lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 21 Sep 2005 12:46:39 -0400
From: "Jose Morales" <mrjoemango2@...mail.com>
To: vuln-dev@...urityfocus.com
Cc: bugtraq@...urityfocus.com
Subject: PocketPC exploitation


I would like to contribute to the list a paper i just had published that 
discusses the vulnerabilities of current virus detectors for pocket pc's, it 
is scary to think that such simplistic detectors are the current state of 
the art for such powerfull devices, it leads one to think that the lessons 
of the past have not been learned, feedback on the paper is appreciated and 
welcomed, i hope it helps those interested in this area of research feel 
free to contact me.  I should be presenting the paper at the workshop on 
software security assesment tools, tactics and metrics in long beach 
california in early november in conjunction with the automated software 
engineering conference. the paper can be downloaded at

http://www.cs.fiu.edu/~jmora009/

Jose.


********************************************************************************************
Jose Andre Morales
Computer Specialist
Master of Science in Computer Science, FIU 2004
Email: jose@...stopearth.com
********************************************************************************************



From: Nicolas RUFF <nicolas.ruff@...il.com>
To: "Vuln-Dev@...urityfocus. Com" <vuln-dev@...urityfocus.com>
CC: Jerome Athias <jerome.athias@...e.fr>
Subject: Re: PocketPC exploitation
Date: Mon, 19 Sep 2005 17:47:14 +0200
> > i would like to know if some of you have experience with exploitation of
> > PocketPCs and could give me some ways and tools (debugger...).
> > since some vulns come ( http://www.securityfocus.com/bid/13807 )
> > I know that writing a DLL (Fuser) is quite easy with eVC++ (Embedded),
> > so a "download and execute"-like shellcode could be amazing...
>
>Pointers to begin with :
>
>- Microsoft Embedded Visual C++, with on-target debugging :
>http://www.microsoft.com/downloads/details.aspx?FamilyID=1dacdb3d-50d1-41b2-a107-fa75ae960856&displaylang=en
>
>- Phrack #63 "Hacking Windows CE"
>http://www.phrack.org/phrack/63/p63-0x06_Hacking_WindowsCE.txt
>
>- And the upcoming IDA Pro 4.9 with Windows CE on-target debugging :
>http://www.datarescue.com/idabase/wince/index.htm
>
>Regards,
>- Nicolas RUFF
>Security researcher @ EADS-CCR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