Fork me on GitHub
Its the Code garbage collector. Mind dumps of daily coding antics from a frustrated silly little man. VBS, PHP, TCL, TK, PERL, C++, JAVA....what now? Ruby?
No Wait.. It should be just RUBY!
Showing posts with label monthof. Show all posts
Showing posts with label monthof. Show all posts

20070330

Month of ... bugs

1. Month of browser bugs
2. Month of apple bugs
3. Month of kernel bugs
4. Month of PHP bugs
5. Month of MySPACE bugs

eh.. ergg.. cough.. die. this fad is getting old.. I hate even commenting on this at all.
Posted by shadowbq at 20:52 1 comments
Labels:

20070103

MOAB / MOKB / VIZSEC '06

Well to catch up a little on the vuln world.. There's a couple things I'm watching.

Month of Apple Bugs

Info-Pull's MoAB

PoC/Exploit are included with every release.. how nice.

Month Of Kernel Bugs

Info-Pull's the MoKB

Numerous Kernel bugs listed for FreeBSD 6.1, Linux 2.6, as well as OS X.

Retirement of Elsenot.com
Else not has officially closed its doors for updates..
"ElseNot part one is done. ElseNot part two may or may not start." ~ Layne

Conference VIZSEC '06

The preceding for the conference held on November 3rd 2006 have been posted. There are alot really interesting white papers.. here are a couple of interest..

2D Visualizations
"VAST: Visualizing Autonomous System Topology"

- Jon Oberheide, Manish Karir and Dionysus Blazakis [whitepaper] [presentation]

"FlowTag: A Collaborative Attack-Analysis, Reporting, and Sharing Tool for Security Researchers"

- Christopher P. Lee and John A. Copeland [whitepaper] [presentation]

"Understanding Multistage Attacks by Attack-Track based Visualization of Heterogeneous Event Streams"

- Sunu Mathew, Richard Giomundo, Shambhu J. Upadhyaya, Moises Sudit, Adam Stotz [whitepaper] [presentation]

"Visual Toolkit for Network Security Experiment Specification and Data Analysis"

- Lunquan Li, Peng Liu, George Kesidis [whitepaper] [presentation]

"An Intelligent, Interactive Tool for Exploration and Visualization of Time-Oriented Security Data"

- Asaf Shabtai, Denis Klimov, Yuval Shahar, and Yuval Elovici[whitepaper] [presentation]

"Visualizing DNS Traffic"

- Pin Ren, John Kristoff and Bruce Gooch [whitepaper] [presentation]


3D Visualizations
"Interactively Combining 2D and 3D Visualization for Network Traffic Monitoring"

- Erwan Le Malecot, Masayoshi Kohara, Yoshiaki Hori, and Kouichi Sakurai [whitepaper] [presentation]

"Real-Time Collaborative Network Monitoring and Control Using 3D Game Engines for Representation and Interaction"

- Warren Harrop and Grenville Armitage [whitepaper] [presentation]
Posted by shadowbq at 15:00 1 comments
Labels: ,

20060713

hdm - MOBB bug releases

[[hdm]] has been releasing a number browser bugs this month named MOBB(month of browser bugs). He was able to find these by running different browsers through DOM /CSS / and DHTML fuzzers in an attempt to crash the engines and other ways.

  • Hamachi - DHTML fuzzer that recursively calls XMLHTTP in an attempt to iterate through arrays of possible DHTML element properties. It attempts format string vulnerabilities, long file paths, long urls, and difficult integer injection.

  • CSS-Die - CSSDIE looks for common CSS1/CSS2/CSS3 implementation flaws by specifying common bad values for style values. This is similiar to Hamachi in that it performs format string vulnerabilities, long file paths, long urls, and difficult integer injection.

  • DOM-Hanoi - DOM-Hanoi looks for common DHTML implementation flaws by adding/removing DOM elements. This is done through obj.appendChild and obj.removeChild methods.

  • MangleMe - Mangleme sends format string vulnerabilities, bad characters, malformed javascript & applet requests, long urls, load requests with junk.

Most of his scripts have been attempting to locate vulnerabilities in the following browsers...
konqueror, safari, omniweb, opera, webTV, icab, ie6, mozilla

Posted by shadowbq at 18:03 0 comments
Labels: , ,
Subscribe to: Posts (Atom)