|
|
-
- 15 May 2012 News: to avoid problems with my hosters I have protected the poc, fakep and pwdrec folders with an empty password or a simple sequence of usernames/passwords. for the moment this is an experiment so I will know if it works or not only in the next weeks/months. the alternatives were protecting the single zip files or removing the executables
- 13 May 2012 Advisories: released full details and PoC of my FlexNet License Server vulnerabilities fnplm_1, fnplm_2 and lmgrd_1
- 13 May 2012 Advisories: additional details about the SuiteLink bug
- 13 May 2012 Advisories: Vulnerabilities in Pro-face Pro-Server EX 1.30
- 13 May 2012 Fake_players_bug: SA:MP invisible Fake Players DoS 0.1.9
- added compatibility with version 0.3e
- 11 May 2012 Advisories: Some bugs in QNX phrelay/phindows/phditto and Wonderware SuiteLink
- 01 May 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.12
- added some compression algorithms and fixed get line
- 30 Apr 2012 MyToolz: myRTP command-line interface 0.1
- basic tool that acts as an interface for the RTPatch patchw32.dll allowing to specify all the available options supported by this library
- 26 Apr 2012 MyToolz: wav4xm 0.1
- simple tool I have written to clean my PCM wave instruments used in FastTracker and other music trackers: convert to mono 16bit, normalization and remove initial/final silence
- 26 Apr 2012 MyToolz: DTMF2NUM 0.1d
- fixed a little bug in the normalization function
- 26 Apr 2012 News: libssp dependency
- I have recompiled the following tools to avoid the libssp dll dependency (caused by gcc -fstack-protector-all): ttarchext, dpa_1, irm_1, samsux_1, skulltagfp and zdaemonfp
- 25 Apr 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.11
- fixed -DDISABLE_SSL, added slz_03 and ntcompress30/40, filexor 0x11223344
- 25 Apr 2012 MyToolz: Proxocket 0.1.7a
- added -fno-omit-frame-pointer and disabled the capturing of data in recv with MSG_PEEK flag
- 25 Apr 2012 Research: Telltale TTARCH files extractor/rebuilder 0.1.13a
- added Walking Dead: A New Day
- 21 Apr 2012 Advisories: Endless loop in Samsung NET-i ware 1.37
- 19 Apr 2012 Advisories: Vulnerabilities in Samsung TV (remote controller protocol)
- 10 Apr 2012 Advisories: Denial of Service vulnerabilities in EMC IRM Server
- 05 Apr 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.10
- fixed a bug in the reimporting in case of filenames starting with slash/backslash, added the RCN recompression, allowed the usage of the secure free() with non secure allocated memory (otherwise it's not possible to free memory allocated by external libraries)
- 29 Mar 2012 Advisories: Denial of Service in EMC Data Protection Advisor 5.8.1
- 22 Mar 2012 Advisories: Vulnerabilities in RealPlayer and Novell ZENworks
- 21 Mar 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.9b
- fixed a rare bug with the binary type
- 21 Mar 2012 Research: Gslist 0.8.10d
- micro fix in the web interface
- 20 Mar 2012 Advisories: released advisory and proof-of-concept for ms11-093 (OLE type confusion in XP/2003)
- 19 Mar 2012 Research: Gslist 0.8.10c
- updated some components and added gsnatneg in the hearbeat function (-b), nothing new
- 19 Mar 2012 Research: GS natneg client 0.2
- partially rewritten and added experimental server-side code
- 19 Mar 2012 Research: Gamespy NAT negotiation plugin for Proxocket 0.1
- plugin for Proxocket for automatically applying the Gamespy NAT negotiation to existent tools
- 19 Mar 2012 Research: GS enctypeX servers list decoder/encoder 0.1.3b
- added some checks in enctypex_wrapper
- 17 Mar 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.9a
- fixed lzf recompression
- 16 Mar 2012 Advisories: Details about the ms12-020 proof-of-concept leak
- I'm trying to build a resume of the story about the Microsoft leak and its details, it will be updated everytime I have more details
- 16 Mar 2012 Advisories: Use-after-free in Microsoft Remote Desktop
- now that my proof-of-concept is out (yeah rdpclient.exe is the poc written by Microsoft in November 2011 using the example packet I sent to ZDI) I have decided to release my original advisory and proof-of-concept packet written the 16 May 2011... full-disclosure as usual :)
- 15 Mar 2012 Advisories: Code execution in Microsoft Remote Desktop (ms12-020) and vulnerabilities in GE iFix Profiy Historian and Portal
- only the links to the original advisories released by the vendors the 13th March
