Dailydave mailing list archives
POC 2007 notes v 2
From: Dave Aitel <dave () immunityinc com>
Date: Fri, 16 Nov 2007 04:55:23 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There were a lot of good talks today - in particular GilGil's talk on a new tool, in the same vein as Cain and Able, called SnoopSpy2 (which he just open-sourced)[1]. Likewise the talk on Bios and VMWare vulnerabilities was interesting. Sun Bing had one demo where he got local Administrator on an XP SP2 guest by using a VMWare vulnerability (unreleased). He also had several guest->host escape techniques (VMWare dieing due to memory access failures and such) - no working PoC here, just crashes. He said (via translator, so it's possible there was confusion) that his bugs only affected VMWare Workstation and not VMWare ESX. The Bios tricks were interesting as well - essentially they were documentation on how to install useful Bios rootkits or perform a really annoying DoS by flipping one of the hardware bits (would require complete power drain to reset). - -dave [1] http://gilgil.springnote.com/pages/567395 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHPWkLtehAhL0gheoRAtVZAJ41xve/lXF/Z9CjLpoAFPZuJRrtWQCfXZ2T YytiSSkIQG8UzIRFoRhzOZs= =5Nbx -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- POC 2007 notes v 2 Dave Aitel (Nov 16)
- Re: POC 2007 notes v 2 Joanna Rutkowska (Nov 16)
- Re: POC 2007 notes v 2 Dave Aitel (Nov 16)
- <Possible follow-ups>
- Re: POC 2007 notes v 2 Rodrigo Rubira Branco (BSDaemon) (Nov 17)
- Re: POC 2007 notes v 2 Joanna Rutkowska (Nov 16)