lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1217975292.8503.20.camel@b4byl0n>
Date: Wed, 6 Aug 2008 00:28:12 +0200
From: Bernhard Mueller <research@...-consult.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Cc: Bugtraq <bugtraq@...urityfocus.com>
Subject: Interesting things at sec-consult.com,
	DNS-whitepaper available	tomorrow

Hello,

We recently decided to release some of our research to the public, so
selected presentations from our internal tech meetings will from now on
be available for download at SEC Consult website. The presentations
(some of which are in german) will include everything from general
howtos to highly specialized pentesting-stuff.
We will also release a whitepaper on a variant of the new DNS poisoning
attack tomorrow. We wrote this whitepaper along with an exploit a while
ago, and somehow managed NOT to leak it to the press before the Kaminsky
talk :)
The presentations and whitepapers, along with our past presentations
from Blackhat and Deepsec, can be found at:


http://www.sec-consult.com/publikationen_e.html


Here are some links to what is already online:


* A german guide to WEP/WPA cracking, by Johannes Greil:


http://www.sec-consult.com/files/Wireless_LAN_attacks_wo_fancy_style.pdf

* A presentation on the method of using DLL injection to interface to an
SSL connection used by a running process (I used this for
blackbox-testing certain binary SSL client/server applications):

  http://www.sec-consult.com/files/SSL_Packet_Injection_BMU.pdf

* A short presentation on a method of error-based SQL injection in
Sybase databases, by Thomas Kerbl:

  http://www.sec-consult.com/files/Sybase_ModSecurity_Evasion_TKE.pdf


I hope that some of you will find this useful.


Regards,

Bernhard (Certified Internet Security Superstar)

-- 
_________________________________________

Bernhard Mueller
Security Consultant

SEC Consult Unternehmensberatung GmbH
www.sec-consult.com

A-1190 Vienna, Mooslackengasse 17
phone     +43 1 8903043 34
fax       +43 1 8903043 15
mobile    +43 676 840301 718
email     b.mueller@...-consult.com

Firmenbuch Wiener Neustadt: 227896t, UID: ATU56165223
Firmensitz: Prof. Dr. Stephan Korenstraße 10, A-2700 Wiener Neustadt

Advisor for your information security.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