Stephen Reese

Blocking evil with the Enhanced Mitigation Experience Toolkit EMET

While experimenting with EMET I decided to put together a little presentation demonstrating how it can be used to prevent exploitation of a known threat to Acrobat Reader. The presentation first demonstrates the exploit using Metasploit, provides some high level analysis and then goes on to describe how EMET can …

Insecure Library Loading Could Allow Remote Code Execution

Note this is an older post that I am migrating from another blog I previously maintained. Metasploit has already provide a nice write up of the pwning, I mean testing the vector http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html. It does involve a bit of prep work but I …

Keeping your hardware safe and avoiding the evil maid

This installment is about keeping your notebook and other technology items safe. I was recently asked what the Defcon locks were for that I have been distributing with the new notebooks. I jokingly said to keep people from taking your monitor and chair from your desk while your on travel …

Using metasploit to pwn MS06-067

In a graduate course I was taking, our professor wanted us to tool around with the Metasploit project. This tool makes quick work of exploiting vulnerabilities. After the client takes the opens the link, I ran ‘ipconfig’ to ensure I had remote connectivity. Here a shell that I ran ‘ipconfig …

SQL injection attack on a PostgreSQL database (t_jiaozhu)

A web server running Apache 2 and PostgreSQL was successfully compromised using a SQL injection vulnerability. I first noticed there was a new table in one of our PostgreSQL databases named ‘t_jiaozhu’. public t\_jiaozhu table postgres The table wasn not something that myself or our developer had created so …