by Julien Ahrens | Friday, July 25, 2014 | Certifications
Now Mario meets Luigi….or what’s a bind without a reverse shellcode? I’ve spend some extra time again to reduce the shellcode size and make it fully register aware, so that this shellcode could handle every exploit-scenario. It’s therefore...
by Julien Ahrens | Sunday, July 13, 2014 | Certifications
Do you like uncommon challenges? At least I do, and that’s the reason why I’ve signed up for the SecurityTube Linux Assembly Expert training. But what’s this all about ? The founder Vivek Ramachandran summarizes it best: The SecurityTube Linux...
by Julien Ahrens | Saturday, May 31, 2014 | Exploit
During the last few days a lot of nice Remote Exploits have been released over at Exploit-DB by one of my followers Harold aka superkojiman targeting applications by EFS Software Inc. First of all: Kudos to Harold, you did a really nice job :-)! As I...
by Julien Ahrens | Saturday, April 26, 2014 | Advisory
The German Magix Software GmbH rewarded me with a Hall of Fame listing and a free Magix Music Maker 2014 Premium license for my reports of several serious security issues in the online infrastructures of magix.com and xara.com, which...
by Julien Ahrens | Thursday, March 13, 2014 | Advisory, Exploit
I’ve discovered another 0day Remote Code Execution flaw in a CNET.com Top10 software of its category, which has been downloaded more than 6 million times right now. Affected Versions and CVSS I’ve successfully verified the vulnerability in the following...
by Julien Ahrens | Sunday, March 2, 2014 | Exploit
I’ve published another security advisory about a remote code execution vulnerability with a CVSS score of 10,0 today. Affected are all available versions of the GetGo Download Manager, so if you’re still using this software you should immediately switch to...
by Julien Ahrens | Wednesday, February 19, 2014 | Exploit
I’m focusing on exploit development at the moment and it’s time to raise the level to my personal next challenge: I’ve rm -rf’ed my Windows XP virtual machine! Now I’m happy to announce and document my first full VirtualProtect() ROP...
by Julien Ahrens | Tuesday, January 21, 2014 | Advisory
It’s 2014 and I have to tidy up my discovery archive a bit 😉 . Before joining the Internetwache.org project I have coordinated all found vulnerabilities by myself and these are the last ones which have been fixed in late 2013. All further website-based...
by Julien Ahrens | Saturday, January 4, 2014 | News
Hello Readers, The rocket landed in Hamburg again 🙂 ! I’ve attended the last Chaos Communication Congress in December and need to say thank you to the organizers of the congress who did a really awesome job (again) on bringing together geeks, freaks, hackers and...
by Julien Ahrens | Wednesday, November 27, 2013 | Exploit
Hello readers, Pop a calculator here, pop one there! I’m focusing on exploit development at the moment, because I love calculators ;-). My exploit targets the vulnerability described in CVE-2013-3934: Stack-based buffer overflow in Kingsoft Writer 2012...