I found a cute bug in Skype which allows command line argument injection, through the Skype: URI handler. It was fixed today by Skype, and a patch has been issued.. You can read more about the bug under the advisories page.
More Citrix Support! More Kiosk 0day, more Linux support...iKAT has now become the #1 Kiosk security testing tool in the world, welcome to the land of shells.
My talk from Kiwicon (Hacking Scientists) was broadcast by Pat @ Risky.biz, you can listen to it here..
Kiwicon III is just around the corner, bringing the best of the New Zealand hacker elite together for our own national hacker confrence. This year i will be presenting on how to "Hack a Scientist". *gulp* this should be really fun! Kiwicon is possibly the best security confrence in the southern hemisphere and always has top notch content. Look out for presentations from my colleagues Carl Purvis and Blair Strang, who will also be dropping more 0day than a russian on amphetamins. Dont miss out!
At Shakacon 2009 in sunny hawaii, i released iKAT v2.0, - The Interactive Kiosk Attack Tool ,v2!. Now with support for Linux, Firefox based Kiosks and more Windows tricks. Hope you enjoy it.
I also made my first attempt at reporting on the event through the Risky.Biz security podcast! Was a great chance to ask some of the other speakers a few more tricky questions,
If you have never been to hawaii you should really go to Shakacon, great confrence, very nice atmosphere and some very solid presnetations.
I will be speaking at the FST Media Internet Banking confrence in Sydney and Melbourne in late March. My talk is on "Gaining value From Penetration Testing", a slightly more buisness focused talk, compared to my usual 'shell-popping-madness' talks. If any .AU hackers want to catch up, drop me a line.
Bugs, bugs, more bloody bugs. Multiple Flash CS3 and MX2004 heap overflows in malformed SWF files. Multiple vulnearbilities were discovered which ONLY effect the Flash authoring products from Adobe, NOT the Flash player. The player seems to use a completly diffrent memory allocation routine, compared to Flash authoring applications. You can find the offical advisory here and the Adobe advisory here.
My talk from Kiwicon 08 ("The Paul Craig Omnibus") was been pod-casted by Patrick Gray at RiskyBuisness, you can download the entire talk here. The talk includes the Moth trojan release (well worth hearing), and my adventures of stealing information for botnets for fun (not profit).For those of you who didnt venture to Kiwicon '08, i would highly suggest it for next years con, Kiwicon is by far one of the best security confrences in the world..
Plus we got sheep.
I will be speaking at Hack.Lu (OCT 22-24) and Hack In The Box Malay (OCT 27-28th). My talk is on Hacking Internet Kiosks, and demonstrating my tool iKAT (Interactive Kiosk Attack Tool) in action.
If i am in your part of the world, i highly reccomend you pop by, say hi and watch the show. Otherwise checkout iKAT under the projects section.
The Moth trojan is a POC trojan which is implements WMI event consumers as a unique method of malicious code deployment. The trojan itself is a party trick, and uses the Microsoft Text To Speech API to verbally abuse you as you try and find it. The trojan is a real gimmic and is not a serious peice of malicious code, but a demonstration of a new method of hiding code inside native Windows functionality.
The Moth was offically released at Kiwicon 08 (what a party..).
For more information check the projects page!
At Defcon 16 i offically released iKAT - The Interactive Kiosk Attack Tool. iKAT was designed to hack Kiosks in a fast and easy manor, and it works! I released the tool, along with a lengthy talk on Kiosk security and was astounded by the response. iKAT was capable of poping shell anywhere in Las Vegas in less than 10 seconds. Needless to say iKAT saw alot of action at Defcon, as you can see from the photo on the right (The Kiosk at the Riverra, see the shell?).
iKAT should (obviously) only be used by security consultants, security professionals or by people who have authorisation.