Insomnia Releases

The research team at Insomnia are constantly researching security vulnerabilities, exploitation techniques and other aspects of information security. We adhere to a responsible disclosure policy and work closely with vendors to assist them in resolving security issues reported by us.

Recent Releases

August 12 2008		VMWare - VirtualCenter User Account Disclosure VMWare have released an update that fixes a user account disclosure vulnerability in VirtualCenter.
July 31 2008		PuttyHijack V1.0 PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.
July 09 2008		Microsoft SQL Server - Corrupt Backup File Heap Overflow Microsoft has released a patch for a heap overflow vulnerability in MS SQL Server 2005.
July 07 2008		Heaps About Heaps Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers.
June 18 2008		Symantec - Altiris Notification Server Agent Privilege Escalation Symantec released a patch for a shatter attack vulnerability in the Notification Agent.
May 16 2008		Symantec - Altiris Deployment Solution Two security advisories released.
May 01 2008		Access Through Access Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities.
April 09 2008		Increasing The Value Of Penetration Testing Presentation and whitepaper discussing some ways for a customer to gain more value when getting a penetration test conducted.
February 12 2008		InsomniaShell.aspx InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.

Insomnia Releases

Recent Releases

August 12 2008

VMWare - VirtualCenter User Account Disclosure
VMWare have released an update that fixes a user account disclosure vulnerability in VirtualCenter.

July 31 2008

PuttyHijack V1.0
PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

July 09 2008

Microsoft SQL Server - Corrupt Backup File Heap Overflow
Microsoft has released a patch for a heap overflow vulnerability in MS SQL Server 2005.

July 07 2008

Heaps About Heaps
Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers.

June 18 2008

Symantec - Altiris Notification Server Agent Privilege Escalation
Symantec released a patch for a shatter attack vulnerability in the Notification Agent.

May 16 2008

Symantec - Altiris Deployment Solution
Two security advisories released.

May 01 2008

Access Through Access
Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities.

April 09 2008

Increasing The Value Of Penetration Testing
Presentation and whitepaper discussing some ways for a customer to gain more value when getting a penetration test conducted.

February 12 2008

InsomniaShell.aspx
InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.

HOME

ABOUT US

OUR SERVICES

RELEASES

CONTACT US

Insomnia Releases

Recent Releases

August 12 2008

VMWare - VirtualCenter User Account DisclosureVMWare have released an update that fixes a user account disclosure vulnerability in VirtualCenter.

July 31 2008

PuttyHijack V1.0PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

July 09 2008

Microsoft SQL Server - Corrupt Backup File Heap OverflowMicrosoft has released a patch for a heap overflow vulnerability in MS SQL Server 2005.

July 07 2008

Heaps About HeapsPresentation documenting various heap exploitation techniques that can be used against Windows 2003 servers.

June 18 2008

Symantec - Altiris Notification Server Agent Privilege EscalationSymantec released a patch for a shatter attack vulnerability in the Notification Agent.

May 16 2008

Symantec - Altiris Deployment SolutionTwo security advisories released.

May 01 2008

Access Through AccessWhitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities.

April 09 2008

Increasing The Value Of Penetration TestingPresentation and whitepaper discussing some ways for a customer to gain more value when getting a penetration test conducted.

February 12 2008

InsomniaShell.aspxInsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.

HOME

ABOUT US

OUR SERVICES

RELEASES

CONTACT US

VMWare - VirtualCenter User Account Disclosure
VMWare have released an update that fixes a user account disclosure vulnerability in VirtualCenter.

PuttyHijack V1.0
PuttyHijack is a POC tool that injects a dll into the Putty process to hijack an existing, or soon to be created, connection. This can be useful during penetration tests when a windows box that has been compromised is used to SSH/Telnet into other servers.

Microsoft SQL Server - Corrupt Backup File Heap Overflow
Microsoft has released a patch for a heap overflow vulnerability in MS SQL Server 2005.

Heaps About Heaps
Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers.

Symantec - Altiris Notification Server Agent Privilege Escalation
Symantec released a patch for a shatter attack vulnerability in the Notification Agent.

Symantec - Altiris Deployment Solution
Two security advisories released.

Access Through Access
Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities.

Increasing The Value Of Penetration Testing
Presentation and whitepaper discussing some ways for a customer to gain more value when getting a penetration test conducted.

InsomniaShell.aspx
InsomniaShell is a tool for use during penetration tests, when you have ability to upload or create an arbitrary .aspx page. This .aspx page is an example of using native calls through pinvoke to provide either a reverse shell or a bind shell.