[Full-disclosure] Hackito Ergo sum // HES2012 Final CFP // Call for Hackers
°==° -= =- -= Hackito Ergo Sum 2012 - HES2012 Final CFP=- -= =- -= ** http://2012.hackitoergosum.org ** =- -= =- -= 12-14 April 2012 / Paris / France=- -= =- °==° Kak dela Komrad, --[ Synopsis: This is the final call for papers for the HES 2012 Conference. Hackito Ergo Sum 2012 will take place in Paris from the 12th to the 14th of April 2012. --[ Venue: HES 2012 will take place in the building of the French Communist Party. This is an amazing historical building, located in Paris (19th arrondissement). We would like to thank the French Communist Party to allow a bunch of hackers to take possession of this greate piece of architecture for 3 days. The exact address is: Espace Oscar Niemeyer - Siège du Parti Communiste 2 Place Colonel Fabien, 75019 Paris, France A map is avaiable here: http://tinyurl.com/6mlarx6 --[ What is HES ? Why would I like it anyway ? HES is a 100% hardcore technical security conference. HES is unique by its continuous outstanding technical quality, but also by its unusual freedom and spirit. HES is a 100% non profit conference, mainly supported by the /tmp/lab Parisian hackerspace and generous sponsors (who in exchange for their sponsoring, don't get their say on any of the organisation, format or content of the conference :). If you are unsure of wether you'll like it, feel free to have a look at the content of previous editions. Talks included topics such as SS7 phone networks hacking, satellites take overs via x25, kernel land exploits against grsecurity hardened kernels, or the pwnie awards winner Tarjei Mandt for his first presentation on this topic (note to Dave Aitel: yeah man, face it, it was first seen at HES !!) and many more. Presentations on new RD projects are the core of the conference. By RD and security, HES really means new offensive RD security. Researchers from all around the internet are welcome to come to Paris and talk, without discrimination whatsoever : everyone is equal in front of a computer. Maybe skills appart that is ;) HES is also an open big party, by the hacking community and for the hacking community, with people coming literally from around the world. If you'd like to not only come, but be part of HES by organising a workshop (lockpickers and organisers of a social engineering contest wanted !) or contest : please do and refer the relevant section below. --[ Quality: The quality of submitions is so critical to the Hackito Ergo Sum conference that papers will be reviewed by the scary HES Programming Comitee of death. It wasn't made to dissuade you from submitting, but to ensure that the talks selected for HES will be as interresting and new as possible. Submitions should be original and as fresh as in never seen anywhere before. Massive upgrades and significant new research added to talks previously presented at a few great conferences may make it. Talks given more than 3 times will be rejected. Intense debates often spread inside the Programming Comitee on wether a given topic is of interrest or new at all. Consensus as been reached though regarding a few security buzz words. In order to avoid bullshit talks, topics on Social Engineering and SCADA will only be considered if demos are provided, and if themagnitude of the attack would at least affect affect a significant portion of say, a city. Old well documented techniques such as web applications (especially XSS, CSRF and clickjacking) but also basic exploitation techniques (or easy targets lacking modern security protections) are discouraged. To the opposite, hacking non understood and poorly documented technologies including for instance hardware, protocols, architectures, devices, networks, or applications among others are warmly welcome. In a nutshell, submitions on how to achieve world domination in 2012 and how to eventually avoid it are of primary importance. How to survive and facilitate privacy in an incrinsingly policed internet are also a concerned. --[ Disclosure policy: It is worth noticing that we do not enforce any disclosure policy on our speakers. We believe they are responsible adults and can chose what they believe is the best way to present their work to others by themselves. We also belive they are smart enough to take into consideration any legal and professional constraints. --[ Submitting: We are glad you are reading this section and are therefore thinking about submitting to HES. Before submitting, we gently recommand you to have a look at the
[Full-disclosure] Operation Bring Peace To Machines - War Game
Good morning Hacker, Your mission, should you decide to accept it is to save the CyberSpace. As mentioned in the U.S. INTERNATIONAL STRATEGY FOR CYBERSPACE[1] document, we need interoperable and secure technical standards, determined by technical experts. Requirements: ~15 minutes of your time, a headset and the Boléro The Rand Strategy Assessment Center provides you the following computerised model: Software Vulnerability Mitigation Automation, (an incomplete Conceptual Map) https://corevidence.com/research/vulnerability_interoperability_ivil_v1.jpg some links extracted: [1] http://www.whitehouse.gov/blog/2011/05/16/launching-us-international-strategy-cyberspace IVIL-XML http://www.cupfighter.net/index.php/2010/10/ivil-an-xml-schema-to-exchange-vulnerability-information/ ThreadFixhttp://code.google.com/p/threadfix/ We will provide you soon IVIL v1.0, so be ready for action! i = x2ivil + ivil2x where i is interoperability and x a software (vulnerability scanner,... + waf, virtual patching system, ...) Examples: openvas2ivil nessus2ivil qualys2ivil nikto2ivil ivil2mod_security ivil2snort As always, should you or any of your I.M. Force be caught or killed, the Secretary will disavow any knowledge of your actions. This tape will always stay here. -- Jerome Athias - NETpeas VP, Director of Software Engineer Palo Alto - Paris - Casablanca www.netpeas.com - Stay updated on Security: www.vulnerabilitydatabase.com The computer security is an art form. It's the ultimate martial art. smime.p7s Description: Signature cryptographique S/MIME ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Arbitrary DDoS PoC
