Resources

Below you will find links to the Advisories, Presentations, and Whitepapers that have been publicly released by Insomnia Security team members.

Insomnia cockroach icon
Advisory icon

Intel PROSet Wireless Elevation of Privilege

Advisory  |  25.07.2019

Advisory for CVE-2018-12177, that details a local elevation of privilege vulnerability within the iWrapper.exe component of Intel PROSet/Wireless driver suite.

Advisory  |  25.07.2019
Presentation icon

Cloud Catastrophes

Presentation  |  21.02.2019

Presentation around a number of common security issues with cloud deployments, presented at OWASP NZ Day 2019 by Mike Haworth.

Presentation  |  21.02.2019
Presentation icon

Router Hacking

Presentation  |  25.10.2018

Presentation by Ben Knight at CHCon 2018, detailing various vulnerabilities he identified in a number of embedded devices he had recently reviewed.

Presentation  |  25.10.2018
Presentation icon

The Path To Ring-0

Presentation  |  25.03.2018

Debasis Mohanty provides an in-depth overview of exploitation of Windows Kernel vulnerabilities.

Presentation  |  25.03.2018
Presentation icon

In Certificates we Trust

Presentation  |  24.02.2018

Presentation given by Mark Piper, at CrikeyCon, about the use cases of certificate transparency logs. video

Presentation  |  24.02.2018
Presentation icon

Rails Derailed

Presentation  |  05.02.2018

Presentation given by Tim Goddard on detection and exploitation of Rails insecurities.

Presentation  |  05.02.2018
Presentation icon

Deserialisation - What Could Go Wrong?

Presentation  |  04.02.2016

Presentation given by Brendan Jamieson at OWASP New Zealand Day, 2016 on deserialisation vulnerabilities.

Presentation  |  04.02.2016
Presentation icon

Modern Corporate Wifi Rustling

Presentation  |  15.12.2015

Presentation given by Chris Smith at Kiwicon 2015 on exploiting EAP-MSCHAPv2 via wireless clients.

Presentation  |  15.12.2015
Presentation icon

Practical PHP Object Injection

Presentation  |  15.12.2015

Presentation given by Brendan Jamieson at Kiwicon 2015 on finding and exploiting PHP Object Injection vulnerabilities.

Presentation  |  15.12.2015
Advisory icon

OpenCFP RCE Advisory

Advisory  |  30.06.2015

Pre-authentication remote code execution in the OpenCFP web application.

Advisory  |  30.06.2015
Presentation icon

PHP Magic Tricks-Type Juggling

Presentation  |  26.02.2015

Presentation given by Chris Smith at OWASP Day 2015 on PHP Type Confusion issues.

Presentation  |  26.02.2015
Advisory icon

IBM Jazz Team Server RCE Advisory

Advisory  |  03.03.2014

CVE-2014-0862, pre-authentication remote code execution in IBM Jazz Team Server suite.

Advisory  |  03.03.2014
Presentation icon

Rop and Roll

Presentation  |  20.11.2012

Presentation given at Kiwicon 2012 on some method of rop chain mutation.

Presentation  |  20.11.2012
Presentation icon

Post Exploitation Process Continuation

Presentation  |  30.04.2012

Presentation given at SyScan 2012 on some methods of process continuation after exploit execution.

Presentation  |  30.04.2012
Presentation icon

Fruit, why you so low?

Presentation  |  11.10.2011

Presentation given at hack.lu 2011 on the practicality, implementation and effect of datamining country-scale network targeting databases, in NZ and beyond.

Presentation  |  11.10.2011
Whitepaper icon

LFI With PHPInfo Assistance

Whitepaper  |  06.09.2011

Whitepaper explaining how PHPInfo can be used to assist with the exploitation of LFI vulnerabilities on PHP.

Whitepaper  |  06.09.2011
Advisory icon

Pidgin

Advisory  |  22.08.2011

Pidgin IM Insecure URL Handling Remote Code Execution

Advisory  |  22.08.2011
Presentation icon

Concurrency Vulnerabilities

Presentation  |  18.07.2011

Presentation given at OWASP NZ Day 2011 on web application concurrency vulnerabilities.

Presentation  |  18.07.2011
Advisory icon

IGSS SCADA System

Advisory  |  27.04.2011

ODBC service remote overflow leading to denial of service or code execution.

Advisory  |  27.04.2011
Advisory icon

Up.Time

Advisory  |  27.04.2011

Administration Interface Authentication Bypass Vulnerability

Advisory  |  27.04.2011
Presentation icon

DEP in Depth

Presentation  |  08.12.2010

Presentation given at Ruxcon about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.

Presentation  |  08.12.2010
Presentation icon

The Shell Game

Presentation  |  01.11.2010

Presentation and demo tools from the Kiwicon 4, "The Shell Game", which addressed non-root "rootkits" on Linux. Discussion and demos of process hiding (in-place replacement, thread-injection) and file hiding (via inotify racing) from root as a non-privileged user.

