iAWACS 2010 : Rules of the PWN2KILL contest
*
http://www.esiea-recherche.eu/iawacs2010/
The PWN2KILL Contest aims at performing a comparative evaluation of
commercial
antivirus software against actual threats.
An actual threat can be defined as any threat that is
For those interested in shellcode: download and LoadLibrary shellcode has
some benefits over download execute shellcode. Read more about it here:
http://skypher.com/index.php/2010/01/11/download-and-loadlibrary-shellcode-released/
Cheers,
SkyLined
Berend-Jan Wever berendjanwe...@gmail.com
Good day all,
Give a few keys from me:
37e65b9f6a61bc3f
e2dcfc0b249e4a73
de744886da78d1ac
32bd48ed74ef30e5
858c1d2b83b2ec06
On Fri, 8 Jan 2010 16:42:33 -0400, d...@sucuri.net wrote:
I played with it a little yesterday and posted my thoughts (as well as
a summary of their whole scan)
Hi,
I see a lot of 'what the participants have to do' and 'what the
participants have to give away', but I don't see anywhere what the
winner/s of the contest would win in all this.
Where can I find that information? in order to decide if it is worth
participating or not.
Thanks in
Hi Anthony,
AD The PWN2KILL Contest aims at performing a comparative evaluation of
AD commercial
AD antivirus software against actual threats.
AD An actual threat can be defined as any threat that is operationnally
AD viable.
The challenge is rather large and the goals not really clear, based of
:end
Hi all readers,
Just releasing a very small tool I wrote called Durzosploit.
Durzosploit is a javascript exploits generator framework that works through
the console. This goal of that project is to quickly and easily generate
working exploits for cross-site scripting vulnerabilities in
Surge in Skype Spam activity. http://tinyurl.com/yc38trm
http://tinyurl.com/yc38trm
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
h, shall I click a tinyurl coming from a f-d poster?
n/n, pick one
this is email, not twitter. if you're sharing a legitimate link, there's no
reason not to directly link to it.
2010/1/11 Chen Levkovich chen.levkov...@securityextension.com
Surge in Skype Spam activity.
It’s harmless, he’s just blowing his own company’s horn. Speaking of spam…
h, shall I click a tinyurl coming from a f-d poster?
n/n, pick one
this is email, not twitter. if you're sharing a legitimate link, there's no
reason not to directly link to it.
2010/1/11 Chen Levkovich
Hah, I see what you did there.
Sent from my iPhone
On 11 Jan 2010, at 13:43, Larry Seltzer la...@larryseltzer.com
wrote:
It’s harmless, he’s just blowing his own company’s horn.
Speaking of spam…
h, shall I click a tinyurl coming from a f-d poster?
n/n, pick one
this is email,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I did but I use Firefox + NoScript in a vm for such things.
Admittedly still risky especially if the site pedals a certain kind of porn and
is on a watch list.
I know I should really chain proxy or TOR to such links. Unfortunately this
occurred to
dramacrat wrote:
h, shall I click a tinyurl coming from a f-d poster?
n/n, pick one
this is email, not twitter. if you're sharing a legitimate link, there's no
reason not to directly link to it.
Whilst I agree entirely with these sentiments, at least tinyurl has a
(I thought
On Monday 11 January 2010 14:32:06 dramacrat wrote:
h, shall I click a tinyurl coming from a f-d poster?
n/n, pick one
this is email, not twitter. if you're sharing a legitimate link, there's no
reason not to directly link to it.
2010/1/11 Chen Levkovich
Hello all,
Every long journey begins with a small step….
As requested, with full URL
Chen
http://www.securityextension.com/securitylab
From: Larry Seltzer [mailto:la...@larryseltzer.com]
Sent: Monday, January 11, 2010 3:44 PM
To: dramacrat; Chen Levkovich
Cc:
On Thu, Jan 7, 2010 at 7:20 PM, Maksymilian Arciemowicz
c...@securityreason.com wrote:
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
CVE: CVE-2009-0689
CWE: CWE-119
Risk: High
Remote: Yes
I tested doing printf
It's spelled synergy.
---
Jef
Jef Poskanzer j...@mail.acme.com http://acme.com/jef/
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Hello Full-Disclosure!
Yesterday I wrote the article XSS vulnerabilities in 34 millions flash files
(http://websecurity.com.ua/3842/), and here is English version of it.
