever http://skypher.com
On Wed, Jan 7, 2009 at 4:
than offer it to me to write you an
exploit? Then again, I do find your emails amusing...
Cheers,
SkyLined
Berend-Jan Wever http://skyphe
Cheers,
SkyLined
------------
Berend-Jan Wever http://skypher.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
et me know.
Cheers,
SkyLined
Berend-Jan Wever http://skypher.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-discl
e
and their fix being online. In my experience that is really, really fast!
Cheers,
SkyLined
Berend-Jan Wever <[EMAIL PROTECTED]> http://
heers,
SkyLined
--------
Berend-Jan Wever <[EMAIL PROTECTED]> http://skypher.com
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
H
Hi all,
I've not had as much opportunity in the last three years to contribute, but
I do have some new stuff: I've decided to pre-release some parts of ALPHA3,
the upcoming new version of my alphanumeric shellcode encoder:
* I've reduced the size of the mixedcase ascii decoder:
http://skypher.com/
Hi all,
I recently stumbled upon this;
http://ha.ckers.org/blog/20070709/nduja-cross-domainwebmail-xss-worm/
In short: It mentions a "new" kind of XSS worm; one that can infect multiple
domains. I attempted to reply but my reply mysteriously never made it to the
page. In an attempt to set the rec
Hi all,
I'm looking for a way to contact SMC (www.smc.com) security people about a few vulnerabilities in their routers. Both [EMAIL PROTECTED] and
[EMAIL PROTECTED] failed.
Cheers,
SkyLined-- Berend-Jan Wever <[EMAIL PROTECTED]>http://spaces.msn.com/members/ber
http://www.milw0rm.com
Somewhere I totally forgot to credit Tom Ferris for finding the
vulnerability. I hate it when people forget credits and now I am one
of them :(.
Please update your copy if you have mirrored it on your site.
Cheers,
SkyLined
--
Berend-Jan Wever <[EMAIL PROTECTED]>
for this reason:
<[EMAIL PROTECTED]>: ezmlm-reject: fatal: Sorry, I don't accept messages of MIME Content-Type 'multipart/alternative' (#5.2.3)
I'm wondering if it's just me or everybody that uses gmail?-- Berend-Jan Wever <[EMAIL PROTECTED]>
is both a trojan and spyware.
Cheers,SkyLined-- Berend-Jan Wever <[EMAIL PROTECTED]
>http://www.edup.tudelft.nl/~bjwever
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
licy with a shorter, less confusing version:
Here's some candy, go play!
Btw. All your base are belong to us.
Cheers,
SkyLined
-- Berend-Jan Wever <[EMAIL PROTECTED]>http://www.edup.tudelft.nl/~bjwever
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Sorry for the noize, no usefull info in here.
Anybody knows a security contact for Shazara? They have forums and such, but you need to register, which I hate. I want to contact them through email anyway.
Cheers,
SkyLined
-- Berend-Jan Wever <[EMAIL PROTECTED]>http://www.edup.tude
ution Prevention),
- Turn off _javascript_,
- Switch to another browser,
- Do not browse untrusted sites,
- Do not browse the web at all,
- Unplug your machine from the web,
- Wear a tinfoil hat.
Cheers,
SkyLined
On 9/10/05, Berend-Jan Wever <[EMAIL PROTECTED]> wrote:
(Just a little heads up, no
licly untill patches are out.
On a side note: it took only about 3 hours and 30 minutes to develop the exploit, so I might not be the only one able to write it.
Cheers,
SkyLined-- Berend-Jan Wever <[EMAIL PROTECTED]>http://www.edup.tudelft.
Disclaimer: The information in this email is distributed WITHOUT ANY WARRANTY, TO THE EXTENT PERMITTED BY APPLICABLE LAW; without even the implied warranty of CORRECTNESS or FITNESS FOR A PARTICULAR PURPOSE. You know the drill...
Affected products: Various COM objects when loaded in Mi
risk even more.
Therefore, my suggestion to the Mozilla Foundation is to raise the severity status of the vulnerability to 'High' or 'Critical'.
Best regards,Aviv Raff.
-- Berend-Jan Wever <[EMAIL PROTECTED]>http://www.edup.tudelft.nl/~bjwever
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
ASCII-fy" it.
See ALPHA2.
> Would dissembler do what you want? It should be able to squeeze the > ascii shellcode for you ;-)
Nice tool ;) But printable characters are not all alphanumeric characters.
Cheers,
SkyLined-- Berend-Jan Wever <[EMAIL PROTECTED]>http://www.edup.tudelf
I propose we up the age limit to post on full-disclosure to 14.
Cheers,
SkyLined
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
Cheers,
SkyLined
PS. I was pretty surprised nobody asked me why I went from Internet Exploiter 1
to Internet Exploiter 3 so now you know.
.---,
/ Berend-Jan Wever aka SkyLined
46 matches
Mail list logo