SecNiche Security Driving Element of Innocuous Minds.

Optimized Derivative of Complex Security

We stick to basics thereby reiterating the hidden elements of security from this complex systems. We respect the researchers and hackers who work effortlessly to support community at par. We believe in hunting core to deface the reality of this machine world. The Niche of Security lockdown.



HOME



Hack in the Box Ezine January 2010 - Malware Obfuscation - Tricks and Traps

HITB Reloaded
Download


[Perfect Paperback]Debugging Experts Journal - Artifacts of Inline User Mode Heap Analysis.

Online
Amazon


Hakin9 January 2010 - Behavioral Analysis of Unwise_.exe Malware!

Check


Whitepaper Released - Design Inaccuracy - Cross Link Authoring Flaw - Scribd Flaw - iPaper Platform

Have a look at : Download from COSEINC website


NoScript Nested URL Unescaping Bug

Have a look at : No Script XSS Injection Checker False Positive


Recent Conferences

SecNiche Security has presented talk at below mentioned conferences
[2009] FOSS (Free and Open Source Software) Conference 2009 Bangalore India
[2009] SecurityByte - Owasp Conference 2009 New Delhi India
[2009] Excalibur Conference 2009 : WUXI China
Download Talks at : Events


Elsevier Computer Fraud and Security Journal - "Security Breaches in Vendor Websites."

Elsevier published paper in Computer Fraud and Security on "Security Breaches in Vendor Websites. "
Check


Internet Explorer 8 : Anti Spoofing is a Myth - Broken Status Address Bar Link Integrity

Interesting status bar link integrity issue.
Check


Hakin9 Edition July - August 2009

Self Exposure Talk with Hakin9 - Interview
An Interview with Hakin9


Hakin9 Edition July - August 2009

Hakin9 has published a new paper on "Hacking through Wild Cards".
http://www.hakin9.org/prt/view/latest-issue/issue/1052.html


Advisory - Gmail/Google Doc PDF Repurposing Integrated Attacks - Cookie Hijacking / Stealing

Google docs network was vulnerable to PDF repurposing attacks. The vulnerability was disclosed to Google with a discretion. This was done to mitigate the risk . Google had worked over it and patched it with in a period of 5 days. The Google doc has been refined now and the integrated support for adobe plugin is removed.
http://secniche.org/gmd_hijack/gc_hijack.xhtml
http://secniche.org/gmd_hijack/advisory_gmail_google_docs_pdf_repurposing_attack.pdf


Whitepaper Released - PDF Silent HTTP Form Repurposing Attacks

This paper sheds light on the modified approach to trigger web attacks through JavaScript protocol handler in the context of browser when a PDF is opened in it. As we have seen, the kind of security mechanism implemented by Adobe in order to remove the insecurities that originate directly from the standalone PDF document in order to circumvent cross domain access. The attack is targeted on the web applications that allow PDF documents to be uploaded on the web server.
PAPER


Troopers 09 Security Conference , Munich Germany

SecNiche Security has presented talk at Troopers 09 Conference.
Website


Google Chrome 1.0.154.59 "throw exception" Memory Exhaustion Vulnerability

Google Chrome 1.0.154.59 "throw exception" Memory Exhaustion Vulnerability
Detail Lookup


Elsevier Network Security Journal : From Vulnerability to Patch - Window of Exposure (WOE)

Elsevier published paper in Network Security Journal on "Window of Exposure (WOE)"
Check


Google Chrome 1.0.154.48 Single Thread Alert Out of Bound Memory Access Vulnerability

Google Chrome 1.0.154.48 Single Thread Alert Out of Bound Memory Access Vulnerability
Detail Lookup


Whitepaper Released - Evading Web XSS Filters through Word (Microsoft Office and Open Office) in Enterprise Web Applications

This paper sheds light on the hyper linking issues observed during penetration testing of web based enterprise applications. This concept can be used to bypass standard XSS filters by creating a malicious Microsoft word document.
PAPER


Hakin9 Edition March-April 2009

Hakin9 has published a new paper on "Mapping HTTP Interface Embedded Devices ".
http://hakin9.org/prt/view/about-the-mag/issue/974.html


SCMamagzine Interview regarding Google Chrome Clickjacking

Google Chrome 1.0.154.43 ClickJacking Vulnerability.
About Interview and SC Magazine Article
http://zeroknock.blogspot.com/2009/02/more-towards-clickjacking-simulating.html

