Insomnia Releases

The research team at Insomnia are constantly researching security vulnerabilities, exploitation techniques and other aspects of information security. We adhere to a responsible disclosure policy and work closely with vendors to assist them in resolving security issues reported by us.

Recent Releases

October 11, 2011		Encyclopaedia Of Windows Privilege Escalation Presentation given at Ruxcon 2011 on the various techniques for gaining a higher level of access on Windows sytems.
October 11, 2011		Fruit, why you so low? Presentation given at hack.lu 2011 on the practicality, implementation and effect of datamining country-scale network targeting databases, in NZ and beyond.
September 6, 2011		LFI With PHPInfo Assistance Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP
August 22, 2011		Pidgin Pidgin IM Insecure URL Handling Remote Code Execution
July 18, 2011		Concurrency Vulnerabilities Presentation given at OWASP NZ Day 2011 on web application concurrency vulnerabilities.
April 27, 2011		Up.Time Administration Interface Authentication Bypass Vulnerability
April 27, 2011		IGSS SCADA System ODBC service remote overflow leading to denial of service or code execution.
December 08, 2010		DEP in Depth Presentation given at Ruxcon about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.
July 30, 2010		EasyManage CMS Multiple SQL injection Vulnerabilities were discovered in this locally developed CMS system.
July 20, 2010		Don't Try This At Home OWASP NZ Day Presentation discussing various 'not so common' application vulnerabilities. Plenty of bad code examples and some coverage of steps you can take to prevent these.
June 18, 2010		DEP in Depth Presentation given at Syscan about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.
February 16, 2010		Microsoft - URL Validation Vulnerability Microsoft has released the second and final patch for the URL validation vulnerability we reported.
January 21, 2010		Microsoft - URL Validation Vulnerability Microsoft has released a patch for a vulnerability we reported.
July 07 2009		Hacking Citrix Presentation given at Syscan about Citrix Insecurities. The majority of the presentation was a live demo, so the slides are lacking in the details. Plan is to release a whitepaper shortly that will fill in the gaps.
December 09 2008		Microsoft - Webdav Request Parsing Heap Corruption Vulnerability Microsoft has released a patch for a heap corruption vulnerability in IE7 and Vista that we reported.
December 09 2008		Microsoft - Windows Common AVI Parsing Overflow Vulnerability Microsoft has released a patch for a vulnerability we reported.
November 18 2008		Common Application Flaws Presentation given at the November OWASP NZ meeting, providing a basic introduction to the OWASP top 10 and common application flaws.
October 20 2008		Symantec - Altiris Deployment Server Agent Privilege Escalation Symantec released a patch for a shatter attack vulnerability in the Deployment Agent.
September 10 2008		Microsoft Office Onenote - URL Handling Vulnerability Microsoft has released a patch for a critical office vulnerability in the OneNote URI handling.
August 12 2008		VMWare - VirtualCenter User Account Disclosure VMWare have released an update that fixes a user account disclosure vulnerability in VirtualCenter.
July 31 2008		PuttyHijack V1.0 PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.
July 09 2008		Microsoft SQL Server - Corrupt Backup File Heap Overflow Microsoft has released a patch for a heap overflow vulnerability in MS SQL Server 2005.
July 07 2008		Heaps About Heaps Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers.
June 18 2008		Symantec - Altiris Notification Server Agent Privilege Escalation Symantec released a patch for a shatter attack vulnerability in the Notification Agent.
May 16 2008		Symantec - Altiris Deployment Solution Two security advisories released.
May 01 2008		Access Through Access Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities.
April 09 2008		Increasing The Value Of Penetration Testing Presentation and whitepaper discussing some ways for a customer to gain more value when getting a penetration test conducted.
February 12 2008		InsomniaShell.aspx InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.

Insomnia Releases

Recent Releases

October 11, 2011

Encyclopaedia Of Windows Privilege EscalationPresentation given at Ruxcon 2011 on the various techniques for gaining a higher level of access on Windows sytems.

October 11, 2011

Fruit, why you so low?Presentation given at hack.lu 2011 on the practicality, implementation and effect of datamining country-scale network targeting databases, in NZ and beyond.

September 6, 2011

LFI With PHPInfo AssistanceWhitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP

August 22, 2011

PidginPidgin IM Insecure URL Handling Remote Code Execution

July 18, 2011

Concurrency VulnerabilitiesPresentation given at OWASP NZ Day 2011 on web application concurrency vulnerabilities.

April 27, 2011

Up.TimeAdministration Interface Authentication Bypass Vulnerability

April 27, 2011

IGSS SCADA SystemODBC service remote overflow leading to denial of service or code execution.

December 08, 2010

DEP in DepthPresentation given at Ruxcon about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.

July 30, 2010

EasyManage CMSMultiple SQL injection Vulnerabilities were discovered in this locally developed CMS system.

July 20, 2010

Don't Try This At HomeOWASP NZ Day Presentation discussing various 'not so common' application vulnerabilities. Plenty of bad code examples and some coverage of steps you can take to prevent these.

June 18, 2010

DEP in DepthPresentation given at Syscan about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.

February 16, 2010

Microsoft - URL Validation VulnerabilityMicrosoft has released the second and final patch for the URL validation vulnerability we reported.

