timb_machine: @sempf What about numeric injections?
timb_machine: .@matthew_benham My dad's great grandfather helped found the Bees. We lost him to cancer in Sept. Please carry on making us proud. #bees
timb_machine: @iamfrangipan It is. Am there. :)
timb_machine: @sempf What would you encode "1 or 1=1 or 1=" to?
timb_machine: @BrentfordFC Half and half scarves for the glory hunters?
timb_machine: close($week); # Roll on #brentfordfc vs Fulham
timb_machine: @nowisbaker LISD (Linux Is System D)
timb_machine: @jonbrownm Good. I have a web site I want you to work on :).
timb_machine: @tiraniddo The "Vulnerability Marketing Board " has a nice ring to it.
timb_machine: @timb_machine No logo yet though. :(
timb_machine: #1 http://www.bbc.co.uk/news/technology-30019976
timb_machine: $winshock = 3; # So far I count 3 bugs that are variously claiming to be "winshock". This is why we need CVE people.
timb_machine: @inj3ct0r Funny thing about that bug, compiler usage error. "-L/lib" is the name of the directory it looks for, I suspect they meant "/lib"
timb_machine: return ETOOMANYBUGS; # current count for last weeks testing is 357... best one, remote compromise of POS over USB bypassing code signing
timb_machine: @Dave_Maynor I'm sure it happens. Not been in that situation, so can't comment. Of course, UK/EU and US law vary considerably.
timb_machine: RT @portcullislabs By the looks of things, CVE-2014-3065 relates to a race condition on /tmp/javasharedresources and affects IBM JDK
timb_machine: @kevinmitnick So how do you approach testing the same app for different clients? Report the 0day only to the first client?
timb_machine: @4Dgifts ++
timb_machine: @jduck ACK.
timb_machine: @spacerog Agreed. Would be concerned if that were not the case. Clients often don't have the time/expertise to disclose anyway.
timb_machine: @matthew_d_green Encryption isn't just about C. I is equally important. Quite whether it directly affects A is debatable.
timb_machine: @securitea I know, I think I tweeted about that too? Just curious if CESG are unique in this matter?
timb_machine: $hell->freeze(); # Debian credits CESG: https://www.debian.org/security/2014/dsa-2984, any NSA (etc) credits out there?
timb_machine: @gentilkiwi Is there a reference for that, or have you just pulled apart the patch? Reminds me of the old VNC bug, if that's the problem.
timb_machine: @Meatballs__ Hopefully it will it be in MSF in 24 hours? cc: @hdmoore
timb_machine: @w1bble Remember when I asked you did when you weren't taking photos? :)
timb_machine: RT @portcullislabs @passingthehash, @obscuresec, @gentilkiwi http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
timb_machine: @passingthehash, @obscuresec, @gentilkiwi Kerberos Checksum Vulnerability - CVE-2014-6324
timb_machine: RT @portcullislabs Running "untrusted" Java code server side? Consider a sandpit: https://labs.portcullis.co.uk/blog/building-a-sandpit
timb_machine: $kerberos->escalate(@self, DOMAIN_ADMIN); # Liking the sound of MS14-068
timb_machine: @OSVDB Ta.
timb_machine: @osvdb Hmm, OSVDB doesn't appear to want to let me do a password reset :( I wanted to claim 114615 :(
timb_machine: @Viss POS etc on the same circuit as guest rooms.
timb_machine: @Viss If you run a hotel, probably want to check you can't dial in from hotel rooms.
timb_machine: bookmarks://xxxx.google.com/"><script>alert(document.domain)</script>; # CVE-2014-8600 PoC
timb_machine: @spun_off WebCore is based off KHTML, hence LGPL, no? cc: @SwissHttp
timb_machine: @sambowne IIRC, Google doesn't cache all content. Stale references to original images etc?
timb_machine: @digininja Probably better to use combination of real cards and officially recognised test numbers.
timb_machine: @pentestmonkey Used your reverse shell after popping an appliance over USB. A+, would root again!
timb_machine: @joernchen That had me and my team in stitches :)
timb_machine: @attifyme Mmmm, my favourite :)
timb_machine: // strip_tags($_GET["input"]); - We don't want to filter out tags as we're using them to render input :/ < Application actively supports XSS
timb_machine: @rantyben SSLapdash
timb_machine: @zyx2k We have physical tin :)
timb_machine: $project ++; # And they're off! The @portcullislabs SCADA lab is live and in the hands of the juniors #firstonetocrashthednp3wins
timb_machine: String SqlQuery = SqlHelper.Santise(Request.Params["query"]); // This doesn't do what we think it does < Said no developer, ever
timb_machine: @dcuthbert ++
timb_machine: @attrc Yeh, pretty much a given if you use WebKit/webview based apps.
