Hi. I'm Derek. You may know me from IRC and SILC as S or super. I've created this page as a central repository for my research and code that has accumulated over the years as well as various other things that I find interesting. Enjoy.
.,,uod8B8bou,,.
..,uod8BBBBBBBBBBBBBBBBRPFT?l!i:.
,=m8BBBBBBBBBBBBBBBRPFT?!||||||||||||||
!...:!TVBBBRPFT||||||||||!!^^""' |||| _________________
!.......:!?|||||!!^^""' |||| / __ \
!.........|||| |||| .--------. | (__) |
!.........|||| ## |||| / .------. \ | |
!.........|||| |||| / / \ \ | .-----. .--. |
!.........|||| |||| | | | | | | | / \ |
!.........|||| |||| | |________| | | '-----' \ / |
!.........|||| |||| .' |_| |_| '. | | | |
`.........|||| ,|||| '._____ ____ _____.' | LI LI LI | | |
.;.......|||| _.-!!||||| | .'____'. | | LI LI LI | | |Oo
.,uodWBBBBb.....|||| _.-!!|||||||||!:' '.__.'.' '.'.__.' | LI LI LI | | |`Oo
!YBBBBBBBBBBBBBBb..!|||:..-!!|||||||!iof68BBBBBb.... '.__ | YALE | __.' | LI LI LI | | | Oo
!..YBBBBBBBBBBBBBBb!!||||||||!iof68BBBBBBRPFT?!:: `. | '.'.____.'.' | | | | | Oo
!....YBBBBBBBBBBBBBBbaaitf68BBBBBBRPFT?!::::::::: `. '.____'.____.'____.'LGB | .------. / \ | oO
!......YBBBBBBBBBBBBBBBBBBBRPFT?!::::::;:!^"`;::: `. '.________________.' | | | \ / | Oo
!........YBBBBBBBBBBRPFT?!::::::::::^''...::::::; iBBbo. | '------' '-oO | oO
`..........YBRPFT?!::::::::::::::::::::::::;iof68bo. WBBBBbo. | .---Oo | Oo
`..........:::::::::::::::::::::::;iof688888888888b. `YBBBP^' | || ||`Oo oO
`........::::::::::::::::;iof688888888888888888888b. ` | |'--'| | OoO
`......:::::::::;iof688888888888888888888888888888b. | '----' |
`....:::;iof688888888888888888888888888888888899fT! jgs \_________________/
`..::!8888888888888888888888888888888899fT|!^"'
`' !!988888888888888888888888899fT|!^"'
`!!8888888888888888899fT|!^"'
`!988888888899fT|!^"'
`!9899fT|!^"'
`!^"'
| ircII DCC Buffer Overflow | They finally fixed it 3 years later.. Exploits are here.. |
| RedHat Linux 6.[01] userhelper exploit | A dlopen() directory traversal in PAM; Jay Beale used this exploit in his Attacking and Securing FTP Servers presentation at BlackHat. |
| napstir.c | Download arbitrary files from a machine running gnapster or DoS knapster.. |
| CFMXDC | Exclusive! Never before seen code: ColdFusion MX Password Decrypter -- I wrote this for fun when I first started consluting at @stake |
| Linux ncpfs local | Read the first line of /etc/passwd (the entry for root) with a set-uid root Netware-compatability binary for Linux.. |
| Directory Traversal in IronWebMail | This was the only advisory I released during my tenure with Sementec. |
| Lenovo SystemUpdate SSL Certificate Issuer Spoofing | The first-ever official advisory released by Security Objectives.. |
| Cygwin Installation and Update Process can be Subverted | Another software update process related advisory |
| PartyGaming PartyPoker Malicious Update | < dp> ah, and thus it begins... the week of updater bugs |
| cgiaudit | Old school web application security scanner |
| Linux 2.2 Stealth Patch | Kernel module that defeats NMap OS fingerprinting |
| randsrc | Source address randomizer for TCP connections |
| porkbind | Recursive multi-threaded nameserver security scanner |
| shadyshell | Bind a UDP port shell |
| /bin/su trojan | Capture passwords given to su |
| jadestone | Recursively decompile Java class files compiled with newer JDK versions Fixes the following jad error: Parsing a.class...The class file version is 48.0 (only 45.3 and 46. 0 are supported) JavaClassFileParseException: Class file version mismatch Bus Error (core dumped) |
| vhosts.sh | Print out virtual hosts |
| l.cc | Obfuscated C++ code; one of my personal favorites.. |
| super shell | Okay, so it's really not that "super." It's a simple UNIX shell written in C with job control and background processing. |
| Two-Pass Auxiliary Pairing Heap | An efficient data structure |
| touch.s | SPARC assembly instructions that call creat() |
| specdna.c | Oligonucleotide Sequence Generator |
| OS/400 Login | Menu shown after logging into an IBM AS/400 mainframe |
| Solaris on a SunFire | X11 on a Sun Microsystems mainframe |
| Linux Afterstep | Afterstep desktop captured with xv |
| Cenzic's SANS Contest Winner | I clicked a banner ad (something I rarely do) on SecurityFocus, took a quiz, and ended up winning a trip to Vegas! |
| Exploit code targets Mac OS X, iTunes, Java, Winzip... | This one has do with my vulnerability research on client-siding software updates.. |
| With Vista breached, Linux unbeaten in hacking contest | Hanging out with Shane one weekend got me in the Washington Post.. |
| Software Testing: Test Design and the Project Life Cycle | Research paper about software testing |
| DNA Computing Notes | Primers for polymerase chain reaction | Philosophy / Metaphysics | Kripke's Argument Against Materialism |
| Java Bandwith Benchmarker | Self-explanatory |
| Algol Language Constructs | The historical significance of the ALGOL family of languages. |
| The Brilliance of Sprint PCS | An outline of how insecurely Sprint handles PIN numbers | Blue Boxing in the New Millenium | A clip I took from Binary Revolution Radio of Lucky225 using a Captain Crunch whistle to blue box over VoIP.. |
| Security Objectives Corporation | The security consultancy that I am currently employed by.. |
| System of Systems | My company's blog--I post here fairly often. |