- 14 Mar 2012 Advisories: Directory traversal in Sockso 1.5
- 14 Mar 2012 Advisories: Vulnerabilities in Presto! PageManager 9.01
- 14 Mar 2012 Advisories: Denial of Service in EMC NetWorker 7.6 sp3
- 14 Mar 2012 Advisories: Denial of Service in Epson EventManager 2.50
- 11 Mar 2012 Research: Telltale TTARCH files extractor/rebuilder 0.1.13
- added the keys of Hector 102/103 and Law and Order Legacies
- 11 Mar 2012 MyToolz: Mydown 0.2.8 and mydownlib 0.2.6
- gzip fix, added proxy support and some enhancements
- 08 Mar 2012 TestingToolz: FindBits 0.2.2a
- fixed the -m option and allowed the visualization of the latest bits in the files (for example a file of one byte)
- 07 Mar 2012 Advisories: Directory traversal in NetDecision 4.6.1
- 02 Mar 2012 Advisories: Vulnerabilities in xArrow 3.2
- 02 Mar 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.9
- added some new compression algorithms, optimization and customization of the secure allocation functions (they can be disabled using the option -9, needed in some occasions due to some limitations of this feature), fixed a bug that specified an input folder in case of selection of multiple files
- 24 Feb 2012 Research: Unigine ung files extractor 0.1
- files extractor for the ung archives used by the Unigine game engine
- 21 Feb 2012 Advisories: Heap corruption in Unity 3d Web Player 3.2.0.61061
- 20 Feb 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.8
- added the Include command and some checks
- 18 Feb 2012 Advisories: Vulnerabilities in Psycle 1.10.0
- 16 Feb 2012 Advisories: Vulnerabilities in Novell GroupWise Messenger 2.1.0 and some quick bugs in XnView
- 12 Feb 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.7
- speed and resource optimizations for the memory
- 12 Feb 2012 News: website up & down
- my website is and has ever been aluigi.org from the 2006 so check your bookmarks because lately aluigi.altervista.org has continuos problems (temporary up & down from about 2 weeks). note that it's a backup/mirror website that I switch as primary when needed so using aluigi.org you will catch ever the working website or alternatively mirror.aluigi.org if the main one fails
- 09 Feb 2012 Advisories: Vulnerabilities in R4 1.25
- 09 Feb 2012 Advisories: Vulnerabilities in R2 1.65
- 02 Feb 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.6d
- customizations of the tea, xtea and xxtea algorithms and some fixes
- 28 Jan 2012 Research: Online cd-key verifier for games that use the Gamespy cd-key SDK 0.1.2a
- modified to meet the *printf %n out-of-standard in use from Windows Vista, it's a shame that I must modify a perfectly working program for this reason moreover because the tool is linked to msvcrt.dll and not 8.0 or 9.0... no comment
- 27 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.6c
- fixed a compability problem with the gcc optimizations regarding the patch for kzip
- 27 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.6b
- 27 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.6
- added various other compression algorithms and optimized the usage of kzip
- 23 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.5
- added the EXECUTE method for both Comtype and Encryption, String scanf/strstr/strrstr, various new compression algorithms, usage of kzip.exe in reimport mode if the compressed size is bigger than the original one, fixes and optimizations
- 17 Jan 2012 Advisories: Two Denials of Service in Rockwell RNADiagReceiver 2.40.0.12 (SCADA)
- just an old test I did in the far September 2011 and planned to do better when inspired, I have released it now only to free my bugs queue and return on this product later without rush
- 15 Jan 2012 Advisories: Directory traversal in NeoAxis Web Player 1.4
- 15 Jan 2012 MyToolz: Calcc 0.1.5
- added support for strings and chars, FILETIME/time64 visualization
- 11 Jan 2012 Advisories: some bugs in SumatraPDF and ExpressView
- 09 Jan 2012 QuickBMS: QuickBMS generic files extractor and reimporter 0.5.4a
- added a slower but more secure way to manage the allocated memory, it's a crazy experiment I had in mind and may help during the debugging of some scripts
- 09 Jan 2012 MyToolz: Signsrch 0.1.7
- added only the possibility of scanning folders, the rest is unchanged
- 09 Jan 2012 MyToolz: QuickRVA 0.2.3a
- micro fix if e_lfanew is minor than the size of IMAGE_DOS_HEADER and updated distorm library
- ... old news
|