- 16 Jul 2010
Just Arrived! - Max Pwnage
MWR Labs released Max Pwnage trading cards highlighting significant computer security vulnerabilities from the past 30 years. The cards are available to clients and conference attendees at multiple cybersecurity events in 2010. Max Pwnage is a fictional character representing the discovery and exploitation of computer system vulnerabilities.
-
Nils - 7 Jul 2010
Palm webOS 1.4.5 fixes security issue found by MWR InfoSecurity
Palm released webOS version 1.4.5 to address a security vulnerability discovered by MWR InfoSecurity. A detailed advisory will be published after most devices have been updated. The update is being distributed by mobile carriers.
- 2 Jun 2010
Brave New 64-Bit World
The whitepaper examines the transition from 32-bit to 64-bit computing architectures driven by increasing memory requirements. It explores potential security implications that arise when software is ported to 64-bit systems. The document highlights unexpected challenges that emerge during this technological shift.
- 2 Jun 2010
Journey to the Centre of the Breach
This whitepaper explores computer forensics techniques for investigating a server security breach. It details a case study of an FTP server incident, demonstrating how digital forensic methods can be applied to log file analysis and malware reverse engineering. The document highlights the broader application of forensic investigation techniques beyond law enforcement.
- 30 Mar 2010
CanSecWest 2010
CanSecWest 2010 was a cybersecurity conference featuring notable security research presentations and the Pwn2Own hacking contest. Presentations covered diverse topics including collaborative reverse engineering, fuzzing techniques, kernel vulnerabilities, and wireless device security. The Pwn2Own contest demonstrated successful exploits across multiple web browsers and mobile platforms.
- 8 Mar 2010
Video: How To Be An RSol: Effective Bug Hunting in Solaris - ShmooCon 2010
A video from ShmooCon 2010 presents a Ruby-based Solaris debugging library. The presentation includes a video and slides discussing the library and its proof-of-concept tools. Materials from the talk are available online for review.
- 5 Mar 2010
Presentation: ShmooCon 2010 - How To Be An RSol: Effective Bug Hunting in Solaris
Matt Hillman presented a research talk at ShmooCon 2010 about Solaris bug hunting techniques. The presentation demonstrated a Ruby-based debugging interface for Solaris that enables advanced software testing methods. The tool supports fault monitoring, code coverage, run tracing, code profiling, and fault injection.
- 18 Jan 2010
Solaris Debugging and Bug Hunting at ShmooCon 2010
Matt Hillman introduces RSol, a Ruby-based debugging tool for Solaris at ShmooCon 2010. The tool explores the effectiveness of DTrace for bug hunting and reverse engineering compared to traditional debugging techniques. RSol aims to become a comprehensive suite that combines debugging and DTrace-based methods.
- 14 Jan 2010
Adobe Reader Exploit on Vista and 7
A vulnerability in Adobe Reader affecting Vista and Windows 7 systems was discovered, impacting the "media.newPlayer" issue. The exploit functions reliably across multiple Adobe Reader versions, even with ASLR and DEP protections enabled. Disabling JavaScript and applying patches are recommended mitigation strategies.
- Luke Jennings
- 3 Dec 2009
DeepSec 2009 - Weapons of Mass Pwnage: Attacking Deployment Solutions
A presentation at DeepSec 2009 in Vienna explored security vulnerabilities in Symantec's Altiris Deployment Solution. Luke Jennings discussed potential weaknesses in enterprise deployment technologies. Presentation slides were made available to conference attendees.
- 3 Dec 2009
DeepSec 2009
DeepSec 2009 was a security conference in Vienna featuring diverse cybersecurity presentations. Talks covered topics including wireless keyboard sniffing, GSM encryption vulnerabilities, virtual machine rootkit detection, and browser attack surfaces. The conference provided insights into emerging security research and potential system vulnerabilities across various technological domains.
- Luke Jennings
- 3 Dec 2009
Weapons of Mass Pwnage: Attacking Deployment Solutions - DeepSec 2009
A presentation at DeepSec 2009 explored security vulnerabilities in Symantec's Altiris Deployment Solution. The talk by Luke Jennings examined potential weaknesses in enterprise deployment technologies. Presentation slides are available for download from the original source.