Releases

Publications

2011

November 2011		Encyclopaedia Of Windows Privilege Escalation - Presentation Presentation given at Ruxcon 2011 on the various techniques for gaining a higher level of access on Windows sytems.
October 2011		Fruit, why you so low - Presentation Presentation given at hack.lu 2011 on the practicality, implementation and effect of datamining country-scale network targeting databases, in NZ and beyond.
July 2011		LFI With PHPInfo Assistance - Paper phpinfolfi.py - Script Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP when combined with the file upload handling feature that is enabled by default.
July 2011		Web Application Concurrency Vulnerabilities - Presentation OWASP NZ Day Presentation discussing concurrency vulnerabilities and how they affect web applications.

2010

December 2010		DEP In Depth (Ruxcon Version) - Presentation Presentation given at Ruxcon about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.
November 2010		The Shell Game - Presentation
		The Shell Game - Demo Tools Presentation and demo tools from the Kiwicon 4, "The Shell Game", which addressed non-root "rootkits" on Linux. Discussion and demos of process hiding (in-place replacement, thread-injection) and file hiding (via inotify racing) from root as a non-privileged user.
June 2010		Don't Try This At Home - Presentation OWASP NZ Day Presentation discussing various 'not so common' application vulnerabilities. Plenty of bad code examples and some coverage of steps you can take to prevent these.
June 2010		DEP In Depth - Presentation Presentation given at Syscan about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.

2009

July 2009

Hacking Citrix - Presentation

Presentation given at Syscan about Citrix Insecurities. The presentation covers off a standard Citrix implementation and some of the flaws that are commonly seen. It was accompanied with a live demonstration which included hacking into a citrix install and gaining domain adminstrator access.

2008

November 2008		Common Application Flaws - Presentation Presentation given at the November OWASP NZ meeting, providing a basic introduction to the OWASP top 10 and common application flaws.
July 2008		Heaps About Heaps - Presentation .rar archive Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers. This presentation details entries in the heap header, and explains mutliple exploitation techniques including an improved version of the lookaside list attack. As a bonus it also provides a step by step example of exploiting a heap based overflow on Windows 2003 including static addresses that can be used to obtain execution context.
May 2008		Access Through Access - Paper Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities. Builds on the existing publically available research and has become a concise point of information for hacking access databases.
April 2008		Increasing The Value Of Penetration Testing - Paper
		Increasing The Value Of Penetration Testing - Presentation Presentation and whitepaper discussing some ways for a customer to increase the value of a penetration test. Explains, from the viewpoint of both parties, what should be expected from each when a penetration test is undertaken. What should expect as an outcome, and how to get more for you money, are all questions answered within.

Publications From The Past

The following are some of the releases authored by team members, prior to joining Insomnia Security.

December 2005		Exploiting Freelist[0] On XPSP2 - Presentation This paper explains techniques of using exploiting freelist[0] overwrites to bypass the protection measures introduced with Windows XP Service pack 2. This leads to exploitation of other functionality within the heap management code to gain execution control after a chunk header has been overwritten.
October 2005		SBDA - Same Bug, Different App - Paper
October 2005		SBDA - Same Bug, Different App - Presentation This presentation explains some trends with vulnerabilities that researchers should realise in the relationships between reported vulnerabilities that could be used to help speed up the discovery of new vulnerabilities. It includes the methodology used that led to the discovery of vulnerabilities such as fp30reg.dll overflow, nsiislog.dll overflow, and many more. This is the version shown at Bluehat and includes full presentation notes.
April 2005		Bugger The Debugger - Paper This whitepaper discusses techniques in which malware can execute code within a debugger during the load period, before control is handed back to the user. These techniques could be used as anti-debugging methods, or to run different code paths if a debugger is detected.
July 2004		0x00 vs ASP File Uploads - Paper This whitepaper explains how the ASP FileSystemObject can be exploited when uploading a file with a NULL byte included in the filename. This problem arises when data is compared and validated in ASP script but not validated by the underlying lower level calls.
July 2004		Windows Shatter Attacks - Presentation Presentation on windows shatter attacks that was given at the Blackhat conference. This presentation was based off research done while producing the shattering by example whitepaper, and includes multiple examples of shatter attacks in various forms.
October 2003		Shattering By Example - Paper Whitepaper detailing various windows shatter attacks against multiple windows controls and API calls.

HOME

ABOUT US

OUR SERVICES

RELEASES

CONTACT US

Roach

Roach

Roach

Roach