More recent applications, scripts or whitepaper will currently not be released.
bgrab is a bash-written script to scan single hosts or network ranges for webserver banners. Those banners will be highlighted with BEL or color if matches a pregiven array of strings. It just makes use of `netcat' and includes logging functionalities. It was designed to scan for CVE-2013-2028 (nginx stack-based buffer overflow) vulnerability.
x360tool is designed for anyone who wants to check your(!) XBOX 360 game ISO with abgx360 for validity and to burn your(!) XBOX 360 game ISO to a DL DVD.
AD Eventlog is an application for configuring and setting parameters for Active Directory Logging in a graphical interface.
BitDefender for Mail Servers Malware Detection Bypass
Advisory of a vulnerability in BitDefender for Mail Servers, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error when parsing attachments and can be exploited via a specially crafted UUencoded mail with multiple attachments. Successful exploitation causes malware in an attachment to pass the scanning functionality undetected. The vulnerability has been reported in engine versions 1.6.1 and prior for Linux and FreeBSD.
zigstack is for hardening the TCP/IP Stack (e.g. against DoS-Attacks) of Windows NT, 2000, XP, 2003-based workstations and servers.
xxpoof is a tool, which is designed to send spoofed packets with destination and source port of your choice. Just give the tool any destination address, where the spoofed packets will be send to. The user can also control the delay between the packets sent and the number of packets to send.
ipcshares can deactivate (or activate) the so-called IPC$-shares of WindowsNT, 2000 & XP computers. Those shares are enabled by default and can pose a security risk.
igmpflood is a simple tool for sending malformed IGMP packets to test the hardening of a target address.
RCON plaintext password exposure
RCON protocol is used to administrate your Half-Life/Counter- Strike Server. This advisory shows that it transmits the administrator password in plaintext over the wire.
CATCHiNG THE AiR STUFF (German)
A paper describing the basics, functionalities and security weaknesses in the IEEE 802.11 (WLAN) standard. Includes a CLI wifi scanner running on Linux/UNIX.
IIS anonymous lockout
Advisory on a default account used by the Microsoft IIS webserver for anonymous access which can be locked out. With this a website can be remotely shut down.
IIS ism.dll HTR truncation
Advisory affecting Microsoft IIS webserver 4/5 by calling ISM.DLL which allows appending a set of charaters to force the webserver to display the source code of the requested file.
This document shows an attacking technique which allows to misuse secured connection like SSL.
SNiFFiNG FAQ (German)
This document describes how network sniffing works and how it can be used.