Logo Infobyte
VOID
Home
About
Advisories
Develpments
Papers
Links
VOID VOID VOID
  Non-profit organization, dedicated to research, analysis topics like security, cryptography, forensic, electronics development, reverse engineering, science in general.  
void Advisories
  void
 
Red 07/02/08: PoC Novell GroupWise Messenger Client (GWIM) Remote
Francisco Amato - ISR-groupwisemsn.pl, simple fake groupwise msn server.
void Line
 
Red 12/14/07: PoC Novell Groupwise Client Remote Stack Overflow
Francisco Amato - Metasploit 2.7 and 3.0 modules.
void Line
 
Red 06/25/07: ISR-sqlget v.1.0.0
Francisco Amato - blind SQL injection tool developed in Perl. (demo)
void Line
 
Red 02/15/07: ISR-suntelnet 
Francisco Amato - Solaris automatic telnet vulnerability check.
void Line
 
Red 08/29/06: PoC / ActiveX Exploit
Francisco Amato - IBM ActiveX Code Execution
void Line
 
Red 08/14/06: ISR-Gvirtual v.1
Francisco Amato - information Gathering software, using Goggle API to discover vhosts.
sds
void  
 

ISR-evilgrade v1.0.0 

It's is a modular framework that allow us to take advantage of poor upgrade implementations by injecting fake updates.

More info:
Link http://www.infobyte.com.ar/down/ISR-evilgrade-Readme.txt
Link ISR-evilgrade presentation slides
Link Demo feature - (Java plugin + Dan Kaminsky Dns vulnerability) = remote pwned.


Download Button

Copyright 2008 Infobyte Security Research.