FreeBSD Remote DoS Exploit (Demo) (CVE-2016-1879)

The FreeBSD team has announced their operating system was detected to contain critical vulnerabilities that could be exploited to conduct DoS attacks, escalate user privileges, and disclose important data.SCTP ICMPv6 error processing vulnerability (CVE-2016-1879) SCTP (stream control transmission protocol) is a transport-layer protocol designed to transfer signaling messages in an IP environment. As a rule, mobile operators use this protocol in technological networks. This vulnerability … Continue reading FreeBSD Remote DoS Exploit (Demo) (CVE-2016-1879)

PenTest Magazine August Issue

Positive Hack Days material win the world – now there is an article in August issue of PenTest Magazine completely devoted to cloud computing and prepared by Sergey Gordeychik, CTO of Positive Technologies and Yuri Goltsev, penetration testing expert. {AB}Use their clouds Annotation from the magazine: Penetration testing can benefit of cloud computing to improve the business model for resource intensive tests. The flexibility and … Continue reading PenTest Magazine August Issue

Asterisk DoS Vulnerabilities

One of the latest internal project included heavy use of Asterisk PBX, which is the most popular open source VOIP solution nowadays.Positive Research decided to check Asterisk\’s implementation of SIP protocol from security perspective. First things first and we used PROTOS test suite specifically developed for SIP testing. Test base includes checks for overflows, format strings, utf processing and more – you can check the … Continue reading Asterisk DoS Vulnerabilities