Secdev - Thierry Zoller

CVE-2010-2568 - LNK Code execution - Proof of concept (Update)

noreply@blogger.com (Thierry Zoller) — Sun, 18 Jul 2010 13:14:00 +0000

Subscribe to the RSS feed in case you are interested in updates Ivanlef0u released a POC for the exploit used in targeted attacks :http://ivanlef0u.nibbles.fr/repo/suckme.rar More...

Security news : http://blog.zoller.lu

You got pwned - The song

noreply@blogger.com (Thierry Zoller) — Fri, 16 Jul 2010 17:47:00 +0000

Subscribe to the RSS feed in case you are interested in updates I am pretty confident this song will win the pwnie award this year : Credit Drraid - Download :...

Security news : http://blog.zoller.lu

Top 10 Vulnerability Researcher 2009

noreply@blogger.com (Thierry Zoller) — Wed, 17 Mar 2010 17:09:00 +0000

Subscribe to the RSS feed in case you are interested in updates Thanks @edisoar for the hint: IBM ISS collected information about the researches that discovered and published most...

Security news : http://blog.zoller.lu

Videos of IDF Nominees in "Excellence in Visual Art"

noreply@blogger.com (Thierry Zoller) — Tue, 02 Mar 2010 17:07:00 +0000

Subscribe to the RSS feed in case you are interested in updates The Independant Games Festival is taking place right now, the Indie games [1] below have been nominated in the category...

Security news : http://blog.zoller.lu

New Paper: SSL/TLS Hardening and Compatibility report 2010

noreply@blogger.com (Thierry Zoller) — Thu, 18 Feb 2010 15:23:00 +0000

Subscribe to the RSS feed in case you are interested in updates Copied from the post over at G-SEC: At last. What started as an "I need an overview of best practise in SSL/TLS configuration"...

Security news : http://blog.zoller.lu

SSL/TLS Audit - New tool

noreply@blogger.com (Thierry Zoller) — Wed, 17 Feb 2010 09:22:00 +0000

Subscribe to the RSS feed in case you are interested in updates Developed as part of G-SEC's investigation into the "Secure SSL/TLS configuration Report 2010" (to be published) we developed this...

Security news : http://blog.zoller.lu

TLS / SSLv3 renegotiation vulnerability explained - NEW update

noreply@blogger.com (Thierry Zoller) — Wed, 18 Nov 2009 14:16:00 +0000

Subscribe to the RSS feed in case you are interested in updates I updated the whitepaper "TLS / SSLv3 vulnerability explained" : Updated 18.11.2009 : Added SMTP over TLS attack scenario, added...

Security news : http://blog.zoller.lu

New SSLv3 / TLS vulnerability - MITM attacks possible

noreply@blogger.com (Thierry Zoller) — Thu, 05 Nov 2009 13:12:00 +0000

Subscribe to the RSS feed in case you are interested in updates In order to allow me to update in a more convenient manner, the latest updates will be added to the G-SEC blog only. Once the...

Security news : http://blog.zoller.lu

Computer Associates multiple products - RCE

noreply@blogger.com (Thierry Zoller) — Tue, 13 Oct 2009 14:59:00 +0000

Subscribe to the RSS feed in case you are interested in updates I released another advisory today, the affected products are from Computer Associates who I'd like to thank for the cooperation...

Security news : http://blog.zoller.lu

Derren Brown guessed the lottery numbers - afterwards

noreply@blogger.com (Thierry Zoller) — Sat, 12 Sep 2009 13:38:00 +0000

Subscribe to the RSS feed in case you are interested in updates Derren Brown, the NLP master and magician "predicted" the Lotterie numbers Live on TV and promised to tell on Friday how he...

Security news : http://blog.zoller.lu

You get what you pay for

noreply@blogger.com (Thierry Zoller) — Fri, 11 Sep 2009 15:31:00 +0000

Subscribe to the RSS feed in case you are interested in updates On a more non-technical note, I stumbled across this offer from a "renowed luxemburgish recruitment agency." I am not sure what part...

Security news : http://blog.zoller.lu

IIS 5&6 FTP vulnerability - information and tools (KB975191)

noreply@blogger.com (Thierry Zoller) — Wed, 02 Sep 2009 11:46:00 +0000

Subscribe to the RSS feed in case you are interested in updates I wrote a small summary and facts about the recent IIS5&6 FTP 0day, note that te vulnerable part of the code can be reached without...

Security news : http://blog.zoller.lu

New advances in Office malware analysis

noreply@blogger.com (Thierry Zoller) — Thu, 30 Jul 2009 22:47:00 +0000

Subscribe to the RSS feed in case you are interested in updates http://blog.g-sec.lu/2009/07/new-advances-in-officeexcelpowerpoint.html Dear Anti virus vendors, Your clients are getting...

