DEFT Linux v.6.1.1 Released

DEFT Linux v.6.1.1 Released

Computer Forensic Live Cd  

DEFT Linux 6 is based on the new Kernel 2.6.35 (Linux side) and the DEFT Extra 3.0 (Computer Forensic GUI) with the best freeware Windows Computer Forensic tools. DEFT it’s a new concept of Computer Forensic live system that use LXDE as desktop environment and WINE for execute Windows tools under Linux and mount manager as tool for device management. It is a very easy to use system that includes an excellent hardware detection and the best free and open source applications dedicated to incident response and computer forensics.  

DEFT is meant to be used by: police ,investigators ,system administrator, individuals and all the people who need to use forensic tool but don’t know the open source operative systems and the Forensic techniques.


FOCA v.3.0 Free Released

FOCA v.3.0 Free Released

This new version has new fresh look and feel, and it is full of new features that you will love to discover. If you want to learn more about FOCA, and Get FOCA 3 PRO, then you can book for a seat in the next online training about FOCA. It is going to be delivered on 4th of November in English and on 8th of November in Spanish. Both of them delivered by our FOCA father Chema Alonso. 

 In FOCA 3 PRO you will discover features focused in discovering vulnerabilities in web sites, which are completely new. If you booked for an online seminar about FOCA PRO in 2011 then you can get a seat with 50% OFF.   


ExploitMe Mobile vulnerable Android and iPhone Released

ExploitMe Mobile vulnerable Android and iPhone Released

The application contains both mobile web and mobile programming defects and we’ve outlined a set of labs and solutions online to guide you. This tool will help both mobile QA and mobile web developers to learn the kinds of weaknesses that exist in the mobile app space.

What you’re able to learn using ExploitMe Mobile:

– Parameter manipulation of traffic
– Insecure communications
– Weak password lock screens
– Insecure memory management
– Weak file system permissions
– Insecure storage of files
– Insecure logging of information

You can find the full blog overview here with source code links: 

ExploitMe Android Lab setup and walkthroughs:

ExploitMe iPhone Lab setup and walkthroughs:

JBoss Worm 0day

JBoss Worm 0day

A worm is making the round infecting JBoss application servers. JBoss is an open source Java based application server and it is currently maintained by RedHat. The worm exploits and older configuration problem in JBoss, which only authenticated GET and POST requests. It was possible to use other methods to execute arbitrary code without authentication. The problem has been fixed last year, but there are apparently still a number of vulnerable installs out there. If you do run JBoss, please make sure to read the instructions posted by RedHat here:

Analysis of the worm:


see also Good Bye Critical Jboss 0day

Metasploit Community Edition v.4.1

Metasploit Community Edition v.4.1

The user interface is based on the Metasploit Pro workflow and the introduction of the Analysis tab in 4.1 makes slicing and dicing large networks even easier. Just like Metasploit Pro, the free Community Edition provides a simple path for identifying targets, selecting an exploit, and launching it. Sessions can be managed through the user interface and have full access to the extensive post-exploit modules built into the Metasploit Framework. Although Metasploit Community Edition isn’t a replacement for Metasploit Pro by any means, its easy to use and leverages the quality-assured code base managed by the Rapid7 team.
More info:


DNS poisoning via Port Exhaustion

DNS poisoning via Port Exhaustion

Watchfire released a very interesting whitepaper which describes a DNS poisoning attack against stub resolvers.

It discloses two vulnerabilities:

A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote DNS poisoning using Java applets. This vulnerability can be triggered when opening a malicious webpage. A successful exploitation of this vulnerability may lead to disclosure and manipulation of cookies and web pages, disclosure of NTLM credentials and clipboard data of the logged-on user, and even firewall bypass.

A vulnerability in multiuser Windows environments which enables local DNS cache poisoning of arbitrary domains. This vulnerability can be triggered by a normal user (i.e. one with non-administrative rights) in order to attack other users of the system. A successful exploitation of this vulnerability may lead to information disclosure, privilege escalation, universal XSS and more.

Download Whitepaper:

Video Demo:

Bypassing Windows 7 Kernel ASLR

Bypassing Windows 7 Kernel ASLR

Windows 7 has a nice security about kernel space Many checks of size, integrity controls and access restrictions are available.For example the “security check” protect our stack if a string is used, many functions like “strcpy()” are deprecated (and some are disallowed) to force developers to have a secure coding.This is why, some attacks were presented as heap overflows in local exploitations (recently Tarjei Mandt)but we don’t see any remote exploitation like we saw in SRV.SYS or other drivers.This lack of remote exploits occurs partially because an ASLR (randomization of memory spaces) is enabled in kernel land. If a hacker doesn’t have any possibilities to jump and execute a payload (ROP, Jmp Eax …) exploitation of the bug isn’t possible. Only a magnificent BSOD could appear in most of the cases.This paper will try to explain how to bypass this protection and improve remote kernel vulnerabilities research!For the use of this document we will consider a remote stack overflow as the main vulnerability

Download PDF: