References

Security Advisories

 

CVE-ID: CVE-2009-1704 – Safari Misidentifies Image files as HTML, leading to JavaScript execution without warning the user.
http://support.apple.com/kb/HT3613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1704
CVE-ID: CVE-2008-2327 – iPhone TIFF Uninitialized Memory Arbitrary Code Execution
http://support.apple.com/kb/HT3318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2327
CVE-ID: CVE-2008-1586 – iPhone TIFF Memory Exhaustion Unexpected Device Reset
http://support.apple.com/kb/HT3318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1585
CVE-ID: CVE-2008-3629 – Apple TV PICT Heap Overflow Arbitrary Code Execution
http://support.apple.com/kb/HT3189
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3629
CVE-ID: CVE-2008-3643 – Apple Mac OS X Finder Denial of Service
http://support.apple.com/kb/HT3216
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3643
n.runs-SA-2008.005 – Apple CarbonCore Filenames Handling Arbitrary Code Execution
http://secunia.com/advisories/ 31326
http://support.apple.com/kb/HT2647
n.runs-SA-2008.004 – AVG Antivirus UPX parsing Divide by Zero
http://secunia.com/advisories/31290
n.runs-SA-2008.003 – Apple Quicktime PICT parsing Arbitrary Code Execution
http://support.apple.com/kb/HT1991
http://secunia.com/advisories/29293
n.runs-SA-2008.002 – F-Prot Antivirus CHM Out-Of-Bound Memory Access
http://secunia.com/advisories/31118
n.runs-SA-2007.026 – Sophos Antivirus UPX parsing Arbitrary Code Execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4578
n.runs-SA-2007.025 – Sophos Antivirus BZIP parsing Infinite Loop
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4577
n.runs-SA-2007.024 – CA eTrust Antivirus CHM parsing Infinite Loop
http://www.securityfocus.com/bid/25049
n.runs-SA-2007.023 – Norman Antivirus DOC parsing Divide by Zero
http://www.securityfocus.com/bid/25014
n.runs-SA-2007.022 – Norman Antivirus DOC parsing Detection Bypass
http://www.securityfocus.com/bid/25020
n.runs-SA-2007.021 – Norman Antivirus LZH parsing Arbitrary Code Execution
http://www.securityfocus.com/bid/25003
n.runs-SA-2007.020 – Norman Antivirus ACE parsing Arbitrary Code Execution
http://www.securityfocus.com/bid/25015
n.runs-SA-2007.019 – Panda Antivirus EXE parsing Arbitrary Code Execution
http://secunia.com/advisories/26171
n.runs-SA-2007.018 – NOD32 Antivirus ASPACK and FSG parsing Divide by Zero
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3972
n.runs-SA-2007.017 – NOD32 Antivirus ASPACK parsing Infinite Loop
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3971
n.runs-SA-2007.016 – NOD32 Antivirus CAB parsing Arbitrary Code Execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3970
n.runs-SA-2007.015 – F-Secure Antivirus FSG packed files parsing Infinite Loop
http://secunia.com/advisories/25440
n.runs-SA-2007.014 – F-Secure Antivirus ARJ parsing Infinite Loop
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2967
n.runs-SA-2007.013 – F-Secure Antivirus LZH parsing BufferOverflow
http://www.securityfocus.com/bid/24235
n.runs-SA-2007.012 – Avira Antivir Antivirus TAR parsing Infinite Loop
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2973
n.runs-SA-2007.011 – Avira Antivir Antivirus UPX parsing Divide by Zero
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2972
n.runs-SA-2007.010 – Avira Antivir Antivirus LZH parsing Arbitrary Code Execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2974
n.runs-SA-2007.009 – Avast! Antivirus SIS parsing Arbitrary Code Execution
http://www.securityfocus.com/bid/24155
n.runs-SA-2007.008 – Avast! Antivirus CAB parsing Arbitrary Code Execution
http://www.securityfocus.com/bid/24132
n.runs-SA-2006.005 – NOD32 Antivirus CAB parsing Arbitrary Code Execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6676
n.runs-SA-2006.004 – NOD32 Antivirus CHM and DOC parsing Arbitrary Code Execution
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6676
n.runs-SA-2006.003 – BitDefender AV Packed PE File Parsing Engine Heap Overflow
http://www.securityfocus.com/bid/21610
n.runs-SA-2006.002 – AVG Anti-Virus Multiple File Parsing Vulnerabilities
http://secunia.com/advisories/22811/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5939
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5940
NetTerm NetFtpd “USER” Command Buffer Overflow Vulnerability
http://secunia.com/advisories/15140
http://www.securityfocus.com/bid/13396

Presentations

 

DAIMLER ITM/IS Global Information Security Conference 2014, Stuttgart/Germany, Presentation “Security Threats are Everywhere – A Practical Overview”.
SAP Security Summit 2011, Walldorf/Germany, Presentation „Security OnDevice“
CanSecWest 2009, March 2009, Vancouver/Canada, Presentation „The Smart-Phones Nightmare“
CanSecWest 2008, March 2008, Vancouver/Canada, Presentation „The Death of AV Defense in Depth? Revisiting Anti-Virus Software“
Hack.lu 2007, October 2007, Kirchberg/Luxembourg, Presentation „The death of defense in depth? (Revisiting AV software)“
CCC Chaos Communication Camp 2007, August 2007, Finowfurt/Germany, Presentation „Antivirus (In)Security – Bugs in Antivirus Software“
Black Hat Europe 2007, March 2007, Amsterdam/The Netherlands, Presentation „Antivirus (In)Security“, couldn’t deliver the speech for working reasons, REF: http://www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf
CIH2K5, International Hackers Congress 2005, March 2005, Santa Cruz de la Sierra/Bolivia, Presentation „Vulnerability Development under Unix and Win32“
CIH2K5, International Hackers Congress 2005, March 2005, Santa Cruz de la Sierra/Bolivia, Presentation „Exploits Coding Techniques“
CIH2K5, International Hackers Congress 2005, March 2005, Santa Cruz de la Sierra/Bolivia, Presentation „Forensic Analysis on Linux“
G-Con III, October 2004, Mexico D.F/Mexico, Presentation „Automated Pen testing Tools Development”
G-Con III, October 2004, Mexico D.F/Mexico, Workshop „Vulnerability Development under Unix and Win32”
InfoSecurity 2004, Jun 2004, Buenos Aires/Argentina, Presentation „Forensic Analysis Methodologies”
InfoSecurity 2004, Jun 2004, Buenos Aires/Argentina, Presentation „Introduction to Exploits Coding”
Usuaria 2004, May 2004, Buenos Aires/Argentina, Presentation „Forensic Analysis with OpenSource Software“
Beyond Password 2004, March 2004, Buenos Aires/Argentina, Presentation „Insecure Programming & Exploits Coding Techniques“
Beyond Password 2004, March 2004, Buenos Aires/Argentina, Presentation „Pen-Testing Methodologies”
G-Con II – October 2003, Mexico D.F/Mexico, Presentation „Physical Memory at Forensics and Reverse Engineering”.
G-Con II – October 2003, Mexico D.F/Mexico, Presentation „Automating Pen-Testing, developing a tool”.

Publications

coming soon.

Projects

coming soon.

 

Comments are closed