January 21, 2010

Microsoft - URL Validation VulnerabilityMicrosoft has released a patch for a vulnerability we reported.

July 07 2009

Hacking CitrixPresentation given at Syscan about Citrix Insecurities. The majority of the presentation was a live demo, so the slides are lacking in the details. Plan is to release a whitepaper shortly that will fill in the gaps.

December 09 2008

Microsoft - Webdav Request Parsing Heap Corruption VulnerabilityMicrosoft has released a patch for a heap corruption vulnerability in IE7 and Vista that we reported.

December 09 2008

Microsoft - Windows Common AVI Parsing Overflow VulnerabilityMicrosoft has released a patch for a vulnerability we reported.

November 18 2008

Common Application FlawsPresentation given at the November OWASP NZ meeting, providing a basic introduction to the OWASP top 10 and common application flaws.

October 20 2008

Symantec - Altiris Deployment Server Agent Privilege EscalationSymantec released a patch for a shatter attack vulnerability in the Deployment Agent.

September 10 2008

Microsoft Office Onenote - URL Handling VulnerabilityMicrosoft has released a patch for a critical office vulnerability in the OneNote URI handling.

August 12 2008

VMWare - VirtualCenter User Account DisclosureVMWare have released an update that fixes a user account disclosure vulnerability in VirtualCenter.

July 31 2008

PuttyHijack V1.0PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

July 09 2008

Microsoft SQL Server - Corrupt Backup File Heap OverflowMicrosoft has released a patch for a heap overflow vulnerability in MS SQL Server 2005.

July 07 2008

Heaps About HeapsPresentation documenting various heap exploitation techniques that can be used against Windows 2003 servers.

June 18 2008

Symantec - Altiris Notification Server Agent Privilege EscalationSymantec released a patch for a shatter attack vulnerability in the Notification Agent.

May 16 2008

Symantec - Altiris Deployment SolutionTwo security advisories released.

May 01 2008

Access Through AccessWhitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities.

April 09 2008

Increasing The Value Of Penetration TestingPresentation and whitepaper discussing some ways for a customer to gain more value when getting a penetration test conducted.

February 12 2008

InsomniaShell.aspxInsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.

HOME

ABOUT US

OUR SERVICES

RELEASES

CONTACT US

Encyclopaedia Of Windows Privilege Escalation
Presentation given at Ruxcon 2011 on the various techniques for gaining a higher level of access on Windows sytems.

Fruit, why you so low?
Presentation given at hack.lu 2011 on the practicality, implementation and effect of datamining country-scale network targeting databases, in NZ and beyond.

LFI With PHPInfo Assistance
Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP

Pidgin
Pidgin IM Insecure URL Handling Remote Code Execution

Concurrency Vulnerabilities
Presentation given at OWASP NZ Day 2011 on web application concurrency vulnerabilities.

Up.Time
Administration Interface Authentication Bypass Vulnerability

IGSS SCADA System
ODBC service remote overflow leading to denial of service or code execution.

DEP in Depth
Presentation given at Ruxcon about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.

EasyManage CMS
Multiple SQL injection Vulnerabilities were discovered in this locally developed CMS system.

Don't Try This At Home
OWASP NZ Day Presentation discussing various 'not so common' application vulnerabilities. Plenty of bad code examples and some coverage of steps you can take to prevent these.

DEP in Depth
Presentation given at Syscan about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.

Microsoft - URL Validation Vulnerability
Microsoft has released the second and final patch for the URL validation vulnerability we reported.

Microsoft - URL Validation Vulnerability
Microsoft has released a patch for a vulnerability we reported.

Hacking Citrix
Presentation given at Syscan about Citrix Insecurities. The majority of the presentation was a live demo, so the slides are lacking in the details. Plan is to release a whitepaper shortly that will fill in the gaps.

Microsoft - Webdav Request Parsing Heap Corruption Vulnerability
Microsoft has released a patch for a heap corruption vulnerability in IE7 and Vista that we reported.

Microsoft - Windows Common AVI Parsing Overflow Vulnerability
Microsoft has released a patch for a vulnerability we reported.

Common Application Flaws
Presentation given at the November OWASP NZ meeting, providing a basic introduction to the OWASP top 10 and common application flaws.

Symantec - Altiris Deployment Server Agent Privilege Escalation
Symantec released a patch for a shatter attack vulnerability in the Deployment Agent.

Microsoft Office Onenote - URL Handling Vulnerability
Microsoft has released a patch for a critical office vulnerability in the OneNote URI handling.

VMWare - VirtualCenter User Account Disclosure
VMWare have released an update that fixes a user account disclosure vulnerability in VirtualCenter.

PuttyHijack V1.0
PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

Microsoft SQL Server - Corrupt Backup File Heap Overflow
Microsoft has released a patch for a heap overflow vulnerability in MS SQL Server 2005.

Heaps About Heaps
Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers.

Symantec - Altiris Notification Server Agent Privilege Escalation
Symantec released a patch for a shatter attack vulnerability in the Notification Agent.

Symantec - Altiris Deployment Solution
Two security advisories released.

Access Through Access
Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities.

Increasing The Value Of Penetration Testing
Presentation and whitepaper discussing some ways for a customer to gain more value when getting a penetration test conducted.

InsomniaShell.aspx
InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.