http://sec.drorshalev.com This Internet Security workshop deal with recent security and privacy online threats . This demonstrations WILL NOT harm your PC. Please don't use this source for other uses ,except doing good to the world . feel free to Copy and Pasta :-) ! Peace and Love, Dror. en-us Copyright 2005 by dror shalev drorshalev@yahoo.com drorshalev@yahoo.com http://sec.drorshalev.com/images/logo.gif http://sec.drorshalev.com/ 160 40 Dror Shalev Security workshop http://sec.drorshalev.com/dev/focus/ MSIE upload by Michal Zalewski http://sec.drorshalev.com/dev/focus/1.htm MSIE Paste & Steal file demo , my ver http://www.greenborder.com/test/GreenBorder-Security-Test.hta HTA + IE at it best , my ver , GreenBorder Online Security Test https://secure11.brinkster.com/drorshalev/tausec IE Exploits Threats History, JavaScript evasion techniques, Heap Spray, Ajax worm http://sec.drorshalev.com/dev/wmf/exploit.htm Buffer Overrun on WMF files demo , on the wild , my Spyware vendor http://sec.drorshalev.com/dev/wmf/ms06-001.exe tool , make your own WMF downloader that run your Exe after crash http://sec.drorshalev.com/dev/crash/CrashIEsrc1.htm IE crash via mshtml.dll Denial of Service by ,Christian Deneke, Thomas Waldegger http://sec.drorshalev.com/dev/crash/CrashIEsrc.htm IE crash via datasrc Denial of Service ,by Christian Deneke, Thomas Waldegger http://sec.drorshalev.com/dev/crash/img1.htm IE crash via nested Style http://sec.drorshalev.com/dev/crash/test1.htm IE crash via nested Style , my ver , can lead to Remote compermise http://sec.drorshalev.com/dev/null/ Internet Explorer ignores NUL characters ,by heise Security http://sec.drorshalev.com/dev/null/exploit.txt [paper]Internet Explorer ignores NUL characters ,by heise Security http://sec.drorshalev.com/dev/mozilla/idn.htm Mozilla Kill - IDN Host: ,by Tom Ferris ,Firefox URL Domain Name Buffer Overflow(IDN) http://sec.drorshalev.com/dev/honey/MsnNUDGE.htm Tutorial For Sending Unlimited Nudge In Msn Messenger 7 !!! guyz Want to Play with ur friends while chatting on Msn Messenger? by badboyz honey http://sec.drorshalev.com/dev/hash/t1.htm Attacking MD5 ,Lockheed Martin page , md5sum c0f3adb824590b40944614268e627421 by Creazy Dan Kaminsky :-) http://www.doxpara.com/ http://sec.drorshalev.com/dev/hash/t2.htm Attacking MD5 ,Boeing page , md5sum c0f3adb824590b40944614268e627421 by Creazy Dan Kaminsky :-) http://www.doxpara.com/ http://sec.drorshalev.com/dev/orkut/ Orkut - hacking an orkut ID , Orkut Hacking Tutorial Pasted !!! by badboyz honey http://sec.drorshalev.com/dev/mozilla/wrecko.html Mozilla XPCOMM Race Conditions , kill FireFox http://sec.drorshalev.com/dev/jpeg/index.htm Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution ,On the Wild , MS05-036 , 4 demos for malformed Jpeg http://sec.drorshalev.com/dev/mozilla/FirefoxWallpaper.htm Mozilla Firefox "Set As Wallpaper" Code Execution Exploit , by Michael Krax (Mikx) http://sec.drorshalev.com/dev/mozilla/FirefoxWallpaperMKDir.htm Mozilla Firefox Set As Wallpaper make Dir, my ver http://sec.drorshalev.com/dev/mozilla/FirefoxIMGElements.htm Mozilla Firefox Base64 IMG data injection , by Michael Krax (Mikx) http://sec.drorshalev.com/dev/javaproxy/ A COM Object (javaprxy.dll) Could Cause IE Kill http://sec.drorshalev.com/dev/spoof/multiple_browsers_dialog_origin_vulnerability_test.htm dialog origin vulnerability by secunia http://sec.drorshalev.com/dev/acrobat/BootIni.pdf Raed And Steal BootIni http://sec.drorshalev.com/dev/acrobat/TomcatUsers.pdf Raed And Steal EtcPasswd from Tomcat@win , by Sverre H. http://sec.drorshalev.com/dev/acrobat/EtcPasswd.pdf Raed And Steal EtcPasswd from Linux by Sverre H. Huseb http://sec.drorshalev.com/dev/spoof/exploit_javascript_ie_6_bug.htm JS Ghost Script by Pascal Vyncke,bl http://sec.drorshalev.com/dev/myMSN Screens Shots, by Dror Shalev 2-6-2005 http://sec.drorshalev.com/dev/myMSN/MyMsnHack.jpg MyMSN JS revealing someones privacy, by Dror Shalev 2-6-2005 http://sec.drorshalev.com/dev/hotmail/AccessDenied.JPG After Prev Bug , My Hotmail [2002] Account Was Cancelled By Hotmail, by Dror Shalev 2002 http://sec.drorshalev.com/dev/dos/btf1.htm IE Crash on processing embedded files with endless loop, by Benjamin Tobias Franz http://sec.drorshalev.com/dev/dos/IECrash%20on%20to%20many%20stack%20overflows%20.htm IE Crash on to many stack overflows, by Benjamin Tobias Franz http://sec.drorshalev.com/dev/dos/bnf3.htm IE Crash on JavaScript "window()"-calling,Description:There is a bug in Microsoft Internet Explorer, which causes a crash in it. The bug occurs, because Microsoft Internet Explorer can't handle a call to a JavaScript-function with the name of the "window"-object.The bug was fixed in an earlier version. But it works again. http://sec.drorshalev.com/dev/sql/sqlbrut.hta MSSQL Server Passwords Bruteforce via SQL Injection HTA,PoC by offtopic http://sec.drorshalev.com/dev/sql/sqlbrut.zip MSSQL Server Passwords Bruteforce via SQL Injection , by offtopic. http://sec.drorshalev.com/dev/mozilla/yourinfo.htm firefox 1.0.3 spoof+auto dl on the wild , by John smith@mozilla.org http://sec.drorshalev.com/dev/mozilla/poc1.htm Mozilla Firefox 1.0.3 Remote Arbitrary Code Execution Exploit , by k-otik http://sec.drorshalev.com/dev/CrossSiteClick Cross Site Clicking by Viper http://sec.drorshalev.com/dev/mozilla/poc.htm favicon UniversalXPConnect , by mikx http://sec.drorshalev.com/dev/mozilla/firelinking.htm favicon UniversalXPConnect , by mikx http://sec.drorshalev.com/dev/InternetExploiter/dhtml_node_entry.htm Basic Exploit , by idefense http://sec.drorshalev.com/dev/InternetExploiter/InternetExploiter2.htm InternetExploiter2 ShellCode via IE bug (second time), by Berend-Jan Wever http://sec.drorshalev.com/dev/InternetExploiter/more.htm more Crashes, by milw0rm.com