[Dailydave] POC 2007 notes v 2
Dave Aitel
dave at immunityinc.com
Fri Nov 16 04:55:23 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There were a lot of good talks today - in particular GilGil's talk on a
new tool, in the same vein as Cain and Able, called SnoopSpy2 (which he
just open-sourced)[1].
Likewise the talk on Bios and VMWare vulnerabilities was interesting.
Sun Bing had one demo where he got local Administrator on an XP SP2
guest by using a VMWare vulnerability (unreleased). He also had several
guest->host escape techniques (VMWare dieing due to memory access
failures and such) - no working PoC here, just crashes. He said (via
translator, so it's possible there was confusion) that his bugs only
affected VMWare Workstation and not VMWare ESX. The Bios tricks were
interesting as well - essentially they were documentation on how to
install useful Bios rootkits or perform a really annoying DoS by
flipping one of the hardware bits (would require complete power drain to
reset).
- -dave
[1] http://gilgil.springnote.com/pages/567395
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHPWkLtehAhL0gheoRAtVZAJ41xve/lXF/Z9CjLpoAFPZuJRrtWQCfXZ2T
YytiSSkIQG8UzIRFoRhzOZs=
=5Nbx
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list