Re: [Full-disclosure] [Dailydave] PAPER: Securing The Kernel via Static Binary Rewriting and Program Shepherding

On Mon, May 9, 2011 at 11:23 PM, Adrien Kunysz wrote: > On Mon, May 09, 2011 at 11:58:41AM +0200, Piotr Bania wrote: >> LINK TO THE PAPER: >> http://www.piotrbania.com/all/articles/pbania-securing-the-kernel2011.pdf > > Is the code available publicly? > Nope, code is

[Full-disclosure] PAPER: Securing The Kernel via Static Binary Rewriting and Program Shepherding

-- Piotr Bania - - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33

[Full-disclosure] PAPER: JIT spraying and mitigations

icles/pbania-jit-mitigations2010.pdf PAPER MIRROR: http://kryptoslogic.com/download/JIT_Mitigations.pdf best regards, pb -- Piotr Bania - - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33

[Full-disclosure] PAPER: Security Mitigations for Return-Oriented Programming Attacks

s, pb -- Piotr Bania - - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33 - "The more I learn abou

[Full-disclosure] RELEASE: SMB2 REMOTE EXPLOIT (VISTA SP1/SP2) + HACKTRO

n the ascii g00gle ads to support our cause. ODZYSKAMY POLMOS! thank you and have a nice winter! _o/ * - alcohol-free ((:) [1] - http://blog.metasploit.com/2009/10/smb2-351-packets-from-trampoline.html -- Piotr Bania - -

[Full-disclosure] PAPER: Evading network-level emulation

together with providing potential countermeasures against this type of detection method. Paper can be found at: http://piotrbania.com/all/articles/pbania-evading-nemu2009.pdf best regards, pb -- -------- Piotr Bania - - 0xCD, 0x19 F

Re: [Full-disclosure] PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

unpack, to be honest I have never used it but i surely will give it a try. Thanks. - pb -- -------- Piotr Bania - - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689

[Full-disclosure] PAPER: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs

best regards, pb -- Piotr Bania - - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Key ID: 0xBE43AC33

[Full-disclosure] PAPER: Dynamic Data Flow Analysis via Virtual Code Integration (aka The SpiderPig case)

lysis. Paper is available here: http://piotrbania.com/all/spiderpig/pbania-spiderpig2008.pdf Simple video demo and some other things available on project website: http://piotrbania.com/all/spiderpig/ best regards, Piotr Bania --

[Full-disclosure] Some "old" advisories: MS09-011 and VMware detection/DoS

/adv/vmware-io-adv.txt best regards, Piotr Bania * - probably other VMware virtualization products are affected as well -- Piotr Bania - - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http

[Full-disclosure] KON-BOOT for Windows and Linux (Password Bypassing Utility for Forgetting Heads)

lost your password? Now it doesnt matter at all :-) You can download Kon-Boot Windows&Linux version from the project website: http://piotrbania.com/all/kon-boot/ Please note: You may use this software only for personal, legal and non-commercial activity. best regards, Piotr Bania [1] h

[Full-disclosure] Kon-Boot v.1.0 - booting-time ultimate linux hacking utility ; )

page: http://piotrbania.com/all/kon-boot/ best regards, Piotr Bania -- -------- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotrbania.com - Ke

[Full-disclosure] RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption

RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Corruption by Piotr Bania <[EMAIL PROTECTED]> http://www.piotrbania.com Original url (and formatting): http://www.piotrbania.com/all/adv/realplayer-heap-corruption-adv.txt Severity: Important/Critical - Pot

[Full-disclosure] RealNetworks RealPlayer/RealOne Player/Helix Player Remote Memory Corruption

RealNetworks RealPlayer/RealOne Player/Helix Player Remote Memory Corruption by Piotr Bania <[EMAIL PROTECTED]> http://www.piotrbania.com Original url (and formating): http://www.piotrbania.com/all/adv/realplayer-memory-corruption-adv.txt Severity: Critical - Remot

[Full-disclosure] Disinfectors for the calculator virus (ti89.Gaara)

Binary: http://piotrbania.com/all/ti89/dis2.89z i hope you will find them somehow interresting. best regards, pb -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689

[Full-disclosure] POC CODE - TI89 Titanium Resident EPO Calculator Virus (T89.GAARA)

