lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <46BC5ABC.6030102@sensepost.com>
Date: Fri, 10 Aug 2007 14:31:56 +0200
From: haroon <haroon@...sepost.com>
To: full-disclosure@...ts.grok.org.uk
Subject: BlackHat/Defcon 2007 Timing Stuff Released..

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all (and sorry for the horrible cross-post)

The paper, slides and squeeza tool we used at BlackHat/DefCon 07 have
been pushed to our www, and have been linked to with a mini-splurb at
http://www.sensepost.com/blog/

The squeeza tool will allow you to automate parts of a SQL Injection
attack with some level of modularity, so you can add modules at one end
(stuff to do on the server) or channels on the other (ways to get data
back). It currently supports a bunch of stuff, but most importantly
allows free sql queries, and binary file transfers over your channel of
choice (currently http error messages, dns or pure time delays)

The paper/slides also cover a bunch of other timing related attacks and
explores XSRT/(D)XSRT (because the world can never have enough acronyms*).

As usual the stuff is freely downloadable and (hopefully useful and)
easily extensible, and feedback is appreciated...

*Actually, we think its pretty cool, but we _are_ geeks who thought that
the coolest thing in Vegas this year was the .za vs .usa soccer match
that took place illegally in the Caesars car-park..

/mh
- --
Haroon Meer, SensePost Information Security  |
http://www.sensepost.com/blog/
PGP: http://www.sensepost.com/pgp/haroon.txt |  Tel: +27 83786 6637

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)

iD8DBQFGvFq8jc6KZkVo+wYRAlGGAJ9pTw7mFHajQK+kKSHByhy4PuDojgCffcRu
p5nVAut9WnjehG8bxd4k26M=
=fGgd
-----END PGP SIGNATURE-----



 ** CRM114 Whitelisted by: From haroon@...sepost.com **

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