Security news : http://blog.zoller.lu

Advisory : One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....

noreply@blogger.com (Thierry Zoller) — Wed, 15 Jul 2009 18:18:00 +0000

Subscribe to the RSS feed in case you are interested in updates [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....

Security news : http://blog.zoller.lu

0pen0wn.c - Shellcode "dissasembled"

noreply@blogger.com (Thierry Zoller) — Tue, 14 Jul 2009 16:43:00 +0000

Subscribe to the RSS feed in case you are interested in updates Rumor had it that the anti-sec group was using a OpenSSH 0day, str0ke today linked to an URL that supposedly has the exploit code to...

Security news : http://blog.zoller.lu

Advisories - FPROT,Clamav

noreply@blogger.com (Thierry Zoller) — Tue, 16 Jun 2009 10:57:00 +0000

Subscribe to the RSS feed in case you are interested in updates [TZO-33-2009] FPROT generic bypass (TAR)[TZO-40-2009] Clamav generic bypass (RAR,ZIP,CAB)[TZO-34-2009] FPROT generic bypass...

Security news : http://blog.zoller.lu

Advisories: Apple, F-prot, Norman,Ikarus, Kaspersky

noreply@blogger.com (Thierry Zoller) — Tue, 09 Jun 2009 13:03:00 +0000

Subscribe to the RSS feed in case you are interested in updates [TZO-30-2009] Kaspersky generic PDF evasion (update: Kaspersky got in touch) [TZO-31-2009] Ikarus generic evasion...

Security news : http://blog.zoller.lu

Correlated list of advisories

noreply@blogger.com (Thierry Zoller) — Sun, 31 May 2009 08:45:00 +0000

Subscribe to the RSS feed in case you are interested in updates. I took some time to correlate and collect the attributed VDB IDs to them : 2009 [TZO-01-2009] Multiple Avira Antivir Denial of...

Security news : http://blog.zoller.lu

Advisory - Firefox Denial of service (Keygen)

noreply@blogger.com (Thierry Zoller) — Thu, 28 May 2009 00:19:00 +0000

[TZO 27-2009] Firefox Denial of Service (Keygen) I have received interesting and mixed feedback from posting the above "bug". First I'd like to clarify that a vulnerability is measured by the impact...

Security news : http://blog.zoller.lu

About the different risk ratings of Anti-virus bypasses

noreply@blogger.com (Thierry Zoller) — Tue, 26 May 2009 19:02:00 +0000

As you may or may not know, I reported quite some Anti-virus bypasses and evasions lately. Most of them have been categorised and rated by vulnerability database maintainers, such as NIST, Secunia,...

Security news : http://blog.zoller.lu

Advisories - Firefox DoS (unclamped loop)

noreply@blogger.com (Thierry Zoller) — Tue, 26 May 2009 11:57:00 +0000

[TZO-26-2009] Firefox DoS (unclamped loop) forced disclosure

Security news : http://blog.zoller.lu

IIS 5 / IIS 5.1 / IIS 6 Webdav unicode - the bug that won't die ?

noreply@blogger.com (Thierry Zoller) — Mon, 25 May 2009 20:00:00 +0000

This is just in : As it appears the IIS 5 / IIS 5.1 / IIS 6 Webdav unicode bug also allows to bypass IP/Domain filters if any are in place. Whoops. So in summary : bypasses...

Security news : http://blog.zoller.lu

RSA and DSA - misconceptions and usefull information

noreply@blogger.com (Thierry Zoller) — Sat, 23 May 2009 12:49:00 +0000

This post is nothing new, for some it might be. At least I consider it important enough to re-publish this information for those fiddling with RSA / DSA and keys that were used to generate affected...

Security news : http://blog.zoller.lu

Advisories : Panda multiple evasions

noreply@blogger.com (Thierry Zoller) — Fri, 22 May 2009 13:36:00 +0000

[TZO-24-2009] Panda generic evasion (CAB)[TZO-25-2009] Panda generic evasion (TAR)Why two advisories for one vendor? Read here.

Security news : http://blog.zoller.lu

Advisories - Avira, Bitdefender generic PDF evasion

noreply@blogger.com (Thierry Zoller) — Mon, 18 May 2009 15:12:00 +0000

New advisories : [TZO-22-2009] Avira Antivir generic evasion (PDF) [TZO-23-2009] Bitdefender generic evasion (PDF) FYI: Similar PDF evasions have been discovered in the wild by Didier Stevens

Security news : http://blog.zoller.lu