Other News

http://www.eweek.com/c/a/Security/From-Internet-Explorer-8-to-Google-Chrome-an-Eye-on-Clickjacking/
http://www.scmagazineus.com/Google-working-on-fix-for-clickjacking-vulnerability-in-Chrome/article/126658/
http://news.zdnet.co.uk/security/0,1000000189,39605988,00.htm
http://blog.internetnews.com/skerner/2009/01/new-clickjacking-attack-for-ch.html
http://news.cnet.com/8301-1009_3-10152438-83.html
http://rcpmag.com/news/article.aspx?editorialsid=10563
http://www.heise-online.co.uk/security/Popular-browsers-continue-to-be-vulnerable-to-clickjacking-attacks-Updated--/news/112518


Google Chrome 1.0.154.43 ClickJacking Vulnerability

Google Chrome 1.0.154.43 ClickJacking Vulnerability.
Detail Lookup


[CVE: 2008-5446] Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability.

Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability.
Detail Lookup


Hakin9 Edition January- February 2009

Hakin9 has published new paper on "Hacking IM Memory Encryption Flaws".
http://hakin9.org/prt/view/about-the-mag/issue/959.html


[BID- 33112]Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.

Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.
Detail Lookup


XCON2008 and XKungFoo2008 Information Security and Hacking Conferences.

SecNiche Security has presented talks at Xfocus Xcon and Xkungfoo Conferences in the month of november.
http://xcon.xfocus.org
XCON2008 Talk.
http://www.xkungfoo.org


Clubhack 2008 Security Conference

SecNiche Security has presented talk at Clubhack 2008 Conference.
Website


Hakin9 Edition November-December 2008

Hakin9 has published new paper on "Auditing Oracle Applications in Production Environement".
http://hakin9.org/prt/view/about-the-mag/issue/930.html


Google Chrome URI Obfuscation Advisory.

Google Chrome MetaCharacter URI Obfuscation Vulnerability
Detail Lookup


Elsevier Network Security Journal : Hiding a Knife behind a Smile : OBS Hacking Threats

Elsevier published paper in Network Security Journal on "Hiding a Knife behind a Smile : OBS Hacking Threats."
Check


Mozilla Firefox , Opera and Google Chrome Released Advisory.

Google Chrome Window Object Suppressing Remote Denial of Service.
Mozilla Firefox(3.0.3) User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service..
Opera (9.52) Window Object Suppressing Remote Denial of Service.

Detail Lookup


Released Advisories.

[BID 31375] Google Chrome Carriage Return Null Object Memory Exhaustion Remote Dos
[VU#868979, CVE-2008-2472] Skype IM Client Password Disclosure Vulnerability.
[VU#916763, CVE-2008-2471] Miranda IM Client Password Disclosure Vulnerability.
[VU#985667, CVE-2008-2473] Pidgin IM Client Password Disclosure Vulnerability.
[BID - 31215]|[CVE-2008- 4127]|[VU#742699] Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.
Detail Lookup


Hakin9 publsished a new paper on "Auditing Rich Internet Applications.

Hakin9 publsished a new paper on "Auditing Rich Internet Applications."
Check


MSRC Security Appreciation Meeting , Las Vegas USA .

Its been a matter of positive concern that SecNiche Security has been invited at MSRC security appreciation meeting in Las Vegas USA. The meeting intends to greet the security researchers who are working along with MSRC team over vulnerabilities that are prevailing.The reception is termed under Blackhat Secure.


Shakacon 2008 Hawaii USA Presentations.

The shakacon conference presentation is online. You can grasp at
Fetch.


SNS08-01 Whitepaper - Paranaormal Fallacy -SE Automated Scanning Anomaly..

A new whitepaper is released on automated scan anomaly in Google search engine that affect the automated tools.
Grasp.


SecNiche - Technology Partner for EvilFingers.

EvilFingers aims at uniting different pieces of information into one unanimous framework, where everything is mapped to everything else. This approach helps analysts, engineers, consultants and the management to understand the meaningful relationships between different parts of Information Security that could be lost if it remains untouched.

Evil fingers Technology Partner.


EuSecWest Talk PDF - 2008 London UK Stats

The talk was succesfully presented at the EuSecWest conference this year.The talk was properly scrutinized by DL-PSIRT i.e. Adobe Product Security Incident Response Team. I really appreciate the concern shown by the Adobe Security professionals in relation to this talk. The exchange of views and coordinated discloser is set for protecting PDF applications.

Adobe Product Systems.
EuSecWest 2008