www.notsosecure.com

Its that time of the year. If you are attending Infosec 2010 in London, it will be a good time to meet up. I will at stand G42. I will also be giving a talk titled:
Latest From the world of Hacking

The talk shows a number of recently released exploits in action. These include:
* Oracle 10g/11g DBMS_JVM_EXP_PERMS exploit
* ie aurora exploit
* KiTrap0D exploit (windows local privilege escalation)
* Java Web Start client side exploit
* Remote Code execution in SMB v2 (MS09-050)
* Linux Kernel 2.x sock_sendpage() Local Ring0 root exploit
* Some PDF exploits
…and many more…

See you there!

I have updated bsqlbf and the latest version (2.5), has the following 2 additions:

Type 7: is O.S code execution SYS.KUPP$PROC.CREATE_MASTER_PROCESS(), with DBA Privs (11g R1 and R2)
Type 8: is O.S code execution DBMS_JAVA_TEST.FUNCALL, with JAVA IO Permissions (10g R2, 11g R1 and R2)

For more details about these 2 attack vectors, please refer to the paper, Hacking Oracle From Web

Bsqlbf Homepage

Enjoy!