/all/ti89/ *EDUCATIONAL PURPOSES ONLY WHATSOEVER* best regards, pb -- ---- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.piotr

[Full-disclosure] AOL Nullsoft Winamp IT Module "IN_MOD.DLL" Remote Heap Memory Corruption

AOL Nullsoft Winamp IT Module "IN_MOD.DLL" Remote Heap Memory Corruption by Piotr Bania <[EMAIL PROTECTED]> http://www.piotrbania.com Severity: Important - Potencial remote code execution. Software affected: Tested on AOL Nullsoft Winamp v5

[Full-disclosure] AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero)

AOL Nullsoft Winamp LIBSNDFILE.DLL Remote Memory Corruption (Off By Zero) by Piotr Bania <[EMAIL PROTECTED]> http://www.piotrbania.com Severity: Critical - Possible remote code execution. Software affected: Tested on AOL Nullsoft Winamp v5.33 (x86)

[Full-disclosure] AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption

AOL Nullsoft Winamp S3M Module "IN_MOD.DLL" Remote Heap Memory Corruption by Piotr Bania <[EMAIL PROTECTED]> http://www.piotrbania.com Severity: Important - Potencial remote code execution. Software affected: Tested on AOL Nullsoft Winamp v5

[Full-disclosure] Apple QuickTime Player Remote Heap Overflow

Apple QuickTime Player Remote Heap Overflow by Piotr Bania <[EMAIL PROTECTED]> http://www.piotrbania.com All rights reserved. Severity: Critical - potencial remote code execution. Software affected: Tested on QucikTime 7.1 (W

[Full-disclosure] Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite

Adobe Reader Remote Heap Memory Corruption - Subroutine Pointer Overwrite by Piotr Bania <[EMAIL PROTECTED]> http://www.piotrbania.com Orginal url:http://www.piotrbania.com/all/adv/adobe-acrobat-adv.txt Severity: Critical - Possible remote code execution.

[Full-disclosure] Apple QuickTime Player H.264 Codec Remote Integer Overflow

Apple QuickTime Player H.264 Codec Remote Integer Overflow by Piotr Bania <[EMAIL PROTECTED]> http://www.piotrbania.com All rights reserved. Severity: Critical - potencial remote code execution. CVE:CV

[Full-disclosure] Re: Windows PE Checksums

ing your own checksumer. best regards, pb -- -------- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://www.

[Full-disclosure] Kadu Remote Denial Of Service Fun

Hi all, Some little Kadu fun info: http://www.piotrbania.com/all/adv/kadu-fun.txt best regards, pb -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC3

[Full-disclosure] DISIT - OPEN SOURCE DISASSEMBLER ENGINE

Hi, If someone is interrested I have released beta version of my disassembler engine, available here: http://www.piotrbania.com/all/disit/ best regards, Piotr Bania -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD

Re: [Full-disclosure] [EEYEB-2000801] - Windows Embedded Open Type

Hi, Damn, shit happens, you were first, i have just finished writting the initial raport: http://www.piotrbania.com/all/adv/MS06-002-adv.txt best regards, pb -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Finge

[Full-disclosure] RE: WMF round-up, updates and de-mystification

DOES NOT rely on ANY signatures.I really advice you to study, before you will talk about things you really don't understand. Anyway, I must confess I'm under impression of yours "bypassing snort sigs" mad skillz, ph33r. E

RE: [Full-disclosure] RE: WMF round-up, updates and de-mystification

rbania.com/all/protty_vs_wmf_exploit.avi (Ah, btw. it was tested on my old machine with some really slow CPU model so forgive me the video lags...) best regards, Piotr Bania -- -------- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD,

[Full-disclosure] RE: Execution Prevention (Was: A small editorial)

Hello, Appending to the "topic", several months ago i have created my own protection mechanism (http://www.piotrbania.com/all/protty/), full description was attached to Phrack#63. Maybe you will find it useful :) best regards, P

[Full-disclosure] Advisory: Apple QuickTime PICT Remote Memory Overwrite

Apple QuickTime PICT Remote Memory Overwrite by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info All rights reserved. CVE-ID: CVE-2005-2756 Original location: http://pb.specialised.info/all/adv/quicktime-pict-adv.txt Severity: Critical - remot