timb_machine: @self->.,o("someone should port Debian to afl-gcc"); # Fuzz all the things
timb_machine: @0wasp Check the CRT requirements.
timb_machine: @0wasp http://www.crest-approved.org/wp-content/uploads/CRT_CCT-Syllabus-v1-5.pdf
timb_machine: RT @portcullislabs A stopped clock is right twice a day? Not this one: https://labs.portcullis.co.uk/presentations/how-many-bugs-can-a-time-server-have/
timb_machine: @MarioVilas Mwah. what's he done now?
timb_machine: @thedcdj @thetomcake says you're responsible for the only code that does anything aka the bugs ;)
timb_machine: @thetomcake 90% of your change is auto-formatting, 5% is a mistakenly committed Word document and 5% is bugs. #performancereview
timb_machine: RT @portcullislabs You can't even trust your own reflection these days: https://labs.portcullis.co.uk/blog/you-cant-even-trust-your-own-reflection-these-days/
timb_machine: @nickdepetrillo, @Dave_Maynor "Good" exploits are good. "Bad" exploits are bad.
timb_machine: @exploitdb http://www.exploit-db.com/exploits/35112/ looks pretty similar to https://www.nth-dimension.org.uk/downloads.php?id=83 :P
timb_machine: @Beesotted I'm going to be saying this a lot this season, but 5 generations into Brentford, *still* proud. Second half, they were excellent.
timb_machine: @domchell, @carnal0wnage In fairness I don't actually know, it came out of our US research team.
timb_machine: @carnal0wnage Just put a WAF in front of it, problem solved. \o/
timb_machine: @macavity23 #sadface
timb_machine: @i0n1c Utterly unreasonable that people want to run Intel code on AMD chipsets. #boycottcounterfeits #nukethemicrocode
timb_machine: @rootkovska Is it not a reference to the zone from which the file originated, which is embedded in an ADS: http://blogs.technet.com/b/askcore/archive/2013/03/24/alternate-data-streams-in-ntfs.aspx
timb_machine: @0x47DF :(
timb_machine: @kennwhite Your definition of non-essential appeared to be anything that wasn't part of the "user" facing service.
timb_machine: @kennwhite Best of luck updating it...
timb_machine: @bSr43 Ta. Great support.
timb_machine: @bSr43 Anyway to retrieve my Hopper license file, I forgot to pack it on this PC :(
timb_machine: @ioerror My interaction with Mike is second to none. Bigger, better funded browser teams do less with more IMO.
timb_machine: @2342 Great tip. To be clear, I like and respect the ethics policy of my current employer but always interesting to see other options.
timb_machine: @ioerror Long have I dreamed of having a security company with a clearly defined ethics brief to work on things like that.
timb_machine: @thedarktangent, @_defcon_ TAOSSA for security research + Stevens on TCP/IP
timb_machine: @vogon $pc > %rip :)
timb_machine: @chmod666, @chromeaix, @power_gaz, @mr_nmon Do IBM have a conference where I could talk on how and why admins get security wrong?
timb_machine: @SushiDude With more ambition, we could make 20K next year.
timb_machine: @SushiDude We're doing our bit to help reach this noble goal. #isupportCVE10K
timb_machine: @hubert3 Not sure, went through US advisory team. I will enquire.
timb_machine: $bugs ++; # Looks like the @portcullislabs US team just dropped a couple of XXE bugs in F5 BIG IP :)
timb_machine: <@twitter>; # Anyone think of a good way to leverage SysRq? Also have what looks like execute from USB MSC, but I don't know the filename :(
SAP Transaction Codes
Patch to x3270 to make it ignore protected fields, and allow them to be modified. This provided some significant pwnage on an assessment where the mainframe (IMS) application appeared to pass the username from one field to another. I'm still researching
security - Exploitable PHP functions - Stack Overflow
Rechenzentrum Kreuznach - die AS/400-Profis
Configuration of hidden Sendmail SSL/TLS connection options « TriathlonMike
Native Extensions for Perl without Smoke and Mirrors
Deconstructing the Azure Point-to-Site VPN for Command Line usage - Diary Of A Ninja
Cryptographic flaws in Oracle Database authentication protocol | Marcel's Blog
OpenPGP Best Practices - Privacy and Authenticity Ou... - Riseup Labs - Groups - we.riseup.net
A brief look at the Acer ChromeBook #2
A brief look at the Acer ChromeBook #1
Dead bugs society
A brief look at the RIM PlayBook
Breaking cpau, a dummies guide
Bypassing the Android pattern lock
Exploiting the Linux linker
Dumping Samba hashes
Defcon 18 CTF qualifiers: who is the h4x13st h4x0r of them all