lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4C1A59FE.20807@tehtri-security.com>
Date: Fri, 18 Jun 2010 01:23:10 +0800
From: Laurent OUDOT at TEHTRI-Security <laurent.oudot@...tri-security.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: TEHTRI-Security released 13 0days against web tools used by evil
 attackers


Gents,

As announced in recent emails here, we have just released 13 0days and
new offensive concepts against most of the tools currently used by web
attackers, like web shells, exploit packs, etc, during our new talk at
SyScan Singapore 2010 : http://www.syscan.org/Sg/speakers.html#012

We have given new methods to counter-strike intruders with our new
exploits giving you remote shells, remote SQL injection, permanent XSS
and dangerous XSRF, against remote tools used by attackers.

It's time to have strike-back capabilities for real, and to have
alternative and innovative solutions against those security issues.

We have shown how to know, identify, exploit, neutralize or destroy
attackers using those kind of tools.

For example, we gave (some of) our 0days against known tools like Sniper
Backdoor, Eleonore Exploit Pack, Liberty Exploit Pack, Lucky Exploit
Pack, Neon Exploit Pack, Yes Exploit Pack...

This was a way to explain that you can react when you are under attack.

We hope that this will open a new way to think about IT Security
worldwide, and that it might help people sometimes.

Do not hesitate to contact TEHTRI-Security if you need technical
assistance (pentests, incident handling, source code analysis, etc) with
experts who know how work cyber conflicts for real, which is totally
different from people who have clean certifications or who just
masterize security research in labs...

Here is the list of the 13 security advisories and 0days that we just
released today.

TEHTRI-SA-2010-023 - Vuln in NEON Exploit Pack. Permanent XSS+XSRF.
TEHTRI-SA-2010-022 - Vuln in NEON Exploit Pack. SQL Injection.
TEHTRI-SA-2010-021 - Vuln in YES Exploit Pack. Remote File Disclosure.
TEHTRI-SA-2010-020 - Vuln in YES Exploit Pack. Permanent XSS+XSRF admin.
TEHTRI-SA-2010-019 - Vuln in YES Exploit Pack. Remote SQL Injection.
TEHTRI-SA-2010-018 - Vuln in LuckySploit Expl Pack. Remote control.
TEHTRI-SA-2010-017 - Vuln in Liberty Exploit Pack. Permanent XSS+XSRF.
TEHTRI-SA-2010-016 - Vuln in Liberty Exploit Pack. SQL Injection.
TEHTRI-SA-2010-015 - Vuln in Eleonore Exploit Pack. Another SQL Inject.
TEHTRI-SA-2010-014 - Vuln in Eleonore Exploit Pack. XSRF in admin panel.
TEHTRI-SA-2010-013 - Vuln in Eleonore Exploit Pack. Permanent XSS.
TEHTRI-SA-2010-012 - Vuln in Eleonore Exploit Pack. Remote SQL Inject.
TEHTRI-SA-2010-011 - Vuln in Sniper_SA Web Backdoor. Remote File Disclos

More explanations available on our web site:
http://www.tehtri-security.com/en/news.php

Do not hesitate to contact us directly if needed.

Best regards,
Take care.

Laurent OUDOT - "TEHTRI-Security, This is not a game."
 CEO & Founder of TEHTRI-Security
 http://www.tehtri-security.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