|
|
|
HIP14 - Fuzzing reversing and maths |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
HIP14 - Fuzzing reversing and maths Par SecurityTube.NetLe [2014-09-17] à 08:44:26
Présentation : summary We want to present several 0days using fuzzing and reverse engineering and maths. 1 Critical remote 0day in an EMC application. 2 Critical remote 0day in a novosoft famous backup application. The main idea is to present 0days found by us and this 0days are not typical, are different, specially one of them which implies protocol binary reverse engineering and complex maths and show to the audience how other kind of vulnerabilities can be found. We think that the idea of presenting different kind of 0days, which are critical, and explain how to discover this kind of vulnerabilities can be really interesting for the audience and they will have a new perspective in application security. In our research in these last months we were searching vulnerabilities in important backup servers applications.We were using reverse engineering and fuzzing and we found different kind of vulnerabilities which are really interesting. 1. The critical remote 0day in the EMC application is really interesting, found with reversing engineering the protocol and the binary files and it was necessary to apply some mathematics in order to understand the vulnerability and we had to implement some mathematics algorithms in order to exploit the vulnerability.It's a different vulnerability, it's not the typical buffer overflow, heap overflow, etc, and we want to show to the audience how we found this vulnerability and show how this kind of vulnerabilities can be found. 2. The 0days of the other backup application, were found with protocol fuzzing. Both of the 0days are critical and interesting, one is an authentication bypass to the backup server and the other 0day is a permament denial of service which is really curious and funny.Our idea is to show how we found both vulnerbilities and show how this kind of vulnerabilities can be found with protocol fuzzing. For More Information Please Visit - https www.hackinparis.com talks-2014
Les mots clés de la revue de presse pour cet article : fuzzing reversing
Les videos sur SecuObs pour les mots clés : fuzzing reversing
Les mots clés pour les articles publiés sur SecuObs : fuzzing
Les derniers articles du site "SecurityTube.Net" :
- TROOPERSCON - Crypto code the 9 circles of testing
- TROOPERSCON - Towards a LangSec Aware SDLC
- TROOPERSCON - Deep dive into SAP archive file formats
- TROOPERSCON - Thanks SAP for the vulnerabilities. Exploiting the unexploitable
- TROOPERSCON - An easy way into your multi-million dollar SAP systems An unknown default SAP account
- TROOPERSCON - One Tool To Rule Them All
- TROOPERSCON - Mind The Gap - Exploit Free Whitelisting Evasion Tactics
- TROOPERSCON - The Chimaera Processor
- TROOPERSCON - Lets Play Hide and Seek in the Cloud
- TROOPERSCON - Planes, Trains and Automobiles The Internet of Deadly Things
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