In December in my article XSS vulnerabilities in 8 millions flash files
(http://websecurity.com.ua/3789/) I wrote, that there
[Full-Disclosure] Mailing List Charter
John Cartwright jo...@grok.org.uk
- Introduction Purpose -
This document serves as a charter for the [Full-Disclosure] mailing
list hosted at lists.grok.org.uk.
The list was created on 9th July 2002 by Len Rose, and is primarily
concerned with
On Mon, 11 Jan 2010 12:45:33 +0100, Thierry Zoller said:
Apparently proactive detection rules can simply be ignored based on
the assumption a grandma will click yes anyways.(below) I am not
sure thought a grandma really provides the incentive to create custom
code in real life ;)
http://kiserai.net/turl.pl
Tiny URL decoder. I was going to send the TinyURL decoder in a TinyURL, but
I’m just not that motivated atm. ☺
t
From: full-disclosure-boun...@lists.grok.org.uk
[mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Larry Seltzer
Sent: Monday, January 11,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:293-1
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:227-1
http://www.mandriva.com/security/
Speaking of spam, please find attached a SPAM message I received as of late.
It shows an example of the latest spam attacks, with a touch of ingenuity.
However, I believe lots need to be done to make it more credible,
including perhaps passing the message through a spell check first.
Maybe we
*spelt
On Sun, Jan 10, 2010 at 9:21 PM, Jef Poskanzer j...@mail.acme.com wrote:
It's spelled synergy.
---
Jef
Jef Poskanzer j...@mail.acme.com http://acme.com/jef/
___
Full-Disclosure - We believe in it.
Charter:
Or you can also use:
http://sucuri.net/?page=toolstitle=check-url
Which checks any short URL and also run them through site advisor and
google safe browsing
to see what they think of it...
--dd
On Mon, Jan 11, 2010 at 2:08 PM, Thor (Hammer of God)
t...@hammerofgod.com wrote:
XSS Vulnerability in Active Calendar 1.2.0
Discovered by Martin Barbella martybarbe...@gmail.com
Description of Vulnerability:
-
Active Calendar is PHP Class, that generates calendars (year, month or
week view) as a HTML Table (XHTML-Valid). (From:
Or spelled.
http://dictionary.reference.com/browse/spelled
--On Monday, January 11, 2010 12:46:29 -0600 Benji m...@b3nji.com wrote:
*spelt
On Sun, Jan 10, 2010 at 9:21 PM, Jef Poskanzer j...@mail.acme.com wrote:
It's spelled synergy.
---
Jef
Jef Poskanzer ...@mail.acme.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2009:241-1
http://www.mandriva.com/security/
http://www.schneier.com/blog/archives/2010/01/tsa_logo_contes.html
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
On 1/11/2010 3:26 AM, Chen Levkovich wrote:
Surge in Skype Spam activity.http://tinyurl.com/yc38trm
http://tinyurl.com/yc38trm
If only your site actually said anything about the spam... Like what
kind of viruses the software they're pedaling is infected with or
something. Useless post is
Yo MustDie,
Post your shit here:
http://www.exploit-db.com/
They love XSS.
2010/1/11 MustLive mustl...@websecurity.com.ua
Hello Full-Disclosure!
Yesterday I wrote the article XSS vulnerabilities in 34 millions flash
files
(http://websecurity.com.ua/3842/), and here is English version of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:001
http://www.mandriva.com/security/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
___
Mandriva Linux Security Advisory MDVSA-2010:002
http://www.mandriva.com/security/
Joshua Levitsky wrote:
On Thu, Jan 7, 2010 at 7:20 PM, Maksymilian Arciemowicz
c...@securityreason.com mailto:c...@securityreason.com wrote:
[ MacOS X 10.5/10.6 libc/strtod(3) buffer overflow ]
Author: Maksymilian Arciemowicz and sp3x
http://SecurityReason.com
CVE:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Welcome to 2010! We are proud to announce the immediate availability of
our newly ?reborn? HITB ezine! You can grab your digital copies here:
https://www.hackinthebox.org/misc/HITB-Ezine-Issue-001.pdf
As some of you may know, we?ve previously had an
I have not checked this issue in macos 10.4. In MacOS 10.1 does not
work. But the perl script (in macos 10.5)
Chujwamwmuzg.pl ---
#!/usr/local/bin/perl
printf % 0.4194310f, 0x0.0x41414141;
Chujwamwmuzg.pl ---
will crash with
esi = 0x41414141
edi = 0x15
Other bugs in libc also work on new
36 matches
Mail list logo