A broken marriage. Abusing mixed vendor Kerberos stacks

My first DEF CON talk was nerve-racking but something I would definitely put myself through again. In hindsight I should have submitted a 45-minute talk as there were some elements missing from what I presented, based on additional research since submitting the CFP. With that in mind, and for tho...

IBM Open Admin Tool SOAP welcomeServer PHP Command Injection

Added: 09/27/2017 CVE: CVE-2017-1092 BID: 98615 Background IBM Informix Dynamic Server IDS is an online transaction processing OLTP data server for enterprise and workgroup computing. Open Admin Tool OAT is an open source, platform-independent tool providing a graphical interface for administrati...

IBM Open Admin Tool SOAP welcomeServer PHP Command Injection

Added: 09/27/2017 CVE: CVE-2017-1092 BID: 98615 Background IBM Informix Dynamic Server IDS is an online transaction processing OLTP data server for enterprise and workgroup computing. Open Admin Tool OAT is an open source, platform-independent tool providing a graphical interface for administrati...

Attackers Mining Cryptocurrency Using Exploits for Samba Vulnerability

Unknown attackers are using a recently patched vulnerability in Samba to spread a resource-intensive cryptocurrency mining utility. To date, the operation has netted the attackers just under $6,000 USD, but the number of compromised computers is growing, meaning that a significant number of Samba...

Path Traversal

Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...