[Full-disclosure] Advisory: Apple QuickTime Player Remote Denial Of Service

Apple QuickTime Player Remote Denial Of Service by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info All rights reserved. CVE-ID: CVE-2005-2755 Original location: http://pb.specialised.info/all/adv/quicktime-mov-dos-adv.txt Severity: Critical -

[Full-disclosure] Advisory: Apple QuickTime Player Remote Integer Overflow (2)

Apple QuickTime Player Remote Integer Overflow (2) by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info All rights reserved. CVE-ID: CVE-2005-2754 Original location: http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt Severity: Cr

[Full-disclosure] Advisory: Apple QuickTime Player Remote Integer Overflow (1)

Apple QuickTime Player Remote Integer Overflow (1) by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info All rights reserved. CVE-ID: CVE-2005-2753 Original location: http://pb.specialised.info/all/adv/quicktime-mov-io1-adv.txt Severity: Cr

[Full-disclosure] Exploiting Windows Device Drivers Whitepaper

Hi, For those who are interrested, the paper can be downloaded from: http://pb.specialised.info/all/articles/ewdd.pdf Enjoy. best regards, Piotr Bania -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint

[Full-disclosure] Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service

Kerio Technologies Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local denial of service by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info Original location: http://pb.specialised.info/all/adv

[Full-disclosure] Protty v.01A (beta) - shellcode execution protection library for Windows NT based systems

(currently disabled) available at: http://pb.specialised.info/all/protty/prott_packV01A.zip best regards, Piotr Bania -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE4

[Full-disclosure] (TOOL) TAPiON ver 0.1c

Hi, For those who are interrested, new version (0.1c) of TAPiON (polymorphic decryptor generator) is now available. The package can be downloaded at: http://pb.specialised.info/all/tapion/ - the list of changes in 0.1c version is also stored at this url. best regards, Piotr Bania

Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine

a level 3 or level 4, unless you fully understand the source. I'm not saying it is perfect, is was written in 5 days. Hope this helps you. best regards, Piotr Bania -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fi

[Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine

variants # block swapping # garbage engine (normal instructions / coprocessor instructions) # block swapping # random decryptor size # multiple decryptor layers generation DOWNLOAD AT: --- http://pb.specialised.info/all/tapion/ best regards, Piotr Bania

[Full-disclosure] (TOOL ANNOUNCEMENT) Efilter - automatic exception reporting utility

alised.info/all/efilter/efilter.dll Source: - http://pb.specialised.info/all/efilter/efilter.c best regards, Piotr Bania -- -------- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF

[Full-disclosure] Compuware Softice (DbgMsg driver) Local Denial Of Service

Compuware Softice (DbgMsg driver) Local Denial Of Service by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info Original location: http://pb.specialised.info/all/adv/sice-adv.txt Severity: Low / Medium - BSOD (Blue Screen Of Death) DOS Software af

[Full-disclosure] Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability

Alwil Software Avast Antivirus Device Driver Memory Overwrite Vulnerability by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info Original location: http://pb.specialised.info/all/adv/avast-adv.txt Severity: Less Critical/Medium - local ring0 code execution So

[Full-disclosure] OllyDbg "INT3 AT" Format String Vulnerability

OllyDbg "INT3 AT" Format String Vulnerability by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info Original location: http://pb.specialised.info/all/adv/olly-int3-adv.txt Severity: High / Medium - code executi

[Full-disclosure] RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow

RealNetworks RealPlayer/RealOne Player/Helix Player Remote Heap Overflow by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info Original location: http://pb.specialised.info/all/adv/real-ram-a

[Full-disclosure] (PAPER) "Vision of danger: The Firefox Greasemonkey"

Hi, For thoose who would like to read some about Firefox Greasemonkey. Here is the article: http://pb.specialised.info/all/articles/monkey.txt have phun. Peace, Piotr Bania -- Piotr Bania - <[EMAIL PROTECTED]> - 0xCD

[Full-disclosure] ADVISORY: DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability

DataRescue Interactive Disassembler Pro Debugger Format String Vulnerability by Piotr Bania <[EMAIL PROTECTED]> http://pb.specialised.info Severity: High / Medium - code execution. Versions affected: Probably all versions, however tested on 4.7.0.830.