I’ve put my DDT client-server script on GitHub, so that everyone can benefit from it if someone choose to use it. DDT stands for Dictionary-based Data Transfer, a form of substitution based data exfiltration technique and a proof-of-concept tool.
The site has been offline for a while, due to multiple factors - mainly lack of time. Also, my previous hosting service was straight up unusable, but that is taken care of. Hopefully I will be able to rebuild to a much simpler site, without WordPress and such. (Ain’t nobody got time for maintaining / securing that junk…)
I’ve submitted my CFP to this year’s BlackHat; I got a new technique and tool for DNS based exfiltration dubbed DDT.
There post is the detailed walkthrough of the 0-day vulnerability affecting one of ESC (Environmental Systems Corporation) device, namely the ESC 8832 Data Controller.
So I stumbled upon a webapp called pChart as part of one of my pentest. Turned out that there are some injection and XSS problems in the Example folder, that is present by default. I contacted the author, worked out the details of notification and publication; then here we are.
I had the pleasure to work with AlienVault; one aspect that I missed from it that it didn’t have a WebSense plugin that will handle the logs that I have forwarded from the WebSense appliance. So I wrote my own, so here it is below. There are 3 different files below, search for the ““SNIP”” string.
During my introduction to exploit development I started work on a small FTP server, see what I can find. What I found is fairly interesting; couple commands resulted in a Denial-of-Service condition under Win 7 x32 and x64. At the time of my research I have been unable to shove some shell code, jump etc into the thing. Time past and I got busy, so it is might still be there.