Gents, As announced in recent emails here, we have just released 13 0days and new offensive concepts against most of the tools currently used by web attackers, like web shells, exploit packs, etc, during our new talk at SyScan Singapore 2010 : http://www.syscan.org/Sg/speakers.html#012 We have given new methods to counter-strike intruders with our new exploits giving you remote shells, remote SQL injection, permanent XSS and dangerous XSRF, against remote tools used by attackers. It's time to have strike-back capabilities for real, and to have alternative and innovative solutions against those security issues. We have shown how to know, identify, exploit, neutralize or destroy attackers using those kind of tools. For example, we gave (some of) our 0days against known tools like Sniper Backdoor, Eleonore Exploit Pack, Liberty Exploit Pack, Lucky Exploit Pack, Neon Exploit Pack, Yes Exploit Pack... This was a way to explain that you can react when you are under attack. We hope that this will open a new way to think about IT Security worldwide, and that it might help people sometimes. Do not hesitate to contact TEHTRI-Security if you need technical assistance (pentests, incident handling, source code analysis, etc) with experts who know how work cyber conflicts for real, which is totally different from people who have clean certifications or who just masterize security research in labs... Here is the list of the 13 security advisories and 0days that we just released today. TEHTRI-SA-2010-023 - Vuln in NEON Exploit Pack. Permanent XSS+XSRF. TEHTRI-SA-2010-022 - Vuln in NEON Exploit Pack. SQL Injection. TEHTRI-SA-2010-021 - Vuln in YES Exploit Pack. Remote File Disclosure. TEHTRI-SA-2010-020 - Vuln in YES Exploit Pack. Permanent XSS+XSRF admin. TEHTRI-SA-2010-019 - Vuln in YES Exploit Pack. Remote SQL Injection. TEHTRI-SA-2010-018 - Vuln in LuckySploit Expl Pack. Remote control. TEHTRI-SA-2010-017 - Vuln in Liberty Exploit Pack. Permanent XSS+XSRF. TEHTRI-SA-2010-016 - Vuln in Liberty Exploit Pack. SQL Injection. TEHTRI-SA-2010-015 - Vuln in Eleonore Exploit Pack. Another SQL Inject. TEHTRI-SA-2010-014 - Vuln in Eleonore Exploit Pack. XSRF in admin panel. TEHTRI-SA-2010-013 - Vuln in Eleonore Exploit Pack. Permanent XSS. TEHTRI-SA-2010-012 - Vuln in Eleonore Exploit Pack. Remote SQL Inject. TEHTRI-SA-2010-011 - Vuln in Sniper_SA Web Backdoor. Remote File Disclos More explanations available on our web site: http://www.tehtri-security.com/en/news.php Do not hesitate to contact us directly if needed. Best regards, Take care. Laurent OUDOT - "TEHTRI-Security, This is not a game." CEO & Founder of TEHTRI-Security http://www.tehtri-security.com/
