Blog Entries

Linux Kernel getname() Stack Memory Disclosures

August 29th, 2009

In this post, we’ll look at some kernel stack information disclosures in the getname() functions of several socket AFs recently discovered in the Linux kernel.

Read the rest of this entry »


PolyPack at USENIX WOOT ’09

August 10th, 2009

We just presented our PolyPack research today at the USENIX Workshop on Offensive Technologies (WOOT ’09) in Montreal, Canada.  Links to the paper and presentation materials are after the jump.

Read the rest of this entry »


Hijacking Tinychat Screencasts

July 12th, 2009

Tinychat is a sweet site that allows for simple chat, video conferencing, and screencasting.  In this post, I’ll detail how to hijack Tinychat screencasts by injecting images of your own.

Read the rest of this entry »


Analysis of a Trojaned ssh/sshd

June 30th, 2009

Some information about a trojaned ssh client and sshd server discovered in a recent compromise.  I didn’t find any details on this particular OpenSSH backdoor via Google, so hopefully this information will be of use to anyone who runs into it on their boxes.

Read the rest of this entry »


udev Local Privilege Escalation

April 20th, 2009

A recent bug found by Sebastian Krahmer in udev has considerable security impact across a wide range of Linux distributions.

Read the rest of this entry »


Panera Gift Card Security

April 15th, 2009

A bit of information on Panera Bread’s gift card security, or lack thereof.

Read the rest of this entry »


dpkt Tutorial #4: AS Paths from MRT/BGP

March 25th, 2009

Previously we looked at creating ICMP echo requests, parsing a PCAP file, and doing DNS spoofing with the dpkt framework.  Today I will show how to parse the AS paths of BGP messages out of MRT routing dumps.

Read the rest of this entry »


ARBSEC 01 Wrap-Up

March 7th, 2009

ARBSEC 01 was a great success!  Thanks for everyone who came out, Bar Louie for hosting, and dugsong for taking some pictures!  Be sure to join us for future ARBSEC meetings, the first Wednesday of each month.

Read the rest of this entry »


ARBSEC Officially Launched

February 19th, 2009

ARBSEC, a CitySec-style meetup for security professionals in the Ann Arbor area, has been officially launched!  Our first meeting, ARBSEC 01, will be at 6:00pm on March 4th at Bar Louie in Ann Arbor.

Read the rest of this entry »


dpkt Tutorial #3: DNS Spoofing

December 20th, 2008

In our first and second dpkt tutorials, we looked at the simple construction and parsing of packets respectively.  Our third tutorial combines both parsing and construction of packets in a single utility for performing DNS spoofing (a la dsniff’s dnsspoof).

Read the rest of this entry »