timb_machine: @4Dgifts http://www.vulnerabilitymarketingboard.com/ :)
timb_machine: @Treesiepops http://en.wikipedia.org/wiki/Birthday_problem
timb_machine: @TheOnlyEvil1 Pretty sure the DELETE etc are being they've implemented a RESTful API, not because they're doing WebDAV.
timb_machine: @nitr0usmx Once upon a time, I crashed the QNX TCP/IP stack process whilst fuzzing. Box wasn't much use till the reboot.
timb_machine: OH: "For setuid programs not run by the superuser, _RLD_ARGS is ignored." < no linker fun to be had :(
timb_machine: OH: "Java 1.3.1 is now the default for the system." < Bug hunting on Tru64
timb_machine: @SelsRoger I'd go further and it is unacceptable not to.
timb_machine: @angealbertini I've done a bit with this: https://github.com/presseverykey/everykey-sdk/blob/master/examples/usbraw/main.c
timb_machine: @angealbertini The NCC stuff isn't bad.
timb_machine: @mainframed767 That's the one, bless 'em.
timb_machine: @mainframed767, @SelsRoger RACF-L? I think I read the same thread...
timb_machine: @tqbf Nope.
timb_machine: @tqbf Evidence? Genuinely curious why you think PHP is a safer choice than Perl? http://ASP.NET not even on the list?
timb_machine: system("gencore " . $pid); # Dump the application core, extract the Oracle RDBMS creds, login directly as SYSDBA #pwningaixapps
timb_machine: @mainframed767 You had a look at the implementation yet>?
timb_machine: $newhash = kdfaes($desstring); # Welcome RACF, to the future^Wpresent: ftp://public.dhe.ibm.com/eserver/zseries/zos/racf/pdf/oa43999.pdf
timb_machine: $bugs += 0; # Always nice not to be credited
timb_machine: @sempf What about numeric injections?
timb_machine: .@matthew_benham My dad's great grandfather helped found the Bees. We lost him to cancer in Sept. Please carry on making us proud. #bees
timb_machine: @iamfrangipan It is. Am there. :)
timb_machine: @sempf What would you encode "1 or 1=1 or 1=" to?
timb_machine: @BrentfordFC Half and half scarves for the glory hunters?
timb_machine: close($week); # Roll on #brentfordfc vs Fulham
timb_machine: @nowisbaker LISD (Linux Is System D)
timb_machine: @jonbrownm Good. I have a web site I want you to work on :).
timb_machine: @tiraniddo The "Vulnerability Marketing Board " has a nice ring to it.
timb_machine: @timb_machine No logo yet though. :(
timb_machine: #1 http://www.bbc.co.uk/news/technology-30019976
timb_machine: $winshock = 3; # So far I count 3 bugs that are variously claiming to be "winshock". This is why we need CVE people.
timb_machine: @inj3ct0r Funny thing about that bug, compiler usage error. "-L/lib" is the name of the directory it looks for, I suspect they meant "/lib"
timb_machine: return ETOOMANYBUGS; # current count for last weeks testing is 357... best one, remote compromise of POS over USB bypassing code signing
timb_machine: @Dave_Maynor I'm sure it happens. Not been in that situation, so can't comment. Of course, UK/EU and US law vary considerably.
timb_machine: RT @portcullislabs By the looks of things, CVE-2014-3065 relates to a race condition on /tmp/javasharedresources and affects IBM JDK
timb_machine: @kevinmitnick So how do you approach testing the same app for different clients? Report the 0day only to the first client?
timb_machine: @4Dgifts ++
timb_machine: @jduck ACK.
timb_machine: @spacerog Agreed. Would be concerned if that were not the case. Clients often don't have the time/expertise to disclose anyway.
timb_machine: @matthew_d_green Encryption isn't just about C. I is equally important. Quite whether it directly affects A is debatable.
timb_machine: @securitea I know, I think I tweeted about that too? Just curious if CESG are unique in this matter?
timb_machine: $hell->freeze(); # Debian credits CESG: https://www.debian.org/security/2014/dsa-2984, any NSA (etc) credits out there?
timb_machine: @gentilkiwi Is there a reference for that, or have you just pulled apart the patch? Reminds me of the old VNC bug, if that's the problem.
timb_machine: @Meatballs__ Hopefully it will it be in MSF in 24 hours? cc: @hdmoore
timb_machine: @w1bble Remember when I asked you did when you weren't taking photos? :)
timb_machine: RT @portcullislabs @passingthehash, @obscuresec, @gentilkiwi http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
timb_machine: @passingthehash, @obscuresec, @gentilkiwi Kerberos Checksum Vulnerability - CVE-2014-6324
timb_machine: RT @portcullislabs Running "untrusted" Java code server side? Consider a sandpit: https://labs.portcullis.co.uk/blog/building-a-sandpit
timb_machine: $kerberos->escalate(@self, DOMAIN_ADMIN); # Liking the sound of MS14-068
timb_machine: @OSVDB Ta.
