Posts | Archive

Disabling Green Dam with Dam Burst

Dam Burst is a simple utility that allows an unprivileged user to disable the censorship functionality of the Green Dam Youth Escort software.

!damburst[](/damburst/images/small-logo.png)

Dam Burst operates by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and ...


Hostage Taking Botnets

What happens when a botnet operator decides to hold infected machines hostage and announces demands?  What organization is in charge of cyber-related hostage situations? What are the trade-offs of giving in to the demands?

botnet-ransom

Hostage-Related Cybercrime

We frequently see cybercriminals taking a page from traditional crime and adapting to their ...


Linux Kernel getname() Stack Memory Disclosures

In this post, we'll look at some kernel stack information disclosures in the getname() functions of several socket AFs recently discovered in the Linux kernel.

The Vulnerability

The getname() function of an address family in the kernel is used to retrieve information about a given socket.  This information, in ...


PolyPack at USENIX WOOT '09

We just presented our PolyPack research today at the USENIX Workshop on Offensive Technologies (WOOT '09) in Montreal, Canada.  Links to the paper and presentation materials are after the jump.

woot09

Paper:
Presentation:

From the PolyPack website:

"PolyPack is a research project at the University of Michigan aimed at understanding the ...


Hijacking Tinychat Screencasts

Tinychat is a sweet site that allows for simple chat, video conferencing, and screencasting.  In this post, I'll detail how to hijack Tinychat screencasts by injecting images of your own.

I had played with Tinychat recently and decided to poke at it some more when mubix held a Metasploit-related ...

Copyright © 2015 - Jon Oberheide <jon at oberheide dot org>.