Insomnia Releases

The research team at Insomnia are constantly researching security vulnerabilities, exploitation techniques and other aspects of information security. We adhere to a responsible disclosure policy and work closely with vendors to assist them in resolving security issues reported by us.

Recent Releases

July 30, 2010		EasyManage CMS Multiple SQL injection Vulnerabilities were discovered in this locally developed CMS system.
July 20, 2010		Don't Try This At Home OWASP NZ Day Presentation discussing various 'not so common' application vulnerabilities. Plenty of bad code examples and some coverage of steps you can take to prevent these.
June 18, 2010		DEP in Depth Presentation given at Syscan about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.
February 16, 2010		Microsoft - URL Validation Vulnerability Microsoft has released the second and final patch for the URL validation vulnerability we reported.
January 21, 2010		Microsoft - URL Validation Vulnerability Microsoft has released a patch for a vulnerability we reported.
July 07 2009		Hacking Citrix Presentation given at Syscan about Citrix Insecurities. The majority of the presentation was a live demo, so the slides are lacking in the details. Plan is to release a whitepaper shortly that will fill in the gaps.
December 09 2008		Microsoft - Webdav Request Parsing Heap Corruption Vulnerability Microsoft has released a patch for a heap corruption vulnerability in IE7 and Vista that we reported.
December 09 2008		Microsoft - Windows Common AVI Parsing Overflow Vulnerability Microsoft has released a patch for a vulnerability we reported.
November 18 2008		Common Application Flaws Presentation given at the November OWASP NZ meeting, providing a basic introduction to the OWASP top 10 and common application flaws.
October 20 2008		Symantec - Altiris Deployment Server Agent Privilege Escalation Symantec released a patch for a shatter attack vulnerability in the Deployment Agent.
September 10 2008		Microsoft Office Onenote - URL Handling Vulnerability Microsoft has released a patch for a critical office vulnerability in the OneNote URI handling.
August 12 2008		VMWare - VirtualCenter User Account Disclosure VMWare have released an update that fixes a user account disclosure vulnerability in VirtualCenter.
July 31 2008		PuttyHijack V1.0 PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.
July 09 2008		Microsoft SQL Server - Corrupt Backup File Heap Overflow Microsoft has released a patch for a heap overflow vulnerability in MS SQL Server 2005.
July 07 2008		Heaps About Heaps Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers.
June 18 2008		Symantec - Altiris Notification Server Agent Privilege Escalation Symantec released a patch for a shatter attack vulnerability in the Notification Agent.
May 16 2008		Symantec - Altiris Deployment Solution Two security advisories released.
May 01 2008		Access Through Access Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities.
April 09 2008		Increasing The Value Of Penetration Testing Presentation and whitepaper discussing some ways for a customer to gain more value when getting a penetration test conducted.
February 12 2008		InsomniaShell.aspx InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.

 

HOME

CONTACT US