timb_machine: @osvdb Hmm, OSVDB doesn't appear to want to let me do a password reset :( I wanted to claim 114615 :(
timb_machine: @Viss POS etc on the same circuit as guest rooms.
timb_machine: @Viss If you run a hotel, probably want to check you can't dial in from hotel rooms.
timb_machine: bookmarks://xxxx.google.com/"><script>alert(document.domain)</script>; # CVE-2014-8600 PoC
timb_machine: @spun_off WebCore is based off KHTML, hence LGPL, no? cc: @SwissHttp
timb_machine: @sambowne IIRC, Google doesn't cache all content. Stale references to original images etc?
timb_machine: @digininja Probably better to use combination of real cards and officially recognised test numbers.
timb_machine: @pentestmonkey Used your reverse shell after popping an appliance over USB. A+, would root again!
timb_machine: @joernchen That had me and my team in stitches :)
timb_machine: @attifyme Mmmm, my favourite :)
timb_machine: // strip_tags($_GET["input"]); - We don't want to filter out tags as we're using them to render input :/ < Application actively supports XSS
timb_machine: @rantyben SSLapdash
timb_machine: @zyx2k We have physical tin :)
timb_machine: $project ++; # And they're off! The @portcullislabs SCADA lab is live and in the hands of the juniors #firstonetocrashthednp3wins
timb_machine: String SqlQuery = SqlHelper.Santise(Request.Params["query"]); // This doesn't do what we think it does < Said no developer, ever
timb_machine: @dcuthbert ++
timb_machine: @attrc Yeh, pretty much a given if you use WebKit/webview based apps.
timb_machine: @self->.,o("someone should port Debian to afl-gcc"); # Fuzz all the things
timb_machine: @0wasp Check the CRT requirements.
timb_machine: @0wasp http://www.crest-approved.org/wp-content/uploads/CRT_CCT-Syllabus-v1-5.pdf
timb_machine: RT @portcullislabs A stopped clock is right twice a day? Not this one: https://labs.portcullis.co.uk/presentations/how-many-bugs-can-a-time-server-have/
timb_machine: @MarioVilas Mwah. what's he done now?
timb_machine: @thedcdj @thetomcake says you're responsible for the only code that does anything aka the bugs ;)
timb_machine: @thetomcake 90% of your change is auto-formatting, 5% is a mistakenly committed Word document and 5% is bugs. #performancereview
timb_machine: RT @portcullislabs You can't even trust your own reflection these days: https://labs.portcullis.co.uk/blog/you-cant-even-trust-your-own-reflection-these-days/
timb_machine: @nickdepetrillo, @Dave_Maynor "Good" exploits are good. "Bad" exploits are bad.
timb_machine: @exploitdb http://www.exploit-db.com/exploits/35112/ looks pretty similar to https://www.nth-dimension.org.uk/downloads.php?id=83 :P
timb_machine: @Beesotted I'm going to be saying this a lot this season, but 5 generations into Brentford, *still* proud. Second half, they were excellent.
timb_machine: @domchell, @carnal0wnage In fairness I don't actually know, it came out of our US research team.
timb_machine: @carnal0wnage Just put a WAF in front of it, problem solved. \o/
timb_machine: @macavity23 #sadface
timb_machine: @i0n1c Utterly unreasonable that people want to run Intel code on AMD chipsets. #boycottcounterfeits #nukethemicrocode
SAP Transaction Codes
Patch to x3270 to make it ignore protected fields, and allow them to be modified. This provided some significant pwnage on an assessment where the mainframe (IMS) application appeared to pass the username from one field to another. I'm still researching
security - Exploitable PHP functions - Stack Overflow
Rechenzentrum Kreuznach - die AS/400-Profis
Configuration of hidden Sendmail SSL/TLS connection options « TriathlonMike
Native Extensions for Perl without Smoke and Mirrors
Deconstructing the Azure Point-to-Site VPN for Command Line usage - Diary Of A Ninja
Cryptographic flaws in Oracle Database authentication protocol | Marcel's Blog
OpenPGP Best Practices - Privacy and Authenticity Ou... - Riseup Labs - Groups - we.riseup.net
A brief look at the Acer ChromeBook #2
A brief look at the Acer ChromeBook #1
Dead bugs society
A brief look at the RIM PlayBook
Breaking cpau, a dummies guide
Bypassing the Android pattern lock
Exploiting the Linux linker
Dumping Samba hashes
Defcon 18 CTF qualifiers: who is the h4x13st h4x0r of them all