I will not answer this anymore, sorry for feeding trolls. On 15-02-2012 17:34, Sanguinarious Rose wrote: On Wed, Feb 15, 2012 at 7:53 AM, Lucas Fernando Amorim lf.amo...@yahoo.com.br wrote: I do not know what you expect of public repos at Github, really do not understand, you think that I would deliver the gold as well? Well, I think you're a guy too uninformed to find that the maximum is 200 threads with pthread. Have you tried ulimit -a? I even described in the readme. Missing the point that async would have drastic improvements on anything network base, even if you increase it to say 500 threads a async model still pawns anything using threads for simple connect/disconnect handling. Feel free to implement. ;) As the algorithm recaptcha, you really thought it would have all code in the main file? Why would I do that? I distributed in classes. No, there wasn't. It was 12 lines of code which just called another OCR library. (could be why you deleted the public repo this morning) I did hear google cache does a good job of uncovering OMG RAGE DELETE http://webcache.googleusercontent.com/search?q=cache%3Ahttps%3A%2F%2Fgithub.com%2Flfamorim%2Frebreakerie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-a I do have to declare myself the defaulted winner of this engagement now because if you have to delete stuff in order to claim facts about it... Winner of what? Thats a priv8 repos now. Did you looked at utils directory? There was an algorithm to find the ellipses of the captcha, that he was developing to walk the edge, correcting the distortion. And why do you think IntensiveDoS accepts arguments and opens and closes a socket? Why is a snippet of code to not only HTTP DoS. I read the code could be why. I'm making another question. Why you think IntesiveDoS accepts arguments? As for the trojan, you really think I would do something better and leave the public? What planet do you live? Totally because a bindshell trojan that connects to a port is something highly special that the world will end if someone got a hold of such a dangerous piece of code. In fact, why isn't the world ended yet when you can just google and get a few dozen of them? Should I tell you how dangerous and what planet do you live on to release your so so very dangerous innovative python code? (hypocrisy for the win!) There's nothing special, but is the only code of this on GitHub. Fell free to fork and share. And thats dangerous? I think not, but run nowadays. And Curl is a great project to parallel HTTP connections, python is not so much, and that is why only the fork stays with him. Curl is indeed great I agree. The rest I don't see as even a point going anywhere? If curl is a good project and written in C, why reason I will implement the same thing in Python? On 14-02-2012 02:48, Lucas Fernando Amorim wrote: On Feb 13, 2012 4:37 AM, Lucas Fernando Amorimlf.amo...@yahoo.com.br wrote: With the recent wave of DDoS, a concern that was not taken is the model where the zombies were not compromised by a Trojan. In the standard modeling of DDoS attack, the machines are purchased, usually in a VPS, or are obtained through Trojans, thus forming a botnet. But the arbitrary shape doesn't need acquire a collection of computers. Programs, servers and protocols are used to arbitrarily make requests on the target. P2P programs are especially vulnerable, DNS, internet proxies, and many sites that make requests of user like Facebook or W3C, also are. Precisely I made a proof-of-concept script of 60 lines hitting most of HTTP servers on the Internet, even if they have protections likely mod_security, mod_evasive. This can be found on this link [1] at GitHub. The solution of the problem depends only on the reformulation of protocols and limitations on the number of concurrent requests and totals by proxies and programs for a given site, when exceeded returning a cached copy of the last request. [1] https://github.com/lfamorim/barrelroll Cheers, Lucas Fernando Amorim http://twitter.com/lfamorim ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] 2012 Honeynet Project Security Workshop
Hi. The Honeynet Project holds its second Public Event on March 19 - 20, 2012 at Facebook HQ, SF Bay Area, Ca (USA). Public event consists on a one-day technical presentations and a one-day hands-on tutorial trainings. There even will be a CTF and a Forensic Challenge! All details available here: https://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area If you have the opportunity to attend, let's join ! Regards, Guillaume Arcas - PR - The Honeynet Project ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [PRE-SA-2012-01] Denial-of-service vulnerability in java.util.zip
PRE-CERT Security Advisory
==
* Advisory: PRE-SA-2012-01
* Released on: 16th February 2012
* Affected products: Oracle Java SE 7 below Update 3
Oracle Java SE 6 below Update 31
IcedTea6 1.8.x below 1.8.13
IcedTea6 1.9.x below 1.9.13
IcedTea6 1.10.x below 1.10.6
IcedTea6 1.11.x below 1.11.1
IcedTea 2.x below 2.0.1
Older versions may also be affected.
