Presentation | Download | Conferences | Date |
Hacking an altcoin node for ̶f̶u̶n̶ ̶a̶n̶d̶ profit | N/A | WarCon III | June 2018 |
I Got 99 Trends and a # is All of Them! How We Found Over 100 RCE Vulnerabilities in Trend Micro Software | pdf slideshare | Hack In The Box 2017 Amsterdam | April 2017 |
Augmented Reality in your web proxy | slideshare | HackPra Allstars - OWASP App Sec EU 2013 (Hamburg) | August 2013 |
Cross Context Scripting attacks and exploitation | slideshare | HackPra (Ruhr-Universität Bochum) | November 2012 |
Window Shopping: Browser Bug Hunting in 2012 | pdf . slideshare | Hack In the Box 2012 (Amsterdam) | May 2012 |
Bridging The Gap: Security and software testing | pdf . slideshare | ANZTB Test Conference 2011 (Auckland) | Mar 2010 |
Defending Against Application Level DoS Attacks | pdf . slideshare | OWASP New Zealand Day 2010 (Auckland) | Jul 2010 |
Exploiting Firefox Extensions | pdf . slideshare . video | OWASP AppSec Asia & SecurityByte 2009 (Gurgaon, IN) DEFCON 17 (Las Vegas, US) EUSecWest 2009 (London, UK) | Nov 2009 |
Reversing JavaScript | zip . slideshare | OWASP New Zealand Chapter | Mar 2009 |
None More Black: The Dark Side of SEO | pdf . slideshare | Ruxcon 2008 (Sydney, AU) Kiwicon II (Wellington, NZ) | Oct 2008 |
Browser Security | ppt . slideshare | OWASP New Zealand Chapter | Sep 2008 |
Black Energy 1.8 - Russian botnet package analysis | ppt . slideshare | Hack In The Bush (Internal Training) | May 2008 |
Web Spam Techniques | ppt . slideshare | OWASP New Zealand Chapter | Apr 2008 |
XPath Injection | ppt . slideshare | OWASP New Zealand Chapter | Feb 2008 |
Ajax Security | ppt . slideshare | OWASP New Zealand Chapter | Dec 2007 |
Alcatel Lucent Omnivista or: How I learned GIOP and gained Unauthenticated Remote Code Execution (CVE-2016-9796)
It is time for another advisory or better a blog post about Alcatel Lucent Omnivista and its vulnerabilities. Omnivista is a central management network tool and it is typically used in medium/large organisation with a complex VoIP/SIP infrastructure. Interestingly enough, this software belongs to the niche of "undownloadable" software and it requires a license to work as well. My "luck" came during an engagement where it was already installed and this post documents one of the many 0days discovered during such audit. The reasons why I wanted to dedicate a single blog post on this vulnerability are several. First, remote code execution (RCE) is always a sweet bug to show. Second, I strongly believe that documenting vulnerabilities in applications using old protocols and standards, respectively GIOP and CORBA, can be beneficial for the infosec community, since no many examples of vulnerabilities in such applications are available or published on the Interne