Presentation  |  01.11.2010
Advisory icon

EasyManage CMS

Advisory  |  30.07.2010

Multiple SQL injection Vulnerabilities were discovered in this locally developed CMS system.

Advisory  |  30.07.2010
Presentation icon

Don't Try This At Home

Presentation  |  20.07.2010

OWASP NZ Day Presentation discussing various 'not so common' application vulnerabilities. Plenty of bad code examples and some coverage of steps you can take to prevent these.

Presentation  |  20.07.2010
Presentation icon

DEP in Depth

Presentation  |  18.06.2010

Presentation given at Syscan about bypassing DEP. Includes notes on SEH thread suspension, Heap Segment metadata exploitation, and a walkthrough of an exploit for MYSQL.

Presentation  |  18.06.2010
Presentation icon

Hacking Citrix

Presentation  |  07.07.2009

Presentation given at Syscan about Citrix Insecurities. The presentation covers off a standard Citrix implementation and some of the flaws that are commonly seen. It was accompanied with a live demonstration which included hacking into a citrix install and gaining domain adminstrator access.

Presentation  |  07.07.2009
Presentation icon

Common Application Flaws

Presentation  |  01.11.2008

Presentation given at the November OWASP NZ meeting, providing a basic introduction to the OWASP top 10 and common application flaws.

Presentation  |  01.11.2008
Presentation icon

Heaps About Heaps

Presentation  |  01.07.2008

Presentation documenting various heap exploitation techniques that can be used against Windows 2003 servers. This presentation details entries in the heap header, and explains mutliple exploitation techniques including an improved version of the lookaside list attack. As a bonus it also provides a step by step example of exploiting a heap based overflow on Windows 2003 including static addresses that can be used to obtain execution context.

Presentation  |  01.07.2008
Whitepaper icon

Access Through Access

Whitepaper  |  01.05.2008

Whitepaper covering some technical details of MS Jet exploitation. Topics include MS Access Default Tables, SQL Injection and Jet Vulnerabilities. Builds on the existing publically available research and has become a concise point of information for hacking access databases.

Whitepaper  |  01.05.2008
Presentation icon

Increasing The Value Of Penetration Testing

Presentation  |  01.04.2008

Presentation and whitepaper discussing some ways for a customer to increase the value of a penetration test. Explains, from the viewpoint of both parties, what should be expected from each when a penetration test is undertaken. What should expect as an outcome, and how to get more for you money, are all questions answered within.

Whitepaper download link

Presentation  |  01.04.2008
Advisory icon

Symantec - Altiris Deployment Server Escalation of Privileges

Advisory  |  10.03.2008
Advisory  |  10.03.2008
Advisory icon

Symantec - Altiris Notification Server Escalation of Privileges

Advisory  |  06.02.2008
Advisory  |  06.02.2008
Presentation icon

Exploiting Freelist[0] On XPSP2

Presentation  |  01.12.2005

This paper explains techniques of using exploiting freelist[0] overwrites to bypass the protection measures introduced with Windows XP Service pack 2. This leads to exploitation of other functionality within the heap management code to gain execution control after a chunk header has been overwritten.

Presentation  |  01.12.2005
Presentation icon

SBDA - Same Bug, Different App

Presentation  |  01.10.2005

This presentation explains some trends with vulnerabilities that researchers should realise in the relationships between reported vulnerabilities that could be used to help speed up the discovery of new vulnerabilities. It includes the methodology used that led to the discovery of vulnerabilities such as fp30reg.dll overflow, nsiislog.dll overflow, and many more. This is the version shown at Bluehat and includes full presentation notes. Whitepaper download link

Presentation  |  01.10.2005
Whitepaper icon

Bugger The Debugger

Whitepaper  |  01.04.2005

This whitepaper discusses techniques in which malware can execute code within a debugger during the load period, before control is handed back to the user. These techniques could be used as anti-debugging methods, or to run different code paths if a debugger is detected.

Whitepaper  |  01.04.2005
Presentation icon

Windows Shatter Attacks

Presentation  |  01.07.2004

Presentation on windows shatter attacks that was given at the Blackhat conference. This presentation was based off research done while producing the shattering by example whitepaper, and includes multiple examples of shatter attacks in various forms.

Presentation  |  01.07.2004
Whitepaper icon

0x00 vs ASP File Uploads

Whitepaper  |  01.07.2004

This whitepaper explains how the ASP FileSystemObject can be exploited when uploading a file with a NULL byte included in the filename. This problem arises when data is compared and validated in ASP script but not validated by the underlying lower level calls.

Whitepaper  |  01.07.2004
Whitepaper icon

Shattering By Example

Whitepaper  |  01.10.2003

Whitepaper detailing various windows shatter attacks against multiple windows controls and API calls.

Whitepaper  |  01.10.2003