lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTi=BHrPaxN5HEZF0zecP_TaQYunpAH7g_aw6dGPj@mail.gmail.com>
Date: Fri, 29 Oct 2010 07:25:10 -0300
From: "[ISR] - Infobyte Security Research " <noreply@...obytesec.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com
Subject: Evilgrade 2.0 - the update explotation framework
	is back

[ISR] - Infobyte Security Research
ISR-evilgrade | www.infobytesec.com

Infobyte Security Research is pleased to announce the release of evilgrade 2.0
with a lot of new modules and a bunch of squashed bugs.

[-] RELEASE DETAILS

BRIEF OVERVIEW

Evilgrade is a modular framework that allows the user to take
advantage of poor upgrade implementations by injecting fake updates.

This framework comes into play when the attacker is able to make
traffic redirection, and such thing can be done in several ways
such as: DNS tampering, DNS Cache Poisoning, ARP spoofing
Wi-Fi Access Point impersonation, DHCP hijacking with your
favorite tools.

This way you can easy take control of a fully patched machine
during a penetration test in a clean and easy way. The main idea
behind the is to show the amount of trivial errors in the update
process of mainstream applications.


.:: [NEW MODULES] ::.
There's a new amount of 63 modules to play with! :
- Safari
- iTunes
- Quicktime
- APT
- Cygwin
- Cpan
- Java
- iTunes
- Mirc
- Adium
- Notepadplus
- Opera
- Bsplayer
- Winamp
- Trillian
- Teamviewer
- Virtualbox
- Vmware
- Winscp
- Winupdate
.. and many more (check out the documentation for complete list)


..:: [ONLINE DEMO] ::.
Watch the framework in action, Java signed certificate bypass +
javapayload = pwnage
http://www.infobytesec.com/demo/java_win7.htm

.:: [AUTHOR] ::.

Francisco Amato
famato+at+infobytesec+dot+com

.:: [DOWNLOAD] ::.
Get the last version over here:
http://www.infobytesec.com/developments.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