* Impact: denial-of-service
* Origin: java.util.zip
* Credit: Timo Warns (PRESENSE Technologies GmbH)
* CVE Identifier: CVE-2012-0501
Summary
---
The function countCENHeaders() in zip_util.c of the java.util.zip
implementation contains an off-by-one bug. The bug can be exploited via
corrupted ZIP files to cause an endless recursion. The endless recursion
results in a segmentation fault of the JVM.
The following assessment is based on the JDK sources available from
Oracle's website (jdk-6u23-fcs-src-b05-jrl-12_nov_2010.jar).
readCEN() in zip_util.c is used by java.util.zip to read the central
directory of ZIP files.
It reads the total number of entries from the ZIP file via the
ENDTOT field:
(543) total = (knownTotal != -1) ? knownTotal : ENDTOT(endbuf);
A corrupted ZIP file may have set the total number of entries to 0.
Alternatively, knownTotal may have been passed as a parameter with
value 0.
readCEN() iterates over all directory entries
(552) for (i = 0, cp = cenbuf; cp = cenend - CENHDR; i++, cp +=
CENSIZE(cp)) {
and recognizes an incorrect total field
(557) if (i = total) {
In this case, readCEN() counts the total number of fields via
countCENHeaders() before calling itself recursively
(561) cenpos = readCEN(zip, countCENHeaders(cenbuf, cenend));
However, countCENHeaders() has an off-by-one bug. It fails to count
an entry that is precisely CENHDR bytes long
(431) for (i = 0; i + CENHDR end - beg; i += CENSIZE(beg + i))
and returns 0 in this case.
Hence, readCEN() is called recursively with knownTotal = 0 resulting
in an endless recursion.
Solution
The issue was fixed in the following versions:
Oracle Java SE 7 Update 3
Oracle Java SE 6 Update 31
IcedTea6 1.8.13
IcedTea6 1.9.13
IcedTea6 1.10.6
IcedTea6 1.11.1
IcedTea 2.0.1
IcedTea 2.1
References
--
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
http://blog.fuseyism.com/index.php/2012/02/15/security-icedtea6-1-8-13-1-9-13-1-10-6-and-icedtea-2-0-1-released/
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2012-February/017233.html
http://blog.fuseyism.com/index.php/2012/02/15/icedtea-2-1-released-openjdk7-u3-release/
When further information becomes available, this advisory will be
updated. The most recent version of this advisory is available at:
http://www.pre-cert.de/advisories/PRE-SA-2012-01.txt
Contact
PRE-CERT can be reached under prec...@pre-secure.de. For PGP key
information, refer to http://www.pre-cert.de/.
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [Spanish] - Webinario gratuito - Ataques reales a sitios web de latinoamerica
Estimados, los invitamos a participar del proximo webinario que brindamos desde Exploit Pack: Fecha: Febrero, Sabado 18 - 20:30hs ( GMT -3:00 Hora Argentina ) Duracion: 1 hora Webinario gratuito - Ataques reales a sitios web de latinoamerica Link de registracion: http://www.anymeeting.com/PIID=EC51D983844F En el webinario vamos a buscar vulnerabilidades web en escenarios reales que nos propongan los asistentes. Los esperamos Saludos Juan Sacco Exploit Pack ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] nullcon CTF Battle Underground 2012 is on
We are back ! http://nullcon.net/battleunderground/ LaLa Land is going to wage war against Penguin Land. LaLa Land's newly founded National Hacker's Organization (NHO) is tasked to penetrate Penguin's Ice Headquarters (IHQ) and gather information about Penguin deployment plans and orbats. LaLa Land’s Technical LaLa Division decided to create Teams of Hackers in NHO and independently task them to gather as much information as possible. Your job as a respected member of LaLa Land’s NHO is to penetrate Penguin Land’s IHQ network and gather as much documents as you can which will earn you brownie points. Rules __ This is an open ended contest and the winner will be declared based on maximum score at the end of day 2. The winner will be contacted via the e-mail address they use for registration. Player need to create an account in order to participate in the challenge. Please use a valid email address as the account needs to be validated before you can start the fun. Only the First Person to complete challenge will win SANS SEC 504: Hacker Techniques, Exploits Incident Handling Class (worth $4095) Battle Underground (2012) does NOT give participants any legal permission to exploit http://nullcon.net or its hosting partner in a destructive manner . Any attack against the site or the hosted servers will be observed under general legal framework. The winner can claim his prize only after submission of very brief writeup (Vulnerability found) of the contest and his solution / approach The unofficial back channel for Battle Underground (2012) is irc.chat4all.org #nullcon Follow us on @nullcon for twitter updates. Cheers |\/|___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
