Dam Burst is a simple utility that allows an unprivileged user to disable the censorship functionality of the Green Dam Youth Escort software.

!damburst[](/damburst/images/small-logo.png)

Dam Burst operates by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and ...

What happens when a botnet operator decides to hold infected machines hostage and announces demands?  What organization is in charge of cyber-related hostage situations? What are the trade-offs of giving in to the demands?

Hostage-Related Cybercrime

We frequently see cybercriminals taking a page from traditional crime and adapting to their ...

In this post, we'll look at some kernel stack information disclosures in the getname() functions of several socket AFs recently discovered in the Linux kernel.

The Vulnerability

The getname() function of an address family in the kernel is used to retrieve information about a given socket.  This information, in ...

We just presented our PolyPack research today at the USENIX Workshop on Offensive Technologies (WOOT '09) in Montreal, Canada.  Links to the paper and presentation materials are after the jump.

Paper:
Presentation:

From the PolyPack website:

"PolyPack is a research project at the University of Michigan aimed at understanding the ...

Tinychat is a sweet site that allows for simple chat, video conferencing, and screencasting.  In this post, I'll detail how to hijack Tinychat screencasts by injecting images of your own.

I had played with Tinychat recently and decided to poke at it some more when mubix held a Metasploit-related ...