6. SVN is Dead
Our SVN server was constantly DDoS’d
● Sometimes unintentionally by dumb scrapers
SVN is kinda slow anyway
Big changes required lots more requests
Now we’re 100% on github
Yay two-and-a-half-nines!
7. Stable Updates
In an installer environment
● Updates about once per week
Development env is still easy to set up
● Tracks bleeding edge (master branch)
13. libupnp
“Intel/Portable SDK for UPnP Devices”
Seven, count ‘em SEVEN vulns in one function
Actual libupnp code:
strncpy( TempBuf, ptr1, ptr3 - ptr1 );
Trigger with one UDP packet
14. IPMI
Intelligent Platform Management Interface
Dan Farmer, HDM
Protocol, run by “Baseband Mgmt Controllers”
● iDrac, iLo, lots of others
Spec requires cleartext password storage
Design-level auth bypass
18. PhpEXE
Mixin for PHP code execution bugs
For ARCH_PHP payloads, just returns payload
For others, drops a proper executable
● Then tries to unlink it
30. Android Meterpreter
Kinda Proof-of-Concepty
● Requires APK installation
● Have to tap on a UI element
But still awesome
Most features work
● File manipulation
● Configuration stuff
● And Pivoting!
37. General Meterpreter Improvements
Updated to VS2012
● Much easier to build
Fixed a bug with Reflective DLL Injection
Fixed x64 reverse_https
Fixed stability issues with sniffer on x64
43. DB Creds for AuthBrute Modules
Lets you easily reuse creds
Pop a box, steal creds with mimikatz
● Or one of the many post modules
smb